samba - Oct 2004 - openldap2 + samba3 user changed password on BDC wouldn't sync with PDC

Hi all,
 
I am newbie on this and I couldn't figure out what I have configured wrong.
 
I have setup three Linux Debian Sarge servers with openldap2 + samba3.  
PDC and master ldap on one machine and BDC slave ldap on the other two.  
I followed instructions on
http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html to set them up.  
I am using utilities smbldap-passwd.pl from idealx for password changing.
 
User could change password on PDC and it will populate to DBC, but when the
user change password on BDC, it will not populate to PDC.
 
All machines are on the same subnet and all services are running.
 
Can any expert please help?
 
Following are some configuration files:
 
BDC: slapd.conf
------------------------
# Schema and objectClass definitions
include  /etc/ldap/schema/core.schema
include  /etc/ldap/schema/cosine.schema
include  /etc/ldap/schema/inetorgperson.schema
include  /etc/ldap/schema/nis.schema
include  /etc/ldap/schema/samba.schema
 
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck     on
 
pidfile  /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
 
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_ldbm
moduleload back_bdb
 
database ldbm
suffix  "dc=cas,dc=edu,dc=au"
rootdn  "cn=Manager,dc=cas,dc=edu,dc=au"
 
rootpw          {SSHA}k/1J1yvtDnmX/4kfQdzQReD9YLyysQxK
 
directory "/var/lib/ldap"
 
# Indices to maintain
index objectClass           eq
index cn                    pres,sub,eq
index sn                    pres,sub,eq
index uid                   pres,sub,eq
index displayName           pres,sub,eq
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
index default               sub

# The following part is for slave slapd
updatedn "cn=Manager,dc=cas,dc=edu,dc=au"
updateref  <ldaps://cassia.cas.edu.au> ldaps://cassia.cas.edu.au
 
=============================BDC: smb.conf
--------------------
# Global parameters 
 
[global] 
unix charset = LOCALE 
workgroup = CAS 
netbios name = cashew 
server string = CAS SAMBA-LDAP BDC Server cashew
passdb backend = ldapsam:ldap://cashew.cas.edu.au
username map = /etc/samba/smbusers 
log level = 1 
syslog = 0 
log file = /var/log/samba/%m 
max log size = 50 
smb ports = 139 445 
name resolve order = wins bcast hosts 
printcap name = CUPS 
show add printer wizard = No 
logon script = scripts\logon.bat 
logon path = \\%L\profiles\%U 
logon drive = X: 
domain logons = Yes 
domain master = No 
wins server = 172.17.7.243
ldap suffix = dc=cas,dc=edu,dc=au
ldap machine suffix = ou=People 
ldap user suffix = ou=People 
ldap group suffix = ou=Groups 
ldap idmap suffix = ou=Idmap 
ldap admin dn = cn=Manager,dc=cas,dc=edu,dc=au
idmap backend = ldap:ldap://cashew.cas.edu.au
idmap uid = 10000-20000 
idmap gid = 10000-20000 
printing = cups 
printer admin = Administrator, bellaadmin

[accounts] 
comment = Accounting Files 
path = /data/accounts 
read only = No 
 
[service] 
comment = Financial Services Files 
path = /data/service 
read only = No 
 
[pidata] 
comment = Property Insurance Files 
path = /data/pidata 
read only = No 
 
[homes] 
comment = Home Directories 
valid users = %S 
read only = No 
browseable = No 
 
[printers] 
comment = SMB Print Spool 
path = /var/spool/samba 
guest ok = Yes 
printable = Yes 
browseable = No 

[apps] 
comment = Application Files 
path = /apps 
admin users = bellaadmin
read only = No 
 
[netlogon] 
comment = Network Logon Service 
path = /var/lib/samba/netlogon 
guest ok = Yes 
locking = No 
 
[profiles] 
comment = Profile Share 
path = /var/lib/samba/profiles 
read only = No 
profile acls = Yes 
 
[profdata] 
comment = Profile Data Share 
path = /var/lib/samba/profdata 
read only = No 
profile acls = Yes 
 
[print$] 
comment = Printer Drivers 
path = /var/lib/samba/drivers 
