Replicated Failover Domain Controller and file server using LDAP: Difference between revisions

From SambaWiki
No edit summary
 
No edit summary
Line 1: Line 1:
<div class="Section1">
<nowiki>Insert non-formatted text here</nowiki>SAMBA 3 LDAP HIGH AVAILABILITY CLUSTER


<center>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="18.0pt">SAMBA 3: FAILOVER DOMAIN CONTROLLER</font></font></span>'''</center>


<center>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="18.0pt"> </font></font></span>'''</center>
SAMBA 3 EXTENSIONS


<center>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="18.0pt">SAMBA 3 EXTENSIONS</font></font></span>'''</center>


<center><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span></center>


<center><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span></center>
TECHNICAL CONFIGURATION


<center>'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt">TECHNICAL CONFIGURATION</font></font></span></u>'''</center>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"> </font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"> </font></span>'''
Author: Adrian Sender


<center>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica">[mailto:asender@samba.org <span style="text-decoration: none; text-underline: none"><font color="windowtext">Author: Adrian Sender</font></span>]</font></span>'''</center>
Supervisor: Simo Sorce


<center>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica">[mailto:idra@samba.org <span style="text-decoration: none; text-underline: none"><font color="windowtext">Supervisor: Simo Sorce</font></span>]</font></span>'''</center>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"> </font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"> </font></span>
Objectives


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt">Objectives</font></font></span></u>'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"></font></span></u>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
· Samba Active Directory Upgrade Compatible


<span style="mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol"><font face="Symbol"><font size="14.0pt"><span style="mso-list: Ignore">·<span style="font: 7.0pt &quot;Times New Roman&quot;">                    </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt">Samba Active Directory Upgrade Compatible</font></font></span>'''
· Set Standards


<span style="mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol"><font face="Symbol"><font size="14.0pt"><span style="mso-list: Ignore">·<span style="font: 7.0pt &quot;Times New Roman&quot;">                    </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt">Set Standards</font></font></span>'''
· High Availability Cluster


<span style="mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol"><font face="Symbol"><font size="14.0pt"><span style="mso-list: Ignore">·<span style="font: 7.0pt &quot;Times New Roman&quot;">                    </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt">High Availability Cluster</font></font></span>'''
· Recommended By Developers


<span style="mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol"><font face="Symbol"><font size="14.0pt"><span style="mso-list: Ignore">·<span style="font: 7.0pt &quot;Times New Roman&quot;">                    </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt">Recommended By Developers</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
Overview


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">[#overview Overview]</font></font></font></span></u>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
- 1.0: Configuring Samba


<span><font color="blue"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Configuring_Samba <span style="text-decoration: none; text-underline: none">1.0: Configuring Samba</span>]</font></font></span>'''
o 1.1 smb.conf PDC


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#smb_conf_PDC <span style="text-decoration: none; text-underline: none">1.1 smb.conf PDC</span>]</font></font></span>'''
o 1.2 smb.conf BDC


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#smb_conf_BDC <span style="text-decoration: none; text-underline: none">1.2 smb.conf BDC</span>]</font></font></span>'''
o 1.3 /etc/hosts


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#hosts <span style="text-decoration: none; text-underline: none">1.3 /etc/hosts</span>]</font></font></span>'''
o 1.4 Samba Security


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#samba_security <span style="text-decoration: none; text-underline: none">1.4 Samba Security</span>]</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
- 2.0: Configuring LDAP


<span><font color="blue"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></span><span class="MsoHyperlink">'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;; text-decoration: none; text-underline: none"><font face="Helvetica">[#Configuring_LDAP <span style="text-decoration: none; text-underline: none">2.0: Configuring LDAP</span>]</font></span>'''</span>'''<span><font color="blue"></font></span>'''
o 2.1 slapd.conf Master


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#slapd_conf_Master <span style="text-decoration: none; text-underline: none">2.1 slapd.conf Master</span>]</font></font></span>'''
§ 2.1.1 slapd.conf Master syncrepl Openldap2.2


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#slapd_conf_Master_Syncrepl <span style="text-decoration: none; text-underline: none">2.1.1 slapd.conf Master syncrepl Openldap2.2</span>]</font></font></span>'''
§ 2.1.2 slapd.conf Master delta-syncrepl Openldap2.3


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#slapd_conf_Master_Syncrepl_4_Openldap2_3 <span style="text-decoration: none; text-underline: none">2.1.2 slapd.conf Master delta-syncrepl Openldap2.3</span>]</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#slapd_conf_Master_Syncrepl_4_Openldap2_3 <span style="text-decoration: none; text-underline: none"><span style="mso-spacerun: yes"> </span></span>]</font></font></span>'''
o 2.2 slapd.conf Slave


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#slapd_conf_Slave <span style="text-decoration: none; text-underline: none">2.2 slapd.conf Slave</span>]</font></font></span>'''
§ 2.2.1 slapd.conf Slave syncrepl Openldap2.2


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#slapd_conf_Slave_Syncrepl <span style="text-decoration: none; text-underline: none">2.2.1 slapd.conf Slave syncrepl Openldap2.2</span>]</font></font></span>'''
§ 2.2.2 slapd.conf Slave delta-syncrepl Openldap2.3


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#slapd_conf_Slave_Syncrepl_4_Openldap2_3 <span style="text-decoration: none; text-underline: none">2.2.2 slapd.conf Slave delta-syncrepl Openldap2.3</span>]</font></font></span>'''
o 2.3 ldap.conf Master


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#ldap_conf_Master <span style="text-decoration: none; text-underline: none">2.3 ldap.conf Master</span>]</font></font></span>'''
o 2.4 ldap.conf Slave


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#ldap_conf_Slave <span style="text-decoration: none; text-underline: none">2.4 ldap.conf Slave</span>]</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
- 3.0: Initialization LDAP Database


<span><font color="blue"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Initialization_LDAP_Database <span style="text-decoration: none; text-underline: none">3.0: Initialization LDAP Database</span>]</font></font></span>'''
o 3.1 Provisioning Database


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Provisioning_Database <span style="text-decoration: none; text-underline: none">3.1 Provisioning Database</span>]</font></font></span>'''
o 3.2 Preload LDIF


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Preload_LDIF <span style="text-decoration: none; text-underline: none">3.2 Preload LDIF</span>]</font></font></span>'''
o 3.3 LDAP Population


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#LDAP_population <span style="text-decoration: none; text-underline: none">3.3 LDAP Population</span>]</font></font></span>'''
o 3.4 Database Replication


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Database_Replication <span style="text-decoration: none; text-underline: none">3.4 Database Replication </span>]</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
- 4.0: User Management


<span><font color="blue"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#User_Management <span style="text-decoration: none; text-underline: none">4.0: User Management</span>]</font></font></span>'''
o 4.1 smbldap-tools


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#smbldap_tools <span style="text-decoration: none; text-underline: none">4.1 smbldap-tools</span>]</font></font></span>'''
§ 4.1.1 smbldap.conf Master


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#smbldap_conf_Master <span style="text-decoration: none; text-underline: none">4.1.1 smbldap.conf Master</span>]</font></font></span>'''
§ 4.1.2 smbldap.conf Slave


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#smbldap_conf_Slave <span style="text-decoration: none; text-underline: none">4.1.2 smbldap.conf Slave</span>]</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
- 5.0: Heartbeat HA Configuration


<span><font color="blue"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Heartbeat_HA_Configuration <span style="text-decoration: none; text-underline: none">5.0: Heartbeat HA Configuration</span>]</font></font></span>'''
o 5.1 Requirements


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Requirements <span style="text-decoration: none; text-underline: none">5.1 Requirements</span>]</font></font></span>'''
o 5.2 Installation


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Installation <span style="text-decoration: none; text-underline: none">5.2 Installation</span>]</font></font></span>'''
o 5.3 Configuration


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Configuration_PDC <span style="text-decoration: none; text-underline: none">5.3 Configuration<span style="mso-spacerun: yes">  </span></span>]<span style="mso-spacerun: yes"> </span></font></font></span>'''
§ 5.3.1 ha.cf


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#ha_cf <span style="text-decoration: none; text-underline: none">5.3.1 ha.cf</span>]</font></font></span>'''
§ 5.3.2 haresources


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#haresources <span style="text-decoration: none; text-underline: none">5.3.2 haresources</span>]</font></font></span>'''
§ 5.3.3 authkeys


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#authkeys <span style="text-decoration: none; text-underline: none">5.3.3 authkeys</span>]</font></font></span>'''
o 5.4 Testing


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">5.4 Testing</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
- 6.0: DRBD


<span><font color="blue"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#DRBD <span style="text-decoration: none; text-underline: none">6.0: DRBD</span>] </font></font></span>'''
o 6.1 Requirements


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Requirements_6_1 <span style="text-decoration: none; text-underline: none">6.1 Requirements</span>]</font></font></span>'''
o 6.2 Installation


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Installation <span style="text-decoration: none; text-underline: none">6.2 Installation</span>]</font></font></span>'''
o 6.3 Configuration


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Configuration_6_3 <span style="text-decoration: none; text-underline: none">6.3 Configuration</span>]</font></font></span>'''
§ 6.3.1 drbd.conf


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#drbd_conf <span style="text-decoration: none; text-underline: none">6.3.1 drbd.conf</span>]</font></font></span>'''
§ 6.3.2 Initialization


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#initialization <span style="text-decoration: none; text-underline: none">6.3.2 Initialization</span>]</font></font></span>'''
o 6.4 Testing


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#DRBD_testing <span style="text-decoration: none; text-underline: none">6.4 Testing</span>]</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
- 7.0: BIND DNS


<span><font color="blue"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#BIND_DNS <span style="text-decoration: none; text-underline: none">7.0: BIND DNS</span>]</font></font></span>'''
o 7.1 Configuration


<span style="mso-fareast-font-family: &quot;Courier New&quot;"><font color="blue"><font face="&quot;Courier New&quot;"><span style="mso-list: Ignore">o<span style="font: 7.0pt &quot;Times New Roman&quot;">       </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#Configuration_7_1 <span style="text-decoration: none; text-underline: none">7.1 Configuration</span>]</font></font></span>'''
§ 7.1.1 named.conf


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#named_conf <span style="text-decoration: none; text-underline: none">7.1.1 named.conf</span>]</font></font></span>'''
§ 7.1.2 zone file


<span style="mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings"><font color="blue"><font face="Wingdings"><span style="mso-list: Ignore">§<span style="font: 7.0pt &quot;Times New Roman&quot;">         </span></span></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica">[#zone_file <span style="text-decoration: none; text-underline: none">7.1.2 zone file</span>]</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
Overview


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">Overview</font></font></font></span></u>''''''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
We will be configuring a 2 node cluster using Samba and Openldap to provide windows domain authentication. Heartbeat will provide the 2 nodes with one virtual IP address; we will use this IP address to map network drives and access recourses.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We will be configuring a 2 node cluster using Samba and Openldap to provide windows domain authentication. Heartbeat will provide the 2 nodes with one virtual IP address; we will use this IP address to map network drives and access recourses. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span></font></font></span>
Most of us are familiar with some form of RAID; we will be using DRBD software RAID1 over LAN to provide real time data replication, it replicates the data on a block level; if a failure occurs on node1 or it becomes unresponsive resources will be migrated to node2 and the DRBD drive mounted.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Most of us are familiar with some form of RAID; we will be using DRBD software RAID1 over LAN to provide real time data replication, it replicates the data on a block level; if a failure occurs on node1 or it becomes unresponsive resources will be migrated to node2 and the DRBD drive mounted.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
This is a complex setup and strict guide lines need to be followed in order to achieve stability.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">This is a complex setup and strict guide lines need to be followed in order to achieve stability.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
We should start with 2 identical machines each with 2 hard drives. One of these drives will be used for the operating system; the other is our DRBD RAID1 over LAN drive.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We should start with 2 identical machines each with 2 hard drives. One of these drives will be used for the operating system; the other is our DRBD RAID1 over LAN drive. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
By today’s standards anything in the Pentium 4 range and above will suit, Operating system drive should be no less then approximately 40GB, the DRBD replication drive should be approximately 300GB each - SATA and SCSI are also fine. DRBD can currently address and replicate data storage up to 4TB.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">By today’s standards anything in the Pentium 4 range and above will suit, Operating system drive should be no less then approximately 40GB, the DRBD replication drive should be approximately 300GB each - SATA and SCSI are also fine. DRBD can currently address and replicate data storage up to 4TB.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Once familiar with this kind of configuration you can easily take one node offline to upgrade additional storage or any hardware requirements without users suffering.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Once familiar with this kind of configuration you can easily take one node offline to upgrade additional storage or any hardware requirements without users suffering.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
High Availability and data replication should not replace traditional backups such as tape and external media devices, especially if you are using this configuration and are not familiar with the workings.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">High Availability and data replication should not replace traditional backups such as tape and external media devices, especially if you are using this configuration and are not familiar with the workings.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
The machines will need to be in close proximity to each other so we can use Serial communication to provide a fault tolerant heartbeat. If you choose not to use serial you may have unexpected failovers due to bandwidth delay or a network card failure. Ideally we want to have a quick failover so it is important that these precautions are taken.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The machines will need to be in close proximity to each other so we can use Serial communication to provide a fault tolerant heartbeat. If you choose not to use serial you may have unexpected failovers due to bandwidth delay or a network card failure. Ideally we want to have a quick failover so it is important that these precautions are taken.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Each node will require 2 network cards.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Each node will require 2 network cards.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Here is a basic configuration overview:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Here is a basic configuration overview:</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Configuration Details


{| class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 480; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext" border="1"
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
| style="width: 221.4pt; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt" width="295" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Configuration Details</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
node1.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">node1.differentialdesign.org</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Eth0: LAN Network Address


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Eth0:<span style="mso-tab-count: 1">    </span>LAN Network Address</font></font></font></span>
IP Address: 192.168.0.2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">IP Address:<span style="mso-tab-count: 1">       </span>192.168.0.2</font></font></font></span>
Subnet Mast: 255.255.255.0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Subnet Mast:<span style="mso-tab-count: 1">     </span>255.255.255.0</font></font></font></span>
Gateway: 192.168.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Gateway:<span style="mso-tab-count: 1">          </span>192.168.0.1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Eth0:1 Heartbeat LAN Address


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Eth0:1<span style="mso-spacerun: yes">    </span>Heartbeat LAN Address</font></font></font></span>
IP Address: 192.168.0.4


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">IP Address:<span style="mso-tab-count: 1">       </span>192.168.0.4</font></font></font></span>
Subnet Mast: 255.255.255.0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Subnet Mast:<span style="mso-tab-count: 1">     </span>255.255.255.0</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Eth1: DRBD Replication Network


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Eth1:<span style="mso-tab-count: 1">    </span>DRBD Replication Network</font></font></font></span>
IP Address: 10.0.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">IP Address:<span style="mso-tab-count: 1">       </span>10.0.0.1</font></font></font></span>
Subnet Mast: 255.255.255.0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Subnet Mast:<span style="mso-tab-count: 1">     </span>255.255.255.0</font></font></font></span>
Gateway: None


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Gateway:<span style="mso-tab-count: 1">          </span>None</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
HDC: Operating System Drive


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">HDC:<span style="mso-tab-count: 1">    </span>Operating System Drive</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
HDD: DRBD Data Replication Drive


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">HDD:<span style="mso-tab-count: 1">    </span>DRBD Data Replication Drive</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
TTYS0: COM Port 1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">TTYS0: COM Port 1</font></font></font></span>
Configuration Details


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
| style="width: 221.4pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt" width="295" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Configuration Details</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
node2.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">node2.differentialdesign.org</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Eth0: LAN Network Address


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Eth0:<span style="mso-tab-count: 1">    </span>LAN Network Address</font></font></font></span>
IP Address: 192.168.0.3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">IP Address:<span style="mso-tab-count: 1">       </span>192.168.0.3</font></font></font></span>
Subnet Mast: 255.255.255.0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Subnet Mast:<span style="mso-tab-count: 1">     </span>255.255.255.0</font></font></font></span>
Gateway: 192.168.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Gateway:<span style="mso-tab-count: 1">          </span>192.168.0.1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Eth1: DRBD Replication Network


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Eth1:<span style="mso-tab-count: 1">    </span>DRBD Replication Network </font></font></font></span>
IP Address: 10.0.0.2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">IP Address:<span style="mso-tab-count: 1">       </span>10.0.0.2</font></font></font></span>
Subnet Mast: 255.255.255.0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Subnet Mast:<span style="mso-tab-count: 1">     </span>255.255.255.0</font></font></font></span>
Gateway: None


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Gateway:<span style="mso-tab-count: 1">          </span>None</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
HDC: Operating System Drive


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">HDC:<span style="mso-tab-count: 1">    </span>Operating System Drive</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
HDD: DRBD Data Replication Drive


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">HDD:<span style="mso-tab-count: 1">    </span>DRBD Data Replication Drive</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
TTYS0: COM Port 1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">TTYS0: COM Port 1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>
1.0: Configuring Samba


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">1.0:</font></font></font></span>'''<span style="mso-bookmark: Configuring_Samba"><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> '''<u>Configuring Samba</u>'''</font></font></font></span></span>


<span style="mso-bookmark: Configuring_Samba"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Samba is an ambitious project to provide solutions for file & print sharing between Linux ™ and Microsoft Windows.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Samba is an ambitious project to provide solutions for file &amp; print sharing between Linux ™ and Microsoft Windows.</font></font></span>
If you are familiar with Samba this document may give you some ideas of how you can bundle different software packages together to produce a very reliable configuration.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">If you are familiar with Samba this document may give you some ideas of how you can bundle different software packages together to produce a very reliable configuration.</font></font></span>
We are building a fault tolerant domain controller, which provides you with the following;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We are building a fault tolerant domain controller, which provides you with the following;</font></font></span>
Samba Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
- Primary Domain Controller


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Samba Configuration</font></font></span>'''
- Backup Domain Controller


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Primary Domain Controller</font></font></span>'''


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Backup Domain Controller</font></font></span>'''
A master domain controller, that provides authentication through the use of LDAP


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
A slave domain controller that can load balance client login requests which also provide redundancy through the use of a replica LDAP database.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">A master domain controller, that provides authentication through the use of LDAP</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">A slave domain controller that can load balance client login requests which also provide redundancy through the use of a replica LDAP database.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''
Get the latest version of samba http://us4.samba.org/samba/ftp/samba-latest.tar.gz


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Get the latest version of samba [http://us4.samba.org/samba/ftp/samba-latest.tar.gz <span style="text-decoration: none; text-underline: none"><font color="windowtext">http://us4.samba.org/samba/ftp/samba-latest.tar.gz</font></span>]</font></font></span>
It is essential that both the PDC and BDC are running the same version of samba.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">It is essential that both the PDC and BDC are running the same version of samba.</font></font></span>
[root@node1 samba]# wget http://us4.samba.org/samba/ftp/samba-latest.tar.gz


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
--19:28:04-- http://us4.samba.org/samba/ftp/samba-latest.tar.gz


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
=> `samba-latest.tar.gz'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 samba]# wget http://us4.samba.org/samba/ftp/samba-latest.tar.gz</font></font></font></span>
Resolving us4.samba.org... 192.48.170.15


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">--19:28:04--<span style="mso-spacerun: yes">  </span>http://us4.samba.org/samba/ftp/samba-latest.tar.gz</font></font></font></span>
Connecting to us4.samba.org|192.48.170.15|:80... connected.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">           </span><nowiki>=&gt; `samba-latest.tar.gz'</nowiki></font></font></font></span>
HTTP request sent, awaiting response... 200 OK


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Resolving us4.samba.org... 192.48.170.15</font></font></font></span>
Length: 17,704,221 (17M) [application/x-tar]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Connecting to us4.samba.org|192.48.170.15|:80... connected.</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">HTTP request sent, awaiting response... 200 OK</font></font></font></span>
100%[====================================>] 17,704,221 53.01K/s ETA 00:00


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Length: 17,704,221 (17M) [application/x-tar]</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
19:33:40 (51.62 KB/s) - `samba-latest.tar.gz' saved [17704221/17704221]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">100%[====================================&gt;] 17,704,221<span style="mso-spacerun: yes">    </span>53.01K/s<span style="mso-spacerun: yes">    </span>ETA 00:00</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">19:33:40 (51.62 KB/s) - `samba-latest.tar.gz' saved [17704221/17704221]</font></font></font></span>
Step2


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 samba]# tar zxvf samba-latest.tar.gz


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''
[root@node1 samba]# cd samba-3.0.23d/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 samba-3.0.23d]#


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 samba]# tar zxvf samba-latest.tar.gz</font></font></font></span>
[root@node1 samba-3.0.23d]# cd packaging/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
bin/ Example/ Mandrake/ RedHat-9/ SGI/ SuSE/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 samba]# cd samba-3.0.23d/</font></font></font></span>
Debian/ LSB/ README RHEL/ Solaris/ sysv/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 samba-3.0.23d]#</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 samba-3.0.23d]# cd packaging/</font></font></font></span>
Step3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">bin/<span style="mso-spacerun: yes">      </span>Example/<span style="mso-spacerun: yes">  </span>Mandrake/ RedHat-9/ SGI/<span style="mso-spacerun: yes">      </span>SuSE/</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Debian/<span style="mso-spacerun: yes">   </span>LSB/<span style="mso-spacerun: yes">      </span>README<span style="mso-spacerun: yes">    </span>RHEL/<span style="mso-spacerun: yes">     </span>Solaris/<span style="mso-spacerun: yes">  </span>sysv/</font></font></font></span>
This will take some time.


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 samba-3.0.23d]# cd packaging/RHEL/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3</font></font></span></u>'''
[root@node1 RHEL]# ls


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
makerpms.sh makerpms.sh.tmpl samba.spec samba.spec.tmpl setup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">This will take some time.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 RHEL]# chmod 777 makerpms.sh


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
[root@node1 RHEL]# ./makerpms.sh


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 samba-3.0.23d]# cd packaging/RHEL/</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Wrote: /usr/src/redhat/SRPMS/samba-3.0.23d-1.src.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 RHEL]# ls</font></font></font></span>
Wrote: /usr/src/redhat/RPMS/i386/samba-3.0.23d-1.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">makerpms.sh<span style="mso-spacerun: yes">  </span>makerpms.sh.tmpl<span style="mso-spacerun: yes">  </span>samba.spec<span style="mso-spacerun: yes">  </span>samba.spec.tmpl<span style="mso-spacerun: yes">  </span>setup</font></font></font></span>
Wrote: /usr/src/redhat/RPMS/i386/samba-client-3.0.23d-1.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Wrote: /usr/src/redhat/RPMS/i386/samba-common-3.0.23d-1.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 RHEL]# chmod 777 makerpms.sh</font></font></font></span>
Wrote: /usr/src/redhat/RPMS/i386/samba-swat-3.0.23d-1.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 RHEL]# ./makerpms.sh</font></font></font></span>
Wrote: /usr/src/redhat/RPMS/i386/samba-doc-3.0.23d-1.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Wrote: /usr/src/redhat/RPMS/i386/samba-debuginfo-3.0.23d-1.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Wrote: /usr/src/redhat/SRPMS/samba-3.0.23d-1.src.rpm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Wrote: /usr/src/redhat/RPMS/i386/samba-3.0.23d-1.i386.rpm</font></font></font></span>
makerpms.sh: Done.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Wrote: /usr/src/redhat/RPMS/i386/samba-client-3.0.23d-1.i386.rpm</font></font></font></span>
[root@node1 RHEL]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Wrote: /usr/src/redhat/RPMS/i386/samba-common-3.0.23d-1.i386.rpm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Wrote: /usr/src/redhat/RPMS/i386/samba-swat-3.0.23d-1.i386.rpm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Wrote: /usr/src/redhat/RPMS/i386/samba-doc-3.0.23d-1.i386.rpm</font></font></font></span>
Step4


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Wrote: /usr/src/redhat/RPMS/i386/samba-debuginfo-3.0.23d-1.i386.rpm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Install the RPM files we built from source.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">makerpms.sh: Done.</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 RHEL]# </font></font></font></span>
[root@node2]# cd /usr/src/redhat/RPMS/i386/


</div>
[root@node1 i386]# rpm -Uvh samba-3.0.23d-1.i386.rpm samba-client-3.0.23d-1.i386.rpm samba-common-3.0.23d-1.i386.rpm samba-debuginfo-3.0.23d-1.i386.rpm samba-doc-3.0.23d-1.i386.rpm samba-swat-3.0.23d-1.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Preparing... ########################################### [100%]


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
1:samba-common warning: /etc/samba/smb.conf created as /etc/samba/smb.conf.rpmnew


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step4</font></font></span></u>'''
########################################### [ 17%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
2:samba ########################################### [ 33%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Install the RPM files we built from source.</font></font></span>
ls: /var/cache/samba/eventlog/*tdb: No such file or directory


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
3:samba-client ########################################### [ 50%]


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
4:samba-debuginfo ########################################### [ 67%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2]# cd /usr/src/redhat/RPMS/i386/</font></font></font></span>
5:samba-doc ########################################### [ 83%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 i386]# rpm -Uvh samba-3.0.23d-1.i386.rpm samba-client-3.0.23d-1.i386.rpm samba-common-3.0.23d-1.i386.rpm samba-debuginfo-3.0.23d-1.i386.rpm samba-doc-3.0.23d-1.i386.rpm samba-swat-3.0.23d-1.i386.rpm</font></font></font></span>
6:samba-swat ########################################### [100%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Preparing...<span style="mso-spacerun: yes">                </span><nowiki>########################################### [100%]</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>1:samba-common<span style="mso-spacerun: yes">           </span>warning: /etc/samba/smb.conf created as /etc/samba/smb.conf.rpmnew</font></font></font></span>
[root@node1 i386]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>########################################### [ 17%]</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>2:samba<span style="mso-spacerun: yes">                  </span><nowiki>########################################### [ 33%]</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ls: /var/cache/samba/eventlog/*tdb: No such file or directory</font></font></font></span>
Step5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>3:samba-client<span style="mso-spacerun: yes">           </span><nowiki>########################################### [ 50%]</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>4:samba-debuginfo<span style="mso-spacerun: yes">        </span><nowiki>########################################### [ 67%]</nowiki></font></font></font></span>
Login to node2 – the backup domain controller and repeat the above steps.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>5:samba-doc<span style="mso-spacerun: yes">              </span><nowiki>########################################### [ 83%]</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>6:samba-swat<span style="mso-spacerun: yes">             </span><nowiki>########################################### [100%]</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 i386]#</font></font></font></span>
1.1: smb.conf PDC


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
You will need to replace the high lightened parameters with your domain name. Take note of the use of failover ldap backbends; this is very useful.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step5</font></font></span></u>'''
[root@node2 ~]# mkdir /data


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Login to node2 – the backup domain controller and repeat the above steps.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# vi /etc/samba/smb.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">1.1: <u>smb.conf PDC</u></font></font></font></span>'''
# # Primary Domain Controller smb.conf


<span style="mso-bookmark: smb_conf_PDC"><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span></span>


<span style="mso-bookmark: smb_conf_PDC"><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">You will need to replace the high lightened parameters with your domain name. Take note of the use of failover ldap backbends; this is very useful.</font></font></span></span>
# # Global parameters


<span style="mso-bookmark: smb_conf_PDC"></span>


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[global]


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
unix charset = LOCALE


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# mkdir /data</font></font></font></span>
workgroup = DDESIGN


</div>
netbios name = node1


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
#passdb backend = ldapsam:ldap://127.0.0.1


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
#passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3"


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
passdb backend = ldapsam:"ldap://node1.differentialdesign.org ldap://node2.differentialdesign.org"


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# vi /etc/samba/smb.conf</font></font></font></span>
username map = /etc/samba/smbusers


</div>
log level = 1


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
syslog = 0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
log file = /var/log/samba/%m


{| class="MsoNormalTable" style="width: 457.55pt; margin-left: .75pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" width="610" border="1"
max log size = 0
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 27.0pt"
| style="width: 457.55pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 27.0pt" width="610" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># # Primary Domain Controller smb.conf</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
name resolve order = wins bcast hosts


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># # Global parameters</nowiki></font></font></font></span>
time server = Yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
printcap name = CUPS


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[global]</font></font></font></span>
add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">unix charset = LOCALE</font></font></font></span>
delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">workgroup = DDESIGN</font></font></font></span>
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">netbios name = node1</font></font></font></span>
delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#passdb backend = ldapsam:ldap://127.0.0.1</nowiki></font></font></font></span>
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3"</nowiki></font></font></font></span>
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">passdb backend = ldapsam:"ldap://</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">node1.differentialdesign.org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> ldap://</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">node2.differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">.</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">"</font></font></font></span>
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">username map = /etc/samba/smbusers</font></font></font></span>
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">log level = 1</font></font></font></span>
shutdown script = /var/lib/samba/scripts/shutdown.sh


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">syslog = 0</font></font></font></span>
abort shutdown script = /sbin/shutdown -c


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">log file = /var/log/samba/%m</font></font></font></span>
logon script = %u.bat


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">max log size = 0</font></font></font></span>
#logon path = \\192.168.0.4\profiles\%u


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">name resolve order = wins bcast hosts</font></font></font></span>
logon path = \\nodes.differentialdesign.org\profiles\%u


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">time server = Yes</font></font></font></span>
logon drive = H:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">printcap name = CUPS</font></font></font></span>
domain logons = Yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</font></font></font></span>
domain master = Yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</font></font></font></span>
wins support = Yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'</font></font></font></span>
ldap suffix = dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</font></font></font></span>
ldap machine suffix = ou=Computers,ou=Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'</font></font></font></span>
ldap user suffix = ou=People,ou=Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'</font></font></font></span>
ldap group suffix = ou=Groups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</font></font></font></span>
ldap idmap suffix = ou=Idmap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</font></font></font></span>
ldap admin dn = cn=sambaadmin,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">shutdown script = /var/lib/samba/scripts/shutdown.sh</font></font></font></span>
idmap backend = ldap://127.0.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">abort shutdown script = /sbin/shutdown -c</font></font></font></span>
idmap uid = 10000-20000


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logon script = %u.bat</font></font></font></span>
idmap gid = 10000-20000


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#logon path = \\</nowiki></font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">192.168.0.4</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">\profiles\%u</font></font></font></span>
printer admin = root


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logon path = \\</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">nodes.differentialdesign.org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">\profiles\%u</font></font></font></span>
printing = cups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logon drive = H:</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">domain logons = Yes</font></font></font></span>
#========================Share Definitions=========================


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">domain master = Yes</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">wins support = Yes</font></font></font></span>
[homes]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap suffix = dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
comment = Home Directories


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap machine suffix = ou=Computers,ou=Users</font></font></font></span>
valid users = %S


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap user suffix = ou=People,ou=Users</font></font></font></span>
browseable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap group suffix = ou=Groups</font></font></font></span>
writable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap idmap suffix = ou=Idmap</font></font></font></span>
create mask = 0600


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap admin dn = cn=sambaadmin,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
directory mask = 0700


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">idmap backend = ldap://127.0.0.1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">idmap uid = 10000-20000</font></font></font></span>
[netlogon]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">idmap gid = 10000-20000</font></font></font></span>
comment = Network Logon Service


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">printer admin = root</font></font></font></span>
path = /data/samba/netlogon


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">printing = cups</font></font></font></span>
writeable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
browseable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#========================Share Definitions=========================</nowiki></font></font></font></span>
read only = no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[homes]</font></font></font></span>
[profiles]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>comment = Home Directories</font></font></font></span>
path = /data/samba/profiles


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>valid users = %S</font></font></font></span>
writeable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes">  </span>browseable = yes</font></font></font></span>
browseable = no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>writable = yes</font></font></font></span>
read only = no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>create mask = 0600</font></font></font></span>
create mode = 0777


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>directory mask = 0700</font></font></font></span>
directory mode = 0777


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span>[netlogon]</font></font></font></span>
[Documents]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>comment = Network Logon Service</font></font></font></span>
comment = share to test samba


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>path = /data/samba/netlogon</font></font></font></span>
path = /data/documents


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>writeable = yes</font></font></font></span>
writeable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>browseable = yes</font></font></font></span>
browseable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>read only = no</font></font></font></span>
read only = no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
valid users = "@Domain Users"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[profiles]</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>path = /data/samba/profiles</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>writeable = yes</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>browseable = no</font></font></font></span>
1.2: smb.conf BDC


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>read only = no</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>create mode = 0777</font></font></font></span>
[root@node2 ~]# mkdir /data


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>directory mode = 0777</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[Documents]</font></font></font></span>
[root@node2 ~]# vi /etc/samba/smb.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>comment = share to test samba</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>path = /data/documents</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>writeable = yes</font></font></font></span>
# # Global parameters


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>browseable = yes</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>read only = no</font></font></font></span>
# # Backup Domain Controller


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>valid users = "@Domain Users"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[global]
|}


'''<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
unix charset = LOCALE


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
workgroup = DDESIGN


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">1.2: <u>smb.conf BDC</u></font></font></font></span>'''
netbios name = node2


<span style="mso-bookmark: smb_conf_BDC"></span>
#passdb backend = ldapsam:ldap://127.0.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
#passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3"


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
passdb backend = ldapsam:"ldap://node2.differentialdesign.org ldap://node1.differentialdesign.org"


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# mkdir /data</font></font></font></span>
username map = /etc/samba/smbusers


</div>
log level = 1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
syslog = 0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="mso-tab-count: 1">                                                                           </span></font></font></span>
log file = /var/log/samba/%m


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 2.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
max log size = 50


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# vi /etc/samba/smb.conf</font></font></font></span>
name resolve order = wins bcast hosts


</div>
printcap name = CUPS


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
show add printer wizard = No


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
logon script = %u.bat


{| class="MsoNormalTable" style="margin-left: .75pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
#logon path = \\192.168.0.4\profiles\%u
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 36.0pt"
| style="width: 457.55pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 36.0pt" width="610" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># # Global parameters</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
logon path = \\nodes.differentialdesign.org\profiles\%u


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># # Backup Domain Controller</nowiki></font></font></font></span>
logon drive = H:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
domain logons = Yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[global]</font></font></font></span>
os level = 63


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">unix charset = LOCALE</font></font></font></span>
domain master = No


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">workgroup = DDESIGN</font></font></font></span>
wins server = node1.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">netbios name = node2</font></font></font></span>
ldap suffix = dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#passdb backend = ldapsam:ldap://127.0.0.1</nowiki></font></font></font></span>
ldap machine suffix = ou=Computers,ou=Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3"</nowiki></font></font></font></span>
ldap user suffix = ou=People,ou=Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">passdb backend = ldapsam:"ldap://</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">node2.differentialdesign.org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> ldap://</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">node1.differentialdesign.org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">"</font></font></font></span>
ldap group suffix = ou=Groups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">username map = /etc/samba/smbusers</font></font></font></span>
ldap idmap suffix = ou=Idmap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">log level = 1</font></font></font></span>
ldap admin dn = cn=sambaadmin,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">syslog = 0</font></font></font></span>
utmp = Yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">log file = /var/log/samba/%m</font></font></font></span>
idmap backend = ldap://node1.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">max log size = 50</font></font></font></span>
idmap uid = 10000-20000


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">name resolve order = wins bcast hosts</font></font></font></span>
idmap gid = 10000-20000


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">printcap name = CUPS</font></font></font></span>
printing = cups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">show add printer wizard = No</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logon script = %u.bat</font></font></font></span>
#========================Share Definitions=========================


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#logon path = \\192.168.0.4\profiles\%u</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logon path = \\</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">nodes.differentialdesign.org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">\profiles\%u</font></font></font></span>
[homes]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logon drive = H:</font></font></font></span>
comment = Home Directories


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">domain logons = Yes</font></font></font></span>
valid users = %S


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">os level = 63</font></font></font></span>
browseable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">domain master = No</font></font></font></span>
writable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">wins server = </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">node1.differentialdesign.org</font></font></font></span>
create mask = 0600


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap suffix = dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
directory mask = 0700


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap machine suffix = ou=Computers,ou=Users</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap user suffix = ou=People,ou=Users</font></font></font></span>
[netlogon]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap group suffix = ou=Groups</font></font></font></span>
comment = Network Logon Service


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap idmap suffix = ou=Idmap</font></font></font></span>
path = /data/samba/netlogon


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldap admin dn = cn=sambaadmin,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
writeable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">utmp = Yes</font></font></font></span>
browseable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">idmap backend = ldap://</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">node1.differentialdesign.org</font></font></font></span>
read only = no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">idmap uid = 10000-20000</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">idmap gid = 10000-20000</font></font></font></span>
[profiles]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">printing = cups</font></font></font></span>
path = /data/samba/profiles


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
writeable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#========================Share Definitions=========================</nowiki></font></font></font></span>
browseable = no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
read only = no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[homes]</font></font></font></span>
create mode = 0777


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>comment = Home Directories</font></font></font></span>
directory mode = 0777


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>valid users = %S</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>browseable = yes</font></font></font></span>
[Documents]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>writable = yes</font></font></font></span>
comment = share to test samba


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>create mask = 0600</font></font></font></span>
path = /data/documents


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>directory mask = 0700</font></font></font></span>
writeable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
browseable = yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span>[netlogon]</font></font></font></span>
read only = no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>comment = Network Logon Service</font></font></font></span>
valid users = "@Domain Users"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>path = /data/samba/netlogon</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>writeable = yes</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>browseable = yes</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>read only = no</font></font></font></span>
1.3: /etc/hosts


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[profiles]</font></font></font></span>
In order to correctly resolve name to IP address we need some sort of name resolution. We already have a DNS name server which is capable of doing this as per section 7.0: BIND DNS. However it is desirable to have a backup feature such as entries in the /etc/hosts file.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>path = /data/samba/profiles</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>writeable = yes</font></font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>browseable = no</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>read only = no</font></font></font></span>
On node1 we will edit the hosts file to reflect our configuration.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>create mode = 0777</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>directory mode = 0777</font></font></font></span>
[root@node1 ~]# vi /etc/hosts


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[Documents]</font></font></font></span>
# Do not remove the following line, or various programs


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>comment = share to test samba</font></font></font></span>
# that require network functionality will fail.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>path = /data/documents</font></font></font></span>
127.0.0.1 node1 localhost.localdomain localhost


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>writeable = yes</font></font></font></span>
192.168.0.2 node1.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>browseable = yes</font></font></font></span>
192.168.0.3 node2.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>read only = no</font></font></font></span>
192.168.0.4 nodes.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>valid users = "@Domain Users"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Step2
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
Login to node2 and edit the /etc/hosts file.


