[Samba] [Follow-UP] samba BDC + LDAP slave Referral errors

Bruno Guerreiro bruno.guerreiro at ine.pt
Tue Oct 10 09:41:18 GMT 2006 

Hi,
You can't write to a slave.
Even in a pure Windows NT domain environment you can't do write operations
against a BDC.
Whenever a slave LDAP server needs to write anything to database, it returns
the updateref.
That's exactly what is happening and beeing logged in your log's.

[2006/05/31 15:32:48, 1] 
> passdb/pdb_ldap.c:ldapsam_modify_entry(1495)
> >>  >  ldapsam_modify_entry: Failed to modify user dn=  > 
> >> uid=pc00829$,ou=Machines,dc=brrc,dc=be with: Referral  >

On the other hand, read operations work just fine.

[2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> >>  >  init_sam_from_ldap: Entry found for user: pc00829$  >

Did you set up your ldap admin dn value correctly?

Best Regards,
Bruno Guerreiro

> -----Original Message-----
> From: Michael Gasch [mailto:gasch at eva.mpg.de] 
> Sent: terça-feira, 10 de Outubro de 2006 10:22
> To: bruno.guerreiro at ine.pt
> Cc: 'samba'
> Subject: Re: [Samba] [Follow-UP] samba BDC + LDAP slave 
> Referral errors
> 
> hi,
> 
> sorry to confuse you. i did set up updateref but no 
> additional referrals.
> 
> as i read here http://tech.stlsawall.com/index.php/?page_id=4 
> it´s impossible to have simple bind working with referrals. 
> so i think i have to switch to SASL.
> 
> i think i should google a little bit on openldap, sasl, 
> referrals and samba.
> 
> possibly someone has an idea/link/...???
> 
> thx!
> 
> Bruno Guerreiro wrote:
> > Hi,
> > I may be overlooking something, but how did you set up a LDAP slave 
> > without a referral?
> > 
> > 
> > From man 5 slapd.conf
> > 
> > updateref <url>
> > 	Specify  the  referral  to  pass back when slapd(8) is asked to 
> > modify a replicated local database.  If specified multiple 
> times, each 
> > url is provided.
> > 
> > Best Regards,
> > Bruno Guerreiro
> > 
> >> -----Original Message-----
> >> From: samba-bounces+bruno.guerreiro=ine.pt at lists.samba.org
> >> [mailto:samba-bounces+bruno.guerreiro=ine.pt at lists.samba.org]
> >> On Behalf Of Michael Gasch
> >> Sent: terça-feira, 10 de Outubro de 2006 7:37
> >> To: samba
> >> Subject: [Samba] [Follow-UP] samba BDC + LDAP slave Referral errors
> >>
> >> hi,
> >>
> >> i see the same error message with samba 3.0.14a and OpenLDAP
> >> 2.2.23 (Debian Packages) with Master/Slave setup.
> >>
> >> i did not set up a referral to the master, so why does samba get a 
> >> referral when attempting to write to a slave? is this an in-build 
> >> samba feature? do i have to enable referrals to get this to work 
> >> properly?
> >>
> >> any advise is appreciated!
> >> thx!
> >> micha
> >>
> >> Zwonarz Ivo wrote:
> >>  > We use sambaPDC + LDAP
> >>  > On our BDC we have a replicated ldap slave.
> >>  > Everything seems to work fine.
> >>  >
> >>  > Hower, in the smbd log file we have the following 
> messages (only 
> >> on the  > BDC's)  >  > [2006/05/31 15:25:08, 1]
> >> passdb/pdb_ldap.c:ldapsam_modify_entry(1495)
> >>  >  ldapsam_modify_entry: Failed to modify user dn=  > 
> >> uid=pc01233$,ou=Machines,dc=brrc,dc=be with: Referral  >
> >> [2006/05/31 15:25:08, 0]
> >> passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
> >>  >  ldapsam_update_sam_account: failed to modify user with uid = 
> >> pc01233$,  > error:  (Success)  > [2006/05/31 15:25:08, 1] 
> >> passdb/pdb_ldap.c:ldapsam_modify_entry(1495)
> >>  >  ldapsam_modify_entry: Failed to modify user dn=  > 
> >> uid=pc01233$,ou=Machines,dc=brrc,dc=be with: Referral  >
> >> [2006/05/31 15:25:08, 0]
> >> passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
> >>  >  ldapsam_update_sam_account: failed to modify user with uid = 
> >> pc01233$,  > error:  (Success)  >  >  > Can someone prevent this 
> >> errors?
