Sharing passdb.tdb between two or more Samba servers?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Sharing passdb.tdb between two or more Samba servers?

Samba - General mailing list
Hello,

We are using Samba only for file sharing.  Because we are missing space in
the first Samba server, we need to add a second Samba server.

While building this new server i came up with the questioning about sharing
the passdb.tdb file among different Samba servers? Would this be feasible?
The idea is that all users should be able to access any file servers
according with theirs needs.  Or is there a better way to do it?

Thanks,
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Sharing passdb.tdb between two or more Samba servers?

Samba - General mailing list
On Mon, 6 Nov 2017 13:26:55 -0500
Bernard Fay via samba <[hidden email]> wrote:

> Hello,
>
> We are using Samba only for file sharing.  Because we are missing
> space in the first Samba server, we need to add a second Samba server.
>
> While building this new server i came up with the questioning about
> sharing the passdb.tdb file among different Samba servers? Would this
> be feasible? The idea is that all users should be able to access any
> file servers according with theirs needs.  Or is there a better way
> to do it?
>
> Thanks,

Whilst it may be possible to share passdb.tdb between Samba standalone
servers (I take it this is what your fileserver is running as), what
are you going to do about the required Unix users ?

What connects to your Samba machine, Windows clients ?

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Sharing passdb.tdb between two or more Samba servers?

Samba - General mailing list
On Tue, 7 Nov 2017 07:13:19 -0500
Bernard Fay <[hidden email]> wrote:

> Yes, our Samba servers are configured as standalone.  Windows clients
> and Xenservers for storage repositories are connecting to these
> shares.
>
> What does that change for the Unix users as they have to be in the
> passdb.tdb file anyway???
>
>

OK, you asked ;-)

Lets say that windows user 'fred' wants to store something on
fileserver1, then 'fred' must be a Samba user and a Unix user on
fileserver1.
If user 'fred' doesn't want to type in a password when they connect to
fileserver1, then the Samba user 'fred' will have to have the same
password, so you have two places to manage the users password if it is
changed.

You now decide to add another Samba server, fileserver2 and rsync
passdb.tdb to this, but this isn't enough, you will have to create the
users in /etc/passwd as well, I certainly wouldn't want to sync this as
well, it 'might' break something.

You now have three places to manage the users password if it is changed.

A new user 'george' must be added, so you add the user to windows, then
go to fileserver1 and create the Unix user and then the Samba user. You
then need to go to fileserver2 and add the user again.

You haven't said if the windows machines are in a domain, but if they
are, all you need to do is make the fileservers into Unix domain
members and you then will only have one place to manage users.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Sharing passdb.tdb between two or more Samba servers?

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 2017-11-06 at 13:26 -0500, Bernard Fay via samba wrote:
> Hello,
>
> We are using Samba only for file sharing.  Because we are missing space in
> the first Samba server, we need to add a second Samba server.
>
> While building this new server i came up with the questioning about sharing
> the passdb.tdb file among different Samba servers? Would this be feasible?
> The idea is that all users should be able to access any file servers
> according with theirs needs.  Or is there a better way to do it?

The better way is to make the first server into a DC for a classic NT4-
style domain and use the OpenLDAP backend.  There are guides on how to
convert into LDAP.  Both DCs can reference the same LDAP server or
replicas.  This is the smallest-change approach.

Or, set up a full Samba AD domain and get the advantages of a full AD
DC.

Andrew Bartlett

> Thanks,
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba