[Samba] samba + slave OpenLdap (read-only)

jakjr joao.alfredo at gmail.com
Wed Jul 2 14:51:10 GMT 2008


No. Samba does not create any account in ldap (users or machines).

This accounts are created by another software, like (phpSambaAdmin).

smb.conf:
[global]
  workgroup = caresl
  netbios name = scaresmb03
  ldap admin dn = uid=smb--admin,dc******
  ldap suffix = ou=test,dc=*****
  ldap passwd sync = No
  passdb backend = ldapsam:ldap://10.1*****
  dns proxy = No
  name resolve order = wins bcast
  server string =
  unix charset = iso8859-1
  ldap timeout = 45
  enable privileges = Yes
  admin users = @smb-administrators
  veto files = /.Trash-%U/
  oplocks = No
  level 2 oplocks = No
  time server = Yes
  kernel oplocks = No
  preferred master = Yes
  local master = Yes
  domain master = Yes
  os level = 65
  ldap replication sleep = 5000

  domain logons = Yes
  wins support = Yes
  logon drive = u
  logon path =
  logon home = \\\%U$
  logon script = %U.bat

#### Debugging/Accounting ####

  log level = 10


Log from ldap when trying include a machine to domain:
Jul  2 11:44:18 starget slapd[19617]: conn=10 op=30 ENTRY
dn="uid=vmtest11201$,ou=test,********"
Jul  2 11:44:18 starget slapd[19617]: conn=10 op=30 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul  2 11:44:18 starget slapd[19617]: conn=10 op=31 MOD
dn="uid=vmtest11201$,ou=*****"
Jul  2 11:44:18 starget slapd[19617]: conn=10 op=31 MOD
attr=sambaPwdCanChange sambaPwdCanChange sambaNTPassword sambaNTPassword
sambaPwdLastSet sambaPwdLastSet
Jul  2 11:44:18 starget slapd[19617]: conn=10 op=31 RESULT tag=103 err=10text=

This error code from ldap means that ldap return a referral to samba.

Samba should follow this referral until the master ldap.

Some many thanks.

João Alfredo

On Wed, Jul 2, 2008 at 11:44 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote:

> jakjr schrieb:
>
>> I'm using a thitd-party software to create the accounts in the ldap.
>>
>> But the problem is when I try to include this machine (the entry of this
>> machine already exist in ldap) in my samab domain using a ldap-replica
>> (read-only).
>>
>> Samba try to modify some atributes in the slave (read-only), the slave
>> return a referral and samba is not following the referral to the master
>> ldap
>> (when the samba has right to modify this atributes).
>>
>
> Is it Samba that really creates the accounts?
>
> Can you paste your smb.conf?
>
>
>
> --
> Tomasz Chmielewski
> http://wpkg.org
>
>


More information about the samba mailing list