[Samba] FW: making BDC samba + ldap server

Is this Samba 3 or Samba 4?



If samba 3, which ldap server are you using>



What is the mail server? Does the mail server have its own LDAP server
included it or is also using an external LDAP server.



If you want replication between LDAP servers, they should be the same

of LDAP server (e.g. OpenLDAP or Apache Directory Server or Oracle
Directory
Server.) If you have one type of LDAP server for Samba and one type of
LDAP server for Mail, you will not be easily able to replicate.



If you are using Samba 3, you have a selection of LDAP servers you could
use. The mail server will determine if which LDAP works for mail, and
whether you can share the LDAP server between mail and samba.











From: marcos gonzalez [mailto:]
Sent: Saturday, February 26, 2011 5:42 AM
To:
Cc:
Subject: Re: [Samba] making BDC samba + ldap server



Hi guys

My network map is simple, ldap inside samba server centralizes all uses
inside the LAN included mail. My question is to reduce the use of net

a
good idea to create other ldap server inside mail server? And finally
which's the best relation between ldap.samba server and a future ldap

server, master.master o master slave?

Thanks And Best Regards

2011/2/25 Gaiseric Vandal

I don't understand your question. What does mail have to do with

Does your mail server use LDAP authentication? Or do you want to use

LDAp server as an central address book for your mail clients. Either

your LDAP server should be able to support attributes for both e-mail

samba requirements.






On 02/24/2011 11:42 AM, marcos gonzalez wrote:

Hi

Im not sure if it's in this list but configuring ldap Im with a doubt.I
would like to distribute openldap conexions between mail server and

server. Which's the better form, master-master or master-slave? I
understand using PDC and BDC the relationship is master-slave, but

mail and samba?

Thanks& Best Regards

2011/2/21 marcos gonzalez



Ok in my server the ldap config is inside /etc/ and this file nss_ldap

inside /etc/ldap/. i didn't understand why pass this but now I

all

Thanks





Hi

Ok, and how I config nss_ldap? When I copy all database is included?

Well, the easiest way, for Samba use, is to simply cp your ldap.conf

for the ldap client application to nss_ldap.conf--cp ldap.conf
nss_ldap.conf
(this can be a bit confusing, as openldap uses a file called ldap.conf

configuring the ldap client as well as a file called ldap.conf for
configuring basic ldap server process. The server file is generally
contained in the directory where configuration files are kept in a
subdirectory called openldap along with files like slapd.conf and is
generally a small file witch looks something like this:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=mydomain,dc=com
URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389
# TLS_CACERT /usr/local/etc/openldap/cacert.pem

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

whereas the ldap.conf for the client is rather lengthy and contains

a bit of information for contacting the ldap server, how the dit should

searched, etc.)

And, no, nss_ldap.conf has nothing to do with the ldap server.
nss_ldap.conf can be used to contact an external ldap server, just as

ldap.conf for the ldap client application can/

Sorry for the newbie questions, If any time comes to barcelona contact

you has a beer paid (Daniel too) :-)

Well, now that's quite a generous offer. Much appreciated.



Thanks and Best Regards

2011/2/20




Hi

Thanks, this howto for me its better. I have other doubt, syncrepl needs
to be installed or comes integrated with slapd daemon?

It is all part of the openldap suite.



And to transfer all shared samba folders and profile content, when it's
the better moment? I understand when samba is down or when is up?

Depends on the permissions. However, so long as ALL the files to be
transferred belong to users in LDAP then, with nss_ldap properly
configured,
any copy that preserves permissions should be fine.



Thanks and Best Regards

2011/2/20




Now you are on to copy your slapd.conf and ldap.conf to your new
machine:
Ex: scp slapd.conf :/etc/openldap

HOw I can make this If slurpd is deprecated?
The guide

2.4.html

not's easy to understand, not exist other howto more simple?

Here is another guide. The first link is quite comprehensive.
http://www.zytrax.com/books/ldap/ch7/

The entire online manual is a good read. I highly recommend it.





Now important I do the trick with slurpd. There are many other ways


but this


is easy.
Slurpd should be installed on your Master an only there.
So go in to the slapd.conf on your master and put a few lines in it


at the


end.
Be carefull all tabs must fit exact as this example:


replica uri=ldap://IPOFYOUR2MACHINE:389
binddn="cn=youradmin,dc=your,dc=ldap"
suffix="dc=yourc,dc=ldap"
bindmethod=simple
credentials=securepassword

I understand the part of backup slapd only works with the service
stopped?

