similar to: securing ldap with tls and security

I'm (finally) getting around to putting a backup LDAP authentication server on my network. The backup uses syncrepl to grab the database, and to my eyes both LDAP servers answer read queries identically. I'm testing the client side of this configuration on virtual CentOS 5 i386 machine. /etc/ldap.conf reads ----- %< ----- base dc=DOMAIN,dc=com timelimit 30 bind_timelimit 30

Hi ! We are planing on deploying an ldap master and replica to serve as our new authentication server for our soon to be RedHat cluster. But, we need to be able to function if the master is down for whatever reason. So, I tried to specify 2 servers in the setup-authentification servername section, separated by a comma, but it doesn't seem to work. So, is it possible to specifying 2 ldap

Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd |....

hi..... i don't know if its posible. i have two ldap directories, and i want use them to use as my dovecot users backend... so i have two configurations files... "dovecot-ldap1.conf" and " dovecot-ldap2.conf" and i try setting like: Test 1: (simil postfix ) :D This dont work auth default { : : passdb ldap { args=

Hello, I have a central repository of users/groups based on OpenLDAP which is working on a remote LAN (servers share users credentials and mount their home directories via NFS). They use non-encrypted ldap restricted to the local network. Now, I have a few servers in our local office and I would like them to authenticate from the remote LDAP server using encryption via ldaps://. (at this stage,

Hi , I 've been trying to get my 2 Samba DCs to replicate between each other but it fails DC1: Freebsd-9.1-Release, Samba 4.02, hostname ldap1, objectGUID: a2454bb4-9f94-4879-a5ff-c1a40537cb5e DC2: Freebsd-9.1-Release, Samba 4.02, hostname ldap2, objectGUID: 0103c98e-0b54-4ca4-a4e5-2259fa6b0563 ===the output showrepl command========== [root at ldap1 ~]# samba-tool drs showrepl

Hello, I am running v2.0.13. In my dovecot.conf I have: userdb { args = /etc/dovecot/dovecot-usrdb-ldap.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-passdb-ldap.conf driver = ldap } Is it legitimate to include multiple ldap userdb's, like: userdb { args = /etc/dovecot/dovecot-usrdb-ldap1.conf driver = ldap } passdb { args =

Hi, I'm planing to setup a new samba fileserver as a member to an existing samba 3.x SMB. The old server is still nss-pam-ldapd configured (historic left overs). As I dont have any pressure to have the new server up and running within the next few hours, I liked to set up sssd with our existing openldap. After googling and reading some documentations from redhat/fedora I think I do have a

Hi, I have a quite "simple" setup for a particular customer that loves redundancy and failover. PDC + BDC with LDAP Passwords on two 389-ds in multimaster node + several samba member servers Actually pointing singularly on both the systems everything works great. As soon as I modify my passdb backend line from the single form to the form containing both backends that is from passdb

Hi all, I?m having some trouble setting up a samba failover scenario. This is what I?ve done: Subnet 192.168.1.0 -> Samba PDC e Samba BDC Subnet 192.168.20.0 -> LDAP Master e LDAP Slave If all servers are up I can login to domain. If I put the LDAP Master service down I am still able to login from the Slave LDAP. But if the server where the master LDAP is installed is down

hello the passdb backend no longer accepts multiple backends in a chaining configuration since samba 3.0.23a . question: will the following confi still work? passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ? the idea is to use 2 ldap servers werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

I forgot. dig a pre01svdeb02.pilsbacher.at @192.168.16.205 dig a pre01svdeb02.pilsbacher.at @192.168.16.206 Can you run these also for me. And there are no CNAMEs pointing to the AD-DCs ?

Hi! I'm trying to get Samba running to accept more than one ldap server in smb.conf. I applied this patch (http://groups.google.com/groups?q=smb.conf+second+ldap+server&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=ar08ok%241pjt%241%40FreeBSD.csie.NCTU.edu.tw&rnum=5) to the samba (2.2.5) sources, but samba doesn't query the second ldap server I specified in smb.conf. Is there

Hi, I have a Ubuntu server 12.4.LTS running version 3.6.3 of winbindd. I use the MS AD to authenticate users, this works fine while there is no problems with the AD server. If the AD server reboots the winbind never switches to other AD servers, there are 4 here. I used this to joint the domain: net join -U admin createcomputer="OU=Servers,OU=abc,DC=domain,DC=com I can't find

Hello, I'm trying this here first before moving to the apache list. Maybe someone of you use mod_authnz_ldap with multiple ldap servers declaration for redundancy. With one server declared it is working. Here is what I've tried for adding another one (space separated as read in the apache's doc) : .... AuthLDAPURL

Hello, Our Postfix setup uses multi-instance feature. I would like to enable dovecot SASL mechanisms in postfix. Open two unix sockets is not a problem for us: service auth { unix_listener /var/spool/postfix-instance1/private/auth { mode = 0660 user = postfix group = postfix } unix_listener /var/spool/postfix-instance2/private/auth { mode = 0660 user = postfix group

> -----Original Message----- > From: Andrew Bartlett [mailto:abartlet@samba.org] > > passdb backend = ldapsam:"ldaps://ldap1 ldaps://ldap2" > is what you want. This helped me a little bit forward. I suggest to add this line also to samba-pdc help. But still I ran into problems. I fixed the passdb lines on PDC and BDC. If the second server (on PDC slave-ldap and on BDC

Hi all, I have a domain member server 3.6.6 running on debian7, authenticating against another debian7 + samba 3.6.6 in DC-mode. Both servers have user-accounts and groups on LDAP and resolve posix users using libnss-ldap. The groupmap is living on LDAP as well. The domain member server serves a share with ACL enabled. I got the upgrade to 3.6.X and idmap-updates working, but the old

We are not much off. But you have mixed "samba/window" and "windows/windows" settings. Samba/windows \\%logonserver%\home\%username%\desktop Windows/windows \\hostname.fqdn.tld\users\%username%\desktop Guess, which one i use. ;-) Now, do get where this is coming from. So use this (add CNAME for you member server ), Note, you MUST setup PTR records.

(Background: Relatively new to dovecot; looking to do transparent replacement of long-established UW-IMAP on cluster of Linux boxes which NFS-mount a shared "/var/spool/mail".) With rc8, where I had already increased "login_max_processes_count" from default 128 to 1024, we had still hit the issue of too many logins crashing dovecot, so that trial had only lasted a couple of