> >>  > Does samba/openldap need to be changed?
> >>  > What is actually happening?
> >>  >
> >>  >
> >>  > With more Debug info:
> >>  > log level = 2 passdb:3 auth:3
> >>  > in smb.conf
> >>  >
> >>  > [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(219)
> >>  >  check_ntlm_password:  Checking password for unmapped user  > 
> >> []\[]@[PC00829] with the new password interface  >
> >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(222)
> >>  >  check_ntlm_password:  mapped user is: [BRRC]\[]@[PC00829]  > 
> >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(268)
> >>  >  check_ntlm_password: guest authentication for user [] 
> succeeded  
> >> > [2006/05/31 15:32:48, 2]
> >> lib/smbldap.c:smbldap_open_connection(692)
> >>  >  smbldap_open_connection: connection opened  > [2006/05/31 
> >> 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> >>  >  init_sam_from_ldap: Entry found for user: pc00829$  >
> >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> >>  >  init_sam_from_ldap: Entry found for user: pc00829$  >
> >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(219)
> >>  >  check_ntlm_password:  Checking password for unmapped user  > 
> >> []\[]@[PC00829] with the new password interface  >
> >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(222)
> >>  >  check_ntlm_password:  mapped user is: [BRRC]\[]@[PC00829]  > 
> >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(268)
> >>  >  check_ntlm_password: guest authentication for user [] 
> succeeded  
> >> > [2006/05/31 15:32:48, 2]
> >> passdb/pdb_ldap.c:init_sam_from_ldap(499)
> >>  >  init_sam_from_ldap: Entry found for user: pc00829$  >
> >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912)
> >>  >  init_ldap_from_sam: Setting entry for user: pc00829$  >
> >> [2006/05/31 15:32:48, 1] 
> passdb/pdb_ldap.c:ldapsam_modify_entry(1495)
> >>  >  ldapsam_modify_entry: Failed to modify user dn=  > 
> >> uid=pc00829$,ou=Machines,dc=brrc,dc=be with: Referral  >
> >> [2006/05/31 15:32:48, 0]
> >> passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
> >>  >  ldapsam_update_sam_account: failed to modify user with uid = 
> >> pc00829$,  > error:  (Success)  >  > [2006/05/31 15:32:48, 2] 
> >> passdb/pdb_ldap.c:init_sam_from_ldap(499)
> >>  >  init_sam_from_ldap: Entry found for user: pc00829$  >
> >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> >>  >  init_sam_from_ldap: Entry found for user: pc00829$  >
> >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> >>  >  init_sam_from_ldap: Entry found for user: pc00829$  >
> >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912)
> >>  >  init_ldap_from_sam: Setting entry for user: pc00829$  >
> >> [2006/05/31 15:32:48, 1] 
> passdb/pdb_ldap.c:ldapsam_modify_entry(1495)
> >>  >  ldapsam_modify_entry: Failed to modify user dn=  > 
> >> uid=pc00829$,ou=Machines,dc=brrc,dc=be with: Referral  >
> >> [2006/05/31 15:32:48, 0]
> >> passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
> >>  >  ldapsam_update_sam_account: failed to modify user with uid = 
> >> pc00829$,  > error:  (Success)  >  >  > Kind regards,
> >>> Ivo Zwonarz.
> >> --
> >> Michael Gasch
> >> Max Planck Institute for Evolutionary Anthropology Department of 
> >> Human Evolution (IT Staff) Deutscher Platz 6
> >> D-04103 Leipzig
> >> Germany
> >>
> >> Phone: 49 (0)341 - 3550 137
> >>         49 (0)341 - 3550 374
> >>
> >> Fax:   49 (0)341 - 3550 399
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/listinfo/samba
> >>
> > 
> > 
> > 
> 
> --
> Michael Gasch
> Max Planck Institute for Evolutionary Anthropology Department 
> of Human Evolution (IT Staff) Deutscher Platz 6
> D-04103 Leipzig
> Germany
> 
> Phone: 49 (0)341 - 3550 137
>         49 (0)341 - 3550 374
> 
> Fax:   49 (0)341 - 3550 399
>

More information about the samba mailing list