Well Im grateful for all your time :-)

Thanks and Best Regards



2011/2/18




In my hint I think your samba PDC/Ldap is cuurently working well!
First of all install a second machine with the samba and ldap.
Do not start samba, do not start ldap.
The ldap database should be nearly empty ex:/var/lib/ldap

Now copy your smb.conf to your new machine ex: scp
:/etc/samba
Edit the smb.conf to your needs and adjust it to be a bdc:
domain master=NO
domain logons=YES
Make a testparm it should succed like this:
testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
WARNING: The "share modes" option is deprecated
Processing section "[sysvol]"
WARNING: The "share modes" option is deprecated
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[alles]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC<-you are a BDC
Press enter to see a dump of your service definitions

Yes very nice!



Now you are on to copy your slapd.conf and ldap.conf to your new
machine:
Ex: scp slapd.conf :/etc/openldap

Now important I do the trick with slurpd.

Sorry, but Slurpd is depricated and no longer available in Openldap
since 2.3
http://www.openldap.org/doc/admin24...g%20Slurpd

Here is nice overview of the way LDAP currently works:

2.4.html

Once you have sync-repl set up on the current master, and a proper
slapd.conf and ldap.conf file on the new machine, start ldap, then

smbpasswd -w<ldap-master-passwd>
net rpc join -U<administrator> <domain name>

Done.


















To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Can you clarify what your goal is? Your original post said "My question is
to reduce the use of net ..."

Are you trying to reduce the network traffic between LDAP servers?

Are both LDAP servers OpenLDAP? It looks like you already have
replication working?


From: Daniel Müller [mailto:]
Sent: Saturday, February 26, 2011 3:16 PM
To:
Cc:
Subject: Re: [Samba] FW: making BDC samba + ldap server

HI,
I have a samba/pdc/ldap and a courier/ladp host working fine.
The pdc is the master ldap the courier/ldap is the slave.
No problems! single sign on for windows and outlook (Same user same
password!)
If it is from interest I can post my setup and relations.


On Sat, 26 Feb 2011 10:13:22 -0500, "Gaiseric Vandal"
wrote:
> Is this Samba 3 or Samba 4?
>
>
>
> If samba 3, which ldap server are you using>
>
>
>
> What is the mail server? Does the mail server have its own LDAP server
> included it or is also using an external LDAP server.
>
>
>
> If you want replication between LDAP servers, they should be the same
type
> of LDAP server (e.g. OpenLDAP or Apache Directory Server or Oracle
> Directory
> Server.) If you have one type of LDAP server for Samba and one type of
> LDAP server for Mail, you will not be easily able to replicate.
>
>
>
> If you are using Samba 3, you have a selection of LDAP servers you could
> use. The mail server will determine if which LDAP works for mail, and
> whether you can share the LDAP server between mail and samba.
>
>
>
>
>
>
>
>
>
>
>
> From: marcos gonzalez [mailto:]
> Sent: Saturday, February 26, 2011 5:42 AM
> To:
> Cc:
> Subject: Re: [Samba] making BDC samba + ldap server
>
>
>
> Hi guys
>
> My network map is simple, ldap inside samba server centralizes all uses
> inside the LAN included mail. My question is to reduce the use of net
it's
> a
> good idea to create other ldap server inside mail server? And finally
> which's the best relation between ldap.samba server and a future ldap
mail
> server, master.master o master slave?
>
> Thanks And Best Regards
>
> 2011/2/25 Gaiseric Vandal
>
> I don't understand your question. What does mail have to do with
Samba?
> Does your mail server use LDAP authentication? Or do you want to use
the
> LDAp server as an central address book for your mail clients. Either
way,
> your LDAP server should be able to support attributes for both e-mail
and
> samba requirements.
>
>
>
>
>
>
> On 02/24/2011 11:42 AM, marcos gonzalez wrote:
>
> Hi
>
> Im not sure if it's in this list but configuring ldap Im with a doubt.I
> would like to distribute openldap conexions between mail server and
samba
> server. Which's the better form, master-master or master-slave? I
> understand using PDC and BDC the relationship is master-slave, but
between
> mail and samba?
>
> Thanks& Best Regards
>
> 2011/2/21 marcos gonzalez
>
>
>
> Ok in my server the ldap config is inside /etc/ and this file nss_ldap
it's
> inside /etc/ldap/. i didn't understand why pass this but now I
understand
> all
>
> Thanks
>
>
>
>
>
> Hi
>
> Ok, and how I config nss_ldap? When I copy all database is included?
>
> Well, the easiest way, for Samba use, is to simply cp your ldap.conf
file
> for the ldap client application to nss_ldap.conf--cp ldap.conf
> nss_ldap.conf
> (this can be a bit confusing, as openldap uses a file called ldap.conf
for
> configuring the ldap client as well as a file called ldap.conf for
> configuring basic ldap server process. The server file is generally
> contained in the directory where configuration files are kept in a
> subdirectory called openldap along with files like slapd.conf and is
> generally a small file witch looks something like this:
>
> #
> # LDAP Defaults
> #
>
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
>
> BASE dc=mydomain,dc=com
> URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389
> # TLS_CACERT /usr/local/etc/openldap/cacert.pem
>
> #SIZELIMIT 12
> #TIMELIMIT 15
> #DEREF never
>
> whereas the ldap.conf for the client is rather lengthy and contains
quite
> a bit of information for contacting the ldap server, how the dit should
be
> searched, etc.)
>
> And, no, nss_ldap.conf has nothing to do with the ldap server.
> nss_ldap.conf can be used to contact an external ldap server, just as
the
> ldap.conf for the ldap client application can/
>
> Sorry for the newbie questions, If any time comes to barcelona contact
me,
> you has a beer paid (Daniel too) :-)
>
> Well, now that's quite a generous offer. Much appreciated.
>
>
>
> Thanks and Best Regards
>
> 2011/2/20
>
>
>
>
> Hi
>
> Thanks, this howto for me its better. I have other doubt, syncrepl needs
> to be installed or comes integrated with slapd daemon?
>
> It is all part of the openldap suite.
>
>
>
> And to transfer all shared samba folders and profile content, when it's
> the better moment? I understand when samba is down or when is up?
>
> Depends on the permissions. However, so long as ALL the files to be
> transferred belong to users in LDAP then, with nss_ldap properly
> configured,
> any copy that preserves permissions should be fine.
>
>
>
> Thanks and Best Regards
>
> 2011/2/20
>
>
>
>
> Now you are on to copy your slapd.conf and ldap.conf to your new
> machine:
> Ex: scp slapd.conf :/etc/openldap
>
> HOw I can make this If slurpd is deprecated?
> The guide
>
>
>

