search for: syncrepl

...ging passwords, but amazingly it worked. Apparently when a password change request goes to the second server, that server will do a query on the first server to do the password change, and then (through slurpd) the change gets replicated on the second one. Everything great. Now, I was reading that syncrepl is superior to slurpd, and that syncrepl is the preferred method of replication. I actually saw that it's true when I saw that it actually replicated the master without having to stop it and copy the dbs (which is necessary with slurpd.) I even saw that in OpenLDAP 2.4.x slurpd is deprecated/di...

Hi, From what I gather, OpenLDAP on Centos 5.x pulls LDAP changes from central LDAP server to a secondary LDAP server. So in other words, you can have your second LDAP server pull the db based on either; type=refreshOnly which mean the pull interval will happen when ever you specify or; type=refreshAndPersist which mean after a pull, keep the pipe open for any changes made. Now in

...s://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains#Windows_10:_There_Are_Currently_No_Logon_Servers_Available_to_Service_the_Logon_Request) > we plan to migrate to Samba AD. > > At the Moment there is the following scheme: > > samba PDC (Fileserver) -> Openldap syncrepl to Mailserver (to receive > mails if PDC is down) > > As I can read Samba LDAP can't sync to OpenLDAP and it's not recomment > to run PDC on Fileserver. I think you mean, it is not recommended to use a Samba AD DC as a fileserver. Two things, whilst it is not recommended, you...

All, After many hours of research I have found there is a incompatibility between OpenLDAP V2.3.x and V2.2.x, or atleast between V2.3.27 the current version on CentOS V5 and V2.2.13 the current version on CentOS V4. The syncrepl feature of OpenLDAP, to keep multiple slapd servers sync'd, was working between CentOS 4 and 5 at one time, as that is how I populated the "slave" servers. I've found references indicating protocol changes and incompatibilities between these versions and indeed looking at detaile...

Hi, I am using both syncrepl (for replication) and smbk5pwd (for password synchronisation between samba and ldap account) overlays. I have configured replication in the simplest way: a read-only producer that forwards updates to the provider thought updateref. If I change my password thought passwd command on a client with...

...o join to NT4-style (https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains#Windows_10:_There_Are_Currently_No_Logon_Servers_Available_to_Service_the_Logon_Request) we plan to migrate to Samba AD. At the Moment there is the following scheme: samba PDC (Fileserver) -> Openldap syncrepl to Mailserver (to receive mails if PDC is down) As I can read Samba LDAP can't sync to OpenLDAP and it's not recomment to run PDC on Fileserver. What is the best way? samba PDC (kvm vm/ host1) <- drs -> Samba BDC (kvm vm/ host2) Fileserver, get users via pam_ldap from PDC. Mailser...

Hi people. I have 2 domains running samba with ldap(Centos 5.x), I would like to know this. I would like to have the same DB in both sites, if I change the users just would like to do it 1 time. Is possible to sync both ldap servers every time I change something in ldap? or a better way to do it? Thanks!!! -- LIving the dream...

Hello everybody,, This time i want to replicate PDC to BDC when there's is any changes on PDC, here is my conf. on /etc/openldap/slapd.conf LDAP Server master moduleload syncprov overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 LDAP Server mirror moduleload syncprov syncrepl rid=001 provider=ldap://ldap.domain.com:389 bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=<password> searchbase="dc=domain,dc=com" schemachecking=off type=refreshAndPersist retry="60 +" mirrormode on when i...

Hi to all! I've set up Zimbra LDAP (2.4) as master, and I want to use RHEL v5 LDAP (2.3) as a slave. This is relevant part of my slapd.conf on LDAP 2.3: # syncrepl directives syncrepl rid=101 provider=ldap://192.168.1.86 bindmethod=simple binddn="uid=zimbra,cn=admins,cn=zimbra" credentials=PASSword searchbase="dc=company,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog # Refer updates to...

Hi all, I have a few ldap servers slaved to a primary via syncrepl, all is well. I've set my clients to auth against a few and there /etc/ldap.conf looks like so; uri ldap://primary.domain.com ldap://secondary.domain.com However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful. The /var/...

Hi, I'd like to know if any of you have ever implemented Samba 3 with OpenLDAP multimaster (using syncrepl, maybe) or Fedora-DS. The basic idea would be: - WAN link dies, the remote office's BDC would promote itself to PDC (using some kind of monitoring script), and will start accepting changes to the user base. Also, some change to the local WINS server would be necessary. - WAN link returns, the...

Hello OK, in my case, there is only one samba server acting as PDC. On the PDC, it has a openldap server as backend. I have configured another server as the slave ldap server. slave ldap server will pool data by syncrepl. There are some spaces in samba/smbldap-tool that we can configure multiple ldap servers (or load balance by use of DNS) What happen if the PDC write data to the slave ldap server? (or the master ldap server failed, data has to write to the slave ldap server. and then the master ldap server comes...

On 02/10/2019 13:52, L.P.H. van Belle via samba wrote: > samba-tool dbcheck --cross-ncs --fix > Yes, should be possible, but i normaly do that after i do the following. > > search for : > CN=58eba604-07e5-4c5d-a104-9e6f4907248f > And > CN=16b8c008-6c59-4b65-9f1b-530751904a75 > > In _msdc.dom.tld. > Verify which GUID is removed, you can see that, then remove the old

How to configure smb.conf of a samba BDC server to allow that all changes (user's passwords changing, joining computers) was written to local LDAP. I?ve set remotes LDAP's (BDCs) with multimaster configuration via syncrepl. LDAP Multimaster feature works fine (N-way replication works perfectly) I need this configuration to void errors when a user must to change his/her password in a remote office (BDC) connected via WAN to central office (PDC), and the link is down. I use openldap 2.4.11 and samba 3.0.33 (on Redhat...

Hello Samba Users, Simo and I have put together a new document which includes the latest replication methods using Openldap. Instead of using the ageing slurpd for replication (which is no longer actively developed or supported); Openldap as of version 2.3 supports a new feature called delta-syncrepl. http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_fi le_server_using_LDAP This is currently the only Samba document available that supports this new replication feature. Please take the time to have a look through this new "how-to"; your feedback and/or critic...

I've got an ldap directory, but no PDC yet. I want to set up a test PDC, and once things work, I want to be able to set a more appropriate system to be teh PDC using teh same login informations (replica of existing authzn databases). where's the documentation of how to do this? what do I need to know about this process (I'm not sure what it's even called >,.,< in

I have 3 Samba PDC servers with OpenLDAP backends, all at different locations. The replication to the 2 consumers works fine when the consumer's slapd is recently restarted, but if changes in the LDAP database occur later on, the consumers do not pick up this update. Again, restarting slapd on the consumers pulls in the update. Also, updates done shortly afterwards (say a couple of minutes)

Hi, ? my problem is related to samba3 with openldap backend. i use syncrepl to replicate our openldap db to the slapd running on the samba server. slapd is configured to set a referrer for write requests via "updateref". ? if i use smbpasswd to change the samba/ldap password from the console everything works fine. i can see the referrer offered by the local slapd...

Hi, I have Samba 3.5.6 that is running as a PDC for testing purposes. In my production environment I still use a NT4 domain and all the samba member server use domain security. One of the irritations I have with the Samba members set-up is that I have to add the users to the local server so that files created by a domain user are owned by them and not the guest account. Ideally I would like to

Hello List, i have got a samba pdc running based on the smbldap tools and Debian Sarge. Now we would like to move everything over to Ubuntu Hardy. Can i simply: - Create the same users and groups with the same id on Hardy - Move the files and profiles over by keeping their permissions (rsync -avzp ...) - Set the samba SID to be the old orginial one (i do not know how this could be done and if