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">1.3: <u>/etc/hosts</u></font></font></font></span>'''


<span style="mso-bookmark: hosts"></span>
[root@node2 ~]# vi /etc/hosts


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">In order to correctly resolve name to IP address we need some sort of name resolution. We already have a DNS name server which is capable of doing this as per section <u><span><font color="blue">[#BIND_DNS 7.0: BIND DNS]</font></span></u>. However it is desirable to have a backup feature such as entries in the /etc/hosts file.</font></font></span>
# Do not remove the following line, or various programs


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# that require network functionality will fail.


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''
127.0.0.1 node2 localhost.localdomain localhost


<span><font size="10.0pt"> </font></span>
192.168.0.2 node1.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">On node1 we will edit the hosts file to reflect our configuration.</font></font></span>
192.168.0.3 node2.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
192.168.0.4 nodes.differentialdesign.org


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# vi /etc/hosts</font></font></font></span>


</div>
1.4: Samba Security


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
There are many additional features we can add to Samba to make it more secure. We can add some additional comments to our smb.conf to achieve this.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Do not remove the following line, or various programs</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># that require network functionality will fail.</nowiki></font></font></font></span>
One of the great features of Samba is the “host allow =” option. This can be applied on a global scale to all the shares in the smb.conf by placing the global section of the smb.conf or to specific shares, but not both.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">127.0.0.1<span style="mso-spacerun: yes">      </span><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes">  </span>node1<span style="mso-spacerun: yes">   </span>localhost.localdomain<span style="mso-spacerun: yes">   </span>localhost</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">192.168.0.2<span style="mso-spacerun: yes">     </span>node1.differentialdesign.org</font></font></font></span>
The example limits access to Samba shares to clients on the 192.168.0.0/24 network as it is defined it in the glocal section of the smb.conf.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">192.168.0.3<span style="mso-spacerun: yes">     </span>node2.differentialdesign.org</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">192.168.0.4<span style="mso-spacerun: yes">  </span><span style="mso-spacerun: yes">   </span>nodes.differentialdesign.org</font></font></font></span>
## /etc/samba/smb.conf


</div>
## Global parameters


<span style="mso-bidi-font-size: 14.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''
[global]


<span style="mso-bidi-font-size: 14.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Login to node2 and edit the /etc/hosts file.</font></font></span>
workgroup = DDESIGN


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
security = user


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
hosts allow = 192.168.0.0/24


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">[<span><font color="maroon">root@node2 ~]# vi /etc/hosts</font></span></font></font></span>


</div>
For the enthusiast, we can use this option on a per share basis, which provides us with greater flexability.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
This limits access to this share to the client with the 192.168.0.100/24 IP address; you of course can use multiple addresses.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Do not remove the following line, or various programs</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># that require network functionality will fail.</nowiki></font></font></font></span>
## /etc/samba/smb.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">127.0.0.1<span style="mso-spacerun: yes">      </span><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes">  </span>node2<span style="mso-spacerun: yes">   </span>localhost.localdomain<span style="mso-spacerun: yes">   </span>localhost</font></font></font></span>
## ==== Share Definitions =====


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">192.168.0.2<span style="mso-spacerun: yes">     </span>node1.differentialdesign.org</font></font></font></span>
[Documents]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">192.168.0.3<span style="mso-spacerun: yes">     </span>node2.differentialdesign.org</font></font></font></span>
comment = share to test samba


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">192.168.0.4<span style="mso-spacerun: yes">     </span>nodes.differentialdesign.org</font></font></font></span>
path = /data/documents


</div>
writeable = yes


<span style="mso-bidi-font-size: 14.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
browseable = yes


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
read only = no


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">1.4: <u>Samba Security</u></font></font></font></span>'''
valid users = "@Domain Users"


<span style="mso-bookmark: samba_security"></span>
hosts allow = 192.168.0.100/24


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">There are many additional features we can add to Samba to make it more secure. We can add some additional comments to our smb.conf to achieve this.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
2.0: Configuring LDAP


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">One of the great features of Samba is the “''<span><font color="maroon">host allow =”</font></span>'' option. This can be applied on a global scale to all the shares in the smb.conf by placing the global section of the smb.conf or to specific shares, but not both.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
It is necessary to use LDAP as our backend to Samba which provides replication to the Backup Domain Controllers.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The example limits access to Samba shares to clients on the 192.168.0.0/24 network as it is defined it in the glocal section of the smb.conf.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
There are two methods for providing replication, using openldap’s “slurpd” to provide Master / Slave operation, the database is pushed to slaves which is defined in slapd.conf on the master LDAP server; here is an example of the original way defined in 2.1: slapd.conf Master.


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 441.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## /etc/samba/smb.conf</nowiki></font></font></font></span>
replica host=192.168.0.3:389


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## Global parameters</nowiki></font></font></font></span>
suffix="dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
binddn="cn=syncuser,dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[global]</font></font></font></span>
bindmethod=simple credentials=SyncUser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">workgroup = DDESIGN</font></font></font></span>
To bind to the database the slave replicas will need to use “upateuser’s” password defined above as “credentials=UpdateUser“. Initially you will need to manually populate the slave database as defined in section 3.4 Database Replication.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">security = user</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">hosts allow = 192.168.0.0/24</font></font></font></span>
The main restriction with using this original design is the ldap database needs to be restarted on both the master and the slave when adding additional replicas.


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">For the enthusiast, we can use this option on a per share basis, which provides us with greater flexability.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
LDAP Replication Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">This limits access to this share to the client with the 192.168.0.100/24 IP address; you of course can use multiple addresses.</font></font></span>
- Master


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
- Slave(s)


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 441.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## /etc/samba/smb.conf</nowiki></font></font></font></span>
A master LDAP database that is replicated real time to the backup domain controller.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## ==== Share Definitions =====</nowiki></font></font></font></span>
A slave LDAP database that provides load balance authentication, and can be used as a failover if the master becomes unavailable.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[Documents]</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">comment = share to test samba</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">path = /data/documents</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">writeable = yes</font></font></font></span>
LDAP Replication Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">browseable = yes</font></font></font></span>
- Provider


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">read only = no</font></font></font></span>
- Consumers(s)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">valid users = "@Domain Users"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">hosts allow = 192.168.0.100/24</font></font></font></span>
A provider LDAP database that has the most updated version of the database.


</div>
A consumer requests an update at a set interval, and provides load balancing.


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
The ulternative is to use syncrepl which is included in the ldap daemon. This means we no longer need to run slurpd daemon which is to replicate the database.


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.0: <u>Configuring LDAP</u></font></font></font></span>'''


<span style="mso-bookmark: Configuring_LDAP"></span>
There are 2 main types of syncrepl operation: “refeshOnly” operation where the consumer requests an update from the provider at set time interval defined as “interval=00:00:10:00” which would pull the provider every 10 minutes. The more desirable way is to use delta-syncrepl; this provides a mode known as “refrshAndPersist” which provides a consistent connection. Instead of using a time interval to poll the provider we have the parameter “retry="30 10 300 +" which means it will retry 10 times every 30 seconds, then every 300 seconds “+” indicates indefinite number of retries.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">It is necessary to use LDAP as our backend to Samba which provides replication to the Backup Domain Controllers. </font></font></span>
If you are using Syncrepl with version 2.2 Openldap delta-syncrepl is known to be very buggy, so you are better sticking with standard syncrepl refreshOnly mode.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">There are two methods for providing replication, using openldap’s “slurpd” to provide Master / Slave operation, the database is pushed to slaves which is defined in slapd.conf on the master LDAP server; here is an example of the original way defined in </font></font></span><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">[#slapd_conf_Master <span style="text-decoration: none; text-underline: none"><font color="windowtext">2.1:</font></span><span lang="EN-US" style="mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; text-decoration: none; text-underline: none"><font color="windowtext"> slapd.conf Master</font></span>].</font></font></span>
Additionally the ldap daemon does not need to be restarted on the provider; the consumer will request it by polling the provider at a set interval.


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>''


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">replica<span style="mso-spacerun: yes">     </span>host=192.168.0.3:389</font></font></font></span>''


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">            </span>suffix="dc=differentialdesign,dc=org"</font></font></font></span>''
2.1: slapd.conf Master


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">            </span>binddn="cn=syncuser,dc=differentialdesign,dc=org"</font></font></font></span>''


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">            </span>bindmethod=simple credentials=SyncUser</font></font></font></span>''
This is the original method for replicating the database to slave ldap servers. We are using the slurpd which has been around for a long time and proven itself to be stable.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">To bind to the database the slave replicas will need to use “upateuser’s” password defined above as “credentials=UpdateUser“. Initially you will need to manually populate the slave database as defined in section [#Database_Replication <span style="text-decoration: none; text-underline: none"><font color="windowtext">3.4 Database Replication</font></span>]. </font></font></span>
This configuration file should work on any version of Openldap.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The main restriction with using this original design is the ldap database needs to be restarted on both the master and the slave when adding additional replicas.</font></font></span>
# /etc/openldap/slapd.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# using slurpd


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# LDAP Master


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">LDAP Replication Configuration</font></font></span>'''


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Master</font></font></span>'''
include /etc/openldap/schema/core.schema


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Slave(s)</font></font></span>'''
include /etc/openldap/schema/cosine.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
include /etc/openldap/schema/inetorgperson.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">A master LDAP database that is replicated real time to the backup domain controller. </font></font></span>
include /etc/openldap/schema/nis.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">A slave LDAP database that provides load balance authentication, and can be used as a failover if the master becomes unavailable. </font></font></span>
include /etc/openldap/schema/samba.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
pidfile /var/run/slapd/slapd.pid


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
argsfile /var/run/slapd/slapd.args


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">LDAP Replication Configuration</font></font></span>'''


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Provider</font></font></span>'''
database bdb


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Consumers(s)</font></font></span>'''
suffix "dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
rootdn "cn=Manager,dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">A provider LDAP database that has the most updated version of the database.</font></font></span>
rootpw Manager


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">A consumer requests an update at a set interval, and provides load balancing.</font></font></span>
directory /var/lib/ldap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The ulternative is to use syncrepl which is included in the ldap daemon. This means we no longer need to run slurpd daemon which is to replicate the database.</font></font></span>
replica host=node2.differentialdesign.org:389


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
suffix="dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">There are 2 main types of syncrepl operation: <span><font color="maroon">“refeshOnly” </font></span>operation where the consumer requests an update from the provider at set time interval defined as <span><font color="maroon">“interval=00:00:10:00”</font></span> which would pull the provider every 10 minutes. The more desirable way is to use delta-syncrepl; this provides a mode known as <span><font color="maroon">“refrshAndPersist”</font></span> which provides a consistent connection. Instead of using a time interval to poll the provider we have the parameter<span style="mso-spacerun: yes">   </span><span><font color="maroon">“retry="30 10 300 +"</font></span> which means it will retry 10 times every 30 seconds, then every 300 seconds<span style="mso-spacerun: yes">  </span><span><font color="maroon">“+”</font></span> indicates indefinite number of retries.</font></font></span>
binddn="cn=syncuser,dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
bindmethod=simple credentials=SyncUser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">If you are using Syncrepl with version 2.2 Openldap delta-syncrepl is known to be very buggy, so you are better sticking with standard syncrepl refreshOnly mode.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
replogfile /var/lib/ldap/replogfile


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Additionally the ldap daemon does not need to be restarted on the provider; the consumer will request it by polling the provider at a set interval.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
access to attrs=userPassword


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by self write


'''<span lang="EN" style="mso-ansi-language: EN"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.1:</font></font></font></span>'''<span style="mso-bookmark: slapd_conf_Master">'''<span lang="EN" style="mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>'''</span><span style="mso-bookmark: slapd_conf_Master">'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">slapd.conf Master</font></font></font></span></u>'''</span><span style="mso-bookmark: slapd_conf_Master">'''<u><span lang="EN" style="mso-ansi-language: EN"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span></u>'''</span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write


<span style="mso-bookmark: slapd_conf_Master"></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by * auth


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">This is the original method for replicating the database to slave ldap servers. We are using the slurpd which has been around for a long time and proven itself to be stable. </font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
access to attrs=sambaLMPassword,sambaNTPassword


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">This configuration file should work on any version of Openldap.</font></font></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


{| class="MsoNormalTable" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-table-overlap: never; mso-table-lspace: 9.0pt; margin-left: 6.75pt; mso-table-rspace: 9.0pt; margin-right: 6.75pt; mso-table-anchor-vertical: paragraph; mso-table-anchor-horizontal: column; mso-table-left: left; mso-table-top: .05pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1" align="left"
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 36.0pt"
| style="width: 439.5pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 36.0pt" width="586" valign="top" |
'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># /etc/openldap/slapd.conf</nowiki></font></font></font></span>'''


'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># using slurpd</nowiki></font></font></font></span>'''
access to *


'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Master</nowiki></font></font></font></span>'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/core.schema</font></font></font></span>
by * read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/cosine.schema</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/inetorgperson.schema</font></font></font></span>
# Indices to maintain


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/nis.schema</font></font></font></span>
index objectClass eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/samba.schema</font></font></font></span>
index cn pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index sn pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">pidfile<span style="mso-spacerun: yes">     </span>/var/run/slapd/slapd.pid</font></font></font></span>
index uid pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">argsfile<span style="mso-spacerun: yes">    </span>/var/run/slapd/slapd.args</font></font></font></span>
index displayName pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index uidNumber eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">database<span style="mso-spacerun: yes">    </span>bdb</font></font></font></span>
index gidNumber eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix<span style="mso-spacerun: yes">     </span><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes"> </span>"dc=differentialdesign,dc=org"</font></font></font></span>
index memberUID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootdn<span style="mso-spacerun: yes">      </span>"cn=Manager,dc=differentialdesign,dc=org"</font></font></font></span>
index sambaSID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootpw<span style="mso-spacerun: yes">      </span>Manager</font></font></font></span>
index sambaPrimaryGroupSID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">directory<span style="mso-spacerun: yes">   </span>/var/lib/ldap</font></font></font></span>
index sambaDomainName eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index default sub


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">replica<span style="mso-spacerun: yes">  </span>host=node2.differentialdesign.org:389</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">            </span>suffix="dc=differentialdesign,dc=org"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">            </span>binddn="cn=syncuser,dc=differentialdesign,dc=org"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">            </span>bindmethod=simple credentials=SyncUser</font></font></font></span>
2.1.1: slapd.conf Master syncrepl Openldap2.2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">replogfile<span style="mso-spacerun: yes">  </span>/var/lib/ldap/replogfile</font></font></font></span>
This is the slapd.conf master ldap file; we are using syncrepl instead of slurpd witch is the traditional method.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=userPassword</font></font></font></span>
This configuration file is specifically designed for openldap 2.2 and supports syncrepl refreshOnly mode.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by self write</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span>
# slapd.conf Master syncrepl Openldap2.2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span>
# Provider


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * auth</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
include /etc/openldap/schema/core.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=sambaLMPassword,sambaNTPassword</font></font></font></span>
include /etc/openldap/schema/cosine.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span>
include /etc/openldap/schema/inetorgperson.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span>
include /etc/openldap/schema/nis.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
include /etc/openldap/schema/samba.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to *</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span>
pidfile /var/run/slapd/slapd.pid


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span>
argsfile /var/run/slapd/slapd.args


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * read</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
database bdb


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Indices to maintain</nowiki></font></font></font></span>
suffix "dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index objectClass<span style="mso-spacerun: yes">           </span>eq</font></font></font></span>
rootdn "cn=Manager,dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index cn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span>
rootpw Manager


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span>
directory /var/lib/ldap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uid<span style="mso-spacerun: yes">                   </span>pres,sub,eq</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index displayName<span style="mso-spacerun: yes">           </span>pres,sub,eq</font></font></font></span>
access to attrs=userPassword


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
by self write


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index gidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index memberUID<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaSID<span style="mso-spacerun: yes">              </span>eq</font></font></font></span>
by * auth


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaPrimaryGroupSID<span style="mso-spacerun: yes">  </span>eq</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaDomainName<span style="mso-spacerun: yes">       </span>eq</font></font></font></span>
access to attrs=sambaLMPassword,sambaNTPassword


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index default<span style="mso-spacerun: yes">               </span>sub</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
|}


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"><br style="mso-special-character: line-break" clear="all" /></font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.1.1: <u>slapd.conf Master syncrepl</u></font></font></font></span>''''''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> Openldap2.2</font></font></font></span></u>''''''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span>'''
access to *


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">This is the slapd.conf master ldap file; we are using syncrepl instead of slurpd witch is the traditional method. </font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by * read


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">This configuration file is specifically designed for openldap 2.2 and supports syncrepl refreshOnly mode.</font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Indices to maintain


{| class="MsoNormalTable" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-table-overlap: never; mso-table-lspace: 9.0pt; margin-left: 6.75pt; mso-table-rspace: 9.0pt; margin-right: 6.75pt; mso-table-anchor-vertical: paragraph; mso-table-anchor-horizontal: column; mso-table-left: left; mso-table-top: .05pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1" align="left"
index objectClass eq
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 36.0pt"
| style="width: 439.5pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 36.0pt" width="586" valign="top" |
'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># </nowiki></font></font></font></span>''''''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">slapd.conf Master syncrepl Openldap2.2</font></font></font></span>''''''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>'''


'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Provider</nowiki></font></font></font></span>'''
index cn pres,sub,eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index sn pres,sub,eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/core.schema</font></font></font></span>
index uid pres,sub,eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/cosine.schema</font></font></font></span>
index displayName pres,sub,eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/inetorgperson.schema</font></font></font></span>
index uidNumber eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/nis.schema</font></font></font></span>
index gidNumber eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/samba.schema</font></font></font></span>
index memberUID eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index sambaSID eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">pidfile<span style="mso-spacerun: yes">     </span>/var/run/slapd/slapd.pid</font></font></font></span>
index sambaPrimaryGroupSID eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">argsfile<span style="mso-spacerun: yes">    </span>/var/run/slapd/slapd.args</font></font></font></span>
index sambaDomainName eq


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index default sub


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">database<span style="mso-spacerun: yes">    </span>bdb</font></font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix<span style="mso-spacerun: yes">      </span>"dc=differentialdesign,dc=org"</font></font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootdn<span style="mso-spacerun: yes">      </span>"cn=Manager,dc=differentialdesign,dc=org"</font></font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootpw<span style="mso-spacerun: yes">      </span>Manager</font></font></font></span>
2.1.2: slapd.conf Master delta-syncrepl Openldap2.3


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">directory<span style="mso-spacerun: yes">   </span>/var/lib/ldap</font></font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
This configuration file is designed to support Openldap’s newest features. We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=userPassword</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by self write</font></font></font></span>
The below slapd.conf will only run on Openldap 2.3.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span>
Take note of the “modulepath /usr/lib/openldap2.3” in the below file, you will need to change this to where you have syncprov.la located.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * auth</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=sambaLMPassword,sambaNTPassword</font></font></font></span>
#slapd.conf Master delta syncrepl Openldap2.3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span>
#provider


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
include /etc/openldap/schema/core.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to *</font></font></font></span>
include /etc/openldap/schema/cosine.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span>
include /etc/openldap/schema/inetorgperson.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span>
include /etc/openldap/schema/nis.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * read</font></font></font></span><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
include /etc/openldap/schema/samba.schema


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Indices to maintain</nowiki></font></font></font></span>
modulepath /usr/lib/openldap2.3


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index objectClass<span style="mso-spacerun: yes">           </span>eq</font></font></font></span>
moduleload syncprov.la


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index cn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span>
moduleload accesslog.la


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uid<span style="mso-spacerun: yes">   </span><span style="mso-spacerun: yes">                </span>pres,sub,eq</font></font></font></span>
pidfile /var/run/slapd/slapd.pid


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index displayName<span style="mso-spacerun: yes">           </span>pres,sub,eq</font></font></font></span>
argsfile /var/run/slapd/slapd.args


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index gidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
# Accesslog database definitions


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index memberUID<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
database bdb


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaSID<span style="mso-spacerun: yes">              </span>eq</font></font></font></span>
suffix cn=accesslog


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaPrimaryGroupSID<span style="mso-spacerun: yes">  </span>eq</font></font></font></span>
directory /var/lib/ldap/accesslog


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaDomainName<span style="mso-spacerun: yes">       </span>eq</font></font></font></span>
rootdn cn=accesslog


<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index default<span style="mso-spacerun: yes">               </span>sub</font></font></font></span><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"></font></font></span>
index default eq
|}


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"><br style="mso-special-character: line-break" clear="all" /></font></font></span>
index entryCSN,objectClass,reqEnd,reqResult,reqStart


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.1.2: <u>slapd.conf Master delta-syncrepl Openldap2.3</u> </font></font></font></span>'''
overlay syncprov


<span style="mso-bookmark: slapd_conf_Master_Syncrepl_4_Openldap2_3"></span>
syncprov-nopresent TRUE


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
syncprov-reloadhint TRUE


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">This configuration file is designed to support Openldap’s newest features.<span style="mso-spacerun: yes">  </span>We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd. </font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Samba database


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">The below slapd.conf will only run on Openldap 2.3.</font></font></span>
database bdb


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
suffix "dc=differentialdesign,dc=org"


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">Take note of the <span><font color="maroon">“modulepath /usr/lib/openldap2.3”</font></span> in the below file, you will need to change this to where you have syncprov.la located.</font></font></span>
directory /var/lib/ldap


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
rootdn "cn=Manager,dc=differentialdesign,dc=org"


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span></span>
rootpw Manager


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 1.0pt 1.0pt 1.0pt; margin-left: 0cm; margin-right: 216.95pt">
index entryCSN eq


<span style="mso-bookmark: slapd_conf_Slave">'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#slapd.conf Master delta syncrepl Openldap2.3</nowiki></font></font></font></span>'''</span>
index entryUUID eq


<span style="mso-bookmark: slapd_conf_Slave">'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#provider</nowiki></font></font></font></span>'''</span><span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span></span>
overlay syncprov


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/core.schema</font></font></font></span></span>
syncprov-checkpoint 1000 60


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/cosine.schema</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/inetorgperson.schema</font></font></font></span></span>
# accesslog overlay definitions for primary db


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/nis.schema</font></font></font></span></span>
overlay accesslog


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/samba.schema</font></font></font></span></span>
logdb cn=accesslog


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>
logops writes


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">modulepath /usr/lib/openldap2.3</font></font></font></span></span>
logsuccess TRUE


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">moduleload syncprov.la</font></font></font></span></span>
# scan the accesslog DB every day, and purge entries older than 7 days


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">moduleload accesslog.la</font></font></font></span></span>
logpurge 07+00:00 01+00:00


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">pidfile<span style="mso-spacerun: yes">     </span>/var/run/slapd/slapd.pid</font></font></font></span></span>
access to attrs=userPassword


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">argsfile<span style="mso-spacerun: yes">    </span>/var/run/slapd/slapd.args</font></font></font></span></span>
by self write


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Accesslog database definitions</nowiki></font></font></font></span></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">database<span style="mso-spacerun: yes">    </span>bdb</font></font></font></span></span>
by * auth


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix<span style="mso-spacerun: yes">      </span>cn=accesslog</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">directory<span style="mso-spacerun: yes">   </span>/var/lib/ldap/accesslog</font></font></font></span></span>
access to attrs=sambaLMPassword,sambaNTPassword


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootdn<span style="mso-spacerun: yes">      </span>cn=accesslog</font></font></font></span></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index default eq</font></font></font></span></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index entryCSN,objectClass,reqEnd,reqResult,reqStart</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>
access to *


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">overlay syncprov</font></font></font></span></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">syncprov-nopresent TRUE</font></font></font></span></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" read


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">syncprov-reloadhint TRUE</font></font></font></span></span>
by * read


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Samba database</nowiki></font></font></font></span></span>
# Indices to maintain


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">database<span style="mso-spacerun: yes">    </span>bdb</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix<span style="mso-spacerun: yes">      </span>"dc=differentialdesign,dc=org"</font></font></font></span></span>
index objectClass eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">directory<span style="mso-spacerun: yes">   </span>/var/lib/ldap</font></font></font></span></span>
index cn pres,sub,eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootdn<span style="mso-spacerun: yes">      </span>"cn=Manager,dc=differentialdesign,dc=org"</font></font></font></span></span>
index sn pres,sub,eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootpw<span style="mso-spacerun: yes">      </span>Manager</font></font></font></span></span>
index uid pres,sub,eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index entryCSN eq</font></font></font></span></span>
index displayName pres,sub,eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index entryUUID eq</font></font></font></span></span>
index uidNumber eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>
index gidNumber eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">overlay syncprov</font></font></font></span></span>
index memberUID eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">syncprov-checkpoint 1000 60</font></font></font></span></span>
index sambaSID eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>
index sambaPrimaryGroupSID eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># accesslog overlay definitions for primary db</nowiki></font></font></font></span></span>
index sambaDomainName eq


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">overlay accesslog</font></font></font></span></span>
index default sub


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logdb cn=accesslog</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logops writes</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logsuccess TRUE</font></font></font></span></span>
2.2: slapd.conf Slave


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># scan the accesslog DB every day, and purge entries older than 7 days</nowiki></font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">logpurge 07+00:00 01+00:00</font></font></font></span></span>
This is the original method for replicating the database to slave ldap servers. We are using the slurpd which has been around for a long time and proven itself to be stable.


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=userPassword</font></font></font></span></span>
This configuration file should work on any version of openldap.


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by self write</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span></span>
# /etc/openldap/slapd.conf


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span></span>
# using slurpd


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * auth</font></font></font></span></span>
# LDAP Slave


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=sambaLMPassword,sambaNTPassword</font></font></font></span></span>
include /etc/openldap/schema/core.schema


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span></span>
include /etc/openldap/schema/cosine.schema


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span></span>
include /etc/openldap/schema/inetorgperson.schema


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>
include /etc/openldap/schema/nis.schema


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to *</font></font></font></span></span>
include /etc/openldap/schema/samba.schema


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" read</font></font></font></span></span>
pidfile /var/run/slapd/slapd.pid


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * read</font></font></font></span></span>
argsfile /var/run/slapd/slapd.args


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Indices to maintain</nowiki></font></font></font></span></span>
database bdb


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span></span>
suffix "dc=differentialdesign,dc=org"


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index objectClass<span style="mso-spacerun: yes">           </span>eq</font></font></font></span></span>
rootdn "cn=Manager,dc=differentialdesign,dc=org"


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index cn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span></span>
rootpw Manager


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uid<span style="mso-spacerun: yes">                   </span>pres,sub,eq</font></font></font></span></span>
access to attrs=userPassword


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index displayName<span style="mso-spacerun: yes">           </span>pres,sub,eq</font></font></font></span></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index gidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span></span>
by * auth


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index memberUID<span style="mso-spacerun: yes">             </span>eq</font></font></font></span></span>


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaSID<span style="mso-spacerun: yes">              </span>eq</font></font></font></span></span>
access to attrs=sambaLMPassword,sambaNTPassword


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaPrimaryGroupSID<span style="mso-spacerun: yes">  </span>eq</font></font></font></span></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaDomainName<span style="mso-spacerun: yes">       </span>eq</font></font></font></span></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index default<span style="mso-spacerun: yes">               </span>sub</font></font></font></span></span>


</div>
access to *


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bookmark: slapd_conf_Slave"><span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span></span>
by * read


<span style="mso-bookmark: slapd_conf_Slave">'''<span lang="EN" style="mso-ansi-language: EN"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.2: </font></font></font></span>'''</span><span style="mso-bookmark: slapd_conf_Slave">'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">slapd.conf Slave</font></font></font></span></u>'''</span><span style="mso-bookmark: slapd_conf_Slave">'''<span lang="EN" style="mso-ansi-language: EN"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span>'''</span>


<span style="mso-bookmark: slapd_conf_Slave"></span>
updatedn cn=syncuser,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
updateref ldap://node1.differentialdesign.org


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">This is the original method for replicating the database to slave ldap servers. We are using the slurpd which has been around for a long time and proven itself to be stable. </font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
directory /var/lib/ldap


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">This configuration file should work on any version of openldap.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Indices to maintain


{| class="MsoNormalTable" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-table-overlap: never; mso-table-lspace: 9.0pt; margin-left: 6.75pt; mso-table-rspace: 9.0pt; margin-right: 6.75pt; mso-table-anchor-vertical: paragraph; mso-table-anchor-horizontal: margin; mso-table-left: left; mso-table-top: .05pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1" align="left"
index objectClass eq
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 27.15pt"
| style="width: 441.5pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 27.15pt" width="589" valign="top" |
'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># /etc/openldap/slapd.conf</nowiki></font></font></font></span>'''


'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># using slurpd</nowiki></font></font></font></span>'''
index cn pres,sub,eq


'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Slave</nowiki></font></font></font></span>'''
index sn pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index uid pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/core.schema</font></font></font></span>
index displayName pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/cosine.schema</font></font></font></span>
index uidNumber eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/inetorgperson.schema</font></font></font></span>
index gidNumber eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/nis.schema</font></font></font></span>
index memberUID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/samba.schema</font></font></font></span>
index sambaSID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index sambaPrimaryGroupSID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">pidfile<span style="mso-spacerun: yes">     </span>/var/run/slapd/slapd.pid</font></font></font></span>
index sambaDomainName eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">argsfile<span style="mso-spacerun: yes">    </span>/var/run/slapd/slapd.args</font></font></font></span>
index default sub


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">database<span style="mso-spacerun: yes">    </span>bdb</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix<span style="mso-spacerun: yes">      </span>"dc=differentialdesign,dc=org"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootdn<span style="mso-spacerun: yes">      </span>"cn=Manager,dc=differentialdesign,dc=org"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootpw<span style="mso-spacerun: yes">      </span>Manager</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
2.2.1: slapd.conf Slave syncrepl Openldap2.2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=userPassword</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read</font></font></font></span>
This is the configuration file for openldap version 2.2 using the syncrepl method refreshOnly.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * auth</font></font></font></span>
This configuration file will only work with openldap version 2.2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=sambaLMPassword,sambaNTPassword</font></font></font></span>
# slapd.conf Slave syncrepl Openldap2.2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read</font></font></font></span>
# LDAP Consumer


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
include /etc/openldap/schema/core.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to *</font></font></font></span>
include /etc/openldap/schema/cosine.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>
include /etc/openldap/schema/inetorgperson.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span><span style="mso-spacerun: yes">      </span>by * read</font></font></font></span>
include /etc/openldap/schema/nis.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
include /etc/openldap/schema/samba.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">updatedn<span style="mso-spacerun: yes">    </span>cn=syncuser,dc=differentialdesign,dc=org</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">updateref<span style="mso-spacerun: yes">   </span>ldap://node1.differentialdesign.org</font></font></font></span>
pidfile /var/run/slapd/slapd.pid


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
argsfile /var/run/slapd/slapd.args


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">directory<span style="mso-spacerun: yes">   </span>/var/lib/ldap</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
database bdb


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Indices to maintain</nowiki></font></font></font></span>
suffix "dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index objectClass<span style="mso-spacerun: yes">          </span><span style="mso-tab-count: 2">                        </span><span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
rootdn "cn=Manager,dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index cn<span style="mso-spacerun: yes">                    </span><span style="mso-tab-count: 2">                </span><span style="mso-spacerun: yes">             </span>pres,sub,eq</font></font></font></span>
rootpw Manager


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sn<span style="mso-spacerun: yes">                   </span><span style="mso-tab-count: 3">                             </span>pres,sub,eq</font></font></font></span>
directory /var/lib/ldap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uid<span style="mso-spacerun: yes">                   </span><span style="mso-tab-count: 2">                </span><span style="mso-spacerun: yes">             </span>pres,sub,eq</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index displayName<span style="mso-spacerun: yes">           </span><span style="mso-tab-count: 2">                      </span>pres,sub,eq</font></font></font></span>
syncrepl


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uidNumber<span style="mso-spacerun: yes">             </span><span style="mso-tab-count: 2">                       </span>eq</font></font></font></span>
rid=0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index gidNumber<span style="mso-spacerun: yes">             </span><span style="mso-tab-count: 2">                       </span>eq</font></font></font></span>
provider=ldap://node1.differentialdesign.org:389


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index memberUID<span style="mso-spacerun: yes">             </span><span style="mso-tab-count: 2">                     </span>eq</font></font></font></span>
binddn="cn=syncuser,dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaSID<span style="mso-spacerun: yes">              </span><span style="mso-tab-count: 2">                      </span>eq</font></font></font></span>
bindmethod=simple


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaPrimaryGroupSID<span style="mso-spacerun: yes">  </span><span style="mso-tab-count: 1">  </span><span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
credentials=SyncUser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaDomainName<span style="mso-spacerun: yes">       </span><span style="mso-tab-count: 1">   </span><span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
searchbase="dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index default</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">               </span><span style="mso-tab-count: 2">               </span><span style="mso-spacerun: yes">             </span>sub</font></font></span>
filter="(objectClass=*)"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
attrs="*"
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><br style="mso-special-character: line-break" clear="all" /></font></font></span>
schemachecking=off


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
scope=sub


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
type=refreshOnly


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.2.1: <u>slapd.conf Slave syncrepl</u></font></font></font></span>''''''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> Openldap2.2</font></font></font></span></u>''''''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span>'''
interval=00:06:00:00


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">This is the configuration file for openldap version 2.2 using the syncrepl method refreshOnly.</font></font></span>
access to attrs=userPassword


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">This configuration file will only work with openldap version 2.2</font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by * auth


{| class="MsoNormalTable" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-table-overlap: never; mso-table-lspace: 9.0pt; margin-left: 6.75pt; mso-table-rspace: 9.0pt; margin-right: 6.75pt; mso-table-anchor-vertical: paragraph; mso-table-anchor-horizontal: column; mso-table-left: -9.8pt; mso-table-top: .05pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1" align="left"
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 27.15pt"
| style="width: 441.5pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 27.15pt" width="589" valign="top" |
'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># </nowiki></font></font></font></span>''''''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">slapd.conf Slave syncrepl Openldap2.2</font></font></font></span>''''''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>'''


'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Consumer</nowiki></font></font></font></span>'''<span lang="EN" style="mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
access to attrs=sambaLMPassword,sambaNTPassword


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/core.schema</font></font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/cosine.schema</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/inetorgperson.schema</font></font></font></span>
access to *


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/nis.schema</font></font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/samba.schema</font></font></font></span>
by * read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">pidfile<span style="mso-spacerun: yes">     </span>/var/run/slapd/slapd.pid</font></font></font></span>
# Indices to maintain


