Samba and referrals in LDAP

Pascal Schelcher pascal.schelcher at free.fr
Wed Jan 23 00:45:06 GMT 2002 

Have you enter the password of the bind admin dn with "smbpasswd" ?

Pascal Schelcher.

----- Original Message -----
From: <MarshallJ at switch.aust.com>
To: <samba at samba.org>
Sent: Wednesday, January 23, 2002 4:13 AM
Subject: Samba and referrals in LDAP


> I've managed to get Samba to store its passdb in an LDAP (openldap 2.0.18)
> backend (using 2.2 cvs from about a week ago) and all is working well
> except in a multi-ldap-server configuration.
>
> When I am communicating with the master ldap server, I am able to
> add/change/delete entries. When communicating with a slave ldap server, I
> get a referral to the master ldap server to make the change. When samba
> contacts the master ldap server, it doesn't bind with the appropriate dn
> to authenticate and make the change.
>
> I am using simple authentication (ie not SASL) and am not currently using
> SSL.
>
> Here's a command I tried:
>
> marshallj at 10.10.10.11:~$ sudo smbpasswd fred
> New SMB password:
> Retype new SMB password:
> failed to modify user with uid = fred with: Insufficient access
>
> Failed to modify entry for user fred.
> Failed to modify password entry for user fred
>
> Here's a snippet of the logs:
>
> Jan 23 13:07:32 slaveldap slapd[15472]: daemon: conn=11 fd=14 connection
> from IP=10.10.10.11:4005 (IP=0.0.0.0:34049) accepted.
> Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=0 BIND
> dn="UID=MARSHALLJ,OU=PEOPLE,DC=USSAUS" method=128
> Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=0 RESULT tag=97 err=0
> text=
> Jan 23 13:07:32 slaveldap slapd[15472]: deferring operation
> Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=1 SRCH
> base="ou=samba,dc=ussaus" scope=2
> filter="(&(uid=fred)(objectClass=sambaAccount))"
> Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=1 SEARCH RESULT tag=101
> err=0 text=
> Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=2 MOD
> dn="uid=fred,ou=samba,dc=ussaus"
> Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=2 RESULT tag=103 err=9
> text=Referral: ldap://masterldap.ussbris
> Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=3 UNBIND
> Jan 23 13:07:32 slaveldap slapd[15480]: conn=-1 fd=14 closed
>
>
> Jan 23 13:07:32 masterldap slapd[5268]: daemon: conn=62 fd=15 connection
> from IP=10.10.10.11:4006 (IP=0.0.0.0:34049) accepted.
> Jan 23 13:07:32 masterldap slapd[5274]: conn=62 op=0 BIND dn="" method=128
> Jan 23 13:07:32 masterldap slapd[5274]: conn=62 op=0 RESULT tag=97 err=0
> text=
> Jan 23 13:07:32 masterldap slapd[5287]: conn=62 op=1 MOD
> dn="uid=fred,ou=samba,dc=ussaus"
> Jan 23 13:07:32 masterldap slapd[5287]: conn=62 op=1 RESULT tag=103 err=50
> text=
> Jan 23 13:07:32 masterldap slapd[5286]: conn=62 op=2 UNBIND
> Jan 23 13:07:32 masterldap slapd[5286]: conn=-1 fd=15 closed
> Jan 23 13:07:32 masterldap slapd[5268]: conn=-1 fd=10 closed
>
>
> Notice that when 10.10.10.11 connects to the master ldap server, it sends
> an empty dn in the BIND operation.
>
> I assume this is a bug in the software (be it samba or a library it uses)
> - is there a work-around for this?
>
> Thanks for any assistance,
>
> Josh Marshall
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list