hi, until now (about 1 year ago) i was working only with samba3+ldap PDC, but in near future my company enlarge his network with 6 new branchs spreaded all oever the country and i must build a scalable network with Samba-3 PDCs and BDCs, implement LDAP replication and multiple LDAP backends, all this over some VPNs(ipsec) . so, can tell me anyone how work the relationship beetwen a samba3-ldap PDC and a samba3-ldap BDC and how openldap server must replicate ? thanks, Mihai __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Wed, 2004-10-20 at 18:16, Mihai Costache wrote:> hi, > > until now (about 1 year ago) i was working only with > samba3+ldap PDC, but in near future my company enlarge his > network with 6 new branchs spreaded all oever the country > and i must build a scalable network with Samba-3 PDCs and > BDCs, implement LDAP replication and multiple LDAP > backends, all this over some VPNs(ipsec) . > so, can tell me anyone how work the relationship beetwen a > samba3-ldap PDC and a samba3-ldap BDC and how openldap > server must replicate ?If the WAN is not a single netbios scope, then just set up each remote DC as a PDC, otherwise configure as a BDC per the documentation. In any case, the replication stuff happens only at the OpenLDAP layer, and the procedure for setting this up is all described in the docs - the main site is the OpenLDAP master, and the remote sites are OpenLDAP slaves. Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20041020/555583db/attachment.bin
thanks, Mihai --- Andrew Bartlett <abartlet@samba.org> wrote:> On Wed, 2004-10-20 at 18:16, Mihai Costache wrote: > > hi, > > > > until now (about 1 year ago) i was working only with > > samba3+ldap PDC, but in near future my company enlarge > his > > network with 6 new branchs spreaded all oever the > country > > and i must build a scalable network with Samba-3 PDCs > and > > BDCs, implement LDAP replication and multiple LDAP > > backends, all this over some VPNs(ipsec) . > > so, can tell me anyone how work the relationship > beetwen a > > samba3-ldap PDC and a samba3-ldap BDC and how openldap > > server must replicate ? > > If the WAN is not a single netbios scope, then just set > up each remote > DC as a PDC, otherwise configure as a BDC per the > documentation. > > In any case, the replication stuff happens only at the > OpenLDAP layer, > and the procedure for setting this up is all described in > the docs - the > main site is the OpenLDAP master, and the remote sites > are OpenLDAP > slaves. > > Andrew Bartlett > > -- > Andrew Bartlett > abartlet@samba.org > Authentication Developer, Samba Team > http://samba.org > Student Network Administrator, Hawker College > abartlet@hawkerc.net >> ATTACHMENT part 2 application/pgp-signaturename=signature.asc _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
"Mihai Costache" <tepesu@yahoo.com> wrote in message news:20041020081653.40157.qmail@web54109.mail.yahoo.com...> > > hi, > > until now (about 1 year ago) i was working only with > samba3+ldap PDC, but in near future my company enlarge his > network with 6 new branchs spreaded all oever the country > and i must build a scalable network with Samba-3 PDCs and > BDCs, implement LDAP replication and multiple LDAP > backends, all this over some VPNs(ipsec) . > so, can tell me anyone how work the relationship beetwen a > samba3-ldap PDC and a samba3-ldap BDC and how openldap > server must replicate ? > > thanks, > MihaiHere are a few things to keep in mind... Any user logging onto Samba has to pass the Samba authentication as well as the Linux authentication. Ater all, the samba service is running on the Linux box. I know of two ways to achieve this with LDAP. One way is to keep the Samba authentication info. in LDAP and to keep the Linux authentication info (POSIX) in the /etc/passwd and /etc/group files. The other way is to keep both the Samba and POSIX authentication info. in LDAP. This approach requires the use of the nss_ldap software from www.padl.com. The /etc/nsswitch.conf file is used to tell Linux to search for the user's authentication info. in the LDAP directory. If you use the second approach, you will have all the user's information in a single location. Configure LDAP to replicate the directory to another Samba machine, make the appropriate entries in the smb.conf files of both machines and you have a PDC and BDC. Documentation on the Samba website will show you how to configure the smb.conf files. Along the way you will have to get familiar with the scripts from Idealx which add the user's POSIX info. to LDAP. Configuring LDAP for replication is off topic for this list but is a well documented process. Try and get hold of a good LDAP book. Verify that the machine is authenticating POSIX info. against LDAP before attempting the replication.