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">argsfile<span style="mso-spacerun: yes">    </span>/var/run/slapd/slapd.args</font></font></font></span>
index objectClass eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index cn pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">database<span style="mso-spacerun: yes">    </span>bdb</font></font></font></span>
index sn pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix<span style="mso-spacerun: yes">      </span>"dc=differentialdesign,dc=org"</font></font></font></span>
index uid pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootdn<span style="mso-spacerun: yes">      </span>"cn=Manager,dc=differentialdesign,dc=org"</font></font></font></span>
index displayName pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootpw<span style="mso-spacerun: yes">      </span>Manager</font></font></font></span>
index uidNumber eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">directory<span style="mso-spacerun: yes">   </span>/var/lib/ldap</font></font></font></span>
index gidNumber eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index memberUID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">syncrepl</font></font></font></span>
index sambaSID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>rid=0</font></font></font></span>
index sambaPrimaryGroupSID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>provider=ldap://node1.differentialdesign.org:389</font></font></font></span>
index sambaDomainName eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>binddn="cn=syncuser,dc=differentialdesign,dc=org"</font></font></font></span>
index default sub


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>bindmethod=simple</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>credentials=SyncUser</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>searchbase="dc=differentialdesign,dc=org"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>filter="(objectClass=*)"</font></font></font></span>
2.2.2: slapd.conf slave delta-syncrepl Openldap2.3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>attrs="*"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>schemachecking=off</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>scope=sub</font></font></font></span>
# slapd.conf delta synrepl Openldap2.3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span><span style="mso-spacerun: yes">    </span>type=refreshOnly</font></font></font></span>
# LDAP Consumer


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>interval=00:06:00:00 </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
include /etc/openldap/schema/core.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=userPassword</font></font></font></span>
include /etc/openldap/schema/cosine.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read</font></font></font></span>
include /etc/openldap/schema/inetorgperson.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>
include /etc/openldap/schema/nis.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * auth</font></font></font></span>
include /etc/openldap/schema/samba.schema


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=sambaLMPassword,sambaNTPassword</font></font></font></span>
pidfile /var/run/slapd/slapd.pid


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read</font></font></font></span>
argsfile /var/run/slapd/slapd.args


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
database bdb


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to *</font></font></font></span>
suffix "dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>
directory /var/lib/ldap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * read</font></font></font></span>
rootdn "cn=Manager,dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
rootpw Manager


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Indices to maintain</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index objectClass<span style="mso-spacerun: yes">  </span><span style="mso-spacerun: yes">         </span>eq</font></font></font></span>
# syncrepl directives


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index cn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span>
syncrepl rid=0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span>
provider=ldap://node1.differentialdesign.org:389


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uid<span style="mso-spacerun: yes">                   </span>pres,sub,eq</font></font></font></span>
bindmethod=simple


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index displayName<span style="mso-spacerun: yes">           </span>pres,sub,eq</font></font></font></span>
binddn="cn=syncuser,dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
credentials=SyncUser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index gidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
searchbase="dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index memberUID<span style="mso-spacerun: yes">       </span><span style="mso-spacerun: yes">      </span>eq</font></font></font></span>
logbase="cn=accesslog"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaSID<span style="mso-spacerun: yes">              </span>eq</font></font></font></span>
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaPrimaryGroupSID<span style="mso-spacerun: yes">  </span>eq</font></font></font></span>
schemachecking=on


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaDomainName<span style="mso-spacerun: yes">       </span>eq</font></font></font></span>
type=refreshAndPersist


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index default<span style="mso-spacerun: yes">               </span>sub</font></font></font></span>
retry="60 +"
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><br style="mso-special-character: line-break" clear="all" /></font></font></span>
syncdata=accesslog


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.2.2: <u>slapd.conf slave delta-syncrepl Openldap2.3</u></font></font></font></span>'''
access to attrs=userPassword


<span style="mso-bookmark: slapd_conf_Slave_Syncrepl_4_Openldap2_3"></span>
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
by * auth


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 1.0pt 1.0pt 1.0pt; margin-left: 0cm; margin-right: 216.3pt">


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># slapd.conf delta synrepl Openldap2.3</nowiki></font></font></font></span>'''
access to attrs=sambaLMPassword,sambaNTPassword


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Consumer</nowiki></font></font></font></span>'''
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">  </span><span style="mso-spacerun: yes">   </span>/etc/openldap/schema/core.schema</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/cosine.schema</font></font></font></span>
access to *


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/inetorgperson.schema</font></font></font></span>
by dn="cn=syncuser,dc=differentialdesign,dc=org" write


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/nis.schema</font></font></font></span>
by * read


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">include<span style="mso-spacerun: yes">     </span>/etc/openldap/schema/samba.schema</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
updateref ldap://node1.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">pidfile<span style="mso-spacerun: yes">  </span><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes">   </span>/var/run/slapd/slapd.pid</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">argsfile<span style="mso-spacerun: yes">    </span>/var/run/slapd/slapd.args</font></font></font></span>
# Indices to maintain


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index objectClass eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">database<span style="mso-spacerun: yes">    </span>bdb</font></font></font></span>
index cn pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix<span style="mso-spacerun: yes">      </span>"dc=differentialdesign,dc=org"</font></font></font></span>
index sn pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">directory<span style="mso-spacerun: yes">   </span>/var/lib/ldap</font></font></font></span>
index uid pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootdn<span style="mso-spacerun: yes">      </span>"cn=Manager,dc=differentialdesign,dc=org"</font></font></font></span>
index displayName pres,sub,eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rootpw<span style="mso-spacerun: yes">      </span>Manager</font></font></font></span>
index uidNumber eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
index gidNumber eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># syncrepl directives</nowiki></font></font></font></span>
index memberUID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">syncrepl<span style="mso-spacerun: yes">  </span>rid=0</font></font></font></span>
index sambaSID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>provider=ldap://node1.differentialdesign.org:389</font></font></font></span>
index sambaPrimaryGroupSID eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>bindmethod=simple</font></font></font></span>
index sambaDomainName eq


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>binddn="cn=syncuser,dc=differentialdesign,dc=org"</font></font></font></span>
index default sub


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>credentials=SyncUser</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>searchbase="dc=differentialdesign,dc=org"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>logbase="cn=accesslog"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>logfilter="(&amp;(objectClass=auditWriteObject)(reqResult=0))"</font></font></font></span>
2.3: ldap.conf Master


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>schemachecking=on</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type=refreshAndPersist</font></font></font></span>
You will notice below in the host options that we use both IP addresses of the Primary and Secondary LDAP database servers. This serves as a failover option if the local LDAP database is inaccessible. The same applies for the Slave LDAP configuration; 2.4: ldap.conf Slave


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>retry="60 +"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>syncdata=accesslog</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
#/etc/ldap.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=userPassword</font></font></font></span>
# LDAP Master


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span><span style="mso-spacerun: yes">       </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>
host node1.differentialdesign.org node2.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * auth</font></font></font></span>
base dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
binddn cn=Manager,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to attrs=sambaLMPassword,sambaNTPassword</font></font></font></span>
bindpw Manager


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>
pam_password exop


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">access to *</font></font></font></span>
nss_base_passwd ou=People,ou=Users,dc=differentialdesign,dc=org?one


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by dn="cn=syncuser,dc=differentialdesign,dc=org" write</font></font></font></span>
nss_base_shadow ou=People,ou=Users,dc=differentialdesign,dc=org?one


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>by * read</font></font></font></span>
nss_base_passwd ou=Computers,ou=Users,dc=differentialdesign,dc=org?one


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
nss_base_shadow ou=Computers,ou=Users,dc=differentialdesign,dc=org?one


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">updateref<span style="mso-spacerun: yes">   </span>ldap://node1.differentialdesign.org</font></font></font></span>
nss_base_group ou=Groups,dc=differentialdesign,dc=org?one


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
ssl no


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Indices to maintain</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index objectClass<span style="mso-spacerun: yes">           </span>eq</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index cn<span style="mso-spacerun: yes">                    </span>pres,sub,eq</font></font></font></span>
2.4: ldap.conf Slave


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sn<span style="mso-spacerun: yes">      </span><span style="mso-spacerun: yes">              </span>pres,sub,eq</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uid<span style="mso-spacerun: yes">                   </span>pres,sub,eq</font></font></font></span>
#/etc/ldap.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index displayName<span style="mso-spacerun: yes">           </span>pres,sub,eq</font></font></font></span>
# LDAP Slave


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index uidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index gidNumber<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
host node2.differentialdesign.org node1.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index memberUID<span style="mso-spacerun: yes">             </span>eq</font></font></font></span>
base dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaSID<span style="mso-spacerun: yes">              </span>eq</font></font></font></span>
binddn cn=Manager,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaPrimaryGroupSID<span style="mso-spacerun: yes">  </span>eq</font></font></font></span>
bindpw Manager


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index sambaDomainName<span style="mso-spacerun: yes">       </span>eq</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">index default<span style="mso-spacerun: yes">               </span>sub</font></font></font></span>
pam_password exop


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
nss_base_passwd ou=People,ou=Users,dc=differentialdesign,dc=org?one


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
nss_base_shadow ou=People,ou=Users,dc=differentialdesign,dc=org?one


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
nss_base_passwd ou=Computers,ou=Users,dc=differentialdesign,dc=org?one


'''<span lang="EN" style="mso-ansi-language: EN"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.3: <u>ldap.conf Master</u></font></font></font></span>''''''<span lang="EN" style="mso-ansi-language: EN"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span>'''
nss_base_shadow ou=Computers,ou=Users,dc=differentialdesign,dc=org?one


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
nss_base_group ou=Groups,dc=differentialdesign,dc=org?one


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">You will notice below in the host options that we use both IP addresses of the Primary and Secondary LDAP database servers. This serves as a failover option if the local LDAP database is inaccessible.<span style="mso-spacerun: yes">  </span>The same applies for the Slave LDAP configuration; 2.4: ldap.conf Slave</font></font></span>
ssl no


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


{| class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-yfti-tbllook: 480; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
| style="width: 442.8pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt" width="590" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#/etc/ldap.conf</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Master</nowiki></font></font></font></span>
3.0: Initialization LDAP Database


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">host<span style="mso-spacerun: yes">    </span>node1.differentialdesign.org node2.differentialdesign.org</font></font></font></span>
Initial LDAP database population


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">base<span style="mso-spacerun: yes">    </span>dc=differentialdesign,dc=org</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">binddn<span style="mso-spacerun: yes">  </span>cn=Manager,dc=differentialdesign,dc=org</font></font></font></span>
There are many ways to initialize the LDAP database backend for samba and many scripts to help you out; however these loose our initial control of the database and can lead to issues such as database management.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">bindpw<span style="mso-spacerun: yes">  </span>Manager</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Once your server is up and running with users on it, the database can not really be manipulated without knowing the full workings of LDAP, so for many of us we are stuck with what we created.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">pam_password exop</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
The future of Samba is changing to Active Directory; we keep this in mind when creating the database so it can be an easier upgrade path migrating to Samba4; eventually Samba4 will be able to support OpenLDAP as a modular backend.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_passwd ou=People,ou=Users,dc=differentialdesign,dc=org?one</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_shadow ou=People,ou=Users,dc=differentialdesign,dc=org?one</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_passwd ou=Computers,ou=Users,dc=differentialdesign,dc=org?one</font></font></font></span>
3.1: Provisioning Database


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_shadow ou=Computers,ou=Users,dc=differentialdesign,dc=org?one</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_group<span style="mso-spacerun: yes">  </span>ou=Groups,dc=differentialdesign,dc=org?one</font></font></font></span>
We are going to manually create our initial LDAP database in a text file and be confident to use it in a full production environment.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ssl<span style="mso-spacerun: yes">     </span>no</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Our LDAP database structure will look like the following if using the preload ldif as per section 3.2 Preload LDIF


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
:


'''<span lang="EN" style="mso-ansi-language: EN"><font color="blue"><font face="Helvetica"><font size="14.0pt">2.4: <u>ldap.conf Slave</u></font></font></font></span>'''


<span style="mso-bookmark: ldap_conf_Slave"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|-Samba Base


{| class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-yfti-tbllook: 480; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
|---Manager
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
| style="width: 442.8pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt" width="590" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#/etc/ldap.conf</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Slave</nowiki></font></font></font></span>
|------syncuser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
|------sambaadmin


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">host<span style="mso-spacerun: yes">    </span>node2.differentialdesign.org node1.differentialdesign.org</font></font></font></span>
|------mailadmin


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">base<span style="mso-spacerun: yes">    </span>dc=differentialdesign,dc=org</font></font></font></span>
|---------Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">binddn<span style="mso-spacerun: yes">  </span>cn=Manager,dc=differentialdesign,dc=org</font></font></font></span>
|-----------People


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">bindpw<span style="mso-spacerun: yes">  </span>Manager</font></font></font></span>
|-------------------root


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
|-------------------asender


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">pam_password exop</font></font></font></span>
|-------------------simo


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
|-----------Computers


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_passwd ou=People,ou=Users,dc=differentialdesign,dc=org?one</font></font></font></span>
| |-------------------workstation1$


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_shadow ou=People,ou=Users,dc=differentialdesign,dc=org?one</font></font></font></span>
|-------------------workstation2$


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_passwd ou=Computers,ou=Users,dc=differentialdesign,dc=org?one</font></font></font></span>
|---------Groups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_shadow ou=Computers,ou=Users,dc=differentialdesign,dc=org?one</font></font></font></span>
|-----------Domain Admin


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nss_base_group<span style="mso-spacerun: yes">  </span>ou=Groups,dc=differentialdesign,dc=org?one</font></font></font></span>
|-------------------root


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ssl<span style="mso-spacerun: yes">     </span>no</font></font></font></span>
|---------- Domain Users
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|-------------------root


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|-------------------asender


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|-------------------simo


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">3.0: <u>Initialization LDAP Database</u></font></font></font></span>'''
|------------ Domain Guests


<span style="mso-bookmark: Initialization_LDAP_Database"></span>
|--------------------nobody


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|------------ Domain Computers


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Initial LDAP database population</font></font></span>
|--------------------workstation1$


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|--------------------workstation2$


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">There are many ways to initialize the LDAP database backend for samba and many scripts to help you out; however these loose our initial control of the database and can lead to issues such as database management.</font></font></span>
|----------Domains


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|-------------sambaDomainName


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Once your server is up and running with users on it, the database can not really be manipulated without knowing the full workings of LDAP, so for many of us we are stuck with what we created.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The future of Samba is changing to Active Directory; we keep this in mind when creating the database so it can be an easier upgrade path migrating to Samba4; eventually Samba4 will be able to support OpenLDAP as a modular backend.</font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="14.0pt"> </font></font></span>'''
Delete all runtime files from prior Samba operation by executing;


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">3.1: <u>Provisioning Database</u></font></font></font></span>'''


<span style="mso-bookmark: Provisioning_Database"></span>
[root@node1]# rm /etc/samba/*tdb


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1]# rm /var/lib/samba/*tdb


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We are going to manually create our initial LDAP database in a text file and be confident to use it in a full production environment.</font></font></span>
[root@node1]# rm /var/lib/samba/*dat


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1]# rm /var/log/samba/*


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Our LDAP database structure will look like the following if using the preload ldif as per section ''<u>[#Preload_LDIF <span><font color="windowtext">3.2 Preload LDIF</font></span>]</u>''</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><nowiki>:</nowiki></font></font></span>
Step2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Delete any previous LDAP database


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|-Samba Base</nowiki><span style="mso-spacerun: yes">  </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|---Manager</nowiki><span style="mso-spacerun: yes">  </span><span style="mso-tab-count: 2">                  </span></font></font></font></span>
[root@node1]# cd /var/lib/ldap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|------syncuser</nowiki><span style="mso-tab-count: 2">                </span></font></font></font></span>
[root@node1]# rm –rf *


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|------sambaadmin</nowiki><span style="mso-tab-count: 1">           </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|------mailadmin</nowiki><span style="mso-tab-count: 2">               </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|---------Users </nowiki><span style="mso-tab-count: 3">                             </span></font></font></font></span>
Step3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">            </span><nowiki>|-----------People</nowiki><span style="mso-tab-count: 3">                          </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-tab-count: 2">                        </span><nowiki>|-------------------root</nowiki><span style="mso-tab-count: 2">                       </span></font></font></font></span>
Login to node2 - the backup domain controller, and do the same.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-tab-count: 2">                        </span><nowiki>|-------------------asender</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-tab-count: 2">                        </span><nowiki>|-------------------simo</nowiki></font></font></font></span>
Step4


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">            </span><nowiki>|-----------Computers</nowiki><span style="mso-tab-count: 1">         </span><span style="mso-tab-count: 1">            </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|</nowiki><span style="mso-tab-count: 2">                       </span><nowiki>|-------------------workstation1$</nowiki></font></font></font></span>
[root@node1 ~]# net getlocalsid


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-tab-count: 2">                        </span><nowiki>|-------------------workstation2$</nowiki></font></font></font></span>
SID for domain NODE1 is: S-1-5-21-3809161173-2687474671-1432921517


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|---------Groups</nowiki><span style="mso-tab-count: 2">                </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|-----------Domain Admin</nowiki><span style="mso-tab-count: 2">               </span></font></font></font></span>
Your SID will differ to the one above; you will need to alter the preload LDIF as per below.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                          </span><nowiki>|-------------------root</nowiki><span style="mso-tab-count: 2">                     </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|---------- Domain Users</nowiki><span style="mso-tab-count: 2">                </span></font></font></font></span>
Step5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|-------------------root</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|-------------------asender</nowiki></font></font></font></span>
Login to your backup domain controller (node2) and type the following command using the SID obtained from step4.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|-------------------simo</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|------------ Domain Guests</nowiki><span style="mso-tab-count: 1">            </span></font></font></font></span>
[root@node2 ~]# net setlocalsid S-1-5-21-3809161173-2687474671-1432921517


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|--------------------nobody</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-tab-count: 1">            </span><nowiki>|------------ Domain Computers</nowiki><span style="mso-tab-count: 1">       </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|--------------------workstation1$</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|--------------------workstation2$</nowiki></font></font></font></span>
3.2: Preload LDIF


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|----------Domains</nowiki><span style="mso-tab-count: 2">             </span></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>|-------------sambaDomainName</nowiki></font></font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Create a .txt file containing the following contents.


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1]#vi preload-differentialdesign.ldif


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt">Delete all runtime files from prior Samba operation by executing;</font></font></span>


<span lang="EN" style="mso-ansi-language: EN"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Subsitute SID S-1-5-21-3809161173-2687474671-1432921517 with your domain SID, be sure


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
to leave the SID group mapping.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]#<span style="mso-spacerun: yes">   </span></font></font></font></span><span lang="EN" style="mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rm /etc/samba/*tdb</font></font></font></span>
Subsitute dc=differentialdesign,dc=org with your fully qualified domain name.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]#<span style="mso-spacerun: yes">   </span></font></font></font></span><span lang="EN" style="mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rm /var/lib/samba/*tdb</font></font></font></span>
Subsitute sambaDomainName: DDESIGN with your Samba Domain Name


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]#<span style="mso-spacerun: yes">   </span></font></font></font></span><span lang="EN" style="mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rm /var/lib/samba/*dat</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]#<span style="mso-spacerun: yes">   </span></font></font></font></span><span lang="EN" style="mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN"><font color="maroon"><font face="Helvetica"><font size="10.0pt">rm /var/log/samba/*</font></font></font></span>
#SAMBA LDAP PRELOAD


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Subsitute SID S-1-5-21-3809161173-2687474671-1432921517 with your domain SID, be sure


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2 </font></font></span></u>'''
# to leave the SID group mapping.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Subsitute dc=differentialdesign,dc=org with your fully qualified domain name.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Delete any previous LDAP database</font></font></span>
# Subsitute sambaDomainName: DDESIGN with your Samba Domain Name


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]#<span style="mso-spacerun: yes">  </span>cd /var/lib/ldap</font></font></font></span>
##The user to bind Samba to LDAP is defined in our smb.conf;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]#<span style="mso-spacerun: yes">  </span>rm –rf *</font></font></font></span>
##[root@node1]# smbpasswd –w SambaAdmin)


</div>
##[root@node2]# smbpasswd –w SambaAdmin)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
#SID S-1-5-21-3809161173-2687474671-1432921517


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
dn: dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Login to node2 - the backup domain controller, and do the same. </font></font></span>
objectClass: dcObject


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
objectClass: organization


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step4</font></font></span></u>'''
dc: differentialdesign


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
o: DDESIGN


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
description: Posix and Samba LDAP Identity Database


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# net getlocalsid</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">SID for domain NODE1 is: S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span>
dn: cn=Manager,dc=differentialdesign,dc=org


</div>
objectClass: organizationalRole


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
cn: Manager


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Your SID will differ to the one above; you will need to alter the preload LDIF as per below.</font></font></span>
description: Directory Manager


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step5</font></font></span></u>'''
dn: cn=syncuser,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
objectClass: person


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Login to your backup domain controller (node2) and type the following command using the SID obtained from step4.</font></font></span>
cn: syncuser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
sn: syncuser


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
userPassword: SyncUser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# net setlocalsid S-1-5-21-3809161173-2687474671-1432921517<span style="mso-spacerun: yes">  </span></font></font></font></span>


</div>
dn: cn=sambaadmin,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
objectClass: person


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
cn: sambaadmin


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
sn: sambaadmin


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">3.2: <u>Preload LDIF</u></font></font></font></span>'''
userPassword: SambaAdmin


<span style="mso-bookmark: Preload_LDIF"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
dn: cn=mailadmin,dc=differentialdesign,dc=org


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''
objectClass: person


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
cn: mailadmin


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Create a .txt file containing the following contents.</font></font></span>
sn: mailadmin


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
userPassword: MailAdmin


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.95pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]#vi preload-differentialdesign.ldif<span style="mso-tab-count: 1">                                                  </span></font></font></font></span>
dn: ou=Users,dc=differentialdesign,dc=org


</div>
objectClass: top


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
objectClass: organizationalUnit


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Subsitute SID<span><font color="maroon"><span style="mso-spacerun: yes">  </span></font></span><span><font color="green">S-1-5-21-3809161173-2687474671-1432921517</font></span><span><font color="maroon"> </font></span>with your domain SID, be sure<span><font color="maroon"> </font></span></font></font></span>
ou: Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">to leave the SID group mapping.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Subsitute dc=differentialdesign,dc=org with your fully qualified domain name.</font></font></span>
dn: ou=People,ou=Users,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Subsitute sambaDomainName: DDESIGN with your Samba Domain Name</font></font></span>
objectClass: top


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
objectClass: organizationalUnit


{| class="MsoNormalTable" style="margin-left: .75pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
ou: People
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 27.15pt"
| style="width: 439.55pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 27.15pt" width="586" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#SAMBA LDAP PRELOAD</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Subsitute SID</nowiki><span style="mso-spacerun: yes">  </span></font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> with your domain SID, be sure </font></font></font></span>
dn: ou=Computers,ou=Users,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># to leave the SID group mapping.</nowiki></font></font></font></span>
objectClass: top


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Subsitute dc=</nowiki></font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> with your fully qualified domain name.</font></font></font></span>
objectClass: organizationalUnit


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Subsitute sambaDomainName: </nowiki></font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="green"><font face="Helvetica"><font size="10.0pt">DDESIGN</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> with your Samba Domain Name</font></font></font></span>
ou: Computers


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
dn: ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##The user to bind Samba to LDAP is defined in our smb.conf; </nowiki></font></font></font></span>
objectClass: top


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##[root@node1]#</nowiki><span style="mso-spacerun: yes">  </span>smbpasswd –w SambaAdmin)</font></font></font></span>
objectClass: organizationalUnit


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##[root@node2]#</nowiki><span style="mso-spacerun: yes">  </span>smbpasswd –w SambaAdmin)</font></font></font></span>
ou: Groups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#SID S-1-5-21-3809161173-2687474671-1432921517</nowiki></font></font></font></span>
dn: ou=Domains,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
objectClass: top


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: organizationalUnit


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: dcObject</font></font></font></span>
ou: Domains


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: organization</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dc: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
dn: sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">o: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">DDESIGN</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: sambaDomain


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Posix and Samba LDAP Identity Database</font></font></font></span>
objectClass: sambaUnixIdPool


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
uidNumber: 1000


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Manager,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
gidNumber: 1000


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: organizationalRole</font></font></font></span>
sambaDomainName: DDESIGN


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Manager</font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Directory Manager</font></font></font></span>
sambaAlgorithmicRidBase: 1000


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
structuralObjectClass: sambaDomain


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=syncuser,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: person</font></font></font></span>
dn: cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: syncuser</font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sn: syncuser</font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userPassword: SyncUser</font></font></font></span>
gidNumber: 512


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
cn: Domain Admins


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=sambaadmin,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-512


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: person</font></font></font></span>
sambaGroupType: 2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: sambaadmin</font></font></font></span>
displayName: Domain Admins


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sn: sambaadmin</font></font></font></span>
description: Domain Administrators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userPassword: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">SambaAdmin</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
dn: cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=mailadmin,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: person</font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: mailadmin</font></font></font></span>
gidNumber: 513


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sn: mailadmin</font></font></font></span>
cn: Domain Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userPassword: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">MailAdmin</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-513


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
sambaGroupType: 2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: ou=Users,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
displayName: Domain Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: top</font></font></font></span>
description: Domain Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: organizationalUnit</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ou: Users</font></font></font></span>
dn: cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: ou=People,ou=Users,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: top</font></font></font></span>
gidNumber: 514


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: organizationalUnit</font></font></font></span>
cn: Domain Guests


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ou: People</font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-514


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
sambaGroupType: 2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: ou=Computers,ou=Users,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
displayName: Domain Guests


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: top</font></font></font></span>
description: Domain Guests


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: organizationalUnit</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ou: Computers</font></font></font></span>
dn: cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: top</font></font></font></span>
gidNumber: 515


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: organizationalUnit</font></font></font></span>
cn: Domain Computers


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ou: Groups</font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-515


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
sambaGroupType: 2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: ou=Domains,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
displayName: Domain Computers


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: top</font></font></font></span>
description: Domain Computers


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: organizationalUnit</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ou: Domains</font></font></font></span>
dn: cn=Administrators,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: sambaDomainName=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">DDESIGN</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,ou=Domains,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaDomain</font></font></font></span>
gidNumber: 544


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaUnixIdPool</font></font></font></span>
cn: Administrators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">uidNumber: 1000</font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-544


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 1000</font></font></font></span>
sambaGroupType: 5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaDomainName: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">DDESIGN</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
displayName: Administrators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
description: Administrators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaAlgorithmicRidBase: 1000</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">structuralObjectClass: sambaDomain</font></font></font></span>
dn: cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Domain Admins,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>
gidNumber: 548


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>
cn: Account Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 512</font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-548


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Domain Admins</font></font></font></span>
sambaGroupType: 5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-512</font></font></font></span>
displayName: Account Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 2</font></font></font></span>
description: Account Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Domain Admins</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Domain Administrators</font></font></font></span>
dn: cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Domain Users,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>
gidNumber: 550


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>
cn: Print Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 513</font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-550


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Domain Users</font></font></font></span>
sambaGroupType: 5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-513</font></font></font></span>
displayName: Print Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 2</font></font></font></span>
description: Print Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Domain Users</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Domain Users</font></font></font></span>
dn: cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Domain Guests,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>
gidNumber: 551


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>
cn: Backup Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 514</font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-551


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Domain Guests</font></font></font></span>
sambaGroupType: 5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-514</font></font></font></span>
displayName: Backup Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 2</font></font></font></span>
description: Backup Operators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Domain Guests</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Domain Guests</font></font></font></span>
dn: cn=Replicators,ou=Groups,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
objectClass: posixGroup


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Domain Computers,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
objectClass: sambaGroupMapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>
gidNumber: 552


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>
cn: Replicators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 515</font></font></font></span>
sambaSID: S-1-5-21-3809161173-2687474671-1432921517-552


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Domain Computers</font></font></font></span>
sambaGroupType: 5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-515</font></font></font></span>
displayName: Replicators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 2</font></font></font></span>
description: Replicators


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Domain Computers</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Domain Computers</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Administrators,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>
3.3: LDAP population


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 544</font></font></font></span>
Now its time to populate the database with our ldif that we edited to match our domain details as per section 3.2: Preload LDIF


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Administrators</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-544</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 5</font></font></font></span>
Step1.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Administrators</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Administrators</font></font></font></span>
Make sure LDAP is not running.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Account Operators,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
[root@node1]# vi /var/lib/ldap/DB_CONFIG


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>
#DB_CONFIG


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 548</font></font></font></span>
set_cachesize 0 150000000 1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Account Operators</font></font></font></span>
set_lg_regionmax 262144


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-548</font></font></font></span>
set_lg_bsize 2097152


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 5</font></font></font></span>
set_flags DB_LOG_AUTOREMOVE


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Account Operators</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Account Operators</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Step2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Print Operators,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>
This step is necessary if you are using delta-syncrepl as per section 2.1.2: slapd.conf Master delta-syncrepl Openldap2.3.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 550</font></font></font></span>
Because we are using multiple databases on the Provider it is nessassary to place an additional DB_CONFIG file insite the database directory.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Print Operators</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-550</font></font></font></span>
[root@node1]# mkdir /var/lib/ldap/accesslog


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 5</font></font></font></span>
[root@node1]# cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Print Operators</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Print Operators</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Step3.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Backup Operators,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>
[root@node1]# cd /ldap-scripts/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 551</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Backup Operators</font></font></font></span>
[root@node1 scripts]# slapadd –b "dc=differentialdesign,dc=org" -v -l preload-differentialdesign.ldif


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-551</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 5</font></font></font></span>
added: "dc=differentialdesign,dc=org" (00000001)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Backup Operators</font></font></font></span>
added: "cn=Manager,dc=differentialdesign,dc=org" (00000002)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Backup Operators</font></font></font></span>
added: "cn=syncuser,dc=differentialdesign,dc=org" (00000003)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
added: "cn=sambaadmin,dc=differentialdesign,dc=org" (00000004)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=Replicators,ou=Groups,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">differentialdesign</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">,dc=</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">org</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"></font></font></font></span>
added: "cn=mailadmin,dc=differentialdesign,dc=org" (00000005)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: posixGroup</font></font></font></span>
added: "ou=Users,dc=differentialdesign,dc=org" (00000006)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: sambaGroupMapping</font></font></font></span>
added: "ou=People,ou=Users,dc=differentialdesign,dc=org" (00000007)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">gidNumber: 552</font></font></font></span>
added: "ou=Computers,ou=Users,dc=differentialdesign,dc=org" (00000008)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: Replicators</font></font></font></span>
added: "ou=Groups,dc=differentialdesign,dc=org" (00000009)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaSID: </font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="#339966"><font face="Helvetica"><font size="10.0pt">S-1-5-21-3809161173-2687474671-1432921517</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">-552</font></font></font></span>
added: "ou=Domains,dc=differentialdesign,dc=org" (0000000a)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaGroupType: 5</font></font></font></span>
added: "sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org" (0000000b)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">displayName: Replicators</font></font></font></span>
added: "cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org" (0000000c)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">description: Replicators</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
added: "cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org" (0000000d)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
added: "cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org" (0000000e)
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
added: "cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org" (000000f)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
added: "cn=Administrators,ou=Groups,dc=differentialdesign,dc=org" (00000010)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
added: "cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org" (00000011)


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">3.3: <u>LDAP population</u></font></font></font></span>'''
added: "cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org" (00000012)


<span style="mso-bookmark: LDAP_population"></span>
added: "cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org" (00000013)


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
added: "cn=Replicators,ou=Groups,dc=differentialdesign,dc=org" (00000014)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Now its time to populate the database with our ldif that we edited to match our domain details as per section </font></font></span>'''''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="8.0pt">[#Preload_LDIF 3.2: Preload LDIF]</font></font></font></span>''''''''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step4.


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1.</font></font></span></u>'''
[root@node1]# chown –R ldap.ldap /var/lib/ldap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Make sure LDAP is not running.</font></font></span>
Step5.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
The user to bind Samba to LDAP is defined in our smb.conf; this is sambaadmin’s password as set in samba


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# vi /var/lib/ldap/DB_CONFIG</font></font></font></span>
preload-differentialdesign.ldif.


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
The entry in the preload-differentialdesign.ldif sambaadmin has a password “SambaAdmin”


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#DB_CONFIG</nowiki></font></font></font></span>
dn: cn=sambaadmin,dc=differentialdesign,dc=org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">set_cachesize<span style="mso-spacerun: yes">           </span>0 150000000 1</font></font></font></span>
objectClass: person


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">set_lg_regionmax<span style="mso-spacerun: yes">        </span>262144</font></font></font></span>
cn: sambaadmin


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">set_lg_bsize<span style="mso-spacerun: yes">            </span>2097152</font></font></font></span>
sn: sambaadmin


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">set_flags<span style="mso-spacerun: yes">               </span>DB_LOG_AUTOREMOVE</font></font></font></span>
userPassword: SambaAdmin


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 scripts]# smbpasswd -w SambaAdmin


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2.</font></font></span></u>'''
Setting stored password for "cn=sambaadmin,dc=differentialdesign,dc=org" in secrets.tdb


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">This step is necessary if you are using delta-syncrepl as per section </font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="8.0pt">[#slapd_conf_Master_Syncrepl_4_Openldap2_ 2.1.2: slapd.conf Master delta-syncrepl Openldap2.3].</font></font></font></span>''''''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
[root@node1 ~]# service ldap restart


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Because we are using multiple databases on the Provider it is nessassary to place an additional DB_CONFIG file insite the database directory.</font></font></span>
Stopping slapd: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Stopping slurpd: [ OK ]


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
Checking configuration files for slapd: config file testing succeeded


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# mkdir /var/lib/ldap/accesslog</font></font></font></span>
[ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
Starting slapd: [ OK ]


</div>
Starting slurpd: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# service smb restart


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3.</font></font></span></u>'''
Shutting down SMB services: [ OK ]


<span style="mso-fareast-font-family: &quot;Times New Roman&quot;; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><font face="Helvetica"><font size="10.0pt"><br style="page-break-before: always" clear="all" /></font></font></span><div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
Shutting down NMB services: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# cd /ldap-scripts/</font></font></font></span>
Starting SMB services: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Starting NMB services: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 scripts]# slapadd –b '''"dc=differentialdesign,dc=org"<span style="mso-spacerun: yes">  </span>'''-v -l preload-differentialdesign.ldif</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "dc=differentialdesign,dc=org" (00000001)</font></font></font></span>
Step6.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Manager,dc=differentialdesign,dc=org" (00000002)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=syncuser,dc=differentialdesign,dc=org" (00000003)</font></font></font></span>
Adding initial users with the smbldap-tools: Skip to section 4.1: smbldap-tools and install on node1.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=sambaadmin,dc=differentialdesign,dc=org" (00000004)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=mailadmin,dc=differentialdesign,dc=org" (00000005)</font></font></font></span>
[root@node1 scripts]# cd /opt/IDEALX/sbin/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=Users,dc=differentialdesign,dc=org" (00000006)</font></font></font></span>
[root@node1 sbin]# ./smbldap-useradd -m -a root


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=People,ou=Users,dc=differentialdesign,dc=org" (00000007)</font></font></font></span>
[root@node1 sbin]# ./smbldap-passwd root


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=Computers,ou=Users,dc=differentialdesign,dc=org" (00000008)</font></font></font></span>
Changing password for root


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=Groups,dc=differentialdesign,dc=org" (00000009)</font></font></font></span>
New password :


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=Domains,dc=differentialdesign,dc=org" (0000000a)</font></font></font></span>
Retype new password


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org" (0000000b)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org" (0000000c)</font></font></font></span>
[root@node1 ]# smbpasswd -a


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org" (0000000d)</font></font></font></span>
New SMB password:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org" (0000000e)</font></font></font></span>
Retype new SMB password:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org" (000000f)</font></font></font></span>
Added user root.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Administrators,ou=Groups,dc=differentialdesign,dc=org" (00000010)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org" (00000011)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org" (00000012)</font></font></font></span>
[root@node1 sbin]# ./smbldap-groupmod -m root Domain\ Admins


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org" (00000013)</font></font></font></span>
adding user root to group Domain Admins


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Replicators,ou=Groups,dc=differentialdesign,dc=org" (00000014)</font></font></font></span>


</div>
[root@node1 ~]# cd /opt/IDEALX/sbin/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 sbin]# ./smbldap-useradd -m -a asender


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step4.</font></font></span></u>'''
[root@node1 sbin]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
[root@node1 sbin]# ./smbldap-passwd asender


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# chown –R ldap.ldap /var/lib/ldap</font></font></font></span>
Changing password for asender


</div>
New password :


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Retype new password :


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step5.</font></font></span></u>'''
[root@node1 sbin]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The user to bind Samba to LDAP is defined in our smb.conf; this is sambaadmin’s password as set in samba </font></font></span>
[root@node1 sbin]# smbpasswd asender


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">preload-differentialdesign.ldif.</font></font></span>
New SMB password:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Retype new SMB password:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The entry in the preload-differentialdesign.ldif sambaadmin has a password “SambaAdmin”</font></font></span>
[root@node1 sbin]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">dn: cn=sambaadmin,dc=differentialdesign,dc=org</font></font></font></span>''
[root@node1 sbin]# id asender


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">objectClass: person</font></font></font></span>''
uid=1001(asender) gid=513(Domain Users) groups=513(Domain Users)


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cn: sambaadmin</font></font></font></span>''


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sn: sambaadmin</font></font></font></span>''


''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userPassword: SambaAdmin</font></font></font></span>''
Step7


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
You are now ready to join a Windows machine to the domain with user ‘root’.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 scripts]# smbpasswd -w SambaAdmin</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Setting stored password for "cn=sambaadmin,dc=differentialdesign,dc=org" in secrets.tdb</font></font></font></span>
We will need to setup our BDC, Heartbeat and DRBD to match our configuration.


