Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty
More info: I tried deleting ou=corp (after making a backup of course) and still no dice. As soon as I put back ou=corp and make the baseDN in smb.conf ou=corp, everything works. If I take all the entries under ou=corp and copy them one level up, I can't authenticate to Samba anymore. It doesn't make any sense. On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote:> Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. > I have it this way because there used to also be > ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have > one domain, I would like to move everything to dc=mycompany,dc=com. So I > copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, > and the sambaDomainName entries) to dc=mycompany,dc=com. I change the > /etc/ldap.conf files to all point to the new OU. Perfect. However when I > change the baseDN in my smb.conf, all of a sudden I cannot authenticate. > Even when doing smbcontrol smbd reload-config. The only thing I can figure > is that it might be doing a 'sub' search and finding two entries for my > user, because I left the 'ou=corp' DN as it was. Is it that, or is there > something else I have to do in order to restructure my LDAP tree? > > TIA, > Misty
On Wed, 2005-03-16 at 10:57 -0500, Misty Stanley-Jones wrote:> Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I > have it this way because there used to also be ou=furn,dc=mycompany,dc=com > with a different domain. Now that I only have one domain, I would like to > move everything to dc=mycompany,dc=com. So I copy all of the subentries of > ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName > entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all > point to the new OU. Perfect. However when I change the baseDN in my > smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol > smbd reload-config. The only thing I can figure is that it might be doing a > 'sub' search and finding two entries for my user, because I left the > 'ou=corp' DN as it was. Is it that, or is there something else I have to do > in order to restructure my LDAP tree?---- change nss/padl stuff? /etc/ldap.conf ??? Craig
Misty Stanley-Jones:> Right now, I have all of my Samba stuff under > ou=corp,dc=mycompany,dc=com. I have it this way because there used to > also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I > only have one domain, I would like to move everything to > dc=mycompany,dc=com. So I copy all of the subentries of ou=corp > (ou=computers, ou=people, ou=grooups, and the sambaDomainName > entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all > point to the new OU. Perfect. However when I change the baseDN in my > smb.conf, all of a sudden I cannot authenticate. Even when doing > smbcontrol smbd reload-config. The only thing I can figure is that it > might be doing a 'sub' search and finding two entries for my user, because > I left the > 'ou=corp' DN as it was. Is it that, or is there something else I have to > do in order to restructure my LDAP tree?Your /etc/ldap.conf doesn't have anything to do with /etc/samba/smb.conf. Further "copying" leaves in containers to other leaves in other containers is bound to end you up in some deep trouble, since you will then have duplicate UIDs and a lot more shit. First understand LDAP, then adapt it to Samba. --Tonni -- mail: tonye@billy.demon.nl http://www.billy.demon.nl