[Samba] Issue with two domains in one LDAP tree

Misty Stanley-Jones misty at borkholder.com
Fri Oct 29 14:18:18 GMT 2004 

Hi,

I've just moved a second Samba domain to LDAP -- it works great!  However, the 
first domain is now dead in the water.  It refuses to autenticate, and from 
the logs it looks like it's not find the SambaDomainName entry in the LDAP 
tree.  Here is a diagram of how my LDAP tree is set up.

dc=mycompany,dc=com
|___ ou=computers
|___ ou=people
|___ ou=groups
|___ sambaDomain=domain1
|___ ou=domain2
	|___ ou=computers
	|___ ou=people
	|___ ou=groups
	|___ sambaDomain=domain2

In domain1's smb.conf, I have:
ldap suffix = dc=mydomain,dc=com

In domain2's smb.conf, I have: 
ldap suffix = ou=domain2,dc=mydomain,dc=com

Domain2 is working flawlessly.  Domain1, however, is not.  When I do a simple 
'smbclient -L localhost' as root, I get the following log from slapd at 
loglevel 256:

Oct 29 09:03:23 oink slapd[5290]: conn=88 fd=16 ACCEPT from IP=127.0.0.1:32841 
(IP=0.0.0.0:389) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND 
dn="cn=Manager,dc=borkholder,dc=com" method=128 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND 
dn="cn=Manager,dc=borkholder,dc=com" mech=SIMPLE ssf=0 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 RESULT tag=97 err=0 text= 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH 
base="dc=borkholder,dc=com" scope=2 deref=0 
filter="(&(objectClass=sambaDomain)(sambaDomainName=corp1))" 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH attr=sambaDomainName 
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID 
sambaAlgorithmicRidBase objectClass 
Oct 29 09:03:23 oink slapd[5290]: <= bdb_equality_candidates: 
(sambaDomainName) index_param failed (18) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text= 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH 
base="dc=borkholder,dc=com" scope=2 deref=0 filter="(&(uid=root)
(objectClass=sambaSamAccount))" 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive 
sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword 
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory 
modifyTimestamp sambaLogonHours modifyTimestamp 
Oct 29 09:03:26 oink slapd[5290]: <= bdb_equality_candidates: (uid) 
index_param failed(18) 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SEARCH RESULT tag=101 err=0 
nentries=2 text= 
Oct 29 09:03:26 oink slapd[5290]: conn=88 fd=16 closed 
Oct 29 09:03:27 oink slapd[5290]: conn=24 fd=18 closed 
 
I also want to say that the reason I have domain2 off in its own subtree is 
that it is going to eventually control its portion of the tree and take 
referrals from the main LDAP tree.  It's over a T1 from the main office and I 
want to keep bandwidth down.  I could put domain1 in its own subtree as well, 
but it seems a little overkill if I can avoid it since there will be about 50 
users of domain1 and only about 10 of domain2.

Thanks for any help you can give,
Misty

More information about the samba mailing list