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
3.4: Database Replication


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# service ldap restart</font></font></font></span>
If we choose to use syncrepl instead of slurpd daemon as per sections 2.2.1 slapd.conf Slave Synrepl and 2.2.1.1 slapd.conf Slave delta-syncrepl 4 Openldap2.3 there is no need to do this section, the database will be copied across initially when the consumer requests is restarted.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Stopping slapd:<span style="mso-tab-count: 2">              </span><span style="mso-tab-count: 2">                        </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Stopping slurpd:<span style="mso-tab-count: 4">                                     </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
Step1.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Checking configuration files for slapd:<span style="mso-spacerun: yes">  </span>config file testing succeeded</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-tab-count: 5">                                                            </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
Dump the LDAP database, copy it across to node2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Starting slapd:<span style="mso-tab-count: 4">                                       </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Starting slurpd:<span style="mso-spacerun: yes">                                            </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
[root@node1 ~]# slapcat –b “dc=differentialdesign,dc=org” -v -l transfer.ldif


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# service smb restart</font></font></font></span>
# id=00000001


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Shutting down SMB services:<span style="mso-spacerun: yes">                     </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# id=00000002


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Shutting down NMB services:<span style="mso-spacerun: yes">                    </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# id=00000003


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Starting SMB services:<span style="mso-tab-count: 3">                           </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# id=00000004


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Starting NMB services:<span style="mso-spacerun: yes">                              </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# id=00000005


</div>
# id=00000006


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# id=00000007


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# id=00000008


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step6</font></font></span></u>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">.</font></font></span>
# id=00000009


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# id=0000000a


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Adding initial users with the smbldap-tools: Skip to section [#smbldap_tools <span style="text-decoration: none; text-underline: none"><font color="windowtext">4.1: smbldap-tools</font></span>] and install on node1.</font></font></span>
# id=0000000b


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# id=0000000c


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
# id=0000000d


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 scripts]# cd /opt/IDEALX/sbin/</font></font></font></span>
# id=0000000e


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# ./smbldap-useradd -m -a root</font></font></font></span>
# id=0000000f


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# ./smbldap-passwd root</font></font></font></span>
# id=00000010


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Changing password for root</font></font></font></span>
# id=00000011


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">New password :</font></font></font></span>
# id=00000012


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Retype new password</font></font></font></span>
# id=00000013


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# id=00000014


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ]# smbpasswd -a</font></font></font></span>
# id=00000015


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">New SMB password:</font></font></font></span>
# id=00000017


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Retype new SMB password:</font></font></font></span>
# id=00000018


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Added user root.</font></font></font></span>


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# scp transfer.ldif root@node2:/root/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# ./smbldap-groupmod -m root Domain\ Admins</font></font></font></span>
Step2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">adding user root to group Domain Admins</font></font></font></span>


</div>
Transfer the database to node2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
[root@node2 ~]# slapadd –b “dc=differentialdesign,dc=org” -v -l transfer.ldif


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# cd /opt/IDEALX/sbin/</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# ./smbldap-useradd -m -a asender</font></font></font></span>
added: "dc=differentialdesign,dc=org" (00000001)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]#</font></font></font></span>
added: "cn=Manager,dc=differentialdesign,dc=org" (00000002)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
added: "cn=syncuser,dc=differentialdesign,dc=org" (00000003)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# ./smbldap-passwd asender</font></font></font></span>
added: "cn=sambaadmin,dc=differentialdesign,dc=org" (00000004)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Changing password for asender</font></font></font></span>
added: "cn=mailadmin,dc=differentialdesign,dc=org" (00000005)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">New password :</font></font></font></span>
added: "ou=Users,dc=differentialdesign,dc=org" (00000006)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Retype new password :</font></font></font></span>
added: "ou=People,ou=Users,dc=differentialdesign,dc=org" (00000007)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]#</font></font></font></span>
added: "ou=Computers,ou=Users,dc=differentialdesign,dc=org" (00000008)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
added: "ou=Groups,dc=differentialdesign,dc=org" (00000009)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# smbpasswd asender</font></font></font></span>
added: "ou=Domains,dc=differentialdesign,dc=org" (0000000a)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">New SMB password:</font></font></font></span>
added: "sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org" (0000000b)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Retype new SMB password:</font></font></font></span>
added: "cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org" (0000000c)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]#</font></font></font></span>
added: "cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org" (0000000d)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
added: "cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org" (0000000e)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# id asender</font></font></font></span>
added: "cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org" (000000f)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">uid=1001(asender) gid=513(Domain Users) groups=513(Domain Users)</font></font></font></span>
added: "cn=Administrators,ou=Groups,dc=differentialdesign,dc=org" (00000010)


</div>
added: "cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org" (00000011)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
added: "cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org" (00000012)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
added: "cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org" (00000013)


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step7<br style="mso-special-character: line-break" /><br style="mso-special-character: line-break" /></font></font></span></u>'''
added: "cn=Replicators,ou=Groups,dc=differentialdesign,dc=org" (00000014)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You are now ready to join a Windows machine to the domain with user ‘root’.<span style="mso-spacerun: yes">  </span></font></font></span>
added: "uid=root,ou=People,ou=Users,dc=differentialdesign,dc=org" (00000015)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
added: "uid=asender,ou=People,ou=Users,dc=differentialdesign,dc=org" (00000016)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We will need to setup our BDC, Heartbeat and DRBD to match our configuration.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step3.


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">3.4: <u>Database Replication</u></font></font></font></span>'''


<span style="mso-bookmark: Database_Replication"></span>
Make sure LDAP database is owned by LDAP


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">If we choose to use syncrepl instead of slurpd daemon as per sections [#slapd_conf_Slave_Syncrepl <span style="text-decoration: none; text-underline: none"><font color="windowtext">2.2.1 slapd.conf Slave Synrepl and 2.2.1.1 slapd.conf Slave delta-syncrepl 4 Openldap2.3 </font></span>]<span style="mso-spacerun: yes"> </span>there is no need to do this section, the database will be copied across initially when the consumer requests is restarted. </font></font></span>
[root@node2 ~]# chown –R ldap.ldap /var/lib/ldap


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1. </font></font></span></u>'''
Step4.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Dump the LDAP database, copy it across to node2.</font></font></span>
[root@node1 ~]# service ldap restart


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Stopping slapd: [ OK ]


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
Stopping slurpd: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# slapcat –b “dc=differentialdesign,dc=org” -v -l transfer.ldif</font></font></font></span>
Checking configuration files for slapd: config file testing succeeded


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
[ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000001</nowiki></font></font></font></span>
Starting slapd: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000002</nowiki></font></font></font></span>
Starting slurpd: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000003</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000004</nowiki></font></font></font></span>
[root@node1 ~]# service smb restart


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000005</nowiki></font></font></font></span>
Shutting down SMB services: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000006</nowiki></font></font></font></span>
Shutting down NMB services: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000007</nowiki></font></font></font></span>
Starting SMB services: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000008</nowiki></font></font></font></span>
Starting NMB services: [ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000009</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=0000000a</nowiki></font></font></font></span>
Step5.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=0000000b</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=0000000c</nowiki></font></font></font></span>
Login to node1 or your Primary Domain Controller and add another user as done so in section 3.6 LDAP population Step5, we will then check replication by logging onto node2 and see if the user exists on that machine.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=0000000d</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=0000000e</nowiki></font></font></font></span>
[root@node1 sbin]# ./smbldap-useradd -m -a testuser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=0000000f</nowiki></font></font></font></span>
[root@node1 sbin]# ./smbldap-passwd testuser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000010</nowiki></font></font></font></span>
Changing password for testuser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000011</nowiki></font></font></font></span>
New password :


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000012</nowiki></font></font></font></span>
Retype new password :


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000013</nowiki></font></font></font></span>
[root@node1 sbin]# smbpasswd testuser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000014</nowiki></font></font></font></span>
New SMB password:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000015</nowiki></font></font></font></span>
Retype new SMB password:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000017</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># id=00000018</nowiki></font></font></font></span>
[root@node1 sbin]# ssh node2


</div>
root@node2's password:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Last login: Mon Dec 18 02:43:33 2006 from 192.168.0.2


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
[root@node2 ~]# id testuser


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# scp transfer.ldif root@node2:/root/</font></font></font></span>
uid=1009(testuser) gid=513(Domain Users) groups=513(Domain Users)


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2.</font></font></span></u>'''
4.0: User Management


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Transfer the database to node2.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
4.1: smbldap-tools


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# slapadd –b “dc=differentialdesign,dc=org” -v -l transfer.ldif</font></font></font></span>
We will not be using the smbldap-tools to populate the database; however we will use it to manage users & groups once the database has been populated. These scripts allow us to add users and machines using NT tools such as srvtools.exe, it also makes life easier to manage to add users on the fly. However it is possible to create LDIF file to add users to the database.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "dc=differentialdesign,dc=org" (00000001)</font></font></font></span>
Smbldap-tools give us an advantage of been able to add machine accounts on the fly through the standard windows domain join. It also gives us the ability of been able to use srvtools.exe; however these tools lack custom control that can only be obtained through manually adding accounts through ldap.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Manager,dc=differentialdesign,dc=org" (00000002)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=syncuser,dc=differentialdesign,dc=org" (00000003)</font></font></font></span>
This document configuration has been tested with smbldap-tools-0.9.1-1.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=sambaadmin,dc=differentialdesign,dc=org" (00000004)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=mailadmin,dc=differentialdesign,dc=org" (00000005)</font></font></font></span>
Install smbldap-tools-0.9.1-1on both nodes, this means we can add users and groups from either the PDC or BDC as long as the PDC is contactable.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=Users,dc=differentialdesign,dc=org" (00000006)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=People,ou=Users,dc=differentialdesign,dc=org" (00000007)</font></font></font></span>
You may need to satisfy any dependencies.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=Computers,ou=Users,dc=differentialdesign,dc=org" (00000008)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=Groups,dc=differentialdesign,dc=org" (00000009)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "ou=Domains,dc=differentialdesign,dc=org" (0000000a)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org" (0000000b)</font></font></font></span>
[root@node1 smbldap-tools]# rpm -Uvh smbldap-tools-0.9.1-1.noarch.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org" (0000000c)</font></font></font></span>
Preparing... ########################################### [100%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org" (0000000d)</font></font></font></span>
1:smbldap-tools ########################################### [100%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org" (0000000e)</font></font></font></span>
[root@node1 smbldap-tools]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org" (000000f)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Administrators,ou=Groups,dc=differentialdesign,dc=org" (00000010)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org" (00000011)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org" (00000012)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org" (00000013)</font></font></font></span>
[root@node2 smbldap-tools]# rpm -Uvh smbldap-tools-0.9.1-1.noarch.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "cn=Replicators,ou=Groups,dc=differentialdesign,dc=org" (00000014)</font></font></font></span>
Preparing... ########################################### [100%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "uid=root,ou=People,ou=Users,dc=differentialdesign,dc=org" (00000015)</font></font></font></span>
1:smbldap-tools ########################################### [100%]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">added: "uid=asender,ou=People,ou=Users,dc=differentialdesign,dc=org" (00000016)</font></font></font></span>
[root@node2 smbldap-tools]#


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3.</font></font></span></u>'''
4.1.1: smbldap.conf Master


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Make sure LDAP database is owned by LDAP</font></font></span>
Because we did not use smbldap-tools to populate our database, we must manually configure the smbldap.conf. This configuration file only applies to smbldap-tools-0.9.1-1. If you are using a different version alterations will need to be made.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
We will need to configure this file to suit our init


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# chown –R ldap.ldap /var/lib/ldap<span style="mso-tab-count: 1"> </span></font></font></font></span>


</div>
# /etc/opt/IDEALX/sbin/smbldap.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step4.</font></font></span></u>'''
# smbldap-tools.conf : Q & D configuration file for smbldap-tools


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
# This code was developped by IDEALX (http://IDEALX.org/) and


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# service ldap restart</font></font></font></span>
# contributors (their names can be found in the CONTRIBUTORS file).


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Stopping slapd:<span style="mso-tab-count: 4">                                      </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Stopping slurpd:<span style="mso-tab-count: 4">                                     </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# Copyright (C) 2001-2002 IDEALX


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Checking configuration files for slapd:<span style="mso-spacerun: yes">  </span>config file testing succeeded</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                                                                        </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# This program is free software; you can redistribute it and/or


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Starting slapd:<span style="mso-tab-count: 5">                                                   </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# modify it under the terms of the GNU General Public License


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Starting slurpd:<span style="mso-spacerun: yes">                                          </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# as published by the Free Software Foundation; either version 2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# of the License, or (at your option) any later version.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# service smb restart</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Shutting down SMB services:<span style="mso-spacerun: yes">                     </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# This program is distributed in the hope that it will be useful,


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Shutting down NMB services:<span style="mso-spacerun: yes">                    </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# but WITHOUT ANY WARRANTY; without even the implied warranty of


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Starting SMB services:<span style="mso-tab-count: 3">                           </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Starting NMB services:<span style="mso-spacerun: yes">                              </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
# GNU General Public License for more details.


</div>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# You should have received a copy of the GNU General Public License


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step5.</font></font></span></u>'''
# along with this program; if not, write to the Free Software


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Login to node1 or your Primary Domain Controller and add another user as done so in section 3.6 LDAP population Step5, we will then check replication by logging onto node2 and see if the user exists on that machine.</font></font></span>
# USA.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
# Purpose :


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# ./smbldap-useradd -m -a testuser</font></font></font></span>
# . be the configuration file for all smbldap-tools scripts


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# ./smbldap-passwd testuser</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Changing password for testuser</font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">New password :</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Retype new password :</font></font></font></span>
# General Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# smbpasswd testuser</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">New SMB password:</font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Retype new SMB password:</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Put your own SID. To obtain this number do: "net getlocalsid".


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 sbin]# ssh node2</font></font></font></span>
# If not defined, parameter is taking from "net getlocalsid" return


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">root@node2's password:</font></font></font></span>
SID="S-1-5-21-3809161173-2687474671-1432921517"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Last login: Mon Dec 18 02:43:33 2006 from 192.168.0.2</font></font></font></span>
# Domain name the Samba server is in charged.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# id testuser</font></font></font></span>
# If not defined, parameter is taking from smb.conf configuration file


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">uid=1009(testuser) gid=513(Domain Users) groups=513(Domain Users)</font></font></font></span>
# Ex: sambaDomain="IDEALX-NT"


</div>
sambaDomain="DDESIGN"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
#


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">4.0: <u>User Management</u></font></font></font></span>'''
# LDAP Configuration


<span style="mso-bookmark: User_Management"></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">4.1: <u>smbldap-tools</u></font></font></font></span>'''
# Notes: to use to dual ldap servers backend for Samba, you must patch


<span style="mso-bookmark: smbldap_tools"></span>
# Samba with the dual-head patch from IDEALX. If not using this patch


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# just use the same server for slaveLDAP and masterLDAP.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We will not be using the smbldap-tools to populate the database; however we will use it to manage users &amp; groups once the database has been populated. These scripts allow us to add users and machines using NT tools such as srvtools.exe, it also makes life easier to manage to add users on the fly.<span style="mso-spacerun: yes">  </span>However it is possible to create LDIF file to add users to the database. </font></font></span>
# Those two servers declarations can also be used when you have


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# . one master LDAP server where all writing operations must be done


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Smbldap-tools give us an advantage of been able to add machine accounts on the fly through the standard windows domain join. It also gives us the ability of been able to use srvtools.exe; however these tools lack custom control that can only be obtained through manually adding accounts through ldap.</font></font></span>
# . one slave LDAP server where all reading operations must be done


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# (typically a replication directory)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">This document configuration has been tested with smbldap-tools-0.9.1-1.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Slave LDAP server


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Install smbldap-tools-0.9.1-1on both nodes, this means we can add users and groups from either the PDC or BDC as long as the PDC is contactable. </font></font></span>
# Ex: slaveLDAP=127.0.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# If not defined, parameter is set to "127.0.0.1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You may need to satisfy any dependencies.</font></font></span>
slaveLDAP="192.168.0.3"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Slave LDAP port


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 1.0pt 1.0pt 4.0pt">
# If not defined, parameter is set to "389"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
slavePort="389"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 smbldap-tools]# rpm -Uvh smbldap-tools-0.9.1-1.noarch.rpm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>Preparing...<span style="mso-spacerun: yes">                </span><nowiki>########################################### [100%]</nowiki></font></font></font></span>
# Master LDAP server: needed for write operations


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>1:smbldap-tools<span style="mso-spacerun: yes">          </span><nowiki>########################################### [100%]</nowiki></font></font></font></span>
# Ex: masterLDAP=127.0.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 smbldap-tools]#</font></font></font></span>
# If not defined, parameter is set to "127.0.0.1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
masterLDAP="127.0.0.1"


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# Master LDAP port


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# If not defined, parameter is set to "389"


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 1.0pt 1.0pt 4.0pt">
masterPort="389"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 smbldap-tools]# rpm -Uvh smbldap-tools-0.9.1-1.noarch.rpm</font></font></font></span>
# Use TLS for LDAP


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>Preparing...<span style="mso-spacerun: yes">                </span><nowiki>########################################### [100%]</nowiki></font></font></font></span>
# If set to 1, this option will use start_tls for connection


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>1:smbldap-tools<span style="mso-spacerun: yes">          </span><nowiki>########################################### [100%]</nowiki></font></font></font></span>
# (you should also used the port 389)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 smbldap-tools]#</font></font></font></span>
# If not defined, parameter is set to "1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
ldapTLS="0"


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# How to verify the server's certificate (none, optional or require)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="mso-tab-count: 1">                                         </span></font></font></span>
# see "man Net::LDAP" in start_tls section for more details


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">4.1.1: <u>smbldap.conf Master</u></font></font></font></span>'''
verify=""


<span style="mso-bookmark: smbldap_conf_Master"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# CA certificate


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Because we did not use smbldap-tools to populate our database, we must manually configure the smbldap.conf. This configuration file only applies to smbldap-tools-0.9.1-1. If you are using a different version alterations will need to be made.</font></font></span>
# see "man Net::LDAP" in start_tls section for more details


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
cafile=""


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We will need to configure this file to suit our init</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# certificate to use to connect to the ldap server


{| class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 480; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext" border="1"
# see "man Net::LDAP" in start_tls section for more details
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
| style="width: 440.3pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt" width="587" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># /etc/opt/IDEALX/sbin/smbldap.conf</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
clientcert=""


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># smbldap-tools.conf : Q &amp; D configuration file for smbldap-tools</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# key certificate to use to connect to the ldap server


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>This code was developped by IDEALX (http://IDEALX.org/) and</font></font></font></span>
# see "man Net::LDAP" in start_tls section for more details


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>contributors (their names can be found in the CONTRIBUTORS file).</font></font></font></span>
clientkey=""


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">                 </span>Copyright (C) 2001-2002 IDEALX</font></font></font></span>
# LDAP Suffix


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# Ex: suffix=dc=IDEALX,dc=ORG


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>This program is free software; you can redistribute it and/or</font></font></font></span>
suffix="dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>modify it under the terms of the GNU General Public License</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>as published by the Free Software Foundation; either version 2</font></font></font></span>
# Where are stored Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>of the License, or (at your option) any later version.</font></font></font></span>
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>This program is distributed in the hope that it will be useful,</font></font></font></span>
usersdn="ou=People,ou=Users,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>but WITHOUT ANY WARRANTY; without even the implied warranty of</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.<span style="mso-spacerun: yes">  </span>See the</font></font></font></span>
# Where are stored Computers


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>GNU General Public License for more details.</font></font></font></span>
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>You should have received a copy of the GNU General Public License</font></font></font></span>
computersdn="ou=Computers,ou=Users,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>along with this program; if not, write to the Free Software</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,</font></font></font></span>
# Where are stored Groups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>USA.</font></font></font></span>
# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>Purpose :</font></font></font></span>
groupsdn="ou=Groups,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">       </span>. be the configuration file for all smbldap-tools scripts</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Where are stored Idmap entries (used if samba is a domain member server)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># General Configuration</nowiki></font></font></font></span>
idmapdn="ou=Idmap,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
# Where to store next uidNumber and gidNumber available for new users and groups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# If not defined, entries are stored in sambaDomainName object.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Put your own SID. To obtain this number do: "net getlocalsid".</nowiki></font></font></font></span>
# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is taking from "net getlocalsid" return</nowiki></font></font></font></span>
# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">SID="S-1-5-21-3809161173-2687474671-1432921517"</font></font></font></span>
sambaUnixIdPooldn="sambaDomainName=DDESIGN,ou=Domains,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Domain name the Samba server is in charged.</nowiki></font></font></font></span>
# Default scope Used


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is taking from smb.conf configuration file</nowiki></font></font></font></span>
scope="sub"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: sambaDomain="IDEALX-NT"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaDomain="DDESIGN"</font></font></font></span>
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
hash_encrypt="MD5"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# if hash_encrypt is set to CRYPT, you may set a salt format.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Configuration</nowiki></font></font></font></span>
# default is "%s", but many systems will generate MD5 hashed


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# passwords if you use "$1$%.8s". This parameter is optional!


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
crypt_salt_format=""


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Notes: to use to dual ldap servers backend for Samba, you must patch</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Samba with the dual-head patch from IDEALX. If not using this patch</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># just use the same server for slaveLDAP and masterLDAP.</nowiki></font></font></font></span>
# Unix Accounts Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Those two servers declarations can also be used when you have</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># . one master LDAP server where all writing operations must be done</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># . one slave LDAP server where all reading operations must be done</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">   </span>(typically a replication directory)</font></font></font></span>
# Login defs


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Default Login Shell


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Slave LDAP server</nowiki></font></font></font></span>
# Ex: userLoginShell="/bin/bash"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: slaveLDAP=127.0.0.1</nowiki></font></font></font></span>
userLoginShell="/bin/bash"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "127.0.0.1"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">slaveLDAP="192.168.0.3"</font></font></font></span>
# Home directory


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Ex: userHome="/home/%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Slave LDAP port</nowiki></font></font></font></span>
userHome="/data/home/%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "389"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">slavePort="389"</font></font></font></span>
# Default mode used for user homeDirectory


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
userHomeDirectoryMode="700"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Master LDAP server: needed for write operations</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: masterLDAP=127.0.0.1</nowiki></font></font></font></span>
# Gecos


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "127.0.0.1"</nowiki></font></font></font></span>
userGecos="System User"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">masterLDAP="127.0.0.1"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Default User (POSIX and Samba) GID


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Master LDAP port</nowiki></font></font></font></span>
defaultUserGid="513"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "389"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">masterPort="389"</font></font></font></span>
# Default Computer (Samba) GID


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
defaultComputerGid="515"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Use TLS for LDAP</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If set to 1, this option will use start_tls for connection</nowiki></font></font></font></span>
# Skel dir


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># (you should also used the port 389)</nowiki></font></font></font></span>
skeletonDir="/etc/skel"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "1"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldapTLS="0"</font></font></font></span>
# Default password validation time (time in days) Comment the next line if


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# you don't want password to be enable for defaultMaxPasswordAge days (be


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># How to verify the server's certificate (none, optional or require)</nowiki></font></font></font></span>
# careful to the sambaPwdMustChange attribute's value)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># see "man Net::LDAP" in start_tls section for more details</nowiki></font></font></font></span>
defaultMaxPasswordAge="45"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">verify=""</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># CA certificate</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># see "man Net::LDAP" in start_tls section for more details</nowiki></font></font></font></span>
# SAMBA Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cafile=""</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># certificate to use to connect to the ldap server</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># see "man Net::LDAP" in start_tls section for more details</nowiki></font></font></font></span>
# The UNC path to home drives location (%U username substitution)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">clientcert=""</font></font></font></span>
# Just set it to a null string if you want to use the smb.conf 'logon home'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# directive and/or disable roaming profiles


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># key certificate to use to connect to the ldap server</nowiki></font></font></font></span>
# Ex: userSmbHome="\\PDC-SMB3\%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># see "man Net::LDAP" in start_tls section for more details</nowiki></font></font></font></span>
userSmbHome="\\192.168.0.4\%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">clientkey=""</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# The UNC path to profiles locations (%U username substitution)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Suffix</nowiki></font></font></font></span>
# Just set it to a null string if you want to use the smb.conf 'logon path'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: suffix=dc=IDEALX,dc=ORG</nowiki></font></font></font></span>
# directive and/or disable roaming profiles


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix="dc=differentialdesign,dc=org"</font></font></font></span>
# Ex: userProfile="\\PDC-SMB3\profiles\%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
userProfile="\\192.168.0.4\profiles\%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where are stored Users</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"</nowiki></font></font></font></span>
# The default Home Drive Letter mapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Warning: if 'suffix' is not set here, you must set the full dn for usersdn</nowiki></font></font></font></span>
# (will be automatically mapped at logon time if home directory exist)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">usersdn="ou=People,ou=Users,${suffix}"</font></font></font></span>
# Ex: userHomeDrive="H:"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
userHomeDrive="H:"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where are stored Computers</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"</nowiki></font></font></font></span>
# The default user netlogon script name (%U username substitution)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Warning: if 'suffix' is not set here, you must set the full dn for computersdn</nowiki></font></font></font></span>
# if not used, will be automatically username.cmd


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">computersdn="ou=Computers,ou=Users,${suffix}"</font></font></font></span>
# make sure script file is edited under dos


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Ex: userScript="startup.cmd" # make sure script file is edited under dos


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where are stored Groups</nowiki></font></font></font></span>
userScript="%U.bat"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Warning: if 'suffix' is not set here, you must set the full dn for groupsdn</nowiki></font></font></font></span>
# Domain appended to the users "mail"-attribute


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">groupsdn="ou=Groups,${suffix}"</font></font></font></span>
# when smbldap-useradd -M is used


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Ex: mailDomain="idealx.com"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where are stored Idmap entries (used if samba is a domain member server)</nowiki></font></font></font></span>
mailDomain="differentialdesign.org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Warning: if 'suffix' is not set here, you must set the full dn for idmapdn</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">idmapdn="ou=Idmap,${suffix}"</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where to store next uidNumber and gidNumber available for new users and groups</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, entries are stored in sambaDomainName object.</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"</nowiki></font></font></font></span>
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaUnixIdPooldn="sambaDomainName=DDESIGN,ou=Domains,${suffix}"</font></font></font></span>
# prefer Crypt::SmbHash library


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
with_smbpasswd="0"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default scope Used</nowiki></font></font></font></span>
smbpasswd="/usr/bin/smbpasswd"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">scope="sub"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)</nowiki></font></font></font></span>
# but prefer Crypt:: libraries


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">hash_encrypt="MD5"</font></font></font></span>
with_slappasswd="0"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
slappasswd="/usr/sbin/slappasswd"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># if hash_encrypt is set to CRYPT, you may set a salt format.</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># default is "%s", but many systems will generate MD5 hashed</nowiki></font></font></font></span>
# comment out the following line to get rid of the default banner


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># passwords if you use "$1$%.8s". This parameter is optional!</nowiki></font></font></font></span>
# no_banner="1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">crypt_salt_format=""</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
4.1.2: smbldap.conf Slave


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Unix Accounts Configuration</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
It is not necessary to install smbldap-tools on the backup domain controller. However this lets you add users from the BDC which will refer its update to the PDC ldap database.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Login defs</nowiki></font></font></font></span>
# /etc/opt/IDEALX/sbin/smbldap.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default Login Shell</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userLoginShell="/bin/bash"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userLoginShell="/bin/bash"</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# smbldap-tools.conf : Q & D configuration file for smbldap-tools


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Home directory</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userHome="/home/%U"</nowiki></font></font></font></span>
# This code was developped by IDEALX (http://IDEALX.org/) and


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userHome="/data/home/%U"</font></font></font></span>
# contributors (their names can be found in the CONTRIBUTORS file).


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default mode used for user homeDirectory</nowiki></font></font></font></span>
# Copyright (C) 2001-2002 IDEALX


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userHomeDirectoryMode="700"</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# This program is free software; you can redistribute it and/or


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Gecos</nowiki></font></font></font></span>
# modify it under the terms of the GNU General Public License


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userGecos="System User"</font></font></font></span>
# as published by the Free Software Foundation; either version 2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# of the License, or (at your option) any later version.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default User (POSIX and Samba) GID</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">defaultUserGid="513"</font></font></font></span>
# This program is distributed in the hope that it will be useful,


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# but WITHOUT ANY WARRANTY; without even the implied warranty of


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default Computer (Samba) GID</nowiki></font></font></font></span>
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">defaultComputerGid="515"</font></font></font></span>
# GNU General Public License for more details.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Skel dir</nowiki></font></font></font></span>
# You should have received a copy of the GNU General Public License


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">skeletonDir="/etc/skel"</font></font></font></span>
# along with this program; if not, write to the Free Software


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default password validation time (time in days) Comment the next line if</nowiki></font></font></font></span>
# USA.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># you don't want password to be enable for defaultMaxPasswordAge days (be</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># careful to the sambaPwdMustChange attribute's value)</nowiki></font></font></font></span>
# Purpose :


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">defaultMaxPasswordAge="45"</font></font></font></span>
# . be the configuration file for all smbldap-tools scripts


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


##############################################################################
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># SAMBA Configuration</nowiki></font></font></font></span>
# General Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
#


##############################################################################
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># The UNC path to home drives location (%U username substitution)</nowiki></font></font></font></span>
# Put your own SID. To obtain this number do: "net getlocalsid".


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Just set it to a null string if you want to use the smb.conf 'logon home'</nowiki></font></font></font></span>
# If not defined, parameter is taking from "net getlocalsid" return


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># directive and/or disable roaming profiles</nowiki></font></font></font></span>
SID="S-1-5-21-3809161173-2687474671-1432921517"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userSmbHome="\\PDC-SMB3\%U"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userSmbHome="\\192.168.0.4\%U"</font></font></font></span>
# Domain name the Samba server is in charged.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# If not defined, parameter is taking from smb.conf configuration file


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># The UNC path to profiles locations (%U username substitution)</nowiki></font></font></font></span>
# Ex: sambaDomain="IDEALX-NT"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Just set it to a null string if you want to use the smb.conf 'logon path'</nowiki></font></font></font></span>
sambaDomain="DDESIGN"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># directive and/or disable roaming profiles</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userProfile="\\PDC-SMB3\profiles\%U"</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userProfile="\\192.168.0.4\profiles\%U"</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# LDAP Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># The default Home Drive Letter mapping</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># (will be automatically mapped at logon time if home directory exist)</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userHomeDrive="H:"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userHomeDrive="H:"</font></font></font></span>
# Notes: to use to dual ldap servers backend for Samba, you must patch


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Samba with the dual-head patch from IDEALX. If not using this patch


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># The default user netlogon script name (%U username substitution)</nowiki></font></font></font></span>
# just use the same server for slaveLDAP and masterLDAP.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># if not used, will be automatically username.cmd</nowiki></font></font></font></span>
# Those two servers declarations can also be used when you have


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># make sure script file is edited under dos</nowiki></font></font></font></span>
# . one master LDAP server where all writing operations must be done


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userScript="startup.cmd" # make sure script file is edited under dos</nowiki></font></font></font></span>
# . one slave LDAP server where all reading operations must be done


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userScript="%U.bat"</font></font></font></span>
# (typically a replication directory)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Domain appended to the users "mail"-attribute</nowiki></font></font></font></span>
# Slave LDAP server


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># when smbldap-useradd -M is used</nowiki></font></font></font></span>
# Ex: slaveLDAP=127.0.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: mailDomain="idealx.com"</nowiki></font></font></font></span>
# If not defined, parameter is set to "127.0.0.1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">mailDomain="differentialdesign.org"</font></font></font></span>
slaveLDAP="127.0.0.1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
# Slave LDAP port


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# If not defined, parameter is set to "389"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># SMBLDAP-TOOLS Configuration (default are ok for a RedHat)</nowiki></font></font></font></span>
slavePort="389"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
# Master LDAP server: needed for write operations


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Ex: masterLDAP=127.0.0.1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but</nowiki></font></font></font></span>
# If not defined, parameter is set to "127.0.0.1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># prefer Crypt::SmbHash library</nowiki></font></font></font></span>
masterLDAP="192.168.0.2"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">with_smbpasswd="0"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">smbpasswd="/usr/bin/smbpasswd"</font></font></font></span>
# Master LDAP port


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# If not defined, parameter is set to "389"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)</nowiki></font></font></font></span>
masterPort="389"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># but prefer Crypt:: libraries</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">with_slappasswd="0"</font></font></font></span>
# Use TLS for LDAP


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">slappasswd="/usr/sbin/slappasswd"</font></font></font></span>
# If set to 1, this option will use start_tls for connection


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# (you should also used the port 389)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># comment out the following line to get rid of the default banner</nowiki></font></font></font></span>
# If not defined, parameter is set to "1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># no_banner="1"</nowiki></font></font></font></span>
ldapTLS="0"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# How to verify the server's certificate (none, optional or require)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# see "man Net::LDAP" in start_tls section for more details


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">4.1.2: <u>smbldap.conf Slave</u></font></font></font></span>''''''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span></u>'''
verify=""


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"><span style="text-decoration: none"> </span></font></font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">It is not necessary to install smbldap-tools on the backup domain controller. However this lets you add users from the BDC which will refer its update to the PDC ldap database.</font></font></span>
# CA certificate


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
# see "man Net::LDAP" in start_tls section for more details


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
cafile=""


{| class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 480; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext" border="1"
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
| style="width: 440.3pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt" width="587" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># /etc/opt/IDEALX/sbin/smbldap.conf</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# certificate to use to connect to the ldap server


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# see "man Net::LDAP" in start_tls section for more details


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
clientcert=""


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># smbldap-tools.conf : Q &amp; D configuration file for smbldap-tools</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# key certificate to use to connect to the ldap server


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>This code was developped by IDEALX (http://IDEALX.org/) and</font></font></font></span>
# see "man Net::LDAP" in start_tls section for more details


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>contributors (their names can be found in the CONTRIBUTORS file).</font></font></font></span>
clientkey=""


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">                 </span>Copyright (C) 2001-2002 IDEALX</font></font></font></span>
# LDAP Suffix


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# Ex: suffix=dc=IDEALX,dc=ORG


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>This program is free software; you can redistribute it and/or</font></font></font></span>
suffix="dc=differentialdesign,dc=org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>modify it under the terms of the GNU General Public License</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>as published by the Free Software Foundation; either version 2</font></font></font></span>
# Where are stored Users


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>of the License, or (at your option) any later version.</font></font></font></span>
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>This program is distributed in the hope that it will be useful,</font></font></font></span>
usersdn="ou=People,ou=Users,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>but WITHOUT ANY WARRANTY; without even the implied warranty of</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.<span style="mso-spacerun: yes">  </span>See the</font></font></font></span>
# Where are stored Computers


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>GNU General Public License for more details.</font></font></font></span>
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>You should have received a copy of the GNU General Public License</font></font></font></span>
computersdn="ou=Computers,ou=Users,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>along with this program; if not, write to the Free Software</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,</font></font></font></span>
# Where are stored Groups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>USA.</font></font></font></span>
# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">  </span>Purpose :</font></font></font></span>
groupsdn="ou=Groups,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">       </span>. be the configuration file for all smbldap-tools scripts</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Where are stored Idmap entries (used if samba is a domain member server)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># General Configuration</nowiki></font></font></font></span>
idmapdn="ou=Idmap,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
# Where to store next uidNumber and gidNumber available for new users and groups


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# If not defined, entries are stored in sambaDomainName object.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Put your own SID. To obtain this number do: "net getlocalsid".</nowiki></font></font></font></span>
# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is taking from "net getlocalsid" return</nowiki></font></font></font></span>
# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">SID="S-1-5-21-3809161173-2687474671-1432921517"</font></font></font></span>
sambaUnixIdPooldn="sambaDomainName=DDESIGN,ou=Domains,${suffix}"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Domain name the Samba server is in charged.</nowiki></font></font></font></span>
# Default scope Used


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is taking from smb.conf configuration file</nowiki></font></font></font></span>
scope="sub"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: sambaDomain="IDEALX-NT"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaDomain="DDESIGN"</font></font></font></span>
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
hash_encrypt="MD5"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# if hash_encrypt is set to CRYPT, you may set a salt format.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Configuration</nowiki></font></font></font></span>
# default is "%s", but many systems will generate MD5 hashed


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
# passwords if you use "$1$%.8s". This parameter is optional!


