Patrick Taylor
2004-Aug-06 07:04 UTC
[Samba] Suggestions??: Got too many (2) domain info entries for domain
HI there,
I'm franging around trying to put (open)LDAP at the centre of my universe,
which works with imap/pop and sendmail, but samba is a different kettle of
fish...
after much testing I finally get bogged down at:
"Got too many (2) domain info entries for domain" in the logs, and
nothign progresses after that.
And "yes" the ldap root bind password is set, iptables are OFF, etc,
etc.
My smb.cong has:
# - testing - ldap server = 10.79.52.1
ldap admin dn = cn=root,dc=naturecare,dc=com,dc=au
ldap port = 389
ldap filter = "(&(uid=%U)(objectclass=sambaSAMAccount))"
passdb backend = ldapsam:ldap://ldap.ncc:389/
ldap delete dn = No
ldap passwd sync = Yes
ldap suffix = dc=naturecare,dc=com,dc=au
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
My openldap access-control has:
" "
include /etc/openldap/schema/samba.schema
" "
access to attrs=userPassword
by self write
by * auth
access to attrs=lmPassword,ntPassword
by dn="cn=root,dc=naturecare,dc=com,dc=au" write
by * none
access to *
by dn="cn=root,dc=naturecare,dc=com,dc=au" write
by dn="cn=ldapadministrator,dc=naturecare,dc=com,dc=au" write
by self write
by * read
by * auth
- and yes the root bind password is the same (and I'm only doign as root
while testing, etc etc.)
Been 3 days now of total frustration and very litle help googling : (
Any suggestions appreciated
Cheers
Pat
P.S. Instead of having to add sambaSAMAccount objects for all my current users,
is it possible to filter on posixAccount?
Patrick Taylor
ICT Manager
Nature Care College
79 Lithgow St St Leonards NSW 2065 Sydney, Australia.
ph: +61 2 8437 7836
fax: +61 2 9439 9308
--
This email and any attachments may contain privileged and confidential
information and are intended for the named addressee only. If you have received
this e-mail in error, please notify the sender and delete this e-mail
immediately. Any confidentiality, privilege or copyright is not waived or lost
because this e-mail has been sent to you in error. It is your responsibility to
check this e-mail and any attachments for viruses.
--
Andrew Bartlett
2004-Aug-06 07:33 UTC
[Samba] Suggestions??: Got too many (2) domain info entries for domain
On Fri, 2004-08-06 at 00:05, Patrick Taylor wrote:> HI there, > > I'm franging around trying to put (open)LDAP at the centre of my universe, which works with imap/pop and sendmail, but samba is a different kettle of fish... > > after much testing I finally get bogged down at: > > "Got too many (2) domain info entries for domain" in the logs, and nothign progresses after that.First, run slapindex (with openldap shut down) - that's probably how you got this broken in the first place. Then remove both entries, and let samba add it again. Andrew Bartlett -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040806/c456dcd6/attachment.bin