Samba and referrals in LDAP
MarshallJ at switch.aust.com
MarshallJ at switch.aust.com
Tue Jan 22 19:18:02 GMT 2002
I've managed to get Samba to store its passdb in an LDAP (openldap 2.0.18)
backend (using 2.2 cvs from about a week ago) and all is working well
except in a multi-ldap-server configuration.
When I am communicating with the master ldap server, I am able to
add/change/delete entries. When communicating with a slave ldap server, I
get a referral to the master ldap server to make the change. When samba
contacts the master ldap server, it doesn't bind with the appropriate dn
to authenticate and make the change.
I am using simple authentication (ie not SASL) and am not currently using
SSL.
Here's a command I tried:
marshallj at 10.10.10.11:~$ sudo smbpasswd fred
New SMB password:
Retype new SMB password:
failed to modify user with uid = fred with: Insufficient access
Failed to modify entry for user fred.
Failed to modify password entry for user fred
Here's a snippet of the logs:
Jan 23 13:07:32 slaveldap slapd[15472]: daemon: conn=11 fd=14 connection
from IP=10.10.10.11:4005 (IP=0.0.0.0:34049) accepted.
Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=0 BIND
dn="UID=MARSHALLJ,OU=PEOPLE,DC=USSAUS" method=128
Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=0 RESULT tag=97 err=0
text=
Jan 23 13:07:32 slaveldap slapd[15472]: deferring operation
Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=1 SRCH
base="ou=samba,dc=ussaus" scope=2
filter="(&(uid=fred)(objectClass=sambaAccount))"
Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=1 SEARCH RESULT tag=101
err=0 text=
Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=2 MOD
dn="uid=fred,ou=samba,dc=ussaus"
Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=2 RESULT tag=103 err=9
text=Referral: ldap://masterldap.ussbris
Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=3 UNBIND
Jan 23 13:07:32 slaveldap slapd[15480]: conn=-1 fd=14 closed
Jan 23 13:07:32 masterldap slapd[5268]: daemon: conn=62 fd=15 connection
from IP=10.10.10.11:4006 (IP=0.0.0.0:34049) accepted.
Jan 23 13:07:32 masterldap slapd[5274]: conn=62 op=0 BIND dn="" method=128
Jan 23 13:07:32 masterldap slapd[5274]: conn=62 op=0 RESULT tag=97 err=0
text=
Jan 23 13:07:32 masterldap slapd[5287]: conn=62 op=1 MOD
dn="uid=fred,ou=samba,dc=ussaus"
Jan 23 13:07:32 masterldap slapd[5287]: conn=62 op=1 RESULT tag=103 err=50
text=
Jan 23 13:07:32 masterldap slapd[5286]: conn=62 op=2 UNBIND
Jan 23 13:07:32 masterldap slapd[5286]: conn=-1 fd=15 closed
Jan 23 13:07:32 masterldap slapd[5268]: conn=-1 fd=10 closed
Notice that when 10.10.10.11 connects to the master ldap server, it sends
an empty dn in the BIND operation.
I assume this is a bug in the software (be it samba or a library it uses)
- is there a work-around for this?
Thanks for any assistance,
Josh Marshall
More information about the samba
mailing list