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
crypt_salt_format=""


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Notes: to use to dual ldap servers backend for Samba, you must patch</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Samba with the dual-head patch from IDEALX. If not using this patch</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># just use the same server for slaveLDAP and masterLDAP.</nowiki></font></font></font></span>
# Unix Accounts Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Those two servers declarations can also be used when you have</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># . one master LDAP server where all writing operations must be done</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># . one slave LDAP server where all reading operations must be done</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki><span style="mso-spacerun: yes">   </span>(typically a replication directory)</font></font></font></span>
# Login defs


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Default Login Shell


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Slave LDAP server</nowiki></font></font></font></span>
# Ex: userLoginShell="/bin/bash"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: slaveLDAP=127.0.0.1</nowiki></font></font></font></span>
userLoginShell="/bin/bash"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "127.0.0.1"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">slaveLDAP="127.0.0.1"</font></font></font></span>
# Home directory


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Ex: userHome="/home/%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Slave LDAP port</nowiki></font></font></font></span>
userHome="/data/home/%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "389"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">slavePort="389"</font></font></font></span>
# Default mode used for user homeDirectory


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
userHomeDirectoryMode="700"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Master LDAP server: needed for write operations</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: masterLDAP=127.0.0.1</nowiki></font></font></font></span>
# Gecos


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "127.0.0.1"</nowiki></font></font></font></span>
userGecos="System User"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">masterLDAP="192.168.0.2"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Default User (POSIX and Samba) GID


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Master LDAP port</nowiki></font></font></font></span>
defaultUserGid="513"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "389"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">masterPort="389"</font></font></font></span>
# Default Computer (Samba) GID


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
defaultComputerGid="515"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Use TLS for LDAP</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If set to 1, this option will use start_tls for connection</nowiki></font></font></font></span>
# Skel dir


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># (you should also used the port 389)</nowiki></font></font></font></span>
skeletonDir="/etc/skel"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, parameter is set to "1"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">ldapTLS="0"</font></font></font></span>
# Default password validation time (time in days) Comment the next line if


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# you don't want password to be enable for defaultMaxPasswordAge days (be


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># How to verify the server's certificate (none, optional or require)</nowiki></font></font></font></span>
# careful to the sambaPwdMustChange attribute's value)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># see "man Net::LDAP" in start_tls section for more details</nowiki></font></font></font></span>
defaultMaxPasswordAge="45"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">verify=""</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># CA certificate</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># see "man Net::LDAP" in start_tls section for more details</nowiki></font></font></font></span>
# SAMBA Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cafile=""</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># certificate to use to connect to the ldap server</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># see "man Net::LDAP" in start_tls section for more details</nowiki></font></font></font></span>
# The UNC path to home drives location (%U username substitution)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">clientcert=""</font></font></font></span>
# Just set it to a null string if you want to use the smb.conf 'logon home'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# directive and/or disable roaming profiles


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># key certificate to use to connect to the ldap server</nowiki></font></font></font></span>
# Ex: userSmbHome="\\PDC-SMB3\%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># see "man Net::LDAP" in start_tls section for more details</nowiki></font></font></font></span>
userSmbHome="\\192.168.0.4\%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">clientkey=""</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# The UNC path to profiles locations (%U username substitution)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># LDAP Suffix</nowiki></font></font></font></span>
# Just set it to a null string if you want to use the smb.conf 'logon path'


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: suffix=dc=IDEALX,dc=ORG</nowiki></font></font></font></span>
# directive and/or disable roaming profiles


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">suffix="dc=differentialdesign,dc=org"</font></font></font></span>
# Ex: userProfile="\\PDC-SMB3\profiles\%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
userProfile="\\192.168.0.4\profiles\%U"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where are stored Users</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"</nowiki></font></font></font></span>
# The default Home Drive Letter mapping


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Warning: if 'suffix' is not set here, you must set the full dn for usersdn</nowiki></font></font></font></span>
# (will be automatically mapped at logon time if home directory exist)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">usersdn="ou=People,ou=Users,${suffix}"</font></font></font></span>
# Ex: userHomeDrive="H:"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
userHomeDrive="H:"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where are stored Computers</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"</nowiki></font></font></font></span>
# The default user netlogon script name (%U username substitution)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Warning: if 'suffix' is not set here, you must set the full dn for computersdn</nowiki></font></font></font></span>
# if not used, will be automatically username.cmd


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">computersdn="ou=Computers,ou=Users,${suffix}"</font></font></font></span>
# make sure script file is edited under dos


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Ex: userScript="startup.cmd" # make sure script file is edited under dos


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where are stored Groups</nowiki></font></font></font></span>
userScript="%U.bat"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Warning: if 'suffix' is not set here, you must set the full dn for groupsdn</nowiki></font></font></font></span>
# Domain appended to the users "mail"-attribute


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">groupsdn="ou=Groups,${suffix}"</font></font></font></span>
# when smbldap-useradd -M is used


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Ex: mailDomain="idealx.com"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where are stored Idmap entries (used if samba is a domain member server)</nowiki></font></font></font></span>
mailDomain="differentialdesign.org"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Warning: if 'suffix' is not set here, you must set the full dn for idmapdn</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">idmapdn="ou=Idmap,${suffix}"</font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Where to store next uidNumber and gidNumber available for new users and groups</nowiki></font></font></font></span>
#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># If not defined, entries are stored in sambaDomainName object.</nowiki></font></font></font></span>
##############################################################################


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"</nowiki></font></font></font></span>
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">sambaUnixIdPooldn="sambaDomainName=DDESIGN,ou=Domains,${suffix}"</font></font></font></span>
# prefer Crypt::SmbHash library


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
with_smbpasswd="0"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default scope Used</nowiki></font></font></font></span>
smbpasswd="/usr/bin/smbpasswd"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">scope="sub"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)</nowiki></font></font></font></span>
# but prefer Crypt:: libraries


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">hash_encrypt="MD5"</font></font></font></span>
with_slappasswd="0"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
slappasswd="/usr/sbin/slappasswd"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># if hash_encrypt is set to CRYPT, you may set a salt format.</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># default is "%s", but many systems will generate MD5 hashed</nowiki></font></font></font></span>
# comment out the following line to get rid of the default banner


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># passwords if you use "$1$%.8s". This parameter is optional!</nowiki></font></font></font></span>
# no_banner="1"


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">crypt_salt_format=""</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Unix Accounts Configuration</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
5.0: Heartbeat HA Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Heartbeat Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Login defs</nowiki></font></font></font></span>
- Node1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default Login Shell</nowiki></font></font></font></span>
- Node2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userLoginShell="/bin/bash"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userLoginShell="/bin/bash"</font></font></font></span>
The heartbeat solution is not needed for domain logons; however in mission critical environments it supports failover if a node becomes unavailable. It provides a heartbeat through a serial and a crossover connection directly connected to each server. A virtual IP is shared by the cluster; we connect to this virtual IP Address when accessing a Samba share.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Home directory</nowiki></font></font></font></span>
There are 2 main differential versions of heartbeat - version 1.2.3 is limited to a two node cluster; version 2 can span many machines and can become quite complex. Heartbeat version 2 is however backwards compatible with version 1.2.3 configuration files using the “crm no” option in the ha.cf configuration file.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userHome="/home/%U"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userHome="/data/home/%U"</font></font></font></span>
You must never mix different versions of heartbeat in a cluster; they must all run the same version. If you do it will create instability and may lead to random rebooting.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default mode used for user homeDirectory</nowiki></font></font></font></span>
If you want to be completely safe I highly recommend using version 1.2.3, for this exercise however we will be using version heartbeat 2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userHomeDirectoryMode="700"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
If you are looking for proven stability version 1.2.3 has been used with DRBD for a long time; it is often used in hospitals to store MRI and other data that needs to be readily accessible; currently this is limited to a 2 node cluster.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Gecos</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userGecos="System User"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
5.1: Requirements


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default User (POSIX and Samba) GID</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">defaultUserGid="513"</font></font></font></span>
Get the following RPM’s from the http://www.linux-ha.org web site.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default Computer (Samba) GID</nowiki></font></font></font></span>
Version 1.2.3 has proven rock solid in many mission critical environments.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">defaultComputerGid="515"</font></font></font></span>
You may need to satisfy dependencies.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Skel dir</nowiki></font></font></font></span>
If you chose to install heartbeat version 1.2.3 take note of the configuration file 4.3 Configuration PDC it differs slightly.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">skeletonDir="/etc/skel"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
5.2: Installation


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Default password validation time (time in days) Comment the next line if</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># you don't want password to be enable for defaultMaxPasswordAge days (be</nowiki></font></font></font></span>
Heartbeat can now be downloaded with YUM, it will download version 2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># careful to the sambaPwdMustChange attribute's value)</nowiki></font></font></font></span>
Repeat this process on node2 your backup domain controller, so they are both running identical versions of heartbeat.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">defaultMaxPasswordAge="45"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Install heartbeat on both nodes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
[root@node1 programs]# cd heartbeat-1.2.3/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># SAMBA Configuration</nowiki></font></font></font></span>
[root@node1 heartbeat-1.2.3]# ls


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
heartbeat-1.2.3-2.rh.9.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
heartbeat-ldirectord-1.2.3-2.rh.9.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
heartbeat-pils-1.2.3-2.rh.9.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># The UNC path to home drives location (%U username substitution)</nowiki></font></font></font></span>
heartbeat-stonith-1.2.3-2.rh.9.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Just set it to a null string if you want to use the smb.conf 'logon home'</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># directive and/or disable roaming profiles</nowiki></font></font></font></span>
[root@node1 heartbeat-1.2.3]#rpm -Uvh heartbeat-1.2.3-2.rh.9.i386.rpm heartbeat-ldirectord-1.2.3-2.rh.9.i386.rpm heartbeat-pils-1.2.3-2.rh.9.i386.rpm heartbeat-stonith-1.2.3-2.rh.9.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userSmbHome="\\PDC-SMB3\%U"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userSmbHome="\\192.168.0.4\%U"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># The UNC path to profiles locations (%U username substitution)</nowiki></font></font></font></span>
5.3: Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Just set it to a null string if you want to use the smb.conf 'logon path'</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># directive and/or disable roaming profiles</nowiki></font></font></font></span>
Heartbeat running as version 1.2.3 is very easy to configure and manage. The never version 2 is able to support multiple nodes and uses xml type configuration files. If you are using version 2 I recommend running using crm = no option which provides 1.2.3 backwards compatability.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userProfile="\\PDC-SMB3\profiles\%U"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userProfile="\\192.168.0.4\profiles\%U"</font></font></font></span>
Just remember to always run the same version of heartbeat on both nodes.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># The default Home Drive Letter mapping</nowiki></font></font></font></span>
5.3.1: ha.cf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># (will be automatically mapped at logon time if home directory exist)</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userHomeDrive="H:"</nowiki></font></font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userHomeDrive="H:"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
On node1 login with root account; the ha.cf file needs to be the same on both nodes.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># The default user netlogon script name (%U username substitution)</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># if not used, will be automatically username.cmd</nowiki></font></font></font></span>
Note:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># make sure script file is edited under dos</nowiki></font></font></font></span>
The option “crm no” in the ha.cf specifies heartbeat version 2 to behave as version 1.2.3; this means it is limited to a 2 node cluster.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: userScript="startup.cmd" # make sure script file is edited under dos</nowiki></font></font></font></span>
If you choose to run version 1.2.3 you will need to comment out or delete the “crm no” in the ha.cf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">userScript="%U.bat"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
[root@node1]# cd /etc/ha.d


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Domain appended to the users "mail"-attribute</nowiki></font></font></font></span>
[root@node1]# vi ha.cf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># when smbldap-useradd -M is used</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Ex: mailDomain="idealx.com"</nowiki></font></font></font></span>
## /etc/ha.d/ha.cf on node1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">mailDomain="differentialdesign.org"</font></font></font></span>
## This configuration is to be the same on both machines


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
## This example is made for version 2, comment out crm if using version 1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
keepalive 1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># SMBLDAP-TOOLS Configuration (default are ok for a RedHat)</nowiki></font></font></font></span>
deadtime 5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>#</nowiki></font></font></font></span>
warntime 3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>##############################################################################</nowiki></font></font></font></span>
initdead 20


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
serial /dev/ttyS0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but</nowiki></font></font></font></span>
bcast eth1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># prefer Crypt::SmbHash library</nowiki></font></font></font></span>
auto_failback yes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">with_smbpasswd="0"</font></font></font></span>
node node1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">smbpasswd="/usr/bin/smbpasswd"</font></font></font></span>
node node2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
crm no # comment out if using version 1.2.3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># but prefer Crypt:: libraries</nowiki></font></font></font></span>
Step2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">with_slappasswd="0"</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">slappasswd="/usr/sbin/slappasswd"</font></font></font></span>
Copy the ha.cf to node2 so they both have the same configuration file.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># comment out the following line to get rid of the default banner</nowiki></font></font></font></span>
[root@node1]# scp /etc/ha.d/ha.cf root@node2:/etc/ha.d/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># no_banner="1"</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
5.3.2: haresources


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
The haresorces file is called when heartbeat starts. Throughout this document we have used /data as our mount point for replication raid1 over LAN.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">5.0: <u>Heartbeat HA Configuration</u></font></font></font></span>'''
We use node1, which is the master server and use 192.168.0.4 which is the clusters virtual IP address which will be displayed as eth0:0 on the primary node.


<span style="mso-bookmark: Heartbeat_HA_Configuration"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
You will see drbddisk Filesystem::/dev/drbd0::/data::ext3 - /dev/drbd0 is our DRBD drive. We have chosen to mount our DRBD file system at /data – this is our replication mount point, which we configured in our samba and smbldap-tools configuration.


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Heartbeat Configuration</font></font></span>'''


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Node1</font></font></span>'''
You can easily make services highly available by adding the appropriate name to the haresources file as specified below with DNS service named.


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Node2</font></font></span>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The heartbeat solution is not needed for domain logons; however in mission critical environments it supports failover if a node becomes unavailable. It provides a heartbeat through a serial and a crossover connection directly connected to each server. A virtual IP is shared by the cluster; we connect to this virtual IP Address when accessing a Samba share.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1]# vi haresources


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">There are 2 main differential versions of heartbeat - version 1.2.3 is limited to a two node cluster; version 2 can span many machines and can become quite complex. Heartbeat version 2 is however backwards compatible with version 1.2.3 configuration files using the “crm no” option in the ha.cf configuration file.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
## /etc/ha.d/haresources


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You must never mix different versions of heartbeat in a cluster; they must all run the same version. If you do it will create instability and may lead to random rebooting.</font></font></span>
## This configuration is to be the same on both nodes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">If you want to be completely safe I highly recommend using version 1.2.3, for this exercise however we will be using version heartbeat 2.</font></font></span>
node1 192.168.0.4 drbddisk Filesystem::/dev/drbd0::/data::ext3 named


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">If you are looking for proven stability version 1.2.3 has been used with DRBD for a long time; it is often used in hospitals to store MRI and other data that needs to be readily accessible; currently this is limited to a 2 node cluster.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span></font></font></span>
Step2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">5.1: <u>Requirements</u></font></font></font></span>'''
Copy the haresources file across to node2 so they are both identical.


<span style="mso-bookmark: Requirements"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1]# scp /etc/ha.d/haresources root@node2:/etc/ha.d/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Get the following RPM’s from the [http://www.linux-ha.org/ <span style="text-decoration: none; text-underline: none"><font color="windowtext">http://www.linux-ha.org</font></span>] web site.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Version 1.2.3</font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> has proven rock solid in many mission critical environments.</font></font></span>
5.3.3: authkeys


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You may need to satisfy dependencies.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">If you chose to install heartbeat version 1.2.3 take note of the configuration file 4.3 Configuration PDC it differs slightly.</font></font></span>
The below method provides no security or authentication, so we recommended not to use. If however heartbeat communicates over a private link such as in our case (serial and crossover cable) there is no need to add this additional security.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">5.2: <u>Installation</u></font></font></font></span>''''''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span>'''
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Heartbeat can now be downloaded with YUM, it will download version 2.</font></font></span>
[root@node1]# vi authkeys


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Repeat this process on node2 your backup domain controller, so they are both running identical versions of heartbeat.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
## /etc/ha.d/authkeys


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Install heartbeat on both nodes</font></font></span>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
auth 1


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
1 crc


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 programs]# cd heartbeat-1.2.3/</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 heartbeat-1.2.3]# ls</font></font></font></span>
The preferred method is to sha encryption to authenticate nodes and their packets as below.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">heartbeat-1.2.3-2.rh.9.i386.rpm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">heartbeat-ldirectord-1.2.3-2.rh.9.i386.rpm</font></font></font></span>
## /etc/ha.d/authkeys


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">heartbeat-pils-1.2.3-2.rh.9.i386.rpm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">heartbeat-stonith-1.2.3-2.rh.9.i386.rpm</font></font></font></span>
auth 1


</div>
1 sha HeartbeatPassword


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 heartbeat-1.2.3]#rpm -Uvh heartbeat-1.2.3-2.rh.9.i386.rpm heartbeat-ldirectord-1.2.3-2.rh.9.i386.rpm heartbeat-pils-1.2.3-2.rh.9.i386.rpm heartbeat-stonith-1.2.3-2.rh.9.i386.rpm</font></font></font></span>
Step2


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Give the authkeys file correct permissions.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1]# chmod 600 /etc/ha.d/authkeys


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">5.3: <u>Configuration</u></font></font></font></span>'''


<span style="mso-bookmark: Configuration_PDC">'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"><span style="text-decoration: none"> </span></font></font></font></span></u>'''</span>
Step3


<span style="mso-bookmark: Configuration_PDC"><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Heartbeat running as version 1.2.3 is very easy to configure and manage. The never version 2 is able to support multiple nodes and uses xml type configuration files. If you are using version 2 I recommend running using crm = no option which provides 1.2.3 backwards compatability.</font></font></span></span>


<span style="mso-bookmark: Configuration_PDC"><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span></span>
Copy the authkeys file to node2 so they can authenticate with each other.


<span style="mso-bookmark: Configuration_PDC"><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Just remember to always run the same version of heartbeat on both nodes.</font></font></span></span>


<span style="mso-bookmark: Configuration_PDC"><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span></span>
[root@node1]# scp /etc/ha.d/authkeys root@node2:/etc/ha.d/


<span style="mso-bookmark: Configuration_PDC">'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">5.3.1: <u>ha.cf</u></font></font></font></span>'''</span>


<span style="mso-bookmark: ha_cf"></span><span style="mso-bookmark: Configuration_PDC"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
5.4: Testing


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Now that we have heartbeat configured it is time to test ther


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">On node1 login with root account; the ha.cf file needs to be the same on both nodes.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Note:</font></font></span>
Step4.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The option “crm no” in the ha.cf specifies heartbeat version 2 to behave as version 1.2.3; this means it is limited to a 2 node cluster.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">If you choose to run version 1.2.3 you will need to comment out or delete the “crm no” in the ha.cf</font></font></span>
Login to node2 – your backup domain controller, use the exact same configuration as the primary domain controllers configuration files for heartbeat.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# cd /etc/ha.d</font></font></font></span>
6.0: DRBD


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# vi ha.cf</font></font></font></span>


</div>
DRBD Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
- Primary


{| class="MsoNormalTable" style="margin-left: .75pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
- Secondary
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 36.0pt"
| style="width: 457.55pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 36.0pt" width="610" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## /etc/ha.d/ha.cf on node1</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## This configuration is to be the same on both machines</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## This example is made for version 2, comment out crm if using version 1</nowiki></font></font></font></span>
DRBD is a kernel module which has the ability to network 2 machines to provide Raid1 over LAN.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">keepalive 1</font></font></font></span>
It is assumed that we have two identical drives in both machines; all data on this device will be destroyed.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">deadtime 5</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">warntime 3</font></font></font></span>
If you are updating your kernel or version of DRBD, make sure DRBD is stopped on both machines.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">initdead 20</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">serial /dev/ttyS0</font></font></font></span>
Never attempt to run different versions of DRBD, this means both machines need the same kernel.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">bcast eth1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">auto_failback yes</font></font></font></span>
6.1: Requirements


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">node node1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">node node2</font></font></font></span>
You will need to install the DRBD kernel Module. We will build our own RPM kernel modules so it is optimized for our architecture.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">crm no # comment out if using version 1.2.3</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
I have tested many different kernels with DRBD, some are not stable so you will need to check Google to make sure your kernel is compatible with the particular DRBD release, most of the time this isn’t an issue.


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2.</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Both the following kernels are recommended for Fedora Core 4; up to version drbd-0.7.23 I have used.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Copy the ha.cf to node2 so they both have the same configuration file.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
kernel-smp-2.6.14-1.1656_FC4


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# scp /etc/ha.d/ha.cf root@node2:/etc/ha.d/</font></font></font></span>
kernel-smp-2.6.11-1.1369_FC4


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Please browse this list http://www.linbit.com/support/drbd-current/ and look for packages available.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">5.3.2: <u>haresources</u></font></font></font></span>'''
Step1


<span style="mso-bookmark: haresources"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Get a serial cable and connect it to each nodes com1 port.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The haresorces file is called when heartbeat starts. Throughout this document we have used /data as our mount point for replication raid1 over LAN.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Execute the following; you may see a lot of garbage on the screen.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We use node1, which is the master server and use 192.168.0.4 which is the clusters virtual IP address which will be displayed as eth0:0 on the primary node.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# cat </dev/ttyS0


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You will see drbddisk Filesystem::/dev/drbd0::/data::ext3 - /dev/drbd0 is our DRBD drive. We have chosen to mount our DRBD file system at ''<span><font color="maroon">/data </font></span>''– this is our replication mount point, which we configured in our samba and smbldap-tools configuration.</font></font></span>'''
Step2


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You can easily make services highly available by adding the appropriate name to the haresources file as specified below with DNS service '''''<span><font color="maroon">named</font></span>'''''''<span><font color="maroon">.</font></span>''</font></font></span>
You may have to repeat the below a couple of times in rapid succession to see the output on node1.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''
[root@node2 ~]# echo hello >/dev/ttyS0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# vi haresources</font></font></font></span>
6.2: Installation


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


{| class="MsoNormalTable" style="margin-left: .75pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
Step1
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 27.15pt"
| style="width: 448.55pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 27.15pt" width="598" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## /etc/ha.d/haresources</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## This configuration is to be the same on both nodes</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Extract the latest stable version of DRBD.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">node1 192.168.0.4 drbddisk Filesystem::/dev/drbd0::'''/data'''<nowiki>::ext3 </nowiki>'''named'''</font></font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 stable]# tar zxvf drbd-0.7.20.tar.gz


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''
[root@node1 stable]# cd drbd-0.7.20


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
[root@node1 drbd-0.7.20]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Copy the haresources file across to node2 so they are both identical.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step2


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# scp /etc/ha.d/haresources root@node2:/etc/ha.d/</font></font></font></span>
. It is nice to make your own rpm for your distribution. It makes upgrades seamless.


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
This will give us a RPM build specifically to our kernel, it may take some time.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">5.3.3: <u>authkeys</u></font></font></font></span>'''
[root@node1 drbd-0.7.20]# make


<span style="mso-bookmark: authkeys"></span>
[root@node1 drbd-0.7.20]# make rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The below method provides no security or authentication, so we recommended not to use. If however heartbeat communicates over a private link such as in our case (serial and crossover cable) there is no need to add this additional security. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 drbd-0.7.20]# cd dist RPMS/i386/


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''
[root@node1 i386]#/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 207.3pt">
[root@node1 i386]# ls


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# vi authkeys</font></font></font></span>
drbd-0.7.20-1.i386.rpm


</div>
drbd-debuginfo-0.7.20-1.i386.rpm


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
drbd-km-2.6.14_1.1656_FC4smp-0.7.20-1.i386.rpm


{| class="MsoNormalTable" style="margin-left: .75pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 17.65pt"
| style="width: 135.15pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 17.65pt" width="180" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## /etc/ha.d/authkeys</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Step4


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">auth 1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">1 crc</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
We will now install DRBD and our Kernel module which we built earlier.
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The preferred method is to sha encryption to authenticate nodes and their packets as below.</font></font></span>
[root@node1 i386]# rpm -Uvh drbd-0.7.20-1.i386.rpm drbd-debuginfo-0.7.20-1.i386.rpm drbd-km-2.6.14_1.1656_FC4smp-0.7.20-1.i386.rpm


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''


{| class="MsoNormalTable" style="margin-left: .75pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 17.65pt"
| style="width: 135.15pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 17.65pt" width="180" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki>## /etc/ha.d/authkeys</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Step5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">auth 1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">1 sha HeartbeatPassword</font></font></font></span>
Login to node 2 the backup domain controller and do the same.
|}


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><br /> Step2</font></font></span></u>'''


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
6.3: Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Give the authkeys file correct permissions.</font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
In the example throughout this document we have linked /dev/hdd1 to /dev/drbd; your however may be a different device, it could be SCSI.


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# chmod 600 /etc/ha.d/authkeys</font></font></font></span>'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span></u>'''
All data on the device /dev/hdd will be destroyed.


</div>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
Step1


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
We are going to create a partition on /dev/hdd1 using fdisk.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Copy the authkeys file to node2 so they can authenticate with each other.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
[root@node1]# fdisk /dev/hdd1


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# scp /etc/ha.d/authkeys root@node2:/etc/ha.d/</font></font></font></span>'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span></u>'''
Command (m for help): m


</div>
Command action


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
a toggle a bootable flag


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"> </font></font></span>'''
b edit bsd disklabel


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">5.4: <u>Testing</u></font></font></font></span>'''
c toggle the dos compatibility flag


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
d delete a partition


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Now that we have heartbeat configured it is time to test ther </font></font></span>
l list known partition types


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
m print this menu


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
n add a new partition


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step4.</font></font></span></u>'''
o create a new empty DOS partition table


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
p print the partition table


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Login to node2 – your backup domain controller, use the '''exact''' same configuration as the primary domain controllers configuration files for heartbeat.</font></font></span>
q quit without saving changes


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
s create a new empty Sun disklabel


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
t change a partition's system id


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">6.0: <u>DRBD</u></font></font></font></span>'''
u change display/entry units


<span style="mso-bookmark: DRBD"></span>
v verify the partition table


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
w write table to disk and exit


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">DRBD Configuration</font></font></span>'''
x extra functionality (experts only)


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Primary</font></font></span>'''


<span><font size="10.0pt"><span style="mso-list: Ignore">-<span style="font: 7.0pt &quot;Times New Roman&quot;">          </span></span></font></span>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Secondary</font></font></span>'''
Command (m for help): d


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
No partition is defined yet!


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">DRBD is a kernel module which has the ability to network 2 machines to provide Raid1 over LAN. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Command (m for help): n


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">It is assumed that we have two identical drives in both machines; all data on this device will be destroyed.</font></font></span>
Command action


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
e extended


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">If you are updating your kernel or version of DRBD, make sure DRBD is stopped on both machines.</font></font></span>
p primary partition (1-4)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
p


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Never attempt to run different versions of DRBD, this means both machines need the same kernel. </font></font></span>'''
Partition number (1-4): 1


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>'''
First cylinder (1-8677, default 1):


<span style="mso-bookmark: Requirements_6_1">'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">6.1: <u>Requirements</u></font></font></font></span>'''</span>
Using default value 1


<span style="mso-bookmark: Requirements_6_1"></span>
Last cylinder or +size or +sizeM or +sizeK (1-8677, default 8677):


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Using default value 8677


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You will need to install the DRBD kernel Module. We will build our own RPM kernel modules so it is optimized for our architecture. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Command (m for help): w


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">I have tested many different kernels with DRBD, some are not stable so you will need to check Google to make sure your kernel is compatible with the particular DRBD release, most of the time this isn’t an issue.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Both the following kernels are recommended for Fedora Core 4; up to version drbd-0.7.23 I have used. <br style="mso-special-character: line-break" /><br style="mso-special-character: line-break" /></font></font></span>
Step2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">kernel-smp-2.6.14-1.1656_FC4</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">kernel-smp-2.6.11-1.1369_FC4</font></font></span>
Now login to node2 the backup domain controller and fdisk /dev/hdd1 as per above; or your chosen device.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Please browse this list [http://www.linbit.com/support/drbd-current/ <span style="text-decoration: none; text-underline: none"><font color="windowtext">http://www.linbit.com/support/drbd-current/</font></span>] and look for packages available.</font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
6.3.1: drbd.conf


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Create this file on both you master and slave server, it should be identical however it is not a requirement. As long as the partition size is the same any mount point can be used.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Get a serial cable and connect it to each nodes com1 port. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Execute the following; you may see a lot of garbage on the screen.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
The below file is fairly self explanatory, you see the real disk link to the DRBD kernel module device.


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Courier New&quot;"><font color="maroon"><font face="Helvetica">[root@node1 ~]# cat &lt;/dev/ttyS0 </font></font></span><span lang="EN" style="mso-ansi-language: EN"><font color="#111111"><font face="&quot;Lucida Console&quot;"></font></font></span>


</div>
[root@node1]# vi /etc/drbd.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''
# Datadrive (/data) /dev/hdd1 80GB


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You may have to repeat the below a couple of times in rapid succession to see the output on node1.</font></font></span>
resource drbd1 {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
protocol C;


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
disk {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# echo hello &gt;/dev/ttyS0</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
on-io-error panic;


</div>
}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
net {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
max-buffers 2048;


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">6.2: <u>Installation</u></font></font></font></span>'''
ko-count 4;


<span style="mso-bookmark: Installation_6_2"></span>
on-disconnect reconnect;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
syncer {


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''
rate 700000;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Extract the latest stable version of DRBD.</font></font></span>
on node1 {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
device /dev/drbd0;


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
disk /dev/hdd1;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 stable]# tar zxvf drbd-0.7.20.tar.gz</font></font></font></span>
address 10.0.0.1:7789;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
meta-disk internal;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 stable]# cd drbd-0.7.20</font></font></font></span>
}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 drbd-0.7.20]#</font></font></font></span>
on node2 {


</div>
device /dev/drbd0;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
disk /dev/hdd1;


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''
address 10.0.0.2:7789;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
meta-disk internal;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">. It is nice to make your own rpm for your distribution. It makes upgrades seamless.</font></font></span>
}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">This will give us a RPM build specifically to our kernel, it may take some time.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
Step2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 drbd-0.7.20]# make</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 drbd-0.7.20]# make rpm</font></font></font></span>
[root@node1]# scp /etc/drbd.conf root@node2:/etc/


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3</font></font></span></u>'''
6.3.2: Initialization


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
In the following steps we will configure the disks to synchronize and choose a master node.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 drbd-0.7.20]# cd dist RPMS/i386/</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 i386]#/</font></font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 i386]# ls</font></font></font></span>
On the Primary Domain Controller


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd-0.7.20-1.i386.rpm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd-debuginfo-0.7.20-1.i386.rpm</font></font></font></span>
[root@node1]# service drbd start


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd-km-2.6.14_1.1656_FC4smp-0.7.20-1.i386.rpm</font></font></font></span>


</div>
On the Backup Domain Controller


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step4</font></font></span></u>'''
[root@node2]# service drbd start


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We will now install DRBD and our Kernel module which we built earlier.</font></font></span>
Step2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
[root@node1]# service drbd status


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 i386]# rpm -Uvh drbd-0.7.20-1.i386.rpm drbd-debuginfo-0.7.20-1.i386.rpm drbd-km-2.6.14_1.1656_FC4smp-0.7.20-1.i386.rpm</font></font></font></span>


</div>
drbd driver loaded OK; device status:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
version: 0.7.17 (api:77/proto:74)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
SVN Revision: 2093 build by root@node1, 2006-04-23 14:40:20


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step5</font></font></span></u>'''
0: cs:Connected st:Secondary/Secondary ld:Inconsistent


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
ns:25127936 nr:3416 dw:23988760 dr:4936449 al:19624 bm:1038 lo:0 pe:0 ua:0 ap:0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Login to node 2 the backup domain controller and do the same.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
You can see both devices are ready, and waiting for a Primary drive to be activated which will do an initial synchronization to the secondary device.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">6.3: <u>Configuration</u></font></font></font></span>'''
Step3


<span style="mso-bookmark: Configuration_6_3"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Stop the heartbeat service on both nodes.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">In the example throughout this document we have linked /dev/hdd1 to /dev/drbd; your however may be a different device, it could be SCSI. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step4


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">All data on the device /dev/hdd will be destroyed.</font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
We are now telling DRBD to make node1 the primary drive.


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1]# drbdadm -- --do-what-I-say primary all


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We are going to create a partition on /dev/hdd1 using fdisk.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# service drbd status


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
drbd driver loaded OK; device status:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# fdisk /dev/hdd1</font></font></font></span>
version: 0.7.23 (api:79/proto:74)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
SVN Revision: 2686 build by root@node1, 2007-01-23 20:26:13


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Command (m for help): m</font></font></font></span>
0: cs:SyncSource st:Primary/Secondary ld:Consistent


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Command action</font></font></font></span>
ns:67080 nr:85492 dw:91804 dr:72139 al:9 bm:268 lo:0 pe:30 ua:2019 ap:0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>a<span style="mso-spacerun: yes">   </span>toggle a bootable flag</font></font></font></span>
[==>.................] sync'ed: 12.5% (458848/520196)K


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>b<span style="mso-spacerun: yes">   </span>edit bsd disklabel</font></font></font></span>
finish: 0:01:44 speed: 4,356 (4,088) K/sec


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>c<span style="mso-spacerun: yes">   </span>toggle the dos compatibility flag</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>d<span style="mso-spacerun: yes">   </span>delete a partition</font></font></font></span>
Step6


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>l<span style="mso-spacerun: yes">   </span>list known partition types</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>m<span style="mso-spacerun: yes">   </span>print this menu</font></font></font></span>
Create a filesystem on our RAID devices.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>n<span style="mso-spacerun: yes">   </span>add a new partition</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>o<span style="mso-spacerun: yes">   </span>create a new empty DOS partition table</font></font></font></span>
[root@node1]# mkfs.ext3 /dev/drbd0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>p<span style="mso-spacerun: yes">   </span>print the partition table</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>q<span style="mso-spacerun: yes">   </span>quit without saving changes</font></font></font></span>
6.4: Testing


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>s<span style="mso-spacerun: yes">   </span>create a new empty Sun disklabel</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>t<span style="mso-spacerun: yes">   </span>change a partition's system id</font></font></font></span>
We have a 2 node cluster replicating data, its time to test a failover.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>u<span style="mso-spacerun: yes">   </span>change display/entry units</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>v<span style="mso-spacerun: yes">   </span>verify the partition table</font></font></font></span>
Step1


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>w<span style="mso-spacerun: yes">   </span>write table to disk and exit</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>x<span style="mso-spacerun: yes">   </span>extra functionality (experts only)</font></font></font></span>
Start the heartbeat service on both nodes.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Command (m for help): d</font></font></font></span>
Step2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">No partition is defined yet!</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
On node1 we can see the status of DRBD.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Command (m for help): n</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Command action</font></font></font></span>
[root@node1 ~]# service drbd status


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>e<span style="mso-spacerun: yes">   </span>extended</font></font></font></span>
drbd driver loaded OK; device status:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">   </span>p<span style="mso-spacerun: yes">   </span>primary partition (1-4)</font></font></font></span>
version: 0.7.23 (api:79/proto:74)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">p</font></font></font></span>
0: cs:Connected st:Primary/Secondary ld:Consistent


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Partition number (1-4): 1</font></font></font></span>
ns:1536 nr:0 dw:1372 dr:801 al:4 bm:6 lo:0 pe:0 ua:0 ap:0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">First cylinder (1-8677, default 1):</font></font></font></span>
[root@node1 ~]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Using default value 1</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Last cylinder or +size or +sizeM or +sizeK (1-8677, default 8677):</font></font></font></span>
On node2 we can see the status of DRBD.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Using default value 8677</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
[root@node2 ~]# service drbd status


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Command (m for help): w</font></font></font></span>
drbd driver loaded OK; device status:


</div>
version: 0.7.23 (api:79/proto:74)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
SVN Revision: 2686 build by root@node2, 2007-01-23 20:26:03


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
0: cs:Connected st:Secondary/Primary ld:Consistent


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''
ns:0 nr:1484 dw:1484 dr:0 al:0 bm:6 lo:0 pe:0 ua:0 ap:0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node2 ~]#


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Now login to node2 the backup domain controller and fdisk /dev/hdd1 as per above; or your chosen device. </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>'''
That all looks good; we can see the devices are consistent and ready for use.


