Re: duda con servidor BDC
Una referencia de dolfo Maltez
"adolfo maltez" <adolfomaltez@gmail.com>
Saludos.
Para replicar la base de datos LDAP entre el PDC y el BDC, debes
configurar
los demonios slapd en ambos servidores.
La referencia en el manual de LDAP.
http://www.openldap.org/doc/admin24/replication.html
Hay varios modos de replicación, en mi caso para replicar entre PDC y BDC
utilizo "mirror mode".
Espero te funcione.
Att.
Adolfo Maltez
>> Buenas
>>
>> Tengo una duda con el servidor BDC que tengo montado. Esta montado con
>> un samba + openldap y despues de configurar samba segun el manual
>> oficial de samba no se si la replica del ldap tambien se activa
>> correctamente. Alguna vez me encuentro que saltó pero no realiza las
>> validaciones rebotando todos los usuarios.
>>
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
>>
>> Segun entiendo cuando monto el BDC tengo que activar la replica slave
>> del openldap o no es necesario? O sea con la configuracion del
>> smb.conf es suficiente o tambien tengo que configurar el slapd.conf?
>>
>> Os posteo ambas configs:
>>
>> smb.conf global:
>>
>> [global]
>> workgroup = domain
>> netbios name = domain-PDC
>> security = user
>> enable privileges = yes
>> interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
>> # bind interfaces only = yes
>> server string = domain Primary Domain Controller
>> encrypt passwords = true
>> # obey pam restrictions = no
>> # pam password change = yes
>>
>> unix password sync = no
>> ldap passwd sync = yes
>> passwd program = /usr/bin/smbldap-passwd %u
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>
>> log level = 1
>> syslog = 0
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> time server = yes
>> #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> mangling method = hash2
>> Dos charset = 850
>> Unix charset = UTF-8
>>
>> logon path = \\%N\profiles\%U
>> logon drive =
>> logon home =
>> logon script =
>>
>> domain logons = yes
>> domain master = yes
>> local master = yes
>> preferred master = yes
>> os level = 65
>> wins support = yes
>> dns proxy = yes
>> panic action = /usr/share/samba/panic-action %d
>> server signing = auto
>> server schannel = auto
>> winbind trusted domains only = yes
>> winbind use default domain = yes
>>
>> passdb backend = ldapsam:"ldap://127.0.0.1 ldap://moon.domain.es"
>> ldap admin dn = cn=admin,dc=domain,dc=es
>> ldap suffix = dc=domain,dc=es
>> ldap group suffix = ou=Groups
>> ldap user suffix = ou=Users
>> ldap machine suffix = ou=Computers
>> ldap idmap suffix = ou=Idmap
>> ldap ssl = no
>> ldap delete dn = yes
>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>> delete user script = /usr/sbin/smbldap-userdel "%u"
>> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> delete group script = /usr/sbin/smbldap-groupdel "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
>> "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>>
>> load printers = yes
>> create mask = 0644
>> directory mask = 0755
>> nt acl support = no
>> printing = cups
>> printcap name = cups
>> deadtime = 60
>> keepalive = 600
>> guest account = nobody
>> map to guest = bad user
>> dont descend = /proc,/dev,/etc,/lib,/lost+found
>> show add printer wizard = yes
>> preserve case = yes
>> short preserve case = yes
>> case sensitive = no
>> usershare allow guests = yes
>>
>> El slap.conf del PDC:
>>
>> # The distinguished name of the search base.
>> base dc=domain,dc=es
>> ldap_version 3
>> rootbinddn cn=admin,dc=domain,dc=es
>>
>> # Another way to specify your LDAP server is to provide an
>> uri ldap:///127.0.0.1
>>
>> pam_password md5
>> -exim,avahi,backup,bin,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,nagios,news
>> ,ntp,openldap,polkituser,proxy,root,saned,snmp,sshd,sync,sys,syslog,uucp,www-data
>>
>> Si tienen algun howto ya me va bien, pero es que no tengo claro si hay
>> que hacer algo mas para que funcione el bdc correctamente
>>
>> Un Saludo
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-spanish-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>> Archive:
>> http://lists.debian.org/AANLkTinKf4keZGR1tYH4Q3VF2eVmH6n41ujTpTYFr+7k@mail.gmail.com
>>
>>
>> ************************
>> * Analizado con MailScanner y se considera que está limpio
>> * Centro de Informática y Comunicaciones - CICom EduSol
>> * Desde el alto oriente cubano, visítenos en:
>> * Intranet: http://ucp.gu.rimed.cu Internet: http://www.ucp.gu.rimed.cu
>> ***********************************************
>>
>>
>
************************
* Analizado con MailScanner y se considera que está limpio
* Centro de Informática y Comunicaciones - CICom EduSol
* Desde el alto oriente cubano, visítenos en:
* Intranet: http://ucp.gu.rimed.cu Internet: http://www.ucp.gu.rimed.cu
***********************************************
Reply to: