> I have 1 Samba 3.0 server with LDAP 2.1.23 running on backend from the same
machine. These are both RedHat 8.0. I have 2 other servers I would like to use
the same LDAP directory. I used net join to join the servers to the domain.
Prior to joining the domain the the servers had no SID. After using net join
they got a new SID (net getlocalsid). In the LDAP directory what SID base should
be attached to users and computers that I add? The original Domain SID?
You should really add users VIA samba, or at least the sambaSamAccount
objectclass. This will work if you already have a posixAccount
objectclass. It will generate the SID based upon the domain SID and the
uidNumber/gidNumber.
> I may have messed this up. What I want to do is set up the second 2 servers
as member servers in the domain, and put user accounts with home directories on
them. User uses LDAP to authenticate to member server. So far I can create an
account and login in but I am unsure if I m using the SID for the user
correctly.
Let Samba set the SID.
> What is a recommended for master slave LDAP servers that are used primarily
for authentication to Samba servers. Should I set up a slave LDAP server for the
member servers? These member servers would be located in separate buildings. The
main server has about 1000 user accounts, and member servers about 120 each when
finished.
Eh? User accounts exist in the SAM, in this case LDAP - everywhere.
Slaves are just replicas of the master for redundancy and performance.
> At any one time I anticipate 20-30% will be logged in during peak hours.
>
> Any help that anyone can give me on this I'd appreciate. This is a
fairly large installation that eventually will span 8 building each with there
own Samba server but authenticating to a single OpenLDAP directory.
Make a master LDAP on the PDC, load all the users.
Join the member servers to the domain.
Create LDAP replicas on several/all member servers.
Setup NSS on the member servers to use their local/near-by LDAP replica.