[Samba] Domain Logins across VPN
rob at desynched.net
rob at desynched.net
Fri May 26 18:19:42 GMT 2006
----- Original Message -----
From: "Duncan Brannen" <dbb at st-andrews.ac.uk>
Cc: <samba at lists.samba.org>
Sent: Friday, May 26, 2006 4:12 AM
Subject: Re: [Samba] Domain Logins across VPN
>> This configuration works. If I change passdb to 127.0.0.1 instead of
>> the Master LDAP's IP, this pops up in samba.smbd:
>>
>> [2006/05/24 14:53:30, 1] lib/smbldap_util.c:add_new_domain_info(198)
>> failed to add domain dn=
>> sambaDomainName=ATWORK,dc=atworkpersonnel,dc=com with: Server is
>> unwilling to perform
>> shadow context; no update referral
>> [2006/05/24 14:53:30, 0]
>> lib/smbldap_util.c:smbldap_search_domain_info(258)
>> Adding domain info for ATWORK failed with NT_STATUS_UNSUCCESSFUL
>>
>>
>> That's the only error I see popping up. Ideas?
>
> Has the entry dn= sambaDomainName=ATWORK,dc=atworkpersonnel,dc=com
> replicated across to your slave
> ldap server successfully?
>
> Check your ldap logs on the slave, I think samba does a lookup for the
> domain and adds it if it doesn't exist, otherwise
> is the updateref set in your slaves slapd.conf file? If the slave ldap
> server is telling samba it doesn't accept changes but
> not telling it where to send changes ( no update referral) you might get
> this problem.
>
> Hope this helps
>
> Duncan
Hi Duncan,
I'm not using slurpd for replication; I'm using syncrepl. The database
exists and is updated fine (if I add a user on the master, it exists on the
slave, etc).
I'm using the smbldap tools for samba, and on the slave machines, they
generate an error any time I try to use them (unless I point them at the
Master LDAP).
for example, if I try this:
smbldap-useradd -a testuser
it returns:
Error: shadow context; no update referral at
/usr/local/sbin//smbldap_tools.pm line 1005.
I believe this has something to do with the issue.
--
Rob
More information about the samba
mailing list