duda con servidor BDC
Buenas
Tengo una duda con el servidor BDC que tengo montado. Esta montado con
un samba + openldap y despues de configurar samba segun el manual
oficial de samba no se si la replica del ldap tambien se activa
correctamente. Alguna vez me encuentro que saltó pero no realiza las
validaciones rebotando todos los usuarios.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
Segun entiendo cuando monto el BDC tengo que activar la replica slave
del openldap o no es necesario? O sea con la configuracion del
smb.conf es suficiente o tambien tengo que configurar el slapd.conf?
Os posteo ambas configs:
smb.conf global:
[global]
workgroup = domain
netbios name = domain-PDC
security = user
enable privileges = yes
interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
# bind interfaces only = yes
server string = domain Primary Domain Controller
encrypt passwords = true
# obey pam restrictions = no
# pam password change = yes
unix password sync = no
ldap passwd sync = yes
passwd program = /usr/bin/smbldap-passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = UTF-8
logon path = \\%N\profiles\%U
logon drive =
logon home =
logon script =
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
wins support = yes
dns proxy = yes
panic action = /usr/share/samba/panic-action %d
server signing = auto
server schannel = auto
winbind trusted domains only = yes
winbind use default domain = yes
passdb backend = ldapsam:"ldap://127.0.0.1 ldap://moon.domain.es";
ldap admin dn = cn=admin,dc=domain,dc=es
ldap suffix = dc=domain,dc=es
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap ssl = no
ldap delete dn = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
load printers = yes
create mask = 0644
directory mask = 0755
nt acl support = no
printing = cups
printcap name = cups
deadtime = 60
keepalive = 600
guest account = nobody
map to guest = bad user
dont descend = /proc,/dev,/etc,/lib,/lost+found
show add printer wizard = yes
preserve case = yes
short preserve case = yes
case sensitive = no
usershare allow guests = yes
El slap.conf del PDC:
# The distinguished name of the search base.
base dc=domain,dc=es
ldap_version 3
rootbinddn cn=admin,dc=domain,dc=es
# Another way to specify your LDAP server is to provide an
uri ldap:///127.0.0.1
pam_password md5
-exim,avahi,backup,bin,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,nagios,news
,ntp,openldap,polkituser,proxy,root,saned,snmp,sshd,sync,sys,syslog,uucp,www-data
Si tienen algun howto ya me va bien, pero es que no tengo claro si hay
que hacer algo mas para que funcione el bdc correctamente
Un Saludo
Reply to: