[Samba] samba + slave OpenLdap (read-only)
jakjr
joao.alfredo at gmail.com
Wed Jul 2 19:47:42 GMT 2008
Hey,
Here another log:
Samba try to change some atributes, like sambaNTPassword (gree)
and ldap return an error (red) and a referral for the mastes ldap. But samba
do not follow this referral.
Why samba try to change this atributes ??
Thanks.
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_make_mod(520)
smbldap_make_mod: deleting attribute |sambaNTPassword| values
|4619D0EB563CB8FAE84FF83A11AB50A4|
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_make_mod(529)
smbldap_make_mod: adding attribute |sambaNTPassword| value
|3F320F8E58CD749B1A6A9333A9E77E02|
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
element 34: SET
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
element 21: SET
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(222)
element 21: CHANGED
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_make_mod(520)
smbldap_make_mod: deleting attribute |sambaPwdLastSet| values |2147483647|
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_make_mod(529)
smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1215027392|
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
element 27: SET
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
element 20: SET
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(217)
element 29: SET
[2008/07/02 16:36:32, 5] lib/smbldap.c:smbldap_modify(1363)
smbldap_modify: dn => [uid=vmcelepar11201$,ou=TEST,dc********]
[2008/07/02 16:36:32, 11] lib/smbldap.c:smbldap_open(1043)
smbldap_open: already connected to the LDAP server
[2008/07/02 16:36:32, 10] lib/smbldap.c:smbldap_modify(1377)
Failed to modify dn: uid=vmcelepar11201$,ou=TEST,dc=**********, error:
Referral ()
[2008/07/02 16:36:32, 11] passdb/pdb_get_set.c:pdb_set_init_flags(425)
element 35 -> now CHANGED
On Wed, Jul 2, 2008 at 11:51 AM, jakjr <joao.alfredo at gmail.com> wrote:
> No. Samba does not create any account in ldap (users or machines).
>
> This accounts are created by another software, like (phpSambaAdmin).
>
> smb.conf:
> [global]
> workgroup = caresl
> netbios name = scaresmb03
> ldap admin dn = uid=smb--admin,dc******
> ldap suffix = ou=test,dc=*****
> ldap passwd sync = No
> passdb backend = ldapsam:ldap://10.1*****
> dns proxy = No
> name resolve order = wins bcast
> server string =
> unix charset = iso8859-1
> ldap timeout = 45
> enable privileges = Yes
> admin users = @smb-administrators
> veto files = /.Trash-%U/
> oplocks = No
> level 2 oplocks = No
> time server = Yes
> kernel oplocks = No
> preferred master = Yes
> local master = Yes
> domain master = Yes
> os level = 65
> ldap replication sleep = 5000
>
> domain logons = Yes
> wins support = Yes
> logon drive = u
> logon path =
> logon home = \\\%U$
> logon script = %U.bat
>
> #### Debugging/Accounting ####
>
> log level = 10
>
>
> Log from ldap when trying include a machine to domain:
> Jul 2 11:44:18 starget slapd[19617]: conn=10 op=30 ENTRY
> dn="uid=vmtest11201$,ou=test,********"
> Jul 2 11:44:18 starget slapd[19617]: conn=10 op=30 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Jul 2 11:44:18 starget slapd[19617]: conn=10 op=31 MOD
> dn="uid=vmtest11201$,ou=*****"
> Jul 2 11:44:18 starget slapd[19617]: conn=10 op=31 MOD
> attr=sambaPwdCanChange sambaPwdCanChange sambaNTPassword sambaNTPassword
> sambaPwdLastSet sambaPwdLastSet
> Jul 2 11:44:18 starget slapd[19617]: conn=10 op=31 RESULT tag=103 err=10text=
>
> This error code from ldap means that ldap return a referral to samba.
>
> Samba should follow this referral until the master ldap.
>
> Some many thanks.
>
> João Alfredo
>
>
> On Wed, Jul 2, 2008 at 11:44 AM, Tomasz Chmielewski <mangoo at wpkg.org>
> wrote:
>
>> jakjr schrieb:
>>
>>> I'm using a thitd-party software to create the accounts in the ldap.
>>>
>>> But the problem is when I try to include this machine (the entry of this
>>> machine already exist in ldap) in my samab domain using a ldap-replica
>>> (read-only).
>>>
>>> Samba try to modify some atributes in the slave (read-only), the slave
>>> return a referral and samba is not following the referral to the master
>>> ldap
>>> (when the samba has right to modify this atributes).
>>>
>>
>> Is it Samba that really creates the accounts?
>>
>> Can you paste your smb.conf?
>>
>>
>>
>> --
>> Tomasz Chmielewski
>> http://wpkg.org
>>
>>
>
More information about the samba
mailing list