I use winbind+AD for single sign-on to many Linux machines, and the Linux hosts automount home directories on one Linux file server. I am faced with a need to synchronize the *.tdb files on the file server with all the Linux machines for consistent UID-to-loginID mapping. Has this been tried by sharing the /var/lib/samba/ over nfs with the other servers? Are there any pitfalls? Has this been tried by a regularly scheduled copy over the network? Does anyone have a how-to or notes for a better approach?
Rex Dieter
2006-Jun-29 20:57 UTC
[Samba] Re: methods to synchronize tdb files between hosts
John Stile wrote: r.> I am faced with a need to synchronize the *.tdb files on the file server > with all the Linux machines for consistent UID-to-loginID mapping.> Does anyone have a how-to or notes for a better approach?Yes, use something like (in smb.conf): idmap backend = idmap_rid or idmap backend = idmap_ad -- Rex
Torsten Geile
2006-Jun-30 07:18 UTC
[Samba] Re: methods to synchronize tdb files between hosts
Rex Dieter schrieb:> John Stile wrote: > r. > >> I am faced with a need to synchronize the *.tdb files on the file server >> with all the Linux machines for consistent UID-to-loginID mapping. >> > > >> Does anyone have a how-to or notes for a better approach? >> > > Yes, use something like (in smb.conf): > idmap backend = idmap_rid > or > idmap backend = idmap_ad > >Does this apply too, when there is a smaba pdc using ldap and many samba servers configured as memeber servers? Do the memeber servers need unix account for sambausers or do they just receive authentification from the pdc using ldap? Cheers Torsten
Michael Gasch
2006-Jun-30 13:09 UTC
[Samba] Re: methods to synchronize tdb files between hosts
they need to map authenticated users (by DCs) to unix accounts. this can be done with tdbsam but is not recommended in multi samba domain server environments. in this case use ldap or rid instead (rid is easier to implement). greez Torsten Geile wrote:> Rex Dieter schrieb: >> John Stile wrote: >> r. >> >>> I am faced with a need to synchronize the *.tdb files on the file server >>> with all the Linux machines for consistent UID-to-loginID mapping. >>> >> >> >>> Does anyone have a how-to or notes for a better approach? >>> >> >> Yes, use something like (in smb.conf): >> idmap backend = idmap_rid >> or >> idmap backend = idmap_ad >> >> > > Does this apply too, when there is a smaba pdc using ldap and many samba > servers configured as memeber servers? > Do the memeber servers need unix account for sambausers or do they just > receive authentification from the pdc using ldap? > > Cheers > > Torsten > > >-- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399
Possibly Parallel Threads
- No password prompt for ssh from perl script
- Unable to map AD Users to existing local Unix users since 4.8.x
- Question on application/database design for a application port to rails
- Can RH AS3 be a ADS member with winbind+nss+krb5?
- pam ssh athentication using winbind