[Samba] Re: samba (2.2.7a) + openldap (2.0.x)

Buchan Milne bgmilne at cae.co.za
Fri Jan 10 10:53:00 GMT 2003 

C.Lee Taylor wrote:
> Buchan Milne wrote:
> 
>> OK, I stayed a bit late, waiting for things to finish compiling etc ...
> 
>     You should not work that hard ... ;-)

Tell me about it, but we're on a tight schedule, and I have a day-job
(if you call MSc.Eng thesis a job ...)

> 
>> and did some tests. It seems to work. What I did was just point the
>> production DC at a slave server, and then
> 
>     Kewl ...
> 
>> 1)try and change my password
>> a)while both ldap servers were running (works)
> 
>     Great ... did you watch the traffic follow by any chance ...

I did, (openldap log level 256) but the clocks on the machines weren't
synced, so I couldn't see exactly the sequence of events, but there were
MOD requests to both ...

> 
>> b)while only the slave is running (doesn't work)
> 
>     That should not, at least not by the standards that I understand
> that LDAP replcia works ...
> 
>> c)while only the master is running (doesn't work)
> 
>     That should work, but I think that might be a smb.conf thing ...

Ideally it should work for failover, but I think this will only be
available in 3 with passdb backend = ldap://host1 ldap://host2

(Ok, got your other mail which indicates that 'ldap server = host1
host2' should work. OK, I will see if I can do a different test which
doesn't force me to mess with the DC, we have a replica running on the
box which will become the new DC next week, might as well test it there
....)

> 
>> 2)connect to my homes share
>> a)while both servers were running (works)
>> b)while only the slave was running (works)
>> c)while only the master is running (doesn't work)
> 
>     Same as the above ...
> 
>> So, it seems to be all correct, but it would be nice to have ldap
>> failover (multiple ldap servers listed in smb.conf?), but not absolutely
>> necessary. Now our WAN setup should work!
> 
>     This is how I intend it to work, but have not finish testing ...
> 
>> And, I also seem to not be able to have machine accounts created by
>> samba. I lost the (samba) log now, but while I had smbcontrol'ed the
>> smbd handling my domain join, I saw an ldap search string something like
>> this:
>>
>> (&(uid=machine_)(objectclass=sambaAccount))
>>
>> where it should have been like this:
>> (&(uid=machine$)(objectclass=sambaAccount))
> 
>     This I am not certain about this ... but I would think it better to
> use LDAP scripts to add the accounts, which I think IDXP or something
> like that does have ... remember, if you use the normal way, Samba is
> tring to add an account into passwd and shadow, which will not work ...

The mandrake RPMs ship with idealx-tools setup by default in
/usr/share/samba/scripts, with the config in /etc/samba/smbldap_conf/pm,
and I have:

   add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d
/dev/null -g machines -s /bin/false %u

This worked fine until yesterday when I upgraded from 2.2.6 to 2.2.7a

> 
>> Without the LDAP entry in the server, I got a "No mapping was done
>> between .... etc " error on the client.
> 
>     Do you have the LDAP enter at all ...

I lost my level 5 debug log when I wanted to see samba referral later
when I set debug level to 10 :-(. Will test again a bit later ... and
save the log this time ...

> 
>> I also had a local machine account (in passwd) at which time I did not
>> get the error AFAICR, but it failed to join.
> 
>     Mmm, I have had problems when there is an account already ...
> something fails ... I do remember somework in Head to get around this,
> but not in 2.2
> 
>> I was hoping to release 2.2.7a RPMs for Mandrake now, but they can't
>> ship like this ...
> 
>     I have made some RPMs for RedHat 8.0, which is what I am about to
> test, and I see Herb Lewis has sent me a patch for the autoconf check,
> which I have not looked at yet either ... but I am hoping this can all
> come together soon ...

Wouldn't mind seeing the patch, but would like to have ldap machine
addition working (and test machine addition without ldap) before we ship
updates ...

BTW, anyone who as a working setup for testing large file support in
smbtar/smbclient on a Mandrake 8.2 or 9.0 box, please contact me as I
have RPMs with both patches for those releases, and I don't currently
have resources to test those ...

Buchan


-- 
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

More information about the samba mailing list