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">6.3.1: <u>drbd.conf</u></font></font></font></span>'''
Step3


<span style="mso-bookmark: drbd_conf"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Now let’s check the mount point we created in the heartbeat haresources file.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Create this file on both you master and slave server, it should be identical however it is not a requirement. As long as the partition size is the same any mount point can be used.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
We can see heartbeat has successfully mounted “/dev/drbd0 to the /data directory” of course your device will not have any data on it yet.


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# df -h


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The below file is fairly self explanatory, you see the real disk link to the DRBD kernel module device.</font></font></span>
Filesystem Size Used Avail Use% Mounted on


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
/dev/mapper/VolGroup00-LogVol00


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
35G 14G 20G 41% /


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
/dev/hdc1 99M 21M 74M 22% /boot


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# vi /etc/drbd.conf</font></font></font></span>
/dev/shm 506M 0 506M 0% /dev/shm


</div>
/dev/drbd0 74G 37G 33G 53% /data


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]#


{| class="MsoNormalTable" style="margin-left: .75pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: 1.5pt solid windowtext; mso-border-insidev: 1.5pt solid windowtext" border="1"
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; height: 18.35pt"
| style="width: 448.55pt; border: solid windowtext 1.5pt; padding: 0cm 5.4pt 0cm 5.4pt; height: 18.35pt" width="598" valign="top" |
<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><nowiki># Datadrive (/data) /dev/hdd1 80GB</nowiki></font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Step4


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">resource drbd1 {</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>protocol C;</font></font></font></span>
Login to node1 and execute the following command; once heartbeat is stopped it should only take a few seconds to migrate the services to node2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>disk {</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>on-io-error panic;</font></font></font></span>
[root@node1 ~]# service heartbeat stop


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>}</font></font></font></span>
Stopping High-Availability services:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>net {</font></font></font></span>
[ OK ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>max-buffers 2048;</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>ko-count 4;</font></font></font></span>
[root@node1 ~]# service drbd status


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>on-disconnect reconnect;</font></font></font></span>
drbd driver loaded OK; device status:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>}</font></font></font></span>
version: 0.7.23 (api:79/proto:74)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>syncer {</font></font></font></span>
SVN Revision: 2686 build by root@node1, 2007-01-23 20:26:13


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>rate 700000;</font></font></font></span>
0: cs:Connected st:Secondary/Primary ld:Consistent


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>}</font></font></font></span>
ns:5616 nr:85492 dw:90944 dr:2162 al:9 bm:260 lo:0 pe:0 ua:0 ap:0


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>on node1 {</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>device<span style="mso-spacerun: yes">    </span>/dev/drbd0;</font></font></font></span>
We can see drbd change state to secondary on node1.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>disk<span style="mso-spacerun: yes">      </span>/dev/hdd1;</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>address<span style="mso-spacerun: yes">   </span>10.0.0.1:7789;</font></font></font></span>
Step5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>meta-disk internal;</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>}</font></font></font></span>
Now let’s check that status of DRBD on node2; we can see it has changed state and become the primary.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>on node2 {</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>device<span style="mso-spacerun: yes">    </span>/dev/drbd0;</font></font></font></span>
[root@node2 ~]# service drbd status


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>disk<span style="mso-spacerun: yes">      </span>/dev/hdd1;</font></font></font></span>
drbd driver loaded OK; device status:


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>address<span style="mso-spacerun: yes">   </span>10.0.0.2:7789;</font></font></font></span>
version: 0.7.23 (api:79/proto:74)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>meta-disk internal;</font></font></font></span>
SVN Revision: 2686 build by root@node2, 2007-01-23 20:26:03


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">  </span>}</font></font></font></span>
0: cs:Connected st:Primary/Secondary ld:Consistent


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">}</font></font></font></span><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
ns:4 nr:518132 dw:518136 dr:17 al:0 bm:220 lo:0 pe:0 ua:0 ap:0
|}


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
1: cs:Connected st:Primary/Secondary ld:Consistent


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
ns:28 nr:520252 dw:520280 dr:85 al:0 bm:199 lo:0 pe:0 ua:0 ap:0


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Check that node2 has mounted the device.


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# scp /etc/drbd.conf root@node2:/etc/</font></font></font></span>
[root@node2 ~]# df -h


</div>
Filesystem Size Used Avail Use% Mounted on


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
/dev/mapper/VolGroup00-LogVol00


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
35G 12G 22G 35% /


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">6.3.2: <u>Initialization</u></font></font></font></span>'''
/dev/hdc1 99M 17M 78M 18% /boot


<span style="mso-bookmark: initialization"></span>
/dev/shm 506M 0 506M 0% /dev/shm


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>'''
/dev/hdh1 111G 97G 7.6G 93% /storage


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">In the following steps we will configure the disks to synchronize and choose a master node.</font></font></span>
/dev/drbd0 74G 37G 33G 53% /data


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node2 ~]#


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step5


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">On the Primary Domain Controller</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Finally start the heartbeat service on node1 and be sure that all processes migrate back.


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# service drbd start</font></font></font></span>


</div>
7.0: BIND DNS


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">On the Backup Domain Controller</font></font></span>
We can use BIND – The Berkley Internet Name Domain in a high availability configuration. We can make 2 nodes appear as one, zone files will we stored on a DRBD drive, if node1 fails node2 can take over and automatically start NAMED.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
BIND is able to have its /var/named directory relocated to a more appropriate location such as /data/dnszones; this enables us to provide real time replication of the zone files; the standby node2 will have to have its default directory modified to /data/dnszones.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2]# service drbd start</font></font></font></span>


</div>
We have 2 servers, and we will refer to the cluster as cluster.differentialdesign.org. It is assumed that these machines are behind a firewall with NAT and port forwarding to the appropriate ports.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''
When setting up Domain Names through a registrar you would want 2 separate name servers. It is recommended to setup an additional slave DNS server.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
An example may be


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# service drbd status</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
Name Server:CLUSTER.DIFFERENTIALDESIGN.ORG ß Primary Name Server(s)


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd driver loaded OK; device status:</font></font></font></span>
Name Server:NS1.DIFFERENTIALDESIGN.ORG


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">version: 0.7.17 (api:77/proto:74)</font></font></font></span>
Name Server:NS2.DIFFERENTIALDESIGN.ORG


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">SVN Revision: 2093 build by root@node1, 2006-04-23 14:40:20</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">0: cs:Connected st:Secondary/Secondary ld:Inconsistent</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>ns:25127936 nr:3416 dw:23988760 dr:4936449 al:19624 bm:1038 lo:0 pe:0 ua:0 ap:0</font></font></font></span>
7.1: Configuration


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">You can see both devices are ready, and waiting for a Primary drive to be activated which will do an initial synchronization to the secondary device.</font></font></font></span>
Step1


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
We will now create a directory on our DRBD drive /data/dnszones.


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# mkdir /data/dnszones


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Stop the heartbeat service on both nodes.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step2


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step4</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Change the location of the zone files to our replicated drive


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We are now telling DRBD to make node1 the primary drive.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# named ?


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
usage: named [-4|-6] [-c conffile] [-d debuglevel] [-f|-g] [-n number_of_cpus]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]#<span style="mso-spacerun: yes">  </span></font></font></font></span><tt><span style="mso-bidi-font-family: &quot;Courier New&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbdadm -- --do-what-I-say primary all</font></font></font></span></tt>
[-p port] [-s] [-t chrootdir] [-u username]


<span><font color="maroon"> </font></span>
[-m {usage|trace|record}]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# service drbd status</font></font></font></span>
[-D ]


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd driver loaded OK; device status:</font></font></font></span>
named: extra command line arguments


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">version: 0.7.23 (api:79/proto:74)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">SVN Revision: 2686 build by root@node1, 2007-01-23 20:26:13</font></font></font></span>
[root@node1 ~]# named -t /data/dnszones/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span>0: cs:SyncSource st:Primary/Secondary ld:Consistent</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>ns:67080 nr:85492 dw:91804 dr:72139 al:9 bm:268 lo:0 pe:30 ua:2019 ap:0</font></font></font></span>
Step3


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>[==&gt;.................] sync'ed: 12.5% (458848/520196)K</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>finish: 0:01:44 speed: 4,356 (4,088) K/sec</font></font></font></span>
Copy the default zone files to our new location and set the permissions.


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
[root@node1 ~]# rsync -avz /var/named/ /data/dnszones/


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step6</font></font></span></u>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
[root@node1 ~]# chown –R named.named /data/dnszones/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Create a filesystem on our RAID devices.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
7.1.1: named.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1]# mkfs.ext3 /dev/drbd0</font></font></font></span>


</div>
It is important that all machines on the network use cluster.differentialdesign.org or its local IP address address as DNS servers. This way we can assure correct name resolution.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">6.4: <u>Testing</u></font></font></font></span>'''
We will now edit the /etc/named.conf


<span style="mso-bookmark: DRBD_testing"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Take note of the below file, you can see highlighted in red our secondary DNS servers, these are the IP addresses of ns1.differentialdesign.org and ns2.differentialdesign.org


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We have a 2 node cluster replicating data, its time to test a failover. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
The named.conf needs to be the same on both node1 and node2; you could manually copy the file over using SCP, or link it to the /data/dnszones directory using a symbolic link.


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Start the heartbeat service on both nodes.</font></font></span>
[root@node1 ~]# vi /etc/named.conf


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
//


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">On node1 we can see the status of DRBD.</font></font></span>
// named.conf for Red Hat caching-nameserver


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
//


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# service drbd status</font></font></font></span>
options {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd driver loaded OK; device status:</font></font></font></span>
directory "/data/dnszones";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">version: 0.7.23 (api:79/proto:74)</font></font></font></span>
dump-file "/data/dnszones/data/cache_dump.db";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">0: cs:Connected st:'''Primary/Secondary''' ld:Consistent</font></font></font></span>
statistics-file "/data/dnszones/data/named_stats.txt";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>ns:1536 nr:0 dw:1372 dr:801 al:4 bm:6 lo:0 pe:0 ua:0 ap:0</font></font></font></span>
/*


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]#</font></font></font></span>
* If there is a firewall between you and nameservers you want


</div>
* to talk to, you might need to uncomment the query-source


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
* directive below. Previous versions of BIND always asked


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">On node2 we can see the status of DRBD.</font></font></span>
* questions using port 53, but BIND 8.1 uses an unprivileged


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
* port by default.


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
*/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# service drbd status</font></font></font></span>
// query-source address * port 53;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd driver loaded OK; device status:</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">version: 0.7.23 (api:79/proto:74)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">SVN Revision: 2686 build by root@node2, 2007-01-23 20:26:03</font></font></font></span>
allow-transfer {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">0: cs:Connected st'''<nowiki>:Secondary/Primary</nowiki>''' ld:Consistent</font></font></font></span>
127.0.0.1; // localhost


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>ns:0 nr:1484 dw:1484 dr:0 al:0 bm:6 lo:0 pe:0 ua:0 ap:0</font></font></font></span>
202.161.90.250; // secondary DNS server for my zone


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]#</font></font></font></span>
202.161.90.251; // secondary DNS server for my zone


</div>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">That all looks good; we can see the devices are consistent and ready for use.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3</font></font></span></u>'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"></font></font></span>
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Now let’s check the mount point we created in the heartbeat haresources file.</font></font></span>
//


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
// a caching only nameserver config


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We can see heartbeat has successfully mounted “<span><font color="maroon">/dev/drbd0 to the /data directory” </font></span>of course your device will not have any data on it yet.</font></font></span>
//


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
controls {


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
inet 127.0.0.1 allow { localhost; } keys { rndckey; };


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# df -h</font></font></font></span>
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Filesystem<span style="mso-spacerun: yes">            </span>Size<span style="mso-spacerun: yes">  </span>Used Avail Use% Mounted on</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/mapper/VolGroup00-LogVol00</font></font></font></span>
zone "." IN {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                       </span>35G<span style="mso-spacerun: yes">   </span>14G<span style="mso-spacerun: yes">   </span>20G<span style="mso-spacerun: yes">  </span>41% /</font></font></font></span>
type hint;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/hdc1<span style="mso-spacerun: yes">              </span>99M<span style="mso-spacerun: yes">   </span>21M<span style="mso-spacerun: yes">   </span>74M<span style="mso-spacerun: yes">  </span>22% /boot</font></font></font></span>
file "named.ca";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/shm<span style="mso-spacerun: yes">              </span>506M<span style="mso-spacerun: yes">     </span>0<span style="mso-spacerun: yes">  </span>506M<span style="mso-spacerun: yes">   </span>0% /dev/shm</font></font></font></span>
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/drbd0<span style="mso-spacerun: yes">             </span>74G<span style="mso-spacerun: yes">   </span>37G<span style="mso-spacerun: yes">   </span>33G<span style="mso-spacerun: yes">  </span>53% /data</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]#</font></font></font></span>
zone "localdomain" IN {


</div>
type master;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
file "localdomain.zone";


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step4</font></font></span></u>'''
allow-update { none; };


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Login to node1 and execute the following command; once heartbeat is stopped it should only take a few seconds to migrate the services to node2.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
zone "localhost" IN {


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
type master;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# service heartbeat stop</font></font></font></span>
file "localhost.zone";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Stopping High-Availability services:</font></font></font></span>
allow-update { none; };


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                                                           </span>[<span style="mso-spacerun: yes">  </span>OK<span style="mso-spacerun: yes">  </span>]</font></font></font></span>
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# service drbd status</font></font></font></span>
zone "0.0.127.in-addr.arpa" IN {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd driver loaded OK; device status:</font></font></font></span>
type master;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">version: 0.7.23 (api:79/proto:74)</font></font></font></span>
file "named.local";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">SVN Revision: 2686 build by root@node1, 2007-01-23 20:26:13</font></font></font></span>
allow-update { none; };


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">0: cs:Connected st:Secondary/Primary ld:Consistent</font></font></font></span>
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>ns:5616 nr:85492 dw:90944 dr:2162 al:9 bm:260 lo:0 pe:0 ua:0 ap:0</font></font></font></span>


</div>
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>
type master;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We can see drbd change state to secondary on node1.</font></font></span>
file "named.ip6.local";


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="text-decoration: none"> </span></font></font></span></u>'''
allow-update { none; };


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step5</font></font></span></u>'''
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Now let’s check that status of DRBD on node2; we can see it has changed state and become the primary.</font></font></span>
zone "255.in-addr.arpa" IN {


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>'''
type master;


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
file "named.broadcast";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# service drbd status</font></font></font></span>
allow-update { none; };


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">drbd driver loaded OK; device status:</font></font></font></span>
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">version: 0.7.23 (api:79/proto:74)</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">SVN Revision: 2686 build by root@node2, 2007-01-23 20:26:03</font></font></font></span>
zone "0.in-addr.arpa" IN {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span>0: cs:Connected st:Primary/Secondary ld:Consistent</font></font></font></span>
type master;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>ns:4 nr:518132 dw:518136 dr:17 al:0 bm:220 lo:0 pe:0 ua:0 ap:0</font></font></font></span>
file "named.zero";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span>1: cs:Connected st:Primary/Secondary ld:Consistent</font></font></font></span>
allow-update { none; };


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">    </span>ns:28 nr:520252 dw:520280 dr:85 al:0 bm:199 lo:0 pe:0 ua:0 ap:0</font></font></font></span>
};


</div>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Check that node2 has mounted the device.</font></font></span>
zone "differentialdesign.org" {


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>
type master;


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">
file "/data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]# df -h</font></font></font></span>
allow-update { none; };


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">Filesystem<span style="mso-spacerun: yes">            </span>Size<span style="mso-spacerun: yes">  </span>Used Avail Use% Mounted on</font></font></font></span>
};


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/mapper/VolGroup00-LogVol00</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                       </span>35G<span style="mso-spacerun: yes">   </span>12G<span style="mso-spacerun: yes">   </span>22G<span style="mso-spacerun: yes">  </span>35% /</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/hdc1<span style="mso-spacerun: yes">              </span>99M<span style="mso-spacerun: yes">   </span>17M<span style="mso-spacerun: yes">   </span>78M<span style="mso-spacerun: yes">  </span>18% /boot</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/shm<span style="mso-spacerun: yes">              </span>506M<span style="mso-spacerun: yes">     </span>0<span style="mso-spacerun: yes">  </span>506M<span style="mso-spacerun: yes">   </span>0% /dev/shm</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/hdh1<span style="mso-spacerun: yes">             </span>111G<span style="mso-spacerun: yes">   </span>97G<span style="mso-spacerun: yes">  </span>7.6G<span style="mso-spacerun: yes">  </span>93% /storage</font></font></font></span>
7.1.2: zone file


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">/dev/drbd0<span style="mso-spacerun: yes">             </span>74G<span style="mso-spacerun: yes">   </span>37G<span style="mso-spacerun: yes">   </span>33G<span style="mso-spacerun: yes">  </span>53% /data</font></font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node2 ~]#</font></font></font></span>
In our named.conf file we have the following zone defined;


</div>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"> </font></font></font></span>'''
zone "differentialdesign.org" {


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step5</font></font></span></u>'''
type master;


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
file "/data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts";


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Finally start the heartbeat service on node1 and be sure that all processes migrate back.</font></font></span>
allow-update { none; };


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">7.0: <u>BIND DNS</u> </font></font></font></span>'''
We can see the zone file located in /data/dnszones/


<span style="mso-bookmark: BIND_DNS"></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step1.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We can use BIND – The Berkley Internet Name Domain in a high availability configuration. We can make 2 nodes appear as one, zone files will we stored on a DRBD drive, if node1 fails node2 can take over and automatically start NAMED.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Create a sub folder where we will store our zone files.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">BIND is able to have its /var/named directory relocated to a more appropriate location such as /data/dnszones; this enables us to provide real time replication of the zone files; the standby node2 will have to have its default directory modified to /data/dnszones. </font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# mkdir /data/dnszones/differentialdesign.org/


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We have 2 servers, and we will refer to the cluster as cluster.differentialdesign.org. It is assumed that these machines are behind a firewall with NAT and port forwarding to the appropriate ports.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Step2.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">When setting up Domain Names through a registrar you would want 2 separate name servers. It is recommended to setup an additional slave DNS server.</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
Create a new file called named.differentialdesign.org.hosts.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">An example may be</font></font></span>


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
[root@node1 ~]# vi /data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Name Server:CLUSTER.DIFFERENTIALDESIGN.ORG </font></font></span>''''''<span style="mso-ascii-font-family: Helvetica; mso-hansi-font-family: Helvetica; mso-char-type: symbol; mso-symbol-font-family: Wingdings"><font face="Wingdings"><font size="10.0pt"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings">ß</span></font></font></span>''''''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> Primary Name Server(s)</font></font></span>'''


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Name Server:NS1.DIFFERENTIALDESIGN.ORG</font></font></span>'''
You will see below that nodes.differentialdesign.org. IN 192.168.0.4 is an “A record” which points us to the virtual IP address of the cluster. When setting up mapped drives it is best to use the name instead of IP address.


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Name Server:NS2.DIFFERENTIALDESIGN.ORG</font></font></span>'''


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
$TTL 8h


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes"> </span></font></font></span>
differentialdesign.org. IN SOA cluster.differentialdesign.org. asender.mail.samba.org. (


'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">7.1: <u>Configuration</u></font></font></font></span>''''''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt"></font></font></font></span></u>'''
2006211201


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
10800


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1</font></font></span></u>'''
3600


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
3600000


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We will now create a directory on our DRBD drive /data/dnszones.</font></font></span>
86400 )


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
differentialdesign.org. IN NS cluster.differentialdesign.org.


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
differentialdesign.org. IN NS ns1.differentialdesign.org.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# mkdir /data/dnszones</font></font></font></span>
differentialdesign.org. IN NS ns2.differentialdesign.org.


</div>
differentialdesign.org. IN MX 50 mail.differentialdesign.org.


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
mail.differentialdesign.org. IN A 202.161.90.245


'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2</font></font></span></u>'''
www.differentialdesign.org. IN A 202.161.90.245


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
cluster.differentialdesign.org. IN A 202.161.90.241


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Change the location of the zone files to our replicated drive</font></font></span>
node1.differentialdesign.org. IN A 192.168.0.2


<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>
node2.differentialdesign.org. IN A 192.168.0.3


<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">
nodes.differentialdesign.org. IN A 192.168.0.4

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# named ?</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">usage: named [-4|-6] [-c conffile] [-d debuglevel] [-f|-g] [-n number_of_cpus]</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">             </span>[-p port] [-s] [-t chrootdir] [-u username]</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">             </span>[-m {usage|trace|record}]</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">             </span>[-D ]</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">named: extra command line arguments</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# named -t /data/dnszones/</font></font></font></span>

</div>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step3</font></font></span></u>'''

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Copy the default zone files to our new location and set the permissions.</font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 198.95pt">

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# rsync -avz /var/named/ /data/dnszones/</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# chown –R named.named /data/dnszones/</font></font></font></span>

</div>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">7.1.1: <u>named.conf</u></font></font></font></span>'''

<span style="mso-bookmark: named_conf"></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">It is important that all machines on the network use cluster.differentialdesign.org or its local IP address address as DNS servers. This way we can assure correct name resolution.</font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We will now edit the /etc/named.conf</font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Take note of the below file, you can see highlighted in red our secondary DNS servers, these are the IP addresses of ns1.differentialdesign.org and ns2.differentialdesign.org</font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">The named.conf needs to be the same on both node1 and node2; you could manually copy the file over using SCP, or link it to the /data/dnszones directory using a symbolic link.</font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# vi /etc/named.conf</font></font></font></span>

</div>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">//</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">// named.conf for Red Hat caching-nameserver</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">//</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">options {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>directory "/data/dnszones";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>dump-file "/data/dnszones/data/cache_dump.db";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>statistics-file "/data/dnszones/data/named_stats.txt";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>/*</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span><nowiki>* If there is a firewall between you and nameservers you want</nowiki></font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span><nowiki>* to talk to, you might need to uncomment the query-source</nowiki></font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span><nowiki>* directive below.</nowiki><span style="mso-spacerun: yes">  </span>Previous versions of BIND always asked</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span><nowiki>* questions using port 53, but BIND 8.1 uses an unprivileged</nowiki></font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span><nowiki>* port by default.</nowiki></font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span><nowiki>*/</nowiki></font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>// query-source address * port 53;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-transfer {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                </span>127.0.0.1;<span style="mso-spacerun: yes">              </span>// localhost</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                </span>202.161.90.250;<span style="mso-spacerun: yes">               </span>// secondary DNS server for my zone</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                </span>202.161.90.251;<span style="mso-spacerun: yes">               </span>// secondary DNS server for my zone</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">         </span>};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">//</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">// a caching only nameserver config</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">//</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">controls {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">       </span><span style="mso-spacerun: yes"> </span>inet 127.0.0.1 allow { localhost; } keys { rndckey; };</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "." IN {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type hint;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "named.ca";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "localdomain" IN {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type master;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "localdomain.zone";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-update { none; };</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "localhost" IN {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type master;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "localhost.zone";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-update { none; };</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "0.0.127.in-addr.arpa" IN {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type master;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "named.local";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-update { none; };</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type master;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "named.ip6.local";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-update { none; };</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "255.in-addr.arpa" IN {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type master;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "named.broadcast";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-update { none; };</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "0.in-addr.arpa" IN {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type master;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "named.zero";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-update { none; };</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "differentialdesign.org" {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type master;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "/data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-update { none; };</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">};</font></font></font></span>

</div>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

'''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="blue"><font face="Helvetica"><font size="14.0pt">7.1.2: <u>zone file</u></font></font></font></span>'''

<span style="mso-bookmark: zone_file"></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">In our named.conf file we have the following zone defined;</font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">zone "differentialdesign.org" {</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>type master;</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>file "/data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts";</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">        </span>allow-update { none; };</font></font></font></span>

</div>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">We can see the zone file located in /data/dnszones/</font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step1.</font></font></span></u>'''

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Create a sub folder where we will store our zone files.</font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# mkdir /data/dnszones/differentialdesign.org/</font></font></font></span>

</div>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

'''<u><span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Step2.</font></font></span></u>'''

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">Create a new file called ''<span><font color="maroon">named.differentialdesign.org.hosts</font></span>''<span><font color="maroon">.</font></span></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">[root@node1 ~]# vi /data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts</font></font></font></span>

</div>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt">You will see below ''<span><font color="maroon">that nodes.differentialdesign.org. IN 192.168.0.4 </font></span>''is an “A record” which points us to the virtual IP address of the cluster. When setting up mapped drives it is best to use the name instead of IP address.</font></font></span>

''<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"> </font></font></font></span>''

<div style="mso-element: para-border-div; border: solid windowtext 1.5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; margin-left: 0cm; margin-right: 216.3pt">

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">$TTL 8h</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">differentialdesign.org.<span style="mso-spacerun: yes">    </span>IN<span style="mso-spacerun: yes">      </span>SOA<span style="mso-spacerun: yes">     </span>cluster.differentialdesign.org. asender.mail.samba.org. (</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                        </span>2006211201</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                        </span>10800</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">     </span><span style="mso-spacerun: yes">                   </span>3600</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                        </span>3600000</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt"><span style="mso-spacerun: yes">                        </span>86400 )</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">differentialdesign.org.<span style="mso-spacerun: yes">            </span>IN<span style="mso-spacerun: yes">      </span>NS<span style="mso-spacerun: yes">              </span><span style="mso-spacerun: yes"> </span>cluster.differentialdesign.org.</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">differentialdesign.org.<span style="mso-spacerun: yes">            </span>IN<span style="mso-spacerun: yes">      </span>NS<span style="mso-spacerun: yes">              </span><span style="mso-spacerun: yes"> </span>ns1.differentialdesign.org.</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">differentialdesign.org.<span style="mso-spacerun: yes">            </span>IN<span style="mso-spacerun: yes">      </span>NS<span style="mso-spacerun: yes">              </span><span style="mso-spacerun: yes"> </span>ns2.differentialdesign.org.</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">differentialdesign.org.<span style="mso-spacerun: yes">            </span>IN<span style="mso-spacerun: yes">      </span>MX<span style="mso-spacerun: yes">      </span>50<span style="mso-spacerun: yes">   </span><span style="mso-spacerun: yes">  </span>mail.differentialdesign.org.</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">mail.differentialdesign.org.<span style="mso-spacerun: yes">        </span><span style="mso-tab-count: 1">   </span>IN <span style="mso-spacerun: yes">     </span>A<span style="mso-spacerun: yes">             </span>202.161.90.245</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">www.differentialdesign.org.<span style="mso-spacerun: yes">       </span><span style="mso-tab-count: 1">   </span>IN<span style="mso-spacerun: yes">      </span>A<span style="mso-spacerun: yes">             </span>202.161.90.245</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">cluster.differentialdesign.org.<span style="mso-tab-count: 1">       </span>IN<span style="mso-spacerun: yes">      </span>A<span style="mso-tab-count: 1"> </span><span style="mso-spacerun: yes">          </span><span style="mso-spacerun: yes"> </span>202.161.90.241</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">node1.differentialdesign.org.<span style="mso-spacerun: yes">      </span>IN<span style="mso-spacerun: yes">      </span>A<span style="mso-spacerun: yes">            </span><span style="mso-spacerun: yes"> </span>192.168.0.2</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">node2.differentialdesign.org.<span style="mso-spacerun: yes">      </span>IN<span style="mso-spacerun: yes">      </span>A<span style="mso-spacerun: yes">            </span><span style="mso-spacerun: yes"> </span>192.168.0.3</font></font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font color="maroon"><font face="Helvetica"><font size="10.0pt">nodes.differentialdesign.org.<span style="mso-tab-count: 1">        </span>IN<span style="mso-spacerun: yes">  </span><span style="mso-spacerun: yes">    </span>A<span style="mso-tab-count: 1"> </span><span style="mso-spacerun: yes">        </span><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes"> </span>192.168.0.4</font></font></font></span>

</div>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

<span style="mso-bidi-font-family: &quot;Times New Roman&quot;"><font face="Helvetica"><font size="10.0pt"> </font></font></span>

</div>

Revision as of 01:12, 25 January 2007

SAMBA 3: FAILOVER DOMAIN CONTROLLER
 
SAMBA 3 EXTENSIONS
 
 
TECHNICAL CONFIGURATION

 

 

Author: Adrian Sender
Supervisor: Simo Sorce

 

 

Objectives

 

·                    Samba Active Directory Upgrade Compatible

·                    Set Standards

·                    High Availability Cluster

·                    Recommended By Developers

 

 

 

[#overview Overview]

 

-         [#Configuring_Samba 1.0: Configuring Samba]

o       [#smb_conf_PDC 1.1 smb.conf PDC]

o       [#smb_conf_BDC 1.2 smb.conf BDC]

o       [#hosts 1.3 /etc/hosts]

o       [#samba_security 1.4 Samba Security]

 

-         [#Configuring_LDAP 2.0: Configuring LDAP]

o       [#slapd_conf_Master 2.1 slapd.conf Master]

§         [#slapd_conf_Master_Syncrepl 2.1.1 slapd.conf Master syncrepl Openldap2.2]

§         [#slapd_conf_Master_Syncrepl_4_Openldap2_3 2.1.2 slapd.conf Master delta-syncrepl Openldap2.3]

[#slapd_conf_Master_Syncrepl_4_Openldap2_3  ]

o       [#slapd_conf_Slave 2.2 slapd.conf Slave]

§         [#slapd_conf_Slave_Syncrepl 2.2.1 slapd.conf Slave syncrepl Openldap2.2]

§         [#slapd_conf_Slave_Syncrepl_4_Openldap2_3 2.2.2 slapd.conf Slave delta-syncrepl Openldap2.3]

o       [#ldap_conf_Master 2.3 ldap.conf Master]

o       [#ldap_conf_Slave 2.4 ldap.conf Slave]

 

-         [#Initialization_LDAP_Database 3.0: Initialization LDAP Database]

o       [#Provisioning_Database 3.1 Provisioning Database]

o       [#Preload_LDIF 3.2 Preload LDIF]

o       [#LDAP_population 3.3 LDAP Population]

o       [#Database_Replication 3.4 Database Replication ]

 

-         [#User_Management 4.0: User Management]

o       [#smbldap_tools 4.1 smbldap-tools]

§         [#smbldap_conf_Master 4.1.1 smbldap.conf Master]

§         [#smbldap_conf_Slave 4.1.2 smbldap.conf Slave]

 

-         [#Heartbeat_HA_Configuration 5.0: Heartbeat HA Configuration]

o       [#Requirements 5.1 Requirements]

o       [#Installation 5.2 Installation]

o       [#Configuration_PDC 5.3 Configuration  ] 

§         [#ha_cf 5.3.1 ha.cf]

§         [#haresources 5.3.2 haresources]

§         [#authkeys 5.3.3 authkeys]

o       5.4 Testing

 

-         [#DRBD 6.0: DRBD]

o       [#Requirements_6_1 6.1 Requirements]

o       [#Installation 6.2 Installation]

o       [#Configuration_6_3 6.3 Configuration]

§         [#drbd_conf 6.3.1 drbd.conf]

§         [#initialization 6.3.2 Initialization]

o       [#DRBD_testing 6.4 Testing]

 

-         [#BIND_DNS 7.0: BIND DNS]

o       [#Configuration_7_1 7.1 Configuration]

§         [#named_conf 7.1.1 named.conf]

§         [#zone_file 7.1.2 zone file]

 

 

 

'Overview'

 

We will be configuring a 2 node cluster using Samba and Openldap to provide windows domain authentication. Heartbeat will provide the 2 nodes with one virtual IP address; we will use this IP address to map network drives and access recourses.

 

Most of us are familiar with some form of RAID; we will be using DRBD software RAID1 over LAN to provide real time data replication, it replicates the data on a block level; if a failure occurs on node1 or it becomes unresponsive resources will be migrated to node2 and the DRBD drive mounted.

 

This is a complex setup and strict guide lines need to be followed in order to achieve stability.

 

We should start with 2 identical machines each with 2 hard drives. One of these drives will be used for the operating system; the other is our DRBD RAID1 over LAN drive.

 

By today’s standards anything in the Pentium 4 range and above will suit, Operating system drive should be no less then approximately 40GB, the DRBD replication drive should be approximately 300GB each - SATA and SCSI are also fine. DRBD can currently address and replicate data storage up to 4TB.

 

Once familiar with this kind of configuration you can easily take one node offline to upgrade additional storage or any hardware requirements without users suffering.

 

High Availability and data replication should not replace traditional backups such as tape and external media devices, especially if you are using this configuration and are not familiar with the workings.

 

The machines will need to be in close proximity to each other so we can use Serial communication to provide a fault tolerant heartbeat. If you choose not to use serial you may have unexpected failovers due to bandwidth delay or a network card failure. Ideally we want to have a quick failover so it is important that these precautions are taken.

 

Each node will require 2 network cards.

 

Here is a basic configuration overview:

 

Configuration Details

 

node1.differentialdesign.org

 

Eth0:    LAN Network Address

IP Address:       192.168.0.2

Subnet Mast:     255.255.255.0

Gateway:          192.168.0.1

 

Eth0:1    Heartbeat LAN Address

IP Address:       192.168.0.4

Subnet Mast:     255.255.255.0

 

Eth1:    DRBD Replication Network

IP Address:       10.0.0.1

Subnet Mast:     255.255.255.0

Gateway:          None

 

HDC:    Operating System Drive

 

HDD:    DRBD Data Replication Drive

 

TTYS0: COM Port 1

 

Configuration Details

 

node2.differentialdesign.org

 

Eth0:    LAN Network Address

IP Address:       192.168.0.3

Subnet Mast:     255.255.255.0

Gateway:          192.168.0.1

 

 

 

 

 

Eth1:    DRBD Replication Network

IP Address:       10.0.0.2

Subnet Mast:     255.255.255.0

Gateway:          None

 

HDC:    Operating System Drive

 

HDD:    DRBD Data Replication Drive

 

TTYS0: COM Port 1

 

 

 

 

1.0: Configuring Samba

 

 

Samba is an ambitious project to provide solutions for file & print sharing between Linux ™ and Microsoft Windows.

 

If you are familiar with Samba this document may give you some ideas of how you can bundle different software packages together to produce a very reliable configuration.

 

We are building a fault tolerant domain controller, which provides you with the following;

 

Samba Configuration

-          Primary Domain Controller

-          Backup Domain Controller

 

A master domain controller, that provides authentication through the use of LDAP

A slave domain controller that can load balance client login requests which also provide redundancy through the use of a replica LDAP database.

 

 

Step1

 

Get the latest version of samba http://us4.samba.org/samba/ftp/samba-latest.tar.gz

 

It is essential that both the PDC and BDC are running the same version of samba.

 

[root@node1 samba]# wget http://us4.samba.org/samba/ftp/samba-latest.tar.gz

--19:28:04--  http://us4.samba.org/samba/ftp/samba-latest.tar.gz

           => `samba-latest.tar.gz'

Resolving us4.samba.org... 192.48.170.15

Connecting to us4.samba.org|192.48.170.15|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 17,704,221 (17M) [application/x-tar]

 

100%[====================================>] 17,704,221    53.01K/s    ETA 00:00

 

19:33:40 (51.62 KB/s) - `samba-latest.tar.gz' saved [17704221/17704221]

 

 

Step2

 

[root@node1 samba]# tar zxvf samba-latest.tar.gz

 

[root@node1 samba]# cd samba-3.0.23d/

[root@node1 samba-3.0.23d]#

 

[root@node1 samba-3.0.23d]# cd packaging/

bin/      Example/  Mandrake/ RedHat-9/ SGI/      SuSE/

Debian/   LSB/      README    RHEL/     Solaris/  sysv/

 

 

Step3

 

This will take some time.

 

[root@node1 samba-3.0.23d]# cd packaging/RHEL/

 

[root@node1 RHEL]# ls

makerpms.sh  makerpms.sh.tmpl  samba.spec  samba.spec.tmpl  setup

 

[root@node1 RHEL]# chmod 777 makerpms.sh

[root@node1 RHEL]# ./makerpms.sh

 

Wrote: /usr/src/redhat/SRPMS/samba-3.0.23d-1.src.rpm

Wrote: /usr/src/redhat/RPMS/i386/samba-3.0.23d-1.i386.rpm

Wrote: /usr/src/redhat/RPMS/i386/samba-client-3.0.23d-1.i386.rpm

Wrote: /usr/src/redhat/RPMS/i386/samba-common-3.0.23d-1.i386.rpm

Wrote: /usr/src/redhat/RPMS/i386/samba-swat-3.0.23d-1.i386.rpm

Wrote: /usr/src/redhat/RPMS/i386/samba-doc-3.0.23d-1.i386.rpm

Wrote: /usr/src/redhat/RPMS/i386/samba-debuginfo-3.0.23d-1.i386.rpm

 

makerpms.sh: Done.

