Tomasz Chmielewski
2004-Oct-28 13:51 UTC
[Samba] Samba PDC in many branch offices + one LDAP database - how to change passwords?
Hello, I just configured Samba 3 PDC + LDAP. The aim is to have a Samba 3 PDC + LDAP in each branch office; and there should be one user/password database. There are about 20 branch offices in different locations and users travel a lot between them with laptops. Each branch office has a below configuration: - Samba 3 PDC - slave OpenLDAP server There is also one central user/password OpenLDAP (master) - changes in it (added users etc.) are replicated to the slaves. As it is relatively easy to have one LDAP database across all office branches, I don't know how to make Samba 3 to read/retrieve usernames/passwords from local OpenLDAP slave, but to write added machines/changed passwords to the master OpenLDAP server (which would then replicate the changes to all its slaves). Any ideas? Tomek
Paul Gienger
2004-Oct-28 14:08 UTC
[Samba] Samba PDC in many branch offices + one LDAP database - how to change passwords?
> As it is relatively easy to have one LDAP database across all office > branches, I don't know how to make Samba 3 to read/retrieve > usernames/passwords from local OpenLDAP slave, but to write added > machines/changed passwords to the master OpenLDAP server (which would > then replicate the changes to all its slaves).If you have the smbldap-tools configured properly with the right master and slave set, then adding machines is not a problem. Changing passwords is also not a problem provided you have LDAP referrals set up properly. Setting up referrals is really more of a question for the openldap folks, and probably covered in the setup guide at openldap. -- -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com
Andreas
2004-Oct-28 14:14 UTC
[Samba] Samba PDC in many branch offices + one LDAP database - how to change passwords?
On Thu, Oct 28, 2004 at 03:51:07PM +0200, Tomasz Chmielewski wrote:> Hello, > > I just configured Samba 3 PDC + LDAP. > > The aim is to have a Samba 3 PDC + LDAP in each branch office; and there > should be one user/password database. > > There are about 20 branch offices in different locations and users > travel a lot between them with laptops. > > Each branch office has a below configuration: > > - Samba 3 PDC > - slave OpenLDAP serverWhat about having each branch office with a samba 3 BDC instead of PDC? It seems you are already replicating the whole ldap tree to every office. Having a PDC there will cause unnecessary delays since it will always try to write to the local ldap server and get a referral to the master ldap server anyway.
Tomasz Chmielewski
2004-Oct-28 15:03 UTC
[Samba] Samba PDC in many branch offices + one LDAP database - how to change passwords?
Andreas wrote: > On Thu, Oct 28, 2004 at 03:51:07PM +0200, Tomasz Chmielewski wrote: > >> Hello, >> >> I just configured Samba 3 PDC + LDAP. >> >> The aim is to have a Samba 3 PDC + LDAP in each branch office; and there should be one user/password database. >> >> There are about 20 branch offices in different locations and users travel a lot between them with laptops. >> >> Each branch office has a below configuration: >> >> - Samba 3 PDC >> - slave OpenLDAP server > > > > What about having each branch office with a samba 3 BDC instead of PDC? These offices are divided by WAN (which means loss of connectivity, slowness etc.) - isn't that a problem? Users should be able to log in even when the link is down; the only thing impossible then should be password change / adding new accounts. Tomek
rruegner
2004-Oct-28 23:14 UTC
[Samba] Samba PDC in many branch offices + one LDAP database - how to change passwords?
Andreas schrieb:> On Thu, Oct 28, 2004 at 03:51:07PM +0200, Tomasz Chmielewski wrote: > >>Hello, >> >>I just configured Samba 3 PDC + LDAP. >> >>The aim is to have a Samba 3 PDC + LDAP in each branch office; and there >>should be one user/password database. >> >>There are about 20 branch offices in different locations and users >>travel a lot between them with laptops. >> >>Each branch office has a below configuration: >> >>- Samba 3 PDC >>- slave OpenLDAP server > > > What about having each branch office with a samba 3 BDC instead of PDC? > It seems you are already replicating the whole ldap tree to every office. > Having a PDC there will cause unnecessary delays since it will always try > to write to the local ldap server and get a referral to the master ldap > server anyway. >Hi, there should be no problem with having smb bdc in the offices but you have to look about the profiles and homes if you have a lot of laptop users. Regards
Maybe Matching Threads
- will BDC work if PDC crashes?
- Samba LDAP caching when LDAP server unavailable - possible?
- many servers and mobile users - "always use the most fresh user profile" - ideas?
- how to check IP addresses of machines in the network?
- PDC, BDCs - how do you synchronize roaming profiles?