[Samba] Samba PDC + OpenLDAP replica
This is a discussion on [Samba] Samba PDC + OpenLDAP replica within the Samba forums, part of the Networking and Network Related category; Hi! I would like to ask you Samba gurus if it is possible to set up Samba PDC which uses ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-04-2005
|
|||
|
|||
[Samba] Samba PDC + OpenLDAP replica
Hi!
I would like to ask you Samba gurus if it is possible to set up Samba PDC which uses OpenLDAP replica as backend. I had two separate OpenLDAP master servers (2.2.13-4) for two different Samba PDC servers (3.0.14a-2) with TLS support in different virtual networks (VLANs), and all worked fine. However, I decided that it would be nice (from an administrative point of view) to have all user/client data on same departmental master OpenLDAP server, which would work as a backend for division level Samba PDC servers in different VLANs via LDAP replicas (our department contains many subdepartments, or divisions, and most of them have their own VLANs). So, I read Samba documentation and I understood that it is possible to make such a system, where Samba server uses LDAP replica as it's backend. First I transferred all user/client data to master LDAP server, and created a slave server to be used by Samba PDC in different VLAN. I tested connections with ldapsearch command and all worked well, and changes written to master directory are propagated to slave server's LDAP directory. Both servers are configured to use TLS transport, and both server's have their own CA signed certificate files. But when I tried to set up my division level Samba server to use replica as it's backend, I got an error that Samba can't connect to replica's directory. In log files I have messages like slave.server.net smbd: Failed to issue the StartTLS instruction: Connect error whenever I try to e.g. login to slave.server.net's Samba service. SSH logins work fine (for SSH logins my slave uses also LDAP directory replica). So my guess is that this has something to do with certificate files. I don't understand what it could be, because I can browse LDAP directory fine with e.g. ldapsearch command on both master and slave, and logins with SSH work. So to my question. What certificate files Samba is using in order to make TLS connections to replica server? I understand they should be certificate files for my slave server, if Samba is using replica as it's backend. Or is it possible at all (or even reasonable) to use LDAP replica as a backend for Samba PDC server? Should it be BDC server instead of PDC? Should I set up one departmental level master server with master LDAP and Samba PDC, and many LDAP slaves (replicas) with Samba BDCs? But in this case the different VLANs are coing to be a problem for traffic between Samba PDC and BDCs, or so I have understood, since switches connecting different VLANs don't route NetBIOS traffic. And I have no administrative rights to make any changes to their configuration. So, is it possible at all to make Samba to use LDAP replica as it's backend? Jukka Hienola University of Helsinki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
