[Samba] samba + slave OpenLdap (read-only)
jakjr
joao.alfredo at gmail.com
Wed Jul 2 14:51:10 GMT 2008
No. Samba does not create any account in ldap (users or machines).
This accounts are created by another software, like (phpSambaAdmin).
smb.conf:
[global]
workgroup = caresl
netbios name = scaresmb03
ldap admin dn = uid=smb--admin,dc******
ldap suffix = ou=test,dc=*****
ldap passwd sync = No
passdb backend = ldapsam:ldap://10.1*****
dns proxy = No
name resolve order = wins bcast
server string =
unix charset = iso8859-1
ldap timeout = 45
enable privileges = Yes
admin users = @smb-administrators
veto files = /.Trash-%U/
oplocks = No
level 2 oplocks = No
time server = Yes
kernel oplocks = No
preferred master = Yes
local master = Yes
domain master = Yes
os level = 65
ldap replication sleep = 5000
domain logons = Yes
wins support = Yes
logon drive = u
logon path =
logon home = \\\%U$
logon script = %U.bat
#### Debugging/Accounting ####
log level = 10
Log from ldap when trying include a machine to domain:
Jul 2 11:44:18 starget slapd[19617]: conn=10 op=30 ENTRY
dn="uid=vmtest11201$,ou=test,********"
Jul 2 11:44:18 starget slapd[19617]: conn=10 op=30 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul 2 11:44:18 starget slapd[19617]: conn=10 op=31 MOD
dn="uid=vmtest11201$,ou=*****"
Jul 2 11:44:18 starget slapd[19617]: conn=10 op=31 MOD
attr=sambaPwdCanChange sambaPwdCanChange sambaNTPassword sambaNTPassword
sambaPwdLastSet sambaPwdLastSet
Jul 2 11:44:18 starget slapd[19617]: conn=10 op=31 RESULT tag=103 err=10text=
This error code from ldap means that ldap return a referral to samba.
Samba should follow this referral until the master ldap.
Some many thanks.
João Alfredo
On Wed, Jul 2, 2008 at 11:44 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote:
> jakjr schrieb:
>
>> I'm using a thitd-party software to create the accounts in the ldap.
>>
>> But the problem is when I try to include this machine (the entry of this
>> machine already exist in ldap) in my samab domain using a ldap-replica
>> (read-only).
>>
>> Samba try to modify some atributes in the slave (read-only), the slave
>> return a referral and samba is not following the referral to the master
>> ldap
>> (when the samba has right to modify this atributes).
>>
>
> Is it Samba that really creates the accounts?
>
> Can you paste your smb.conf?
>
>
>
> --
> Tomasz Chmielewski
> http://wpkg.org
>
>
More information about the samba
mailing list