Solved

Samba - Sync Users on stand alone servers

Posted on 2006-07-11
16
274 Views
Last Modified: 2010-03-17
Hello

A question which is probably really stupid, but I have to ask, because I need help.

I will try and describe the situation as best as possible.

You have 12 different Samba servers in 12 different locations on six different subnets.

The users and groups exist in Unix and Samba on each server. Each user will belong to one or more groups.

You want to sync the users on all servers so that you do not have to update each server individually. Say that you ad a user to a group on one server and would like for them to show up on the other 11 in a timely manner.

You do not have a Windows Domain, but you already have the samba servers. Could the 11 servers use one samba server for passwords and users and groups? If so how?

Last but probably not least is the workstation run Windows XP and do not belong to a domain, but are in the same workgroup.

What is the easiest way to fix this, without having to join the Win XP computers to a domain?

If I could junk it and start it all over, I would.

thanks
mld4165
0
Comment
Question by:mld4165
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 3
  • +1
16 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17085072
that is a Exam TEST..... but anyway

use ldap read about IT nad luck in your vacation test
0
 
LVL 14

Assisted Solution

by:pablouruguay
pablouruguay earned 128 total points
ID: 17085138
0
 
LVL 1

Author Comment

by:mld4165
ID: 17085202
pablouruguay

>>that is a Exam TEST..... but anyway

lol!!

no real life. i have inherited and created this monster.
mld4165
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:pablouruguay
ID: 17085288
yesssss is a monster!!!! :) check this options to do that
0
 
LVL 1

Author Comment

by:mld4165
ID: 17093831
one reason I do not to use a directory service is that if one location gets cut off from the rest they cannot authenticate on their server.

you could have a backup controller at each site?

mld4165
0
 
LVL 40

Expert Comment

by:noci
ID: 17095668
You can configure ldap on every site and have all sites replicate the ldap store between each other...

(openldap: slapd is the LDAP daemon, slurpd will replicate [ portions of ]your ldap trees around)

0
 
LVL 1

Author Comment

by:mld4165
ID: 17099313
while I am looking at ldap I have never used it.

can users update thier passwords from windows clients? If so how? Using Outlook is not going to go over well.

mld4165
0
 
LVL 40

Expert Comment

by:noci
ID: 17099681
Normaly there are web based frontend tools for updating passwords running of the
box itself.
This is to prevent passwords leaking from database.
0
 
LVL 1

Author Comment

by:mld4165
ID: 17101884
any recommendations on how to setup an ldap server?

i have had no luck so far.

thansk
mld4165
0
 
LVL 40

Assisted Solution

by:noci
noci earned 128 total points
ID: 17104020
This can get complicated to explain, please read some of the following and form your own opinion
explaining everything about ldap is quite a lot, and you know your situation best...

In general ibm has several good articles..., http://www.ibm.com/redbooks

http://www.redbooks.ibm.com/abstracts/redp3863.html?Open   - Ldap for Linux
http://www.redbooks.ibm.com/abstracts/sg244986.html?Open   - Understanding LDAP  design & implementation (skip the parts about Tivoli JDBN etc)
http://www.redbooks.ibm.com/abstracts/sg246163.html?Open   - Directory integration (also AD).

http://us2.samba.org/samba/docs/man/Samba3-HOWTO/
http://www.ofb.net/~jheiss/samba/ldap.shtml - this augment the official samba


For management:
install openldap + phpmyldap.

btw. 'net password' might work to update a password (if samba does its work well).

This quite something to read
0
 
LVL 1

Author Comment

by:mld4165
ID: 17107501
just throw out the ldap for a minute and talk about another way to possibly do this.

can the passwd, shadow, group, and files neccessary for samba be replicated between servers?

don't want to start a debate on the right or wrong od system administration, but ldap will take a while just to learn, and I need something quick.

thanks
mld4165
0
 
LVL 1

Author Comment

by:mld4165
ID: 17176115
The original question is about a mess that I inherited, then made a little worse, and I am now trying to fix. I am going to use Samba as a PDC and my outer offices will be backups to the PDC.

Even though I did not want to do the domain it seems to be the easiest way out.

mld4165
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 129 total points
ID: 17178800
I don't know about helping you close this, but I've got an answer to your last question.

Yes, it is possible to replicate passwd/shadow/group between servers.  In fact, you could synchronize changes across all of them.   Problem is, you have to make sure all of your UID/GID numbers match up with the users before you start synchronizing.  It can be done with RSYNC.  I've seen discussions about how to sync your passwd/shadow/group files with RSYNC but I don't have any links for you.  That's probably the quickest solution, provided you can sync up the UID/GID's first.

Another alternative would be to set up NIS and migrate your passwd/shadow/group stuff to NIS, which should also be capable of having more than one copy of its database, IIRC.  That would take a bit more planning, but might be less foreign to you than LDAP.

Maybe, if you can do the RSYNC thing, that would buy you time so you could have a longer-term project of migrating to OpenLDAP as recommended - it'll give you a much more robust and, over the long-term, easier to support environment.

There are combinations of Samba and OpenLDAP that have been suggested as a robust alternative to MAD and Windoze.
0
 
LVL 1

Author Comment

by:mld4165
ID: 17250688
thanks ShineOn
0
 
LVL 1

Author Comment

by:mld4165
ID: 17400976
Cyclops3590

sorry about that.

mld4165
0

Featured Post

Congratulations! You’re Certified – Now What?

Starting a new career can be overwhelming. Becoming certified in your field of expertise is a great start, but where do you go from here?  Here are some tips to help you on your career journey.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question