Soohoon Lee
2008-Aug-01 07:50 UTC
[Samba] Using LDAP, no PDC/BDC, for multiple samba servers
Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon.
Adam Williams
2008-Aug-01 08:31 UTC
[Samba] Using LDAP, no PDC/BDC, for multiple samba servers
are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote:> Hi > Is it possible to use single LDAP server and multiple samba servers? > The problem I'm having now is > Each server thinks their host name is their LDAP domain name, or > sambaDomainName, and > complain the user's SID is different so can't authenticate. > How do I make samba servers use one domain name and SID? > > LDAP domain name is DOMSMB > > dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com > sambaSID: S-1-5-21-2479917030-3150298425-213194246 > > And samba server created a new domain after its hostname. > > dn: sambaDomainName=SRV6,dc=my-domain,dc=com > sambaSID: S-1-5-21-4202146032-850913369-3381557932 > And complain user's SID is different from its SID. > > Thanks, > Soohoon. >
Adam Williams
2008-Aug-01 21:18 UTC
[Samba] Using LDAP, no PDC/BDC, for multiple samba servers
it communicates with the PDC for the SID string. it gets the account info/password/etc from LDAP. Soohoon Lee wrote:> > Then does BDC communicate with PDC or LDAP to get user accounts? > It must be LDAP because I put in LDAP options? > Or those options are used to store replicated copy and get original > from PDC via non-LDAP procotols? > Hew~, sorry for continuous questions but It really helps. > > > On Fri, Aug 1, 2008 at 3:32 PM, Adam Williams > <awilliam@mdah.state.ms.us <mailto:awilliam@mdah.state.ms.us>> wrote: > > because you can only have one PDC. BDCs will authenticate > connections against LDAP on the PDC, but you can have the BDCs use > a replicated copy of LDAP on the BDC to authenticate with if you > have slow WAN links, etc. > > the difference in smb.con is that the BDC's will have domain > master = no, and wins server = ip of PDC and wins support = no, > and if on a different subnet, local master = yes, if on same > subnet, local master = no > >