samba 3.0.x to Samba-3.2.x PDC/LDAP migration problem

Ignacio Coupeau icoupeau at unav.es
Wed Sep 24 10:38:37 GMT 2008 

I'm have been a year out of the samba arena, so I apologize if the 
question is too trivial.

We are testing the migration of our domain PDC, BDCs, ldap, etc, with 
several thousand WS, from samba-3.0.2x to samba-3.2.3. (as matter of 
fact I use samba+LDAP from the samba-1.8pre days: thanks TEAM).

The official documentation about this upgrade is empty:
35.1.1 Upgrading from Samba-3.0.x to Samba-3.2.0, also in the web.

After some reading, I changed the samba.schema, added some index for the 
new attrs, etc.  The smb started well, and somethings as
	smbpasswd -a <user>
goes well. The dn used in the ldap connections are the usual:

     base="ou=smb,o=accounts,dc=..."

But the (very big) problem is that any "domain" operation: add WS, join, 
etc., uses a dn as base like this:
 
base="sambaDomainName=UNAV-PDC-01,sambaDomainName=unav-pdc-01,ou=smb,o=accounts,dc=..."
and filter
filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=unav-pdc-01))"

1. The dn shows an additional "sambaDomainName=UNAV-PDC-01" in 
uppercase, added by samba;

2. As we don't have any trusted relation at this moment, the LDAP don't 
have any objectClass=sambaTrustedDomainPassword. I tried
"allow trusted domains = No", but the dn remains incorrect.

I follow every link I found, but nothing.

In the code, the function that appends the "extra" domain is
source/passdb/pdb_ldap.c:get_trusteddom_pw_int()
....
filter = talloc_asprintf(talloc_tos(),
	"(&(objectClass=%s)(sambaDomainName=%s))",
	LDAP_OBJ_TRUSTDOM_PASSWORD, domain);
....

but as I don't have any trust relationship, this call should be skipped 
or the result ignored, right?

I tested some shortcuts without any luck:
a. add a trusted domain o PDC membership, but the PDC uses the the long dn;
b. create the sambaTrustedDomainPassword oc, but requires attributes I 
don't know how initialize (like previous clear passwd, etc.)

May some one enlighten me a bit?

Thanks in advance,
Ignacio

-- 
________________________________________________________
Dr. Ignacio Coupeau
Systems and Network Services Director
IT Services
University of Navarra           http://www.unav.edu/
Pamplona, SPAIN                 http://www.unav.es/SI/

More information about the samba-technical mailing list