[root@node1 RHEL]#

 

 

Step4

 

Install the RPM files we built from source.

 

[root@node2]# cd /usr/src/redhat/RPMS/i386/

[root@node1 i386]# rpm -Uvh samba-3.0.23d-1.i386.rpm samba-client-3.0.23d-1.i386.rpm samba-common-3.0.23d-1.i386.rpm samba-debuginfo-3.0.23d-1.i386.rpm samba-doc-3.0.23d-1.i386.rpm samba-swat-3.0.23d-1.i386.rpm

Preparing...                ########################################### [100%]

   1:samba-common           warning: /etc/samba/smb.conf created as /etc/samba/smb.conf.rpmnew

########################################### [ 17%]

   2:samba                  ########################################### [ 33%]

ls: /var/cache/samba/eventlog/*tdb: No such file or directory

   3:samba-client           ########################################### [ 50%]

   4:samba-debuginfo        ########################################### [ 67%]

   5:samba-doc              ########################################### [ 83%]

   6:samba-swat             ########################################### [100%]

 

[root@node1 i386]#

 

 

Step5

 

Login to node2 – the backup domain controller and repeat the above steps.

 

 

 

1.1: smb.conf PDC

 

You will need to replace the high lightened parameters with your domain name. Take note of the use of failover ldap backbends; this is very useful.

 

[root@node2 ~]# mkdir /data

 

 

[root@node1 ~]# vi /etc/samba/smb.conf

 

 

# # Primary Domain Controller smb.conf

 

# # Global parameters

 

[global]

unix charset = LOCALE

workgroup = DDESIGN

netbios name = node1

#passdb backend = ldapsam:ldap://127.0.0.1

#passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3"

passdb backend = ldapsam:"ldap://node1.differentialdesign.org ldap://node2.differentialdesign.org"

username map = /etc/samba/smbusers

log level = 1

syslog = 0

log file = /var/log/samba/%m

max log size = 0

name resolve order = wins bcast hosts

time server = Yes

printcap name = CUPS

add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'

delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'

add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'

delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'

add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'

delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'

set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'

add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'

shutdown script = /var/lib/samba/scripts/shutdown.sh

abort shutdown script = /sbin/shutdown -c

logon script = %u.bat

#logon path = \\192.168.0.4\profiles\%u

logon path = \\nodes.differentialdesign.org\profiles\%u

logon drive = H:

domain logons = Yes

domain master = Yes

wins support = Yes

ldap suffix = dc=differentialdesign,dc=org

ldap machine suffix = ou=Computers,ou=Users

ldap user suffix = ou=People,ou=Users

ldap group suffix = ou=Groups

ldap idmap suffix = ou=Idmap

ldap admin dn = cn=sambaadmin,dc=differentialdesign,dc=org

idmap backend = ldap://127.0.0.1

idmap uid = 10000-20000

idmap gid = 10000-20000

printer admin = root

printing = cups

 

#========================Share Definitions=========================

 

[homes]

   comment = Home Directories

   valid users = %S

   browseable = yes

   writable = yes

   create mask = 0600

   directory mask = 0700

 

 [netlogon]

  comment = Network Logon Service

  path = /data/samba/netlogon

  writeable = yes

  browseable = yes

  read only = no

 

[profiles]

  path = /data/samba/profiles

  writeable = yes

  browseable = no

  read only = no

  create mode = 0777

  directory mode = 0777

 

[Documents]

  comment = share to test samba

  path = /data/documents

  writeable = yes

  browseable = yes

  read only = no

  valid users = "@Domain Users"

 

 

 

1.2: smb.conf BDC

 

[root@node2 ~]# mkdir /data

 

                                                                          

[root@node2 ~]# vi /etc/samba/smb.conf

 

 

# # Global parameters

 

# # Backup Domain Controller

 

[global]

unix charset = LOCALE

workgroup = DDESIGN

netbios name = node2

#passdb backend = ldapsam:ldap://127.0.0.1

#passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3"

passdb backend = ldapsam:"ldap://node2.differentialdesign.org ldap://node1.differentialdesign.org"

username map = /etc/samba/smbusers

log level = 1

syslog = 0

log file = /var/log/samba/%m

max log size = 50

name resolve order = wins bcast hosts

printcap name = CUPS

show add printer wizard = No

logon script = %u.bat

#logon path = \\192.168.0.4\profiles\%u

logon path = \\nodes.differentialdesign.org\profiles\%u

logon drive = H:

domain logons = Yes

os level = 63

domain master = No

wins server = node1.differentialdesign.org

ldap suffix = dc=differentialdesign,dc=org

ldap machine suffix = ou=Computers,ou=Users

ldap user suffix = ou=People,ou=Users

ldap group suffix = ou=Groups

ldap idmap suffix = ou=Idmap

ldap admin dn = cn=sambaadmin,dc=differentialdesign,dc=org

utmp = Yes

idmap backend = ldap://node1.differentialdesign.org

idmap uid = 10000-20000

idmap gid = 10000-20000

printing = cups

 

#========================Share Definitions=========================

 

[homes]

   comment = Home Directories

   valid users = %S

   browseable = yes

   writable = yes

   create mask = 0600

   directory mask = 0700

 

 [netlogon]

  comment = Network Logon Service

  path = /data/samba/netlogon

  writeable = yes

  browseable = yes

  read only = no

 

[profiles]

  path = /data/samba/profiles

  writeable = yes

  browseable = no

  read only = no

  create mode = 0777

  directory mode = 0777

 

[Documents]

  comment = share to test samba

  path = /data/documents

  writeable = yes

  browseable = yes

  read only = no

  valid users = "@Domain Users"

 

 

 

1.3: /etc/hosts

 

In order to correctly resolve name to IP address we need some sort of name resolution. We already have a DNS name server which is capable of doing this as per section [#BIND_DNS 7.0: BIND DNS]. However it is desirable to have a backup feature such as entries in the /etc/hosts file.

 

Step1

 

On node1 we will edit the hosts file to reflect our configuration.

 

[root@node1 ~]# vi /etc/hosts

 

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1         node1   localhost.localdomain   localhost

192.168.0.2     node1.differentialdesign.org

192.168.0.3     node2.differentialdesign.org

192.168.0.4     nodes.differentialdesign.org

 

Step2

 

Login to node2 and edit the /etc/hosts file.

 

[root@node2 ~]# vi /etc/hosts

 

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1         node2   localhost.localdomain   localhost

192.168.0.2     node1.differentialdesign.org

192.168.0.3     node2.differentialdesign.org

192.168.0.4     nodes.differentialdesign.org

 

 

1.4: Samba Security

 

There are many additional features we can add to Samba to make it more secure. We can add some additional comments to our smb.conf to achieve this.

 

One of the great features of Samba is the “host allow =” option. This can be applied on a global scale to all the shares in the smb.conf by placing the global section of the smb.conf or to specific shares, but not both.

 

The example limits access to Samba shares to clients on the 192.168.0.0/24 network as it is defined it in the glocal section of the smb.conf.

 

## /etc/samba/smb.conf

## Global parameters

 

[global]

 

workgroup = DDESIGN

security = user

hosts allow = 192.168.0.0/24

For the enthusiast, we can use this option on a per share basis, which provides us with greater flexability.

 

This limits access to this share to the client with the 192.168.0.100/24 IP address; you of course can use multiple addresses.

 

## /etc/samba/smb.conf

## ==== Share Definitions =====

[Documents]

comment = share to test samba

path = /data/documents

writeable = yes

browseable = yes

read only = no

valid users = "@Domain Users"

hosts allow = 192.168.0.100/24

 

 

2.0: Configuring LDAP

 

It is necessary to use LDAP as our backend to Samba which provides replication to the Backup Domain Controllers.

 

There are two methods for providing replication, using openldap’s “slurpd” to provide Master / Slave operation, the database is pushed to slaves which is defined in slapd.conf on the master LDAP server; here is an example of the original way defined in [#slapd_conf_Master 2.1: slapd.conf Master].

 

replica     host=192.168.0.3:389

            suffix="dc=differentialdesign,dc=org"

            binddn="cn=syncuser,dc=differentialdesign,dc=org"

            bindmethod=simple credentials=SyncUser

 

To bind to the database the slave replicas will need to use “upateuser’s” password defined above as “credentials=UpdateUser“. Initially you will need to manually populate the slave database as defined in section [#Database_Replication 3.4 Database Replication].

 

The main restriction with using this original design is the ldap database needs to be restarted on both the master and the slave when adding additional replicas.

 

 

LDAP Replication Configuration

-          Master

-          Slave(s)

 

A master LDAP database that is replicated real time to the backup domain controller.

A slave LDAP database that provides load balance authentication, and can be used as a failover if the master becomes unavailable.

 

 

 

LDAP Replication Configuration

-          Provider

-          Consumers(s)

 

A provider LDAP database that has the most updated version of the database.

A consumer requests an update at a set interval, and provides load balancing.

 

The ulternative is to use syncrepl which is included in the ldap daemon. This means we no longer need to run slurpd daemon which is to replicate the database.

 

There are 2 main types of syncrepl operation: “refeshOnly” operation where the consumer requests an update from the provider at set time interval defined as “interval=00:00:10:00” which would pull the provider every 10 minutes. The more desirable way is to use delta-syncrepl; this provides a mode known as “refrshAndPersist” which provides a consistent connection. Instead of using a time interval to poll the provider we have the parameter   “retry="30 10 300 +" which means it will retry 10 times every 30 seconds, then every 300 seconds  “+” indicates indefinite number of retries.

 

If you are using Syncrepl with version 2.2 Openldap delta-syncrepl is known to be very buggy, so you are better sticking with standard syncrepl refreshOnly mode.

 

Additionally the ldap daemon does not need to be restarted on the provider; the consumer will request it by polling the provider at a set interval.

 

 

2.1: slapd.conf Master

 

This is the original method for replicating the database to slave ldap servers. We are using the slurpd which has been around for a long time and proven itself to be stable.

 

This configuration file should work on any version of Openldap.

 

# /etc/openldap/slapd.conf

# using slurpd

# LDAP Master

 

include     /etc/openldap/schema/core.schema

include     /etc/openldap/schema/cosine.schema

include     /etc/openldap/schema/inetorgperson.schema

include     /etc/openldap/schema/nis.schema

include     /etc/openldap/schema/samba.schema

 

pidfile     /var/run/slapd/slapd.pid

argsfile    /var/run/slapd/slapd.args

 

database    bdb

suffix       "dc=differentialdesign,dc=org"

rootdn      "cn=Manager,dc=differentialdesign,dc=org"

rootpw      Manager

directory   /var/lib/ldap

 

replica  host=node2.differentialdesign.org:389

            suffix="dc=differentialdesign,dc=org"

            binddn="cn=syncuser,dc=differentialdesign,dc=org"

            bindmethod=simple credentials=SyncUser

 

replogfile  /var/lib/ldap/replogfile

 

access to attrs=userPassword

         by self write

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

         by * auth

 

access to attrs=sambaLMPassword,sambaNTPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

 

access to *

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

         by * read

 

# Indices to maintain

index objectClass           eq

index cn                    pres,sub,eq

index sn                    pres,sub,eq

index uid                   pres,sub,eq

index displayName           pres,sub,eq

index uidNumber             eq

index gidNumber             eq

index memberUID             eq

index sambaSID              eq

index sambaPrimaryGroupSID  eq

index sambaDomainName       eq

index default               sub


 

2.1.1: slapd.conf Master syncrepl' Openldap2.2'

 

This is the slapd.conf master ldap file; we are using syncrepl instead of slurpd witch is the traditional method.

 

This configuration file is specifically designed for openldap 2.2 and supports syncrepl refreshOnly mode.

 

# 'slapd.conf Master syncrepl Openldap2.2'

# Provider

 

include     /etc/openldap/schema/core.schema

include     /etc/openldap/schema/cosine.schema

include     /etc/openldap/schema/inetorgperson.schema

include     /etc/openldap/schema/nis.schema

include     /etc/openldap/schema/samba.schema

 

pidfile     /var/run/slapd/slapd.pid

argsfile    /var/run/slapd/slapd.args

 

database    bdb

suffix      "dc=differentialdesign,dc=org"

rootdn      "cn=Manager,dc=differentialdesign,dc=org"

rootpw      Manager

directory   /var/lib/ldap

 

access to attrs=userPassword

         by self write

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

         by * auth

 

access to attrs=sambaLMPassword,sambaNTPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

 

access to *

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

         by * read

 

# Indices to maintain

index objectClass           eq

index cn                    pres,sub,eq

index sn                    pres,sub,eq

index uid                   pres,sub,eq

index displayName           pres,sub,eq

index uidNumber             eq

index gidNumber             eq

index memberUID             eq

index sambaSID              eq

index sambaPrimaryGroupSID  eq

index sambaDomainName       eq

index default               sub


 

2.1.2: slapd.conf Master delta-syncrepl Openldap2.3

 

This configuration file is designed to support Openldap’s newest features.  We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd.

 

The below slapd.conf will only run on Openldap 2.3.

 

Take note of the “modulepath /usr/lib/openldap2.3” in the below file, you will need to change this to where you have syncprov.la located.

 

 

#slapd.conf Master delta syncrepl Openldap2.3

#provider

 

include     /etc/openldap/schema/core.schema

include     /etc/openldap/schema/cosine.schema

include     /etc/openldap/schema/inetorgperson.schema

include     /etc/openldap/schema/nis.schema

include     /etc/openldap/schema/samba.schema

 

modulepath /usr/lib/openldap2.3

moduleload syncprov.la

moduleload accesslog.la

 

pidfile     /var/run/slapd/slapd.pid

argsfile    /var/run/slapd/slapd.args

 

# Accesslog database definitions

database    bdb

suffix      cn=accesslog

directory   /var/lib/ldap/accesslog

rootdn      cn=accesslog

index default eq

index entryCSN,objectClass,reqEnd,reqResult,reqStart

 

overlay syncprov

syncprov-nopresent TRUE

syncprov-reloadhint TRUE

 

# Samba database

database    bdb

suffix      "dc=differentialdesign,dc=org"

directory   /var/lib/ldap

rootdn      "cn=Manager,dc=differentialdesign,dc=org"

rootpw      Manager

index entryCSN eq

index entryUUID eq

 

overlay syncprov

syncprov-checkpoint 1000 60

 

# accesslog overlay definitions for primary db

overlay accesslog

logdb cn=accesslog

logops writes

logsuccess TRUE

# scan the accesslog DB every day, and purge entries older than 7 days

logpurge 07+00:00 01+00:00

 

access to attrs=userPassword

         by self write

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

         by * auth

 

access to attrs=sambaLMPassword,sambaNTPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

 

access to *

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write

         by dn="cn=syncuser,dc=differentialdesign,dc=org" read

         by * read

 

# Indices to maintain

 

index objectClass           eq

index cn                    pres,sub,eq

index sn                    pres,sub,eq

index uid                   pres,sub,eq

index displayName           pres,sub,eq

index uidNumber             eq

index gidNumber             eq

index memberUID             eq

index sambaSID              eq

index sambaPrimaryGroupSID  eq

index sambaDomainName       eq

index default               sub

 

 

2.2: slapd.conf Slave

 

This is the original method for replicating the database to slave ldap servers. We are using the slurpd which has been around for a long time and proven itself to be stable.

 

This configuration file should work on any version of openldap.

 

# /etc/openldap/slapd.conf

# using slurpd

# LDAP Slave

 

include     /etc/openldap/schema/core.schema

include     /etc/openldap/schema/cosine.schema

include     /etc/openldap/schema/inetorgperson.schema

include     /etc/openldap/schema/nis.schema

include     /etc/openldap/schema/samba.schema

 

pidfile     /var/run/slapd/slapd.pid

argsfile    /var/run/slapd/slapd.args

 

database    bdb

suffix      "dc=differentialdesign,dc=org"

rootdn      "cn=Manager,dc=differentialdesign,dc=org"

rootpw      Manager

 

access to attrs=userPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

         by * auth

 

access to attrs=sambaLMPassword,sambaNTPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

 

access to *

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

         by * read

 

updatedn    cn=syncuser,dc=differentialdesign,dc=org

updateref   ldap://node1.differentialdesign.org

 

directory   /var/lib/ldap

 

# Indices to maintain

index objectClass                                               eq

index cn                                                 pres,sub,eq

index sn                                                pres,sub,eq

index uid                                                pres,sub,eq

index displayName                                 pres,sub,eq

index uidNumber                                    eq

index gidNumber                                    eq

index memberUID                                  eq

index sambaSID                                    eq

index sambaPrimaryGroupSID                 eq

index sambaDomainName                       eq

index default                                           sub

 


 

 

2.2.1: slapd.conf Slave syncrepl' Openldap2.2'

 

This is the configuration file for openldap version 2.2 using the syncrepl method refreshOnly.

 

This configuration file will only work with openldap version 2.2

 

# 'slapd.conf Slave syncrepl Openldap2.2'

# LDAP Consumer

 

include     /etc/openldap/schema/core.schema

include     /etc/openldap/schema/cosine.schema

include     /etc/openldap/schema/inetorgperson.schema

include     /etc/openldap/schema/nis.schema

include     /etc/openldap/schema/samba.schema

 

pidfile     /var/run/slapd/slapd.pid

argsfile    /var/run/slapd/slapd.args

 

database    bdb

suffix      "dc=differentialdesign,dc=org"

rootdn      "cn=Manager,dc=differentialdesign,dc=org"

rootpw      Manager

directory   /var/lib/ldap

 

syncrepl

    rid=0

        provider=ldap://node1.differentialdesign.org:389

        binddn="cn=syncuser,dc=differentialdesign,dc=org"

        bindmethod=simple

        credentials=SyncUser

        searchbase="dc=differentialdesign,dc=org"

        filter="(objectClass=*)"

        attrs="*"

        schemachecking=off

        scope=sub

        type=refreshOnly

        interval=00:06:00:00

 

access to attrs=userPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

         by * auth

 

access to attrs=sambaLMPassword,sambaNTPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

 

access to *

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

         by * read

 

# Indices to maintain

index objectClass           eq

index cn                    pres,sub,eq

index sn                    pres,sub,eq

index uid                   pres,sub,eq

index displayName           pres,sub,eq

index uidNumber             eq

index gidNumber             eq

index memberUID             eq

index sambaSID              eq

index sambaPrimaryGroupSID  eq

index sambaDomainName       eq

index default               sub


 

2.2.2: slapd.conf slave delta-syncrepl Openldap2.3

 

 

# slapd.conf delta synrepl Openldap2.3

# LDAP Consumer

 

include     /etc/openldap/schema/core.schema

include     /etc/openldap/schema/cosine.schema

include     /etc/openldap/schema/inetorgperson.schema

include     /etc/openldap/schema/nis.schema

include     /etc/openldap/schema/samba.schema

 

pidfile       /var/run/slapd/slapd.pid

argsfile    /var/run/slapd/slapd.args

 

database    bdb

suffix      "dc=differentialdesign,dc=org"

directory   /var/lib/ldap

rootdn      "cn=Manager,dc=differentialdesign,dc=org"

rootpw      Manager

 

# syncrepl directives

syncrepl  rid=0

        provider=ldap://node1.differentialdesign.org:389

        bindmethod=simple

        binddn="cn=syncuser,dc=differentialdesign,dc=org"

        credentials=SyncUser

        searchbase="dc=differentialdesign,dc=org"

        logbase="cn=accesslog"

        logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"

        schemachecking=on

        type=refreshAndPersist

        retry="60 +"

        syncdata=accesslog

 

access to attrs=userPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

         by * auth

 

access to attrs=sambaLMPassword,sambaNTPassword

         by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

 

access to *

         by dn="cn=syncuser,dc=differentialdesign,dc=org" write

         by * read

 

updateref   ldap://node1.differentialdesign.org

 

# Indices to maintain

index objectClass           eq

index cn                    pres,sub,eq

index sn                    pres,sub,eq

index uid                   pres,sub,eq

index displayName           pres,sub,eq

index uidNumber             eq

index gidNumber             eq

index memberUID             eq

index sambaSID              eq

index sambaPrimaryGroupSID  eq

index sambaDomainName       eq

index default               sub

 

 

 

'2.3: ldap.conf Master'

 

You will notice below in the host options that we use both IP addresses of the Primary and Secondary LDAP database servers. This serves as a failover option if the local LDAP database is inaccessible.  The same applies for the Slave LDAP configuration; 2.4: ldap.conf Slave

 

 

#/etc/ldap.conf

# LDAP Master

 

host    node1.differentialdesign.org node2.differentialdesign.org

base    dc=differentialdesign,dc=org

binddn  cn=Manager,dc=differentialdesign,dc=org

bindpw  Manager

 

pam_password exop

 

nss_base_passwd ou=People,ou=Users,dc=differentialdesign,dc=org?one

nss_base_shadow ou=People,ou=Users,dc=differentialdesign,dc=org?one

nss_base_passwd ou=Computers,ou=Users,dc=differentialdesign,dc=org?one

nss_base_shadow ou=Computers,ou=Users,dc=differentialdesign,dc=org?one

nss_base_group  ou=Groups,dc=differentialdesign,dc=org?one

ssl     no

 

 

2.4: ldap.conf Slave

 

#/etc/ldap.conf

# LDAP Slave

 

host    node2.differentialdesign.org node1.differentialdesign.org

base    dc=differentialdesign,dc=org

binddn  cn=Manager,dc=differentialdesign,dc=org

bindpw  Manager

 

pam_password exop

 

nss_base_passwd ou=People,ou=Users,dc=differentialdesign,dc=org?one

nss_base_shadow ou=People,ou=Users,dc=differentialdesign,dc=org?one

nss_base_passwd ou=Computers,ou=Users,dc=differentialdesign,dc=org?one

nss_base_shadow ou=Computers,ou=Users,dc=differentialdesign,dc=org?one

nss_base_group  ou=Groups,dc=differentialdesign,dc=org?one

ssl     no

 

 

 

3.0: Initialization LDAP Database

 

Initial LDAP database population

 

There are many ways to initialize the LDAP database backend for samba and many scripts to help you out; however these loose our initial control of the database and can lead to issues such as database management.

 

Once your server is up and running with users on it, the database can not really be manipulated without knowing the full workings of LDAP, so for many of us we are stuck with what we created.

 

The future of Samba is changing to Active Directory; we keep this in mind when creating the database so it can be an easier upgrade path migrating to Samba4; eventually Samba4 will be able to support OpenLDAP as a modular backend.

 

 

3.1: Provisioning Database

 

We are going to manually create our initial LDAP database in a text file and be confident to use it in a full production environment.

 

Our LDAP database structure will look like the following if using the preload ldif as per section [#Preload_LDIF 3.2 Preload LDIF]

:

 

 

|-Samba Base 

|---Manager                   

|------syncuser               

|------sambaadmin          

|------mailadmin              

|---------Users                             

            |-----------People                         

                        |-------------------root                      

                        |-------------------asender

                        |-------------------simo

            |-----------Computers                    

|                       |-------------------workstation1$

                        |-------------------workstation2$

|---------Groups               

|-----------Domain Admin              

                          |-------------------root                    

|---------- Domain Users               

|-------------------root

|-------------------asender

|-------------------simo

|------------ Domain Guests           

|--------------------nobody

            |------------ Domain Computers      

|--------------------workstation1$

|--------------------workstation2$

|----------Domains            

|-------------sambaDomainName

 

 

Step1

 

Delete all runtime files from prior Samba operation by executing;

 

[root@node1]#   rm /etc/samba/*tdb

[root@node1]#   rm /var/lib/samba/*tdb

[root@node1]#   rm /var/lib/samba/*dat

[root@node1]#   rm /var/log/samba/*

 

Step2

 

Delete any previous LDAP database

 

[root@node1]#  cd /var/lib/ldap

[root@node1]#  rm –rf *

 

 

Step3

 

Login to node2 - the backup domain controller, and do the same.

 

Step4

 

[root@node1 ~]# net getlocalsid

SID for domain NODE1 is: S-1-5-21-3809161173-2687474671-1432921517

 

Your SID will differ to the one above; you will need to alter the preload LDIF as per below.

 

Step5

 

Login to your backup domain controller (node2) and type the following command using the SID obtained from step4.

 

[root@node2 ~]# net setlocalsid S-1-5-21-3809161173-2687474671-1432921517 

 

 

 

3.2: Preload LDIF

 

Step1

 

Create a .txt file containing the following contents.

 

[root@node1]#vi preload-differentialdesign.ldif                                                 

 

Subsitute SID  S-1-5-21-3809161173-2687474671-1432921517 with your domain SID, be sure

to leave the SID group mapping.

Subsitute dc=differentialdesign,dc=org with your fully qualified domain name.

Subsitute sambaDomainName: DDESIGN with your Samba Domain Name

 

#SAMBA LDAP PRELOAD

 

# Subsitute SID  S-1-5-21-3809161173-2687474671-1432921517 with your domain SID, be sure

# to leave the SID group mapping.

# Subsitute dc=differentialdesign,dc=org with your fully qualified domain name.

# Subsitute sambaDomainName: DDESIGN with your Samba Domain Name

 

 

##The user to bind Samba to LDAP is defined in our smb.conf;

##[root@node1]#  smbpasswd –w SambaAdmin)

##[root@node2]#  smbpasswd –w SambaAdmin)

 

#SID S-1-5-21-3809161173-2687474671-1432921517

 

dn: dc=differentialdesign,dc=org

objectClass: dcObject

objectClass: organization

dc: differentialdesign

o: DDESIGN

description: Posix and Samba LDAP Identity Database

 

dn: cn=Manager,dc=differentialdesign,dc=org

objectClass: organizationalRole

cn: Manager

description: Directory Manager

 

dn: cn=syncuser,dc=differentialdesign,dc=org

objectClass: person

cn: syncuser

sn: syncuser

userPassword: SyncUser

 

dn: cn=sambaadmin,dc=differentialdesign,dc=org

objectClass: person

cn: sambaadmin

sn: sambaadmin

userPassword: SambaAdmin

 

dn: cn=mailadmin,dc=differentialdesign,dc=org

objectClass: person

cn: mailadmin

sn: mailadmin

userPassword: MailAdmin

 

dn: ou=Users,dc=differentialdesign,dc=org

objectClass: top

objectClass: organizationalUnit

ou: Users

 

dn: ou=People,ou=Users,dc=differentialdesign,dc=org

objectClass: top

objectClass: organizationalUnit

ou: People

 

dn: ou=Computers,ou=Users,dc=differentialdesign,dc=org

objectClass: top

objectClass: organizationalUnit

ou: Computers

 

dn: ou=Groups,dc=differentialdesign,dc=org

objectClass: top

objectClass: organizationalUnit

ou: Groups

 

dn: ou=Domains,dc=differentialdesign,dc=org

objectClass: top

objectClass: organizationalUnit

ou: Domains

 

dn: sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org

objectClass: sambaDomain

objectClass: sambaUnixIdPool

uidNumber: 1000

gidNumber: 1000

sambaDomainName: DDESIGN

sambaSID: S-1-5-21-3809161173-2687474671-1432921517

sambaAlgorithmicRidBase: 1000

structuralObjectClass: sambaDomain

 

dn: cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 512

cn: Domain Admins

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-512

sambaGroupType: 2

displayName: Domain Admins

description: Domain Administrators

 

dn: cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 513

cn: Domain Users

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-513

sambaGroupType: 2

displayName: Domain Users

description: Domain Users

 

dn: cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 514

cn: Domain Guests

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-514

sambaGroupType: 2

displayName: Domain Guests

description: Domain Guests

 

dn: cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 515

cn: Domain Computers

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-515

sambaGroupType: 2

displayName: Domain Computers

description: Domain Computers

 

dn: cn=Administrators,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 544

cn: Administrators

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-544

sambaGroupType: 5

displayName: Administrators

description: Administrators

 

dn: cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 548

cn: Account Operators

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-548

sambaGroupType: 5

displayName: Account Operators

description: Account Operators

 

dn: cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 550

cn: Print Operators

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-550

sambaGroupType: 5

displayName: Print Operators

description: Print Operators

 

dn: cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 551

cn: Backup Operators

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-551

sambaGroupType: 5

displayName: Backup Operators

description: Backup Operators

 

dn: cn=Replicators,ou=Groups,dc=differentialdesign,dc=org

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 552

cn: Replicators

sambaSID: S-1-5-21-3809161173-2687474671-1432921517-552

sambaGroupType: 5

displayName: Replicators

description: Replicators

 

 

 

 

3.3: LDAP population

 

Now its time to populate the database with our ldif that we edited to match our domain details as per section [#Preload_LDIF 3.2: Preload LDIF]'''

 

 

Step1.

 

Make sure LDAP is not running.

 

[root@node1]# vi /var/lib/ldap/DB_CONFIG

 

#DB_CONFIG

set_cachesize           0 150000000 1

set_lg_regionmax        262144

set_lg_bsize            2097152

set_flags               DB_LOG_AUTOREMOVE

 

 

Step2.

 

This step is necessary if you are using delta-syncrepl as per section '[#slapd_conf_Master_Syncrepl_4_Openldap2_ 2.1.2: slapd.conf Master delta-syncrepl Openldap2.3].'

 

Because we are using multiple databases on the Provider it is nessassary to place an additional DB_CONFIG file insite the database directory.

 

[root@node1]# mkdir /var/lib/ldap/accesslog

[root@node1]# cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog

 

 

Step3.


[root@node1]# cd /ldap-scripts/

 

[root@node1 scripts]# slapadd –b "dc=differentialdesign,dc=org"  -v -l preload-differentialdesign.ldif

 

added: "dc=differentialdesign,dc=org" (00000001)

added: "cn=Manager,dc=differentialdesign,dc=org" (00000002)

added: "cn=syncuser,dc=differentialdesign,dc=org" (00000003)

added: "cn=sambaadmin,dc=differentialdesign,dc=org" (00000004)

added: "cn=mailadmin,dc=differentialdesign,dc=org" (00000005)

added: "ou=Users,dc=differentialdesign,dc=org" (00000006)

added: "ou=People,ou=Users,dc=differentialdesign,dc=org" (00000007)

added: "ou=Computers,ou=Users,dc=differentialdesign,dc=org" (00000008)

added: "ou=Groups,dc=differentialdesign,dc=org" (00000009)

added: "ou=Domains,dc=differentialdesign,dc=org" (0000000a)

added: "sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org" (0000000b)

added: "cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org" (0000000c)

added: "cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org" (0000000d)

added: "cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org" (0000000e)

added: "cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org" (000000f)

added: "cn=Administrators,ou=Groups,dc=differentialdesign,dc=org" (00000010)

added: "cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org" (00000011)

added: "cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org" (00000012)

added: "cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org" (00000013)

added: "cn=Replicators,ou=Groups,dc=differentialdesign,dc=org" (00000014)

 

Step4.

 

[root@node1]# chown –R ldap.ldap /var/lib/ldap

 

Step5.

 

The user to bind Samba to LDAP is defined in our smb.conf; this is sambaadmin’s password as set in samba

preload-differentialdesign.ldif.

 

The entry in the preload-differentialdesign.ldif sambaadmin has a password “SambaAdmin”

 

dn: cn=sambaadmin,dc=differentialdesign,dc=org

objectClass: person

cn: sambaadmin

sn: sambaadmin

userPassword: SambaAdmin

 

 

[root@node1 scripts]# smbpasswd -w SambaAdmin

Setting stored password for "cn=sambaadmin,dc=differentialdesign,dc=org" in secrets.tdb

 

 

[root@node1 ~]# service ldap restart

Stopping slapd:                                      [  OK  ]

Stopping slurpd:                                     [  OK  ]

Checking configuration files for slapd:  config file testing succeeded

                                                            [  OK  ]

Starting slapd:                                       [  OK  ]

Starting slurpd:                                            [  OK  ]

 

[root@node1 ~]# service smb restart

Shutting down SMB services:                     [  OK  ]

Shutting down NMB services:                    [  OK  ]

Starting SMB services:                           [  OK  ]

Starting NMB services:                              [  OK  ]

 

 

Step6.

 

Adding initial users with the smbldap-tools: Skip to section [#smbldap_tools 4.1: smbldap-tools] and install on node1.

 

[root@node1 scripts]# cd /opt/IDEALX/sbin/

[root@node1 sbin]# ./smbldap-useradd -m -a root

[root@node1 sbin]# ./smbldap-passwd root

Changing password for root

New password :

Retype new password

 

[root@node1 ]# smbpasswd -a

New SMB password:

Retype new SMB password:

Added user root.

 

 

[root@node1 sbin]# ./smbldap-groupmod -m root Domain\ Admins

adding user root to group Domain Admins

 

[root@node1 ~]# cd /opt/IDEALX/sbin/

[root@node1 sbin]# ./smbldap-useradd -m -a asender

[root@node1 sbin]#

 

[root@node1 sbin]# ./smbldap-passwd asender

Changing password for asender

New password :

Retype new password :

[root@node1 sbin]#

 

[root@node1 sbin]# smbpasswd asender

New SMB password:

Retype new SMB password:

[root@node1 sbin]#

 

[root@node1 sbin]# id asender

uid=1001(asender) gid=513(Domain Users) groups=513(Domain Users)

 

 

Step7

You are now ready to join a Windows machine to the domain with user ‘root’. 

 

We will need to setup our BDC, Heartbeat and DRBD to match our configuration.

 

 

3.4: Database Replication

 

If we choose to use syncrepl instead of slurpd daemon as per sections [#slapd_conf_Slave_Syncrepl 2.2.1 slapd.conf Slave Synrepl and 2.2.1.1 slapd.conf Slave delta-syncrepl 4 Openldap2.3 ] there is no need to do this section, the database will be copied across initially when the consumer requests is restarted.

 

Step1.

 

Dump the LDAP database, copy it across to node2.

 

[root@node1 ~]# slapcat –b “dc=differentialdesign,dc=org” -v -l transfer.ldif

 

# id=00000001

# id=00000002

# id=00000003

# id=00000004

# id=00000005

# id=00000006

# id=00000007

# id=00000008

# id=00000009

# id=0000000a

# id=0000000b

# id=0000000c

# id=0000000d

# id=0000000e

# id=0000000f

# id=00000010

# id=00000011

# id=00000012

# id=00000013

# id=00000014

# id=00000015

# id=00000017

# id=00000018

 

 

[root@node1 ~]# scp transfer.ldif root@node2:/root/

 

 

Step2.

 

Transfer the database to node2.

 

[root@node2 ~]# slapadd –b “dc=differentialdesign,dc=org” -v -l transfer.ldif

 

added: "dc=differentialdesign,dc=org" (00000001)

added: "cn=Manager,dc=differentialdesign,dc=org" (00000002)

added: "cn=syncuser,dc=differentialdesign,dc=org" (00000003)

added: "cn=sambaadmin,dc=differentialdesign,dc=org" (00000004)

added: "cn=mailadmin,dc=differentialdesign,dc=org" (00000005)

added: "ou=Users,dc=differentialdesign,dc=org" (00000006)

added: "ou=People,ou=Users,dc=differentialdesign,dc=org" (00000007)

added: "ou=Computers,ou=Users,dc=differentialdesign,dc=org" (00000008)

added: "ou=Groups,dc=differentialdesign,dc=org" (00000009)

added: "ou=Domains,dc=differentialdesign,dc=org" (0000000a)

added: "sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org" (0000000b)

added: "cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org" (0000000c)

added: "cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org" (0000000d)

added: "cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org" (0000000e)

added: "cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org" (000000f)

added: "cn=Administrators,ou=Groups,dc=differentialdesign,dc=org" (00000010)

added: "cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org" (00000011)

added: "cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org" (00000012)

added: "cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org" (00000013)

added: "cn=Replicators,ou=Groups,dc=differentialdesign,dc=org" (00000014)

added: "uid=root,ou=People,ou=Users,dc=differentialdesign,dc=org" (00000015)

added: "uid=asender,ou=People,ou=Users,dc=differentialdesign,dc=org" (00000016)

 

 

Step3.

 

Make sure LDAP database is owned by LDAP

 

[root@node2 ~]# chown –R ldap.ldap /var/lib/ldap

 

Step4.

 

[root@node1 ~]# service ldap restart

Stopping slapd:                                      [  OK  ]

Stopping slurpd:                                     [  OK  ]

Checking configuration files for slapd:  config file testing succeeded

                                                                        [  OK  ]

Starting slapd:                                                   [  OK  ]

Starting slurpd:                                          [  OK  ]

 

[root@node1 ~]# service smb restart

Shutting down SMB services:                     [  OK  ]

Shutting down NMB services:                    [  OK  ]

Starting SMB services:                           [  OK  ]

Starting NMB services:                              [  OK  ]

 

Step5.

