samba - Nov 2003 - Need help setting up a Samba 3.x Backup Domain Controller with LDAP

I would like to know the options I need in my smb.conf to have for 
setting up a Samba 3.x Backup Domain Controller when using LDAP.  What I 
am confused about is reference made in the smb.conf man page to
"idmap".
   From the man page and Samba how-to documentation, I understand this 
"idmap" reference to only be used for member servers and backup domain
controllers that don't have their own "passdb"?  So when you setup
the
reference in the Backup Domain Controllers smb.conf do you only include 
the following reference to "idmap" and leave out the reference to 
"passdb backend=ldapsam"?  Something like this?:

idmap backend = ldap:ldap://bdc-srv.domain.com
idmap gid = 10000-20000
idmap uid = 10000-20000
ldap idmap suffix = ou=idmap,dc=domain,dc=com


and use something like this for the primary domain controller??:

ldap suffix = dc=domain,dc=com
passdb backend = ldapsam:ldap//pdc-srv.domain.com 
ldapsam:ldap//bdc-srv.domain.com

Note: ("passdb backend" reference to pdc-srv & bdc-srv is all on
the
same line).


Also, in the backup domain controller's smb.conf I assume I set "local 
master", "domain master" and "preferred master" all to
"no", etc, etc.
Basically I would like to get some feedback from someone who has been 
successful in getting a Samba 3.x PDC and BDC working together with 
LDAP.  I am trying to setup my server configuration to support 
"hot-failover" and would like to allow my clients to login to access 
their documents on the Samba BDC if the PDC fails for whatever reason 
(the PDC and BDC are going to be setup for real-time mirroring).

Please submit the differences between a working PDC smb.conf and BDC 
smb.conf.  The Samba 3.x "how-to" documentation is lacking as far as 
explaining this and needs better examples for what is needed to setup a 
PDC/BDC Samba/LDAP configuration.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Travis L. Bean wrote:

|   From the man page and Samba how-to documentation,
| I understand this "idmap" reference to only be used
| for member servers and backup domain
| controllers that don't have their own "passdb"?

All BDC's must share the same passdb backend as the PDC.
winbindd is only needed on a DC to handle trusted users/groups.

| So when you setup the reference in the Backup Domain
| Controllers smb.conf do you only include
| the following reference to "idmap" and leave out the reference to
| "passdb backend=ldapsam"?  Something like this?:
|
| idmap backend = ldap:ldap://bdc-srv.domain.com
| idmap gid = 10000-20000
| idmap uid = 10000-20000
| ldap idmap suffix = ou=idmap,dc=domain,dc=com

remove this and keep the "passdb backend = ldapsam"
line

| and use something like this for the primary domain controller??:
|
| ldap suffix = dc=domain,dc=com
| passdb backend = ldapsam:"ldap//pdc-srv.domain.com \
| ldap//bdc-srv.domain.com"

Note the "'s I've added to use the server failure
in the LDAP libs.

| Also, in the backup domain controller's smb.conf I assume I set
"local
| master", "domain master" and "preferred master" all
to "no", etc, etc.

domain master = no is the only one you really need to worry about.



cheers, jerry
- --
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/qxiGIR7qMdg1EfYRAtjXAJsGz2HSvEuWy/tNXY88MmbIKoCkZwCg2OcD
N/4Ec53NTPJqxR6QPqE2AwU=7C59
-----END PGP SIGNATURE-----

salut

je voudrais de l'aide afin de configurer mon samba3x entant que bdc