I was wondering what the best practice is for setting up several SAMBA servers in a SAMBA domain all on the same LAN. Here is what I am looking at PDC: LDAP, Samba, nss_ldap, pam_ldap Member1: Samba, nss_ldap, pam_ldap Member2: Samba, nss_ldap, pam_ldap Member . . . . Should I set the member servers up with: Security = domain and join the severs with net rpc join or, whould it be better to set them up with: passdb backend = ldapsam:ldap://pdc.domain.com security = server Do you see where I am going? If you need more details to answer, let me know. Thanks, cooper
On Sun, 2005-03-06 at 21:23 -0500, cooper mail wrote:> I was wondering what the best practice is for setting up several SAMBA > servers in a SAMBA domain all on the same LAN. Here is what I am > looking at > > PDC: LDAP, Samba, nss_ldap, pam_ldap > Member1: Samba, nss_ldap, pam_ldap > Member2: Samba, nss_ldap, pam_ldap > Member . . . . > > Should I set the member servers up with: > Security = domain > and join the severs with net rpc join > > or, whould it be better to set them up with: > passdb backend = ldapsam:ldap://pdc.domain.com > security = server > > Do you see where I am going? If you need more details to answer, let me know.---- You should probably consult both the HOWTO and more specifically, the BY EXAMPLE documentation for discussions about this as only you can decide the value of this. Nowhere did you mention winbindd... Given local unix accounts are necessary for samba connections, I would think an overall strategy should be thought out carefully. Craig
So all of your samba servers are BDCs that need a password backend, is that correct? That makes perfect sense. They have to have somthing to log people on against. Do you have any member servers? If so, how are they configured? Thanks. cooper On Sun, 6 Mar 2005 20:36:34 -0600, Chris Smith <christophermsmith@gmail.com> wrote:> We are building out a 90 server WAN with a single master ldap server > and each remote office is a slave ldap / bdc. Each local office server > references it local copy of ldap like: > passdb backend = ldapsam:ldap://127.0.0.1 as far as samba is > concerned.. and then for machine and account additions they referr > back to the main ldap server. > The local office servers all act as bdcs. > The local office servers show a different SID from the PDC when I do a > "net get localsid" however, it doesn't seem to affect anything. > > > On Sun, 6 Mar 2005 21:23:12 -0500, cooper mail <cooper.list@gmail.com> wrote: > > I was wondering what the best practice is for setting up several SAMBA > > servers in a SAMBA domain all on the same LAN. Here is what I am > > looking at > > > > PDC: LDAP, Samba, nss_ldap, pam_ldap > > Member1: Samba, nss_ldap, pam_ldap > > Member2: Samba, nss_ldap, pam_ldap > > Member . . . . > > > > Should I set the member servers up with: > > Security = domain > > and join the severs with net rpc jo > > > > or, whould it be better to set them up with: > > passdb backend = ldapsam:ldap://pdc.domain.com > > security = server > > > > Do you see where I am going? If you need more details to answer, let me know. > > > > Thanks, > > > > cooper > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > >
Craig, Thanks for the response. I have read both the HowTo and the By Example. Neither covers much in regard to my situation. I have NO windows servers, only samba servers. I am using LDAP, nss_ldap, and pam_ldap to handle the local unix accounts. The samba PDC is also using ldap as its passdb backend. Every thing is working fine at this time. I have tried both of the setups I have mentioned, and both work. I am just wondering what is the recomended/best practice setup. I am not using windbind at this time. I read in another post from Jerry, that the only reason I would need windbind, in my scenario, is if I had a trust relationship with another domain. I do not. Thanks, cooper On Sun, 06 Mar 2005 21:23:27 -0700, Craig White <craigwhite@azapple.com> wrote:> On Sun, 2005-03-06 at 21:23 -0500, cooper mail wrote: > > I was wondering what the best practice is for setting up several SAMBA > > servers in a SAMBA domain all on the same LAN. Here is what I am > > looking at > > > > PDC: LDAP, Samba, nss_ldap, pam_ldap > > Member1: Samba, nss_ldap, pam_ldap > > Member2: Samba, nss_ldap, pam_ldap > > Member . . . . > > > > Should I set the member servers up with: > > Security = domain > > and join the severs with net rpc join > > > > or, whould it be better to set them up with: > > passdb backend = ldapsam:ldap://pdc.domain.com > > security = server > > > > Do you see where I am going? If you need more details to answer, let me know. > ---- > You should probably consult both the HOWTO and more specifically, the BY > EXAMPLE documentation for discussions about this as only you can decide > the value of this. > > Nowhere did you mention winbindd... > > Given local unix accounts are necessary for samba connections, I would > think an overall strategy should be thought out carefully. > > Craig > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
cooper mail wrote:>Craig, > Thanks for the response. I have read both the HowTo and the By >Example. Neither covers much in regard to my situation. I have NO >windows servers, only samba servers. > >I am using LDAP, nss_ldap, and pam_ldap to handle the local unix >accounts. The samba PDC is also using ldap as its passdb backend. >Every thing is working fine at this time. I have tried both of the >setups I have mentioned, and both work. I am just wondering what is >the recomended/best practice setup. > > >I am not using windbind at this time. I read in another post from >Jerry, that the only reason I would need windbind, in my scenario, is >if I had a trust relationship with another domain. I do not. > >Thanks, > >cooper > >On Sun, 06 Mar 2005 21:23:27 -0700, Craig White <craigwhite@azapple.com> wrote: > > >>On Sun, 2005-03-06 at 21:23 -0500, cooper mail wrote: >> >> >>>I was wondering what the best practice is for setting up several SAMBA >>>servers in a SAMBA domain all on the same LAN. Here is what I am >>>looking at >>> >>>PDC: LDAP, Samba, nss_ldap, pam_ldap >>>Member1: Samba, nss_ldap, pam_ldap >>>Member2: Samba, nss_ldap, pam_ldap >>>Member . . . . >>> >>>Should I set the member servers up with: >>>Security = domain >>>and join the severs with net rpc join >>> >>>or, whould it be better to set them up with: >>>passdb backend = ldapsam:ldap://pdc.domain.com >>>security = server >>> >>>Do you see where I am going? If you need more details to answer, let me know. >>> >>> >>---- >>You should probably consult both the HOWTO and more specifically, the BY >>EXAMPLE documentation for discussions about this as only you can decide >>the value of this. >> >>Nowhere did you mention winbindd... >> >>Given local unix accounts are necessary for samba connections, I would >>think an overall strategy should be thought out carefully. >> >>Craig >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/listinfo/samba >> >> >>I was in the same situation and I chose to build up a central Samba/LDAP in one domain with other Samba/LDAP authenticating user against the first one. The solution is to provide different user configuration in every single Samba/LDAP, managing centrally the account and the password repository for all users. You have many Samba/PDC server but only one is delegated to authenticated users in the domain. You have to set the global directive in smb.conf "security=server" and add "password server=server name or server ip". Then, when a Windows client connects to a Samba/LDAP it cans retrive personal account informations but the password validation is a challenge between the two Samba/LDAP servers (the first, receiving and opening a client connection, and the second you set in smb.conf "password server" directive) Giuseppe
Reasonably Related Threads
- net rpc rights list - could not connect to server 127.0.0.1
- net rpc rights list - could not connect to server 127.0.0.1
- net rpc rights list - could not connect to server 127.0.0.1
- windbind, 'template homedir', and macros
- Dovecot hanging up with many defunct processes