[Samba] samba + slave OpenLdap (read-only)

jakjr joao.alfredo at gmail.com
Wed Jul 2 19:47:42 GMT 2008 

Hey,

Here another log:

Samba try to change some atributes, like sambaNTPassword (gree)
and ldap return an error (red) and a referral for the mastes ldap. But samba
do not follow this referral.

Why samba try to change this atributes ??

Thanks.

[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_make_mod(520)
  smbldap_make_mod: deleting attribute |sambaNTPassword| values
|4619D0EB563CB8FAE84FF83A11AB50A4|
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_make_mod(529)
  smbldap_make_mod: adding attribute |sambaNTPassword| value
|3F320F8E58CD749B1A6A9333A9E77E02|
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
  element 34: SET
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
  element 21: SET
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(222)
  element 21: CHANGED
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_make_mod(520)
  smbldap_make_mod: deleting attribute |sambaPwdLastSet| values |2147483647|
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_make_mod(529)
  smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1215027392|
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
  element 27: SET
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
  element 20: SET
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
  element 29: SET
[2008/07/02 16:36:32, 5] lib/smbldap.c:smbldap_modify(1363)
  smbldap_modify: dn => [uid=vmcelepar11201$,ou=TEST,dc********]
[2008/07/02 16:36:32, 11] lib/smbldap.c:smbldap_open(1043)
  smbldap_open: already connected to the LDAP server
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_modify(1377)
  Failed to modify dn: uid=vmcelepar11201$,ou=TEST,dc=**********, error:
Referral ()
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_set_init_flags(425)
  element 35 -> now CHANGED


On Wed, Jul 2, 2008 at 11:51 AM, jakjr <joao.alfredo at gmail.com> wrote:

> No. Samba does not create any account in ldap (users or machines).
>
> This accounts are created by another software, like (phpSambaAdmin).
>
> smb.conf:
> [global]
>   workgroup = caresl
>   netbios name = scaresmb03
>   ldap admin dn = uid=smb--admin,dc******
>   ldap suffix = ou=test,dc=*****
>   ldap passwd sync = No
>   passdb backend = ldapsam:ldap://10.1*****
>   dns proxy = No
>   name resolve order = wins bcast
>   server string =
>   unix charset = iso8859-1
>   ldap timeout = 45
>   enable privileges = Yes
>   admin users = @smb-administrators
>   veto files = /.Trash-%U/
>   oplocks = No
>   level 2 oplocks = No
>   time server = Yes
>   kernel oplocks = No
>   preferred master = Yes
>   local master = Yes
>   domain master = Yes
>   os level = 65
>   ldap replication sleep = 5000
>
>   domain logons = Yes
>   wins support = Yes
>   logon drive = u
>   logon path =
>   logon home = \\\%U$
>   logon script = %U.bat
>
> #### Debugging/Accounting ####
>
>   log level = 10
>
>
> Log from ldap when trying include a machine to domain:
> Jul  2 11:44:18 starget slapd[19617]: conn=10 op=30 ENTRY
> dn="uid=vmtest11201$,ou=test,********"
> Jul  2 11:44:18 starget slapd[19617]: conn=10 op=30 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Jul  2 11:44:18 starget slapd[19617]: conn=10 op=31 MOD
> dn="uid=vmtest11201$,ou=*****"
> Jul  2 11:44:18 starget slapd[19617]: conn=10 op=31 MOD
> attr=sambaPwdCanChange sambaPwdCanChange sambaNTPassword sambaNTPassword
> sambaPwdLastSet sambaPwdLastSet
> Jul  2 11:44:18 starget slapd[19617]: conn=10 op=31 RESULT tag=103 err=10text=
>
> This error code from ldap means that ldap return a referral to samba.
>
> Samba should follow this referral until the master ldap.
>
> Some many thanks.
>
> João Alfredo
>
>
> On Wed, Jul 2, 2008 at 11:44 AM, Tomasz Chmielewski <mangoo at wpkg.org>
> wrote:
>
>> jakjr schrieb:
>>
>>> I'm using a thitd-party software to create the accounts in the ldap.
>>>
>>> But the problem is when I try to include this machine (the entry of this
>>> machine already exist in ldap) in my samab domain using a ldap-replica
>>> (read-only).
>>>
>>> Samba try to modify some atributes in the slave (read-only), the slave
>>> return a referral and samba is not following the referral to the master
>>> ldap
>>> (when the samba has right to modify this atributes).
>>>
>>
>> Is it Samba that really creates the accounts?
>>
>> Can you paste your smb.conf?
>>
>>
>>
>> --
>> Tomasz Chmielewski
>> http://wpkg.org
>>
>>
>

More information about the samba mailing list