Re: duda con servidor BDC

To: "deconya" <elmailpersonal@gmail.com>
Cc: debian-user-spanish@lists.debian.org
Subject: Re: duda con servidor BDC
From: norverisnl@ipvce.gu.rimed.cu
Date: Fri, 1 Oct 2010 13:58:04 -0400 (CDT)
Message-id: <[🔎] 828cbd825706e96807e1a48a874c2406.squirrel@webmail.ipvce.gu.rimed.cu>
In-reply-to: <b07a8ea4eef1d6379a02c86ebbb78c26.squirrel@webmail.ipvce.gu.rimed.cu>
References: <AANLkTinKf4keZGR1tYH4Q3VF2eVmH6n41ujTpTYFr+7k@mail.gmail.com> <b07a8ea4eef1d6379a02c86ebbb78c26.squirrel@webmail.ipvce.gu.rimed.cu>

Una referencia de dolfo Maltez
"adolfo maltez" <adolfomaltez@gmail.com>



 Saludos.

 Para replicar la base de datos LDAP entre el PDC y el BDC, debes
 configurar
 los demonios slapd en ambos servidores.

 La referencia en el manual de LDAP.
 http://www.openldap.org/doc/admin24/replication.html

 Hay varios modos de replicación, en mi caso para replicar entre PDC y BDC
 utilizo "mirror mode".

 Espero te funcione.

 Att.
 Adolfo Maltez


>> Buenas
>>
>> Tengo una duda con el servidor BDC que tengo montado. Esta montado con
>> un samba + openldap y despues de configurar samba segun el manual
>> oficial de samba no se si la replica del ldap tambien se activa
>> correctamente. Alguna vez me encuentro que saltó pero no realiza las
>> validaciones rebotando todos los usuarios.
>>
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
>>
>> Segun entiendo cuando monto el BDC tengo que activar la replica slave
>> del openldap o no es necesario? O sea con la configuracion del
>> smb.conf es suficiente o tambien tengo que configurar el slapd.conf?
>>
>> Os posteo ambas configs:
>>
>> smb.conf global:
>>
>> [global]
>>    workgroup = domain
>>    netbios name = domain-PDC
>>    security = user
>>    enable privileges = yes
>>    interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
>> #   bind interfaces only = yes
>>    server string = domain Primary Domain Controller
>>    encrypt passwords = true
>> #   obey pam restrictions = no
>> #   pam password change = yes
>>
>>    unix password sync = no
>>    ldap passwd sync = yes
>>    passwd program = /usr/bin/smbldap-passwd %u
>>    passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>
>>    log level = 1
>>    syslog = 0
>>    log file = /var/log/samba/log.%m
>>    max log size = 1000
>>    time server = yes
>>    #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>    mangling method = hash2
>>    Dos charset = 850
>>    Unix charset = UTF-8
>>
>>    logon path = \\%N\profiles\%U
>>    logon drive =
>>    logon home =
>>    logon script =
>>
>>    domain logons = yes
>>    domain master = yes
>>    local master = yes
>>    preferred master = yes
>>    os level = 65
>>    wins support = yes
>>    dns proxy = yes
>>    panic action = /usr/share/samba/panic-action %d
>>    server signing = auto
>>    server schannel = auto
>>    winbind trusted domains only = yes
>>    winbind use default domain = yes
>>
>>    passdb backend = ldapsam:"ldap://127.0.0.1 ldap://moon.domain.es";
>>    ldap admin dn = cn=admin,dc=domain,dc=es
>>    ldap suffix = dc=domain,dc=es
>>    ldap group suffix = ou=Groups
>>    ldap user suffix = ou=Users
>>    ldap machine suffix = ou=Computers
>>    ldap idmap suffix = ou=Idmap
>>    ldap ssl = no
>>   ldap delete dn = yes
>>    add user script = /usr/sbin/smbldap-useradd -m "%u"
>>    delete user script = /usr/sbin/smbldap-userdel "%u"
>>    add machine script = /usr/sbin/smbldap-useradd -w "%u"
>>    add group script = /usr/sbin/smbldap-groupadd -p "%g"
>>    delete group script = /usr/sbin/smbldap-groupdel "%g"
>>    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>>    delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
>> "%g"
>>    set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>>
>>    load printers = yes
>>    create mask = 0644
>>    directory mask = 0755
>>    nt acl support = no
>>    printing = cups
>>    printcap name = cups
>>    deadtime = 60
>>    keepalive = 600
>>    guest account = nobody
>>    map to guest = bad user
>>    dont descend = /proc,/dev,/etc,/lib,/lost+found
>>    show add printer wizard = yes
>>    preserve case = yes
>>    short preserve case = yes
>>    case sensitive = no
>>    usershare allow guests = yes
>>
>> El slap.conf del PDC:
>>
>> # The distinguished name of the search base.
>> base dc=domain,dc=es
>> ldap_version 3
>> rootbinddn cn=admin,dc=domain,dc=es
>>
>> # Another way to specify your LDAP server is to provide an
>> uri ldap:///127.0.0.1
>>
>> pam_password md5
>> -exim,avahi,backup,bin,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,nagios,news
>> ,ntp,openldap,polkituser,proxy,root,saned,snmp,sshd,sync,sys,syslog,uucp,www-data
>>
>> Si tienen algun howto ya me va bien, pero es que no tengo claro si hay
>> que hacer algo mas para que funcione el bdc correctamente
>>
>> Un Saludo
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-spanish-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>> Archive:
>> http://lists.debian.org/AANLkTinKf4keZGR1tYH4Q3VF2eVmH6n41ujTpTYFr+7k@mail.gmail.com
>>
>>
>> ************************
>> * Analizado con MailScanner y se considera que está limpio
>> * Centro de Informática y Comunicaciones - CICom EduSol
>> * Desde el alto oriente cubano, visítenos en:
>> * Intranet: http://ucp.gu.rimed.cu Internet: http://www.ucp.gu.rimed.cu
>> ***********************************************
>>
>>
>



************************
* Analizado con MailScanner y se considera que está limpio
* Centro de Informática y Comunicaciones - CICom EduSol
* Desde el alto oriente cubano, visítenos en:
* Intranet: http://ucp.gu.rimed.cu Internet: http://www.ucp.gu.rimed.cu
***********************************************

Reply to:

Prev by Date: Re: Linux Mint
Next by Date: Re: Linux Mint
Previous by thread: Re: duda con servidor BDC
Next by thread: Sobre BIND9
Index(es):
- Date
- Thread