Ahoj všem,
ještě bych to rád celé jednou otevřel.
Takže jsem si ted vytvořil 2 servery, na kterých běží Debian lenny.
Je na nich nainstalovana Samba, Ldap, Ldap tools.
1 Server je nakonfigurovaný jako PDC - s LDAP
[global]
# Domain name ..
workgroup = domena
# Server name - as seen by Windows PCs ..
netbios name = brno
# Be a PDC ..
domain logons = Yes
domain master = Yes
# Be a WINS server ..
wins support = true
obey pam restrictions = Yes
dns proxy = No
os level = 35
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
pam password change = Yes
# Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del
unix password sync = no
ldap passwd sync = yes
# Printing from PCs will go via CUPS ..
load printers = yes
printing = cups
printcap name = cups
# Use LDAP for Samba user accounts and groups ..
passdb backend = ldapsam:ldap://localhost
# This must match init.ldif ..
ldap suffix = dc=domena,dc=domena
# The password for cn=admin MUST be stored in /etc/samba/secrets.tdb
# This is done by running 'sudo smbpasswd -w'.
ldap admin dn = cn=admin,dc=domena,dc=domena
# 4 OUs that Samba uses when creating user accounts, computer accounts, etc.
# (Because we are using smbldap-tools, call them 'Users', 'Computers', etc.)
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
# Samba and LDAP server are on the same server in this example.
ldap ssl = no
# Scripts for Samba to use if it creates users, groups, etc.
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# Script that Samba users when a PC joins the domain ..
# (when changing 'Computer Properties' on the PC)
add machine script = /usr/sbin/smbldap-useradd -w '%u'
A tady je BDC, které je připojené k Ldapu na prvním serveru. vedle pdc tu běží také LDAP, a na něm lítá replika z prvního serveru.
[global]
# Domain name ..
workgroup = domena
# Server name - as seen by Windows PCs ..
netbios name = praha
# Be a BDC ..
domain logons = Yes
domain master = no
# Be a WINS server ..
wins support = true
obey pam restrictions = Yes
dns proxy = No
os level = 35
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
pam password change = Yes
# Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del
unix password sync = no
ldap passwd sync = yes
# Printing from PCs will go via CUPS ..
load printers = yes
printing = cups
printcap name = cups
# Use LDAP for Samba user accounts and groups ..
passdb backend = ldapsam:ldap://10.17.97.26
# This must match init.ldif ..
ldap suffix = dc=domena,dc=domena
# The password for cn=admin MUST be stored in /etc/samba/secrets.tdb
# This is done by running 'sudo smbpasswd -w'.
ldap admin dn = cn=admin,dc=domena,dc=domena
# 4 OUs that Samba uses when creating user accounts, computer accounts, etc.
# (Because we are using smbldap-tools, call them 'Users', 'Computers', etc.)
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
# Samba and LDAP server are on the same server in this example.
ldap ssl = no
# Scripts for Samba to use if it creates users, groups, etc.
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# Script that Samba users when a PC joins the domain ..
# (when changing 'Computer Properties' on the PC)
add machine script = /usr/sbin/smbldap-useradd -w '%u'
A ted věc která se mi momentálně nějak nedaří pochopit, je jak bude fungovat BDC? PDC funguje normálně počítač do domény přidám vše OK.
Ale když chci přidat počítač do BDC tak nic,
Tak mě napadlo jestli to nefunguje tak že tedy vše z Brna a Prahy budu přidávat na PDC-Brno
A pak to budu rozlišovat pouze logováním uživatele do domény a to tedy asi takle když budu chtít přihlásit v praze
Uživatel : Praha\jmeno
heslo : heslo
doména: domena
A když se budu chtít přihlásit v brně
Uživatel : brno\jmeno
heslo : heslo
doména: domena
Tak mě prosím vyvedtě z omilu Jak funguje BDC s PDC:) Díky Moc, kdyby ste chtěli nějaké další info tak pisněte dodám.