http://blog.suretecsystems.com/arch...-OpenLDAP-
> 2.4.html
>
> not's easy to understand, not exist other howto more simple?
>
> Here is another guide. The first link is quite comprehensive.
> http://www.zytrax.com/books/ldap/ch7/
>
> The entire online manual is a good read. I highly recommend it.
>
>
>
>
>
> Now important I do the trick with slurpd. There are many other ways
>
>
> but this
>
>
> is easy.
> Slurpd should be installed on your Master an only there.
> So go in to the slapd.conf on your master and put a few lines in it
>
>
> at the
>
>
> end.
> Be carefull all tabs must fit exact as this example:
>
>
> replica uri=ldap://IPOFYOUR2MACHINE:389
> binddn="cn=youradmin,dc=your,dc=ldap"
> suffix="dc=yourc,dc=ldap"
> bindmethod=simple
> credentials=securepassword
>
> I understand the part of backup slapd only works with the service
> stopped?
>
> Well Im grateful for all your time :-)
>
> Thanks and Best Regards
>
>
>
> 2011/2/18
>
>
>
>
> In my hint I think your samba PDC/Ldap is cuurently working well!
> First of all install a second machine with the samba and ldap.
> Do not start samba, do not start ldap.
> The ldap database should be nearly empty ex:/var/lib/ldap
>
> Now copy your smb.conf to your new machine ex: scp
> :/etc/samba
> Edit the smb.conf to your needs and adjust it to be a bdc:
> domain master=NO
> domain logons=YES
> Make a testparm it should succed like this:
> testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[netlogon]"
> WARNING: The "share modes" option is deprecated
> Processing section "[sysvol]"
> WARNING: The "share modes" option is deprecated
> Processing section "[homes]"
> Processing section "[profiles]"
> Processing section "[alles]"
> Processing section "[printers]"
> Processing section "[print$]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_BDC<-you are a BDC
> Press enter to see a dump of your service definitions
>
> Yes very nice!
>
>
>
> Now you are on to copy your slapd.conf and ldap.conf to your new
> machine:
> Ex: scp slapd.conf :/etc/openldap
>
> Now important I do the trick with slurpd.
>
> Sorry, but Slurpd is depricated and no longer available in Openldap
> since 2.3
> http://www.openldap.org/doc/admin24...g%20Slurpd
>
> Here is nice overview of the way LDAP currently works:
>
>
>

http://blog.suretecsystems.com/arch...-OpenLDAP-
> 2.4.html
>
> Once you have sync-repl set up on the current master, and a proper
> slapd.conf and ldap.conf file on the new machine, start ldap, then
>
> smbpasswd -w<ldap-master-passwd>
> net rpc join -U<administrator> <domain name>
>
> Done.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba