[Samba] ldap replication, the second, keep your internal domain away from .local domain , cause suse 9.1 will not resolve this by dns

RRuegner robert at ruegner.org
Tue May 11 12:33:46 GMT 2004

Stefan Kania schrieb:

> Hello,
> I have two ldapservers with Samba PDC and BDC. I started with the PDC i
> use Suse 9.0 with ldap "out of the box" and Samba 3.0.2a. Everything is
> working fine with only the PDC running. Now i configured replication. In
> my slapd.conf file on the master server i added the following lines
> #permission
> access to * by dn="cn=repl,dc=felix,dc=local" write
> # database definition
> replogfile	/var/lib/ldap/slurpd/slurpd.log
> replica uri=ldap://felixols01.felix.local:389
> binddn="cn=repl,dc=felix,dc=local"
> bindmethod=simple
> credentials=topsecret
> tls=no
> In slapd.conf of my slave server i added:
> updatedn	"cn=repl,dc=felix,dc=local"
> updateref	ldap://felixsch01.felix.local
> I copied all database files from master to slave. Then i started all
> services in the following order:
> - ldapserver on slave
> - ldapserver on master
> - slurpd on master
> I checked replication. Everything was working i added some new objects
> on my master server and with the ldap-browser i could see the new object
> on my master and slave server. I can change all attributes on all
> objects and i can browse throug the whole ldap-tree.
> But now my problem started. It is no longer possible to log in to the
> system :-(. With login over ssh i got the message "permission denied"
> when i login as root everything works, then i try "su my-name" i got the
> message "no such user my-name". Also an "ldapsearch -x -h localhost
> (cn=my-name)" woun't bring up any results.
> Is there someone who can help me, im totally lost?
> Stefan
Hi Stefan , i forgot something
last week i set up a suse 9.1 in my internal smb dns net.
i had a internal dns domain called .local too.
Suse 9.1 one does the lookup for internal .local domain anymore
Suse now implements .local Domains as mdns , for sure without any need
and there is no fallback to dns,
so if you have later a suse 9.1 machine and a local domain
you will get into big troubles.
I had to change my internal .loacl domain trough many hours. ( i have a 
big intranet )
Suse writes a small note about this in the release note of 9.1
and the support was not really helpfull, to this ( bug / feature )
see this link ( sorry german )
so for .local domains there is no
fallback to dns planned, only resolution is done with multicast. In my 
opinion this breaks every rfc i read,
and i will go away from suse in the future .
You can fix this behavior in suse 9.1 by compile a new glibc
and or copy created new libresolv to /lib.
So this is only a warning for you , if your just starting with your dns
and you want use suse in the future dont use a internal .local dns 
domain, cause suse is not willing to fix their special glibc version
Best Regards

More information about the samba mailing list