Review your favorite Linux distribution.
Go Back > Blogs > Kashif Aziz Awan
User Name


Rate this Entry

sambaldap BDC how to

Posted 08-28-2009 at 02:31 AM by kashifazizawan
Updated 08-28-2009 at 06:21 AM by kashifazizawan

Backup Domain Controller (BDC) for the Primary Domain Controller (PDC)

Once again you install a minimal CentOS 4.x system, full update it with.


yum update
yum install mc samba-common samba openldap-clients perl-XML-NamespaceSupport perl-XML-SAX glibc-kernheaders glibc-headers glibc-devel cpp perl-HTML-Tagset perl-HTML-Parser perl-Convert-ASN1 perl-URI perl-libwww-perl perl-Digest-SHA1 openldap-servers perl-LDAP gcc go to this webpage to download THE EXACT SAME version of smbldap-tools you used to install the PDC, THE EXACT SAME NUMBERS!!!. And user the SAME domain names and passwords.


cd /home
tar -xvzf smbldap-installer-1.2.1.tgz
cd smbldap-installer

You already know which tools to use as described just above in the PDC setup guide. Will skip a few steps so that I can stop repeating myself and go into the real thing.

The first thing you must do is change on this BDC the following in

domain master = no
wins support = no
wins server = ip address of (your winsserver)

Don't forget to change the Share Definitions in your smb.conf file on the BDC as well to suit your needs.

Now you do the following on the BDC server , make sure samba is started up (/etc/init.d/smb start)

net rpc getsid
net join

you will be asked for the same password you use to join your windows clients to the samba domain.

the using Midnight Commander's or just mc ssh link or some other means whatever you like (easy is mc , then you select left and chose ssh and type in ip of server pdc, it looks like norton commander), copy from the pdc server /var/lib/ldap directory to bdc server /var/lib/ldap.

Berore the copy takes place make sure you stop the ldap server (/etc/init.d/ldap stop) on the bdc.

After the copy finished make sure that all files under /var/lib/ldap are owned by user ldap group ldap

cd /var/lib/ldap
chown ldap.ldap *

now you'll configure the slave ldap server on the bdc server like this


you can use whatever ip you like, I'm only writing down the modifications you have to make, leave the rest alone.



updatedn cn=Manager,dc=yourdomainname,dc=com
updateref ldap://

instead of yourdomainname you type your real domain name you used for the pdc, and instead of that ip you type the ip of the pdc.

now you can start this ldap server on the bdc server

/etc/init.d/ldap start

On the PDC server you do the following modifications to your ldap config






replica host=
bindmethod=simple credentials=yourpassword

replogfile /var/lib/ldap/replogfile

now restart ldap here as well


/etc/init.d/ldap restart

now you can try adding a user to you pdc server, via usrmgr.exe from windows or directly with smbldap-tools, then look into /var/lib/ldap/replica directory and you can see what happened in those log files, if you go to bdc server, and type the following.


id username

it must returnt the exact same id as the pdc server does.

Amongs other things you should also copy over the /var/lib/samba directory from the samba pdc to the samba bdc , so if the pdc is dead for some reason clients loging into the network will run their startup script.

You can have as many bdc servers as you want , in fact you can even have them in different subnets, just make sure that you specify the following in the PDC config (ONLY WITH DIFFERENT SUBNETS)



remote announce =
remote browse sync =

for the first parameter the foreign subnets are first, and your local subnet is last, for second parameter
your local subnet is first foreign subnet is last.

Kashif Aziz Awan
Posted in Uncategorized
Views 1919 Comments 1
« Prev     Main     Next »
Total Comments 1


  1. Old Comment
    o nice buddy
    Posted 02-26-2010 at 04:54 AM by kashifazizawan kashifazizawan is offline


All times are GMT -5. The time now is 04:56 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration