[Samba] winbind doesn't follow updateref in replica ldap server
Peter Kruse
pk at q-leap.com
Sat Oct 9 09:38:59 GMT 2004
Hello all,
I have setup an HA cluster running under Debian GNU/Linux with
samba 3.0.7, openldap 2.0.23 with two machines. Each
machine runs winbindd and slapd. One additionally runs slurpd
to replicate to the other. Replication works but
winbind seems to add entries on the secondary ldap server
and not follow the updateref given from the server.
This is a problem since the ldap database run out of sync.
The relevant configuration items are:
primary:
slapd.conf:
replica host=secondary:389 bindmethod=simple
binddn=cn=admin,dc=domain,dc=com credential=secret
smb.conf:
idmap uid = 10000-650000
idmap gid = 10000-650000
winbind enum users = yes
winbind enum groups = yes
idmap backend = ldap:ldap://localhost
ldap admin dn = "cn=admin,dc=domain,dc=com"
ldap suffix = "dc=com,dc=com"
secondary:
slapd.conf:
updatedn cn=admin,dc=domain,dc=com
updateref ldap://primary
smb.conf:
idmap uid = 10000-650000
idmap gid = 10000-650000
winbind enum users = yes
winbind enum groups = yes
idmap backend = ldap:ldap://localhost
ldap admin dn = "cn=admin,dc=domain,dc=com"
ldap suffix = "dc=com,dc=com"
(I have not setup an ou=idmap but this shouldn't matter)
I have added the credential wich "smbpasswd -w" on both servers.
winbind stores the idmap entries in the ldap database. But when
I do "su <some ads user>" on the secondary the uid of <some ads user>
is stored in the ldap database of the secondary when the uid
hasn't been seen before on the primary. When I do
"su - <another ads user>" on the primary the idamp is stored
in the ldap database of the primary and replicated to the
secondary correctly.
There are no log messages the indicate a problem or a hint
for a solution. I have seen a message on this list concerning
the same problem but no answer, so I thought I give you a little
more information on this.
thanks,
Peter
More information about the samba
mailing list