 

Login to node1 or your Primary Domain Controller and add another user as done so in section 3.6 LDAP population Step5, we will then check replication by logging onto node2 and see if the user exists on that machine.

 

[root@node1 sbin]# ./smbldap-useradd -m -a testuser

[root@node1 sbin]# ./smbldap-passwd testuser

Changing password for testuser

New password :

Retype new password :

[root@node1 sbin]# smbpasswd testuser

New SMB password:

Retype new SMB password:

 

[root@node1 sbin]# ssh node2

root@node2's password:

 

Last login: Mon Dec 18 02:43:33 2006 from 192.168.0.2

[root@node2 ~]# id testuser

uid=1009(testuser) gid=513(Domain Users) groups=513(Domain Users)

 

 

 

4.0: User Management

 

 

4.1: smbldap-tools

 

We will not be using the smbldap-tools to populate the database; however we will use it to manage users & groups once the database has been populated. These scripts allow us to add users and machines using NT tools such as srvtools.exe, it also makes life easier to manage to add users on the fly.  However it is possible to create LDIF file to add users to the database.

 

Smbldap-tools give us an advantage of been able to add machine accounts on the fly through the standard windows domain join. It also gives us the ability of been able to use srvtools.exe; however these tools lack custom control that can only be obtained through manually adding accounts through ldap.

 

This document configuration has been tested with smbldap-tools-0.9.1-1.

 

Install smbldap-tools-0.9.1-1on both nodes, this means we can add users and groups from either the PDC or BDC as long as the PDC is contactable.

 

You may need to satisfy any dependencies.

 

 

 

[root@node1 smbldap-tools]# rpm -Uvh smbldap-tools-0.9.1-1.noarch.rpm

    Preparing...                ########################################### [100%]

   1:smbldap-tools          ########################################### [100%]

[root@node1 smbldap-tools]#

 

 

 

 

[root@node2 smbldap-tools]# rpm -Uvh smbldap-tools-0.9.1-1.noarch.rpm

    Preparing...                ########################################### [100%]

   1:smbldap-tools          ########################################### [100%]

[root@node2 smbldap-tools]#

 

 

                                        

4.1.1: smbldap.conf Master

 

Because we did not use smbldap-tools to populate our database, we must manually configure the smbldap.conf. This configuration file only applies to smbldap-tools-0.9.1-1. If you are using a different version alterations will need to be made.

 

We will need to configure this file to suit our init

 

# /etc/opt/IDEALX/sbin/smbldap.conf

 

# smbldap-tools.conf : Q & D configuration file for smbldap-tools

 

#  This code was developped by IDEALX (http://IDEALX.org/) and

#  contributors (their names can be found in the CONTRIBUTORS file).

#

#                 Copyright (C) 2001-2002 IDEALX

#

#  This program is free software; you can redistribute it and/or

#  modify it under the terms of the GNU General Public License

#  as published by the Free Software Foundation; either version 2

#  of the License, or (at your option) any later version.

#

#  This program is distributed in the hope that it will be useful,

#  but WITHOUT ANY WARRANTY; without even the implied warranty of

#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

#  GNU General Public License for more details.

#

#  You should have received a copy of the GNU General Public License

#  along with this program; if not, write to the Free Software

#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,

#  USA.

 

#  Purpose :

#       . be the configuration file for all smbldap-tools scripts

 

##############################################################################

#

# General Configuration

#

##############################################################################

 

# Put your own SID. To obtain this number do: "net getlocalsid".

# If not defined, parameter is taking from "net getlocalsid" return

SID="S-1-5-21-3809161173-2687474671-1432921517"

 

# Domain name the Samba server is in charged.

# If not defined, parameter is taking from smb.conf configuration file

# Ex: sambaDomain="IDEALX-NT"

sambaDomain="DDESIGN"

 

##############################################################################

#

# LDAP Configuration

#

##############################################################################

 

# Notes: to use to dual ldap servers backend for Samba, you must patch

# Samba with the dual-head patch from IDEALX. If not using this patch

# just use the same server for slaveLDAP and masterLDAP.

# Those two servers declarations can also be used when you have

# . one master LDAP server where all writing operations must be done

# . one slave LDAP server where all reading operations must be done

#   (typically a replication directory)

 

# Slave LDAP server

# Ex: slaveLDAP=127.0.0.1

# If not defined, parameter is set to "127.0.0.1"

slaveLDAP="192.168.0.3"

 

# Slave LDAP port

# If not defined, parameter is set to "389"

slavePort="389"

 

# Master LDAP server: needed for write operations

# Ex: masterLDAP=127.0.0.1

# If not defined, parameter is set to "127.0.0.1"

masterLDAP="127.0.0.1"

 

# Master LDAP port

# If not defined, parameter is set to "389"

masterPort="389"

 

# Use TLS for LDAP

# If set to 1, this option will use start_tls for connection

# (you should also used the port 389)

# If not defined, parameter is set to "1"

ldapTLS="0"

 

# How to verify the server's certificate (none, optional or require)

# see "man Net::LDAP" in start_tls section for more details

verify=""

 

# CA certificate

# see "man Net::LDAP" in start_tls section for more details

cafile=""

 

# certificate to use to connect to the ldap server

# see "man Net::LDAP" in start_tls section for more details

clientcert=""

 

# key certificate to use to connect to the ldap server

# see "man Net::LDAP" in start_tls section for more details

clientkey=""

 

# LDAP Suffix

# Ex: suffix=dc=IDEALX,dc=ORG

suffix="dc=differentialdesign,dc=org"

 

# Where are stored Users

# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"

# Warning: if 'suffix' is not set here, you must set the full dn for usersdn

usersdn="ou=People,ou=Users,${suffix}"

 

# Where are stored Computers

# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"

# Warning: if 'suffix' is not set here, you must set the full dn for computersdn

computersdn="ou=Computers,ou=Users,${suffix}"

 

# Where are stored Groups

# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"

# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn

groupsdn="ou=Groups,${suffix}"

 

# Where are stored Idmap entries (used if samba is a domain member server)

# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"

# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn

idmapdn="ou=Idmap,${suffix}"

 

# Where to store next uidNumber and gidNumber available for new users and groups

# If not defined, entries are stored in sambaDomainName object.

# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"

sambaUnixIdPooldn="sambaDomainName=DDESIGN,ou=Domains,${suffix}"

 

# Default scope Used

scope="sub"

 

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)

hash_encrypt="MD5"

 

# if hash_encrypt is set to CRYPT, you may set a salt format.

# default is "%s", but many systems will generate MD5 hashed

# passwords if you use "$1$%.8s". This parameter is optional!

crypt_salt_format=""

 

##############################################################################

#

# Unix Accounts Configuration

#

##############################################################################

 

# Login defs

# Default Login Shell

# Ex: userLoginShell="/bin/bash"

userLoginShell="/bin/bash"

 

# Home directory

# Ex: userHome="/home/%U"

userHome="/data/home/%U"

 

# Default mode used for user homeDirectory

userHomeDirectoryMode="700"

 

# Gecos

userGecos="System User"

 

# Default User (POSIX and Samba) GID

defaultUserGid="513"

 

# Default Computer (Samba) GID

defaultComputerGid="515"

 

# Skel dir

skeletonDir="/etc/skel"

 

# Default password validation time (time in days) Comment the next line if

# you don't want password to be enable for defaultMaxPasswordAge days (be

# careful to the sambaPwdMustChange attribute's value)

defaultMaxPasswordAge="45"

 

##############################################################################

#

# SAMBA Configuration

#

##############################################################################

 

# The UNC path to home drives location (%U username substitution)

# Just set it to a null string if you want to use the smb.conf 'logon home'

# directive and/or disable roaming profiles

# Ex: userSmbHome="\\PDC-SMB3\%U"

userSmbHome="\\192.168.0.4\%U"

 

# The UNC path to profiles locations (%U username substitution)

# Just set it to a null string if you want to use the smb.conf 'logon path'

# directive and/or disable roaming profiles

# Ex: userProfile="\\PDC-SMB3\profiles\%U"

userProfile="\\192.168.0.4\profiles\%U"

 

# The default Home Drive Letter mapping

# (will be automatically mapped at logon time if home directory exist)

# Ex: userHomeDrive="H:"

userHomeDrive="H:"

 

# The default user netlogon script name (%U username substitution)

# if not used, will be automatically username.cmd

# make sure script file is edited under dos

# Ex: userScript="startup.cmd" # make sure script file is edited under dos

userScript="%U.bat"

 

# Domain appended to the users "mail"-attribute

# when smbldap-useradd -M is used

# Ex: mailDomain="idealx.com"

mailDomain="differentialdesign.org"

 

##############################################################################

#

# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)

#

##############################################################################

 

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but

# prefer Crypt::SmbHash library

with_smbpasswd="0"

smbpasswd="/usr/bin/smbpasswd"

 

# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)

# but prefer Crypt:: libraries

with_slappasswd="0"

slappasswd="/usr/sbin/slappasswd"

 

# comment out the following line to get rid of the default banner

# no_banner="1"

 

 

 

'4.1.2: smbldap.conf Slave'

 

It is not necessary to install smbldap-tools on the backup domain controller. However this lets you add users from the BDC which will refer its update to the PDC ldap database.

 

 

# /etc/opt/IDEALX/sbin/smbldap.conf

 

 

#

# smbldap-tools.conf : Q & D configuration file for smbldap-tools

 

#  This code was developped by IDEALX (http://IDEALX.org/) and

#  contributors (their names can be found in the CONTRIBUTORS file).

#

#                 Copyright (C) 2001-2002 IDEALX

#

#  This program is free software; you can redistribute it and/or

#  modify it under the terms of the GNU General Public License

#  as published by the Free Software Foundation; either version 2

#  of the License, or (at your option) any later version.

#

#  This program is distributed in the hope that it will be useful,

#  but WITHOUT ANY WARRANTY; without even the implied warranty of

#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

#  GNU General Public License for more details.

#

#  You should have received a copy of the GNU General Public License

#  along with this program; if not, write to the Free Software

#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,

#  USA.

 

#  Purpose :

#       . be the configuration file for all smbldap-tools scripts

 

##############################################################################

#

# General Configuration

#

##############################################################################

 

# Put your own SID. To obtain this number do: "net getlocalsid".

# If not defined, parameter is taking from "net getlocalsid" return

SID="S-1-5-21-3809161173-2687474671-1432921517"

 

# Domain name the Samba server is in charged.

# If not defined, parameter is taking from smb.conf configuration file

# Ex: sambaDomain="IDEALX-NT"

sambaDomain="DDESIGN"

 

##############################################################################

#

# LDAP Configuration

#

##############################################################################

 

# Notes: to use to dual ldap servers backend for Samba, you must patch

# Samba with the dual-head patch from IDEALX. If not using this patch

# just use the same server for slaveLDAP and masterLDAP.

# Those two servers declarations can also be used when you have

# . one master LDAP server where all writing operations must be done

# . one slave LDAP server where all reading operations must be done

#   (typically a replication directory)

 

# Slave LDAP server

# Ex: slaveLDAP=127.0.0.1

# If not defined, parameter is set to "127.0.0.1"

slaveLDAP="127.0.0.1"

 

# Slave LDAP port

# If not defined, parameter is set to "389"

slavePort="389"

 

# Master LDAP server: needed for write operations

# Ex: masterLDAP=127.0.0.1

# If not defined, parameter is set to "127.0.0.1"

masterLDAP="192.168.0.2"

 

# Master LDAP port

# If not defined, parameter is set to "389"

masterPort="389"

 

# Use TLS for LDAP

# If set to 1, this option will use start_tls for connection

# (you should also used the port 389)

# If not defined, parameter is set to "1"

ldapTLS="0"

 

# How to verify the server's certificate (none, optional or require)

# see "man Net::LDAP" in start_tls section for more details

verify=""

 

# CA certificate

# see "man Net::LDAP" in start_tls section for more details

cafile=""

 

# certificate to use to connect to the ldap server

# see "man Net::LDAP" in start_tls section for more details

clientcert=""

 

# key certificate to use to connect to the ldap server

# see "man Net::LDAP" in start_tls section for more details

clientkey=""

 

# LDAP Suffix

# Ex: suffix=dc=IDEALX,dc=ORG

suffix="dc=differentialdesign,dc=org"

 

# Where are stored Users

# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"

# Warning: if 'suffix' is not set here, you must set the full dn for usersdn

usersdn="ou=People,ou=Users,${suffix}"

 

# Where are stored Computers

# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"

# Warning: if 'suffix' is not set here, you must set the full dn for computersdn

computersdn="ou=Computers,ou=Users,${suffix}"

 

# Where are stored Groups

# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"

# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn

groupsdn="ou=Groups,${suffix}"

 

# Where are stored Idmap entries (used if samba is a domain member server)

# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"

# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn

idmapdn="ou=Idmap,${suffix}"

 

# Where to store next uidNumber and gidNumber available for new users and groups

# If not defined, entries are stored in sambaDomainName object.

# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"

sambaUnixIdPooldn="sambaDomainName=DDESIGN,ou=Domains,${suffix}"

 

# Default scope Used

scope="sub"

 

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)

hash_encrypt="MD5"

 

# if hash_encrypt is set to CRYPT, you may set a salt format.

# default is "%s", but many systems will generate MD5 hashed

# passwords if you use "$1$%.8s". This parameter is optional!

crypt_salt_format=""

 

##############################################################################

#

# Unix Accounts Configuration

#

##############################################################################

 

# Login defs

# Default Login Shell

# Ex: userLoginShell="/bin/bash"

userLoginShell="/bin/bash"

 

# Home directory

# Ex: userHome="/home/%U"

userHome="/data/home/%U"

 

# Default mode used for user homeDirectory

userHomeDirectoryMode="700"

 

# Gecos

userGecos="System User"

 

# Default User (POSIX and Samba) GID

defaultUserGid="513"

 

# Default Computer (Samba) GID

defaultComputerGid="515"

 

# Skel dir

skeletonDir="/etc/skel"

 

# Default password validation time (time in days) Comment the next line if

# you don't want password to be enable for defaultMaxPasswordAge days (be

# careful to the sambaPwdMustChange attribute's value)

defaultMaxPasswordAge="45"

 

##############################################################################

#

# SAMBA Configuration

#

##############################################################################

 

# The UNC path to home drives location (%U username substitution)

# Just set it to a null string if you want to use the smb.conf 'logon home'

# directive and/or disable roaming profiles

# Ex: userSmbHome="\\PDC-SMB3\%U"

userSmbHome="\\192.168.0.4\%U"

 

# The UNC path to profiles locations (%U username substitution)

# Just set it to a null string if you want to use the smb.conf 'logon path'

# directive and/or disable roaming profiles

# Ex: userProfile="\\PDC-SMB3\profiles\%U"

userProfile="\\192.168.0.4\profiles\%U"

 

# The default Home Drive Letter mapping

# (will be automatically mapped at logon time if home directory exist)

# Ex: userHomeDrive="H:"

userHomeDrive="H:"

 

# The default user netlogon script name (%U username substitution)

# if not used, will be automatically username.cmd

# make sure script file is edited under dos

# Ex: userScript="startup.cmd" # make sure script file is edited under dos

userScript="%U.bat"

 

# Domain appended to the users "mail"-attribute

# when smbldap-useradd -M is used

# Ex: mailDomain="idealx.com"

mailDomain="differentialdesign.org"

 

##############################################################################

#

# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)

#

##############################################################################

 

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but

# prefer Crypt::SmbHash library

with_smbpasswd="0"

smbpasswd="/usr/bin/smbpasswd"

 

# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)

# but prefer Crypt:: libraries

with_slappasswd="0"

slappasswd="/usr/sbin/slappasswd"

 

# comment out the following line to get rid of the default banner

# no_banner="1"

 

 

 

 

 

5.0: Heartbeat HA Configuration

 

Heartbeat Configuration

-          Node1

-          Node2

 

The heartbeat solution is not needed for domain logons; however in mission critical environments it supports failover if a node becomes unavailable. It provides a heartbeat through a serial and a crossover connection directly connected to each server. A virtual IP is shared by the cluster; we connect to this virtual IP Address when accessing a Samba share.

 

There are 2 main differential versions of heartbeat - version 1.2.3 is limited to a two node cluster; version 2 can span many machines and can become quite complex. Heartbeat version 2 is however backwards compatible with version 1.2.3 configuration files using the “crm no” option in the ha.cf configuration file.

 

You must never mix different versions of heartbeat in a cluster; they must all run the same version. If you do it will create instability and may lead to random rebooting.

 

If you want to be completely safe I highly recommend using version 1.2.3, for this exercise however we will be using version heartbeat 2.

 

If you are looking for proven stability version 1.2.3 has been used with DRBD for a long time; it is often used in hospitals to store MRI and other data that needs to be readily accessible; currently this is limited to a 2 node cluster.

 

 

5.1: Requirements

 

Get the following RPM’s from the http://www.linux-ha.org web site.

 

Version 1.2.3 has proven rock solid in many mission critical environments.

You may need to satisfy dependencies.

 

If you chose to install heartbeat version 1.2.3 take note of the configuration file 4.3 Configuration PDC it differs slightly.

 

'5.2: Installation'

 

Heartbeat can now be downloaded with YUM, it will download version 2.

Repeat this process on node2 your backup domain controller, so they are both running identical versions of heartbeat.

 

Install heartbeat on both nodes

 

[root@node1 programs]# cd heartbeat-1.2.3/

[root@node1 heartbeat-1.2.3]# ls

heartbeat-1.2.3-2.rh.9.i386.rpm

heartbeat-ldirectord-1.2.3-2.rh.9.i386.rpm

heartbeat-pils-1.2.3-2.rh.9.i386.rpm

heartbeat-stonith-1.2.3-2.rh.9.i386.rpm

 

[root@node1 heartbeat-1.2.3]#rpm -Uvh heartbeat-1.2.3-2.rh.9.i386.rpm heartbeat-ldirectord-1.2.3-2.rh.9.i386.rpm heartbeat-pils-1.2.3-2.rh.9.i386.rpm heartbeat-stonith-1.2.3-2.rh.9.i386.rpm

 

 

 

5.3: Configuration

 

Heartbeat running as version 1.2.3 is very easy to configure and manage. The never version 2 is able to support multiple nodes and uses xml type configuration files. If you are using version 2 I recommend running using crm = no option which provides 1.2.3 backwards compatability.

 

Just remember to always run the same version of heartbeat on both nodes.

 

5.3.1: ha.cf

 

Step1

 

On node1 login with root account; the ha.cf file needs to be the same on both nodes.

 

Note:

The option “crm no” in the ha.cf specifies heartbeat version 2 to behave as version 1.2.3; this means it is limited to a 2 node cluster.

If you choose to run version 1.2.3 you will need to comment out or delete the “crm no” in the ha.cf

 

[root@node1]# cd /etc/ha.d

[root@node1]# vi ha.cf

 

## /etc/ha.d/ha.cf on node1

## This configuration is to be the same on both machines

## This example is made for version 2, comment out crm if using version 1

 

keepalive 1

deadtime 5

warntime 3

initdead 20

serial /dev/ttyS0

bcast eth1

auto_failback yes

node node1

node node2

crm no # comment out if using version 1.2.3

 

Step2.

 

Copy the ha.cf to node2 so they both have the same configuration file.

 

[root@node1]# scp /etc/ha.d/ha.cf root@node2:/etc/ha.d/

 

 

5.3.2: haresources

 

The haresorces file is called when heartbeat starts. Throughout this document we have used /data as our mount point for replication raid1 over LAN.

 

We use node1, which is the master server and use 192.168.0.4 which is the clusters virtual IP address which will be displayed as eth0:0 on the primary node.

 

You will see drbddisk Filesystem::/dev/drbd0::/data::ext3 - /dev/drbd0 is our DRBD drive. We have chosen to mount our DRBD file system at /data – this is our replication mount point, which we configured in our samba and smbldap-tools configuration.

 

You can easily make services highly available by adding the appropriate name to the haresources file as specified below with DNS service named''.

 

Step1

 

[root@node1]# vi haresources

 

## /etc/ha.d/haresources

## This configuration is to be the same on both nodes

 

node1 192.168.0.4 drbddisk Filesystem::/dev/drbd0::/data::ext3 named

 

 

Step2

 

Copy the haresources file across to node2 so they are both identical.

 

[root@node1]# scp /etc/ha.d/haresources root@node2:/etc/ha.d/

 

 

5.3.3: authkeys

 

 

The below method provides no security or authentication, so we recommended not to use. If however heartbeat communicates over a private link such as in our case (serial and crossover cable) there is no need to add this additional security.

 

Step1

 

[root@node1]# vi authkeys

 

## /etc/ha.d/authkeys

 

auth 1

1 crc

 

The preferred method is to sha encryption to authenticate nodes and their packets as below.

 

## /etc/ha.d/authkeys

 

auth 1

1 sha HeartbeatPassword

 


Step2

 

Give the authkeys file correct permissions.

 

[root@node1]# chmod 600 /etc/ha.d/authkeys

 

Step3

 

Copy the authkeys file to node2 so they can authenticate with each other.

 

[root@node1]# scp /etc/ha.d/authkeys root@node2:/etc/ha.d/

 

 

5.4: Testing

 

Now that we have heartbeat configured it is time to test ther

 

 

Step4.

 

Login to node2 – your backup domain controller, use the exact same configuration as the primary domain controllers configuration files for heartbeat.

 

 

6.0: DRBD

 

DRBD Configuration

-          Primary

-          Secondary

 

DRBD is a kernel module which has the ability to network 2 machines to provide Raid1 over LAN.

 

It is assumed that we have two identical drives in both machines; all data on this device will be destroyed.

 

If you are updating your kernel or version of DRBD, make sure DRBD is stopped on both machines.

 

Never attempt to run different versions of DRBD, this means both machines need the same kernel.

 

6.1: Requirements

 

You will need to install the DRBD kernel Module. We will build our own RPM kernel modules so it is optimized for our architecture.

 

I have tested many different kernels with DRBD, some are not stable so you will need to check Google to make sure your kernel is compatible with the particular DRBD release, most of the time this isn’t an issue.

 

Both the following kernels are recommended for Fedora Core 4; up to version drbd-0.7.23 I have used.

kernel-smp-2.6.14-1.1656_FC4

kernel-smp-2.6.11-1.1369_FC4

 

Please browse this list http://www.linbit.com/support/drbd-current/ and look for packages available.

 

Step1

 

Get a serial cable and connect it to each nodes com1 port.

 

Execute the following; you may see a lot of garbage on the screen.

 

[root@node1 ~]# cat </dev/ttyS0 

 

Step2

 

You may have to repeat the below a couple of times in rapid succession to see the output on node1.

 

[root@node2 ~]# echo hello >/dev/ttyS0

 

 

6.2: Installation

 

 

Step1

 

Extract the latest stable version of DRBD.

 

[root@node1 stable]# tar zxvf drbd-0.7.20.tar.gz

 

[root@node1 stable]# cd drbd-0.7.20

[root@node1 drbd-0.7.20]#

 

Step2

 

. It is nice to make your own rpm for your distribution. It makes upgrades seamless.

 

This will give us a RPM build specifically to our kernel, it may take some time.

 

[root@node1 drbd-0.7.20]# make

[root@node1 drbd-0.7.20]# make rpm

 

Step3

 

[root@node1 drbd-0.7.20]# cd dist RPMS/i386/

[root@node1 i386]#/

 

[root@node1 i386]# ls

drbd-0.7.20-1.i386.rpm

drbd-debuginfo-0.7.20-1.i386.rpm

drbd-km-2.6.14_1.1656_FC4smp-0.7.20-1.i386.rpm

 

Step4

 

We will now install DRBD and our Kernel module which we built earlier.

 

[root@node1 i386]# rpm -Uvh drbd-0.7.20-1.i386.rpm drbd-debuginfo-0.7.20-1.i386.rpm drbd-km-2.6.14_1.1656_FC4smp-0.7.20-1.i386.rpm

 

 

Step5

 

Login to node 2 the backup domain controller and do the same.

 

 

6.3: Configuration

 

In the example throughout this document we have linked /dev/hdd1 to /dev/drbd; your however may be a different device, it could be SCSI.

 

All data on the device /dev/hdd will be destroyed.

 

Step1

 

We are going to create a partition on /dev/hdd1 using fdisk.

 

[root@node1]# fdisk /dev/hdd1

 

Command (m for help): m

Command action

   a   toggle a bootable flag

   b   edit bsd disklabel

   c   toggle the dos compatibility flag

   d   delete a partition

   l   list known partition types

   m   print this menu

   n   add a new partition

   o   create a new empty DOS partition table

   p   print the partition table

   q   quit without saving changes

   s   create a new empty Sun disklabel

   t   change a partition's system id

   u   change display/entry units

   v   verify the partition table

   w   write table to disk and exit

   x   extra functionality (experts only)

 

Command (m for help): d

No partition is defined yet!

 

Command (m for help): n

Command action

   e   extended

   p   primary partition (1-4)

p

Partition number (1-4): 1

First cylinder (1-8677, default 1):

Using default value 1

Last cylinder or +size or +sizeM or +sizeK (1-8677, default 8677):

Using default value 8677

 

Command (m for help): w

 

 

Step2

 

Now login to node2 the backup domain controller and fdisk /dev/hdd1 as per above; or your chosen device.

 

 

6.3.1: drbd.conf

 

Create this file on both you master and slave server, it should be identical however it is not a requirement. As long as the partition size is the same any mount point can be used.

 

Step1

 

The below file is fairly self explanatory, you see the real disk link to the DRBD kernel module device.

 

 

[root@node1]# vi /etc/drbd.conf

 

# Datadrive (/data) /dev/hdd1 80GB

 

resource drbd1 {

  protocol C;

  disk {

    on-io-error panic;

  }

  net {

    max-buffers 2048;

    ko-count 4;

    on-disconnect reconnect;

  }

  syncer {

    rate 700000;

  }

  on node1 {

    device    /dev/drbd0;

    disk      /dev/hdd1;

    address   10.0.0.1:7789;

    meta-disk internal;

  }

  on node2 {

    device    /dev/drbd0;

    disk      /dev/hdd1;

    address   10.0.0.2:7789;

    meta-disk internal;

  }

}

 

 

Step2

 

[root@node1]# scp /etc/drbd.conf root@node2:/etc/

 

 

6.3.2: Initialization

 

In the following steps we will configure the disks to synchronize and choose a master node.

 

Step1

 

On the Primary Domain Controller

 

[root@node1]# service drbd start

 

On the Backup Domain Controller

 

[root@node2]# service drbd start

 

Step2

 

[root@node1]# service drbd status

 

drbd driver loaded OK; device status:

version: 0.7.17 (api:77/proto:74)

SVN Revision: 2093 build by root@node1, 2006-04-23 14:40:20

0: cs:Connected st:Secondary/Secondary ld:Inconsistent

    ns:25127936 nr:3416 dw:23988760 dr:4936449 al:19624 bm:1038 lo:0 pe:0 ua:0 ap:0

 

You can see both devices are ready, and waiting for a Primary drive to be activated which will do an initial synchronization to the secondary device.

 

Step3

 

Stop the heartbeat service on both nodes.

 

Step4

 

We are now telling DRBD to make node1 the primary drive.

 

[root@node1]#  drbdadm -- --do-what-I-say primary all

 

[root@node1 ~]# service drbd status

drbd driver loaded OK; device status:

version: 0.7.23 (api:79/proto:74)

SVN Revision: 2686 build by root@node1, 2007-01-23 20:26:13

 0: cs:SyncSource st:Primary/Secondary ld:Consistent

    ns:67080 nr:85492 dw:91804 dr:72139 al:9 bm:268 lo:0 pe:30 ua:2019 ap:0

        [==>.................] sync'ed: 12.5% (458848/520196)K

        finish: 0:01:44 speed: 4,356 (4,088) K/sec

 

Step6

 

Create a filesystem on our RAID devices.

 

[root@node1]# mkfs.ext3 /dev/drbd0

 

6.4: Testing

 

We have a 2 node cluster replicating data, its time to test a failover.

 

Step1

 

Start the heartbeat service on both nodes.

 

Step2

 

On node1 we can see the status of DRBD.

 

[root@node1 ~]# service drbd status

drbd driver loaded OK; device status:

version: 0.7.23 (api:79/proto:74)

0: cs:Connected st:Primary/Secondary ld:Consistent

    ns:1536 nr:0 dw:1372 dr:801 al:4 bm:6 lo:0 pe:0 ua:0 ap:0

[root@node1 ~]#

 

On node2 we can see the status of DRBD.

 

[root@node2 ~]# service drbd status

drbd driver loaded OK; device status:

version: 0.7.23 (api:79/proto:74)

SVN Revision: 2686 build by root@node2, 2007-01-23 20:26:03

0: cs:Connected st:Secondary/Primary ld:Consistent

    ns:0 nr:1484 dw:1484 dr:0 al:0 bm:6 lo:0 pe:0 ua:0 ap:0

[root@node2 ~]#

 

That all looks good; we can see the devices are consistent and ready for use.

 

Step3

 

Now let’s check the mount point we created in the heartbeat haresources file.

 

We can see heartbeat has successfully mounted “/dev/drbd0 to the /data directory” of course your device will not have any data on it yet.

 

[root@node1 ~]# df -h

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/VolGroup00-LogVol00

                       35G   14G   20G  41% /

/dev/hdc1              99M   21M   74M  22% /boot

/dev/shm              506M     0  506M   0% /dev/shm

/dev/drbd0             74G   37G   33G  53% /data

[root@node1 ~]#

 

Step4

 

Login to node1 and execute the following command; once heartbeat is stopped it should only take a few seconds to migrate the services to node2.

 

[root@node1 ~]# service heartbeat stop

Stopping High-Availability services:

                                                           [  OK  ]

 

[root@node1 ~]# service drbd status

drbd driver loaded OK; device status:

version: 0.7.23 (api:79/proto:74)

SVN Revision: 2686 build by root@node1, 2007-01-23 20:26:13

0: cs:Connected st:Secondary/Primary ld:Consistent

    ns:5616 nr:85492 dw:90944 dr:2162 al:9 bm:260 lo:0 pe:0 ua:0 ap:0

 

We can see drbd change state to secondary on node1.

 

Step5

 

Now let’s check that status of DRBD on node2; we can see it has changed state and become the primary.

 

[root@node2 ~]# service drbd status

drbd driver loaded OK; device status:

version: 0.7.23 (api:79/proto:74)

SVN Revision: 2686 build by root@node2, 2007-01-23 20:26:03

 0: cs:Connected st:Primary/Secondary ld:Consistent

    ns:4 nr:518132 dw:518136 dr:17 al:0 bm:220 lo:0 pe:0 ua:0 ap:0

 1: cs:Connected st:Primary/Secondary ld:Consistent

    ns:28 nr:520252 dw:520280 dr:85 al:0 bm:199 lo:0 pe:0 ua:0 ap:0

 

Check that node2 has mounted the device.

 

[root@node2 ~]# df -h

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/VolGroup00-LogVol00

                       35G   12G   22G  35% /

/dev/hdc1              99M   17M   78M  18% /boot

/dev/shm              506M     0  506M   0% /dev/shm

/dev/hdh1             111G   97G  7.6G  93% /storage

/dev/drbd0             74G   37G   33G  53% /data

[root@node2 ~]#

 

Step5

 

Finally start the heartbeat service on node1 and be sure that all processes migrate back.

 

 

7.0: BIND DNS

 

We can use BIND – The Berkley Internet Name Domain in a high availability configuration. We can make 2 nodes appear as one, zone files will we stored on a DRBD drive, if node1 fails node2 can take over and automatically start NAMED.

 

BIND is able to have its /var/named directory relocated to a more appropriate location such as /data/dnszones; this enables us to provide real time replication of the zone files; the standby node2 will have to have its default directory modified to /data/dnszones.

 

We have 2 servers, and we will refer to the cluster as cluster.differentialdesign.org. It is assumed that these machines are behind a firewall with NAT and port forwarding to the appropriate ports.

 

When setting up Domain Names through a registrar you would want 2 separate name servers. It is recommended to setup an additional slave DNS server.

 

An example may be

 

Name Server:CLUSTER.DIFFERENTIALDESIGN.ORG 'ß' Primary Name Server(s)

Name Server:NS1.DIFFERENTIALDESIGN.ORG

Name Server:NS2.DIFFERENTIALDESIGN.ORG

 

 

'7.1: Configuration'

 

Step1

 

We will now create a directory on our DRBD drive /data/dnszones.

 

[root@node1 ~]# mkdir /data/dnszones

 

Step2

 

Change the location of the zone files to our replicated drive

 

[root@node1 ~]# named ?

usage: named [-4|-6] [-c conffile] [-d debuglevel] [-f|-g] [-n number_of_cpus]

             [-p port] [-s] [-t chrootdir] [-u username]

             [-m {usage|trace|record}]

             [-D ]

named: extra command line arguments

 

[root@node1 ~]# named -t /data/dnszones/

 

Step3

 

Copy the default zone files to our new location and set the permissions.

 

[root@node1 ~]# rsync -avz /var/named/ /data/dnszones/

 

[root@node1 ~]# chown –R named.named /data/dnszones/

 

 

7.1.1: named.conf

 

It is important that all machines on the network use cluster.differentialdesign.org or its local IP address address as DNS servers. This way we can assure correct name resolution.

 

We will now edit the /etc/named.conf

 

Take note of the below file, you can see highlighted in red our secondary DNS servers, these are the IP addresses of ns1.differentialdesign.org and ns2.differentialdesign.org

 

The named.conf needs to be the same on both node1 and node2; you could manually copy the file over using SCP, or link it to the /data/dnszones directory using a symbolic link.

 

 

[root@node1 ~]# vi /etc/named.conf

 

 

//

// named.conf for Red Hat caching-nameserver

//

 

options {

        directory "/data/dnszones";

        dump-file "/data/dnszones/data/cache_dump.db";

        statistics-file "/data/dnszones/data/named_stats.txt";

        /*

         * If there is a firewall between you and nameservers you want

         * to talk to, you might need to uncomment the query-source

         * directive below.  Previous versions of BIND always asked

         * questions using port 53, but BIND 8.1 uses an unprivileged

         * port by default.

         */

         // query-source address * port 53;

 

 

        allow-transfer {

                127.0.0.1;              // localhost

                202.161.90.250;               // secondary DNS server for my zone

                202.161.90.251;               // secondary DNS server for my zone

 

         };

 

 

};

 

//

// a caching only nameserver config

//

controls {

        inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};

 

zone "." IN {

        type hint;

        file "named.ca";

};

 

zone "localdomain" IN {

        type master;

        file "localdomain.zone";

        allow-update { none; };

};

 

zone "localhost" IN {

        type master;

        file "localhost.zone";

        allow-update { none; };

};

 

zone "0.0.127.in-addr.arpa" IN {

        type master;

        file "named.local";

        allow-update { none; };

};

 

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

        type master;

        file "named.ip6.local";

        allow-update { none; };

};

 

zone "255.in-addr.arpa" IN {

        type master;

        file "named.broadcast";

        allow-update { none; };

};

 

zone "0.in-addr.arpa" IN {

        type master;

        file "named.zero";

        allow-update { none; };

};

 

 

zone "differentialdesign.org" {

        type master;

        file "/data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts";

        allow-update { none; };

};

 

 

 

 

7.1.2: zone file

 

In our named.conf file we have the following zone defined;

 

zone "differentialdesign.org" {

        type master;

        file "/data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts";

        allow-update { none; };

 

 

We can see the zone file located in /data/dnszones/

 

Step1.

 

Create a sub folder where we will store our zone files.

 

[root@node1 ~]# mkdir /data/dnszones/differentialdesign.org/

 

Step2.

 

Create a new file called named.differentialdesign.org.hosts.

 

[root@node1 ~]# vi /data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts

 

You will see below that nodes.differentialdesign.org. IN 192.168.0.4 is an “A record” which points us to the virtual IP address of the cluster. When setting up mapped drives it is best to use the name instead of IP address.

 

$TTL 8h

differentialdesign.org.    IN      SOA     cluster.differentialdesign.org. asender.mail.samba.org. (

                        2006211201

                        10800

                        3600

                        3600000

                        86400 )

differentialdesign.org.            IN      NS               cluster.differentialdesign.org.

differentialdesign.org.            IN      NS               ns1.differentialdesign.org.

differentialdesign.org.            IN      NS               ns2.differentialdesign.org.

differentialdesign.org.            IN      MX      50     mail.differentialdesign.org.

mail.differentialdesign.org.           IN      A             202.161.90.245

www.differentialdesign.org.          IN      A             202.161.90.245

cluster.differentialdesign.org.       IN      A            202.161.90.241

node1.differentialdesign.org.      IN      A             192.168.0.2

node2.differentialdesign.org.      IN      A             192.168.0.3

nodes.differentialdesign.org.        IN      A             192.168.0.4