Gordan Bobic
2014-Aug-04 15:45 UTC
[Samba] Multiple Standalone Servers With Single LDAP Server
Hi, I'm trying to set up multiple standalone Samba servers that use the same OpenLDAP back-end database for authentication, but on any servers beyond the first one I cannot seem to get past the error like the following: "The primary group domain sid($SecondaryServerSID) does not match the domain sid($PrimaryServerSID) for $UserName($UserSID)" It seems nuts to have to set up a domain controller just to have multiple standalone servers within the same workgroup. If I configure the secondary server to use a local user password database for authentication, everything works fine, but that means having to maintain the database in multiple locations. Is there a way to completely neuter all the domain functionality and use LDAP _only_ for username/password authentication from multiple standalone servers within the same workgroup? Gordan
Rowland Penny
2014-Aug-06 09:05 UTC
[Samba] Multiple Standalone Servers With Single LDAP Server
On 04/08/14 16:45, Gordan Bobic wrote:> Hi, > > I'm trying to set up multiple standalone Samba servers that use the > same OpenLDAP back-end database for authentication, but on any servers > beyond the first one I cannot seem to get past the error like the > following: > > "The primary group domain sid($SecondaryServerSID) does not match the > domain sid($PrimaryServerSID) for $UserName($UserSID)" > > It seems nuts to have to set up a domain controller just to have > multiple standalone servers within the same workgroup. > > If I configure the secondary server to use a local user password > database for authentication, everything works fine, but that means > having to maintain the database in multiple locations. > > Is there a way to completely neuter all the domain functionality and > use LDAP _only_ for username/password authentication from multiple > standalone servers within the same workgroup? > > GordanShort answer, NO Long answer, in this instance, samba is working just like a windows workgroup, you can have lots of windows machines in the same workgroup, but you have to create any users & groups that you want to connect to a machine on that machine AND any others that you want the users or groups to connect to. Once you get past 10 or 12 machines this gets complicated and hard to keep track of, this is why domains were created. Now that you know this, can you see why what you are trying to do with samba will not work. Set up a domain, either a PDC or an AD DC, it will be a lot easier in the long run ;-) Rowland
Possibly Parallel Threads
- DO NOT REPLY [Bug 7450] New: When a single file is specified, the exclusion of it in the exclude-from file is ignored
- kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain
- [PATCH] fix XSA-46 regression with xend/xm
- Multiple VMs VGA Passthrough Success Report
- Error samba backup 4.10.5