Bernard Fay
2017-Nov-06 18:26 UTC
[Samba] Sharing passdb.tdb between two or more Samba servers?
Hello, We are using Samba only for file sharing. Because we are missing space in the first Samba server, we need to add a second Samba server. While building this new server i came up with the questioning about sharing the passdb.tdb file among different Samba servers? Would this be feasible? The idea is that all users should be able to access any file servers according with theirs needs. Or is there a better way to do it? Thanks,
Rowland Penny
2017-Nov-06 18:58 UTC
[Samba] Sharing passdb.tdb between two or more Samba servers?
On Mon, 6 Nov 2017 13:26:55 -0500 Bernard Fay via samba <samba at lists.samba.org> wrote:> Hello, > > We are using Samba only for file sharing. Because we are missing > space in the first Samba server, we need to add a second Samba server. > > While building this new server i came up with the questioning about > sharing the passdb.tdb file among different Samba servers? Would this > be feasible? The idea is that all users should be able to access any > file servers according with theirs needs. Or is there a better way > to do it? > > Thanks,Whilst it may be possible to share passdb.tdb between Samba standalone servers (I take it this is what your fileserver is running as), what are you going to do about the required Unix users ? What connects to your Samba machine, Windows clients ? Rowland
Rowland Penny
2017-Nov-07 13:00 UTC
[Samba] Sharing passdb.tdb between two or more Samba servers?
On Tue, 7 Nov 2017 07:13:19 -0500 Bernard Fay <bernard.fay at gmail.com> wrote:> Yes, our Samba servers are configured as standalone. Windows clients > and Xenservers for storage repositories are connecting to these > shares. > > What does that change for the Unix users as they have to be in the > passdb.tdb file anyway??? > >OK, you asked ;-) Lets say that windows user 'fred' wants to store something on fileserver1, then 'fred' must be a Samba user and a Unix user on fileserver1. If user 'fred' doesn't want to type in a password when they connect to fileserver1, then the Samba user 'fred' will have to have the same password, so you have two places to manage the users password if it is changed. You now decide to add another Samba server, fileserver2 and rsync passdb.tdb to this, but this isn't enough, you will have to create the users in /etc/passwd as well, I certainly wouldn't want to sync this as well, it 'might' break something. You now have three places to manage the users password if it is changed. A new user 'george' must be added, so you add the user to windows, then go to fileserver1 and create the Unix user and then the Samba user. You then need to go to fileserver2 and add the user again. You haven't said if the windows machines are in a domain, but if they are, all you need to do is make the fileservers into Unix domain members and you then will only have one place to manage users. Rowland
Andrew Bartlett
2017-Nov-14 10:35 UTC
[Samba] Sharing passdb.tdb between two or more Samba servers?
On Mon, 2017-11-06 at 13:26 -0500, Bernard Fay via samba wrote:> Hello, > > We are using Samba only for file sharing. Because we are missing space in > the first Samba server, we need to add a second Samba server. > > While building this new server i came up with the questioning about sharing > the passdb.tdb file among different Samba servers? Would this be feasible? > The idea is that all users should be able to access any file servers > according with theirs needs. Or is there a better way to do it?The better way is to make the first server into a DC for a classic NT4- style domain and use the OpenLDAP backend. There are guides on how to convert into LDAP. Both DCs can reference the same LDAP server or replicas. This is the smallest-change approach. Or, set up a full Samba AD domain and get the advantages of a full AD DC. Andrew Bartlett> Thanks,-- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba