[Samba] Domain Logins across VPN

rob at desynched.net rob at desynched.net
Fri May 26 18:19:42 GMT 2006

----- Original Message -----
From: "Duncan Brannen" <dbb at st-andrews.ac.uk>
Cc: <samba at lists.samba.org>
Sent: Friday, May 26, 2006 4:12 AM
Subject: Re: [Samba] Domain Logins across VPN

>> This configuration works. If I change passdb to instead of
>> the Master LDAP's IP, this pops up in samba.smbd:
>> [2006/05/24 14:53:30, 1] lib/smbldap_util.c:add_new_domain_info(198)
>>  failed to add domain dn=
>> sambaDomainName=ATWORK,dc=atworkpersonnel,dc=com with: Server is
>> unwilling to perform
>>        shadow context; no update referral
>> [2006/05/24 14:53:30, 0]
>> lib/smbldap_util.c:smbldap_search_domain_info(258)
>>  Adding domain info for ATWORK failed with NT_STATUS_UNSUCCESSFUL
>> That's the only error I see popping up. Ideas?
> Has the entry dn= sambaDomainName=ATWORK,dc=atworkpersonnel,dc=com
> replicated across to your slave
> ldap server successfully?
> Check your ldap logs on the slave, I think samba does a lookup for the
> domain and adds it if it doesn't exist, otherwise
> is the updateref set in your slaves slapd.conf file?  If the slave ldap
> server is telling samba it doesn't accept changes but
> not telling it where to send changes ( no update referral) you might get
> this problem.
> Hope this helps
>       Duncan

Hi Duncan,
I'm not using slurpd for replication; I'm using syncrepl. The database
exists and is updated fine (if I add a user on the master, it exists on the
slave, etc).

I'm using the smbldap tools for samba, and on the slave machines, they
generate an error any time I try to use them (unless I point them at the
Master LDAP).

for example, if I try this:
smbldap-useradd -a testuser

it returns:
Error: shadow context; no update referral at
/usr/local/sbin//smbldap_tools.pm line 1005.

I believe this has something to do with the issue.


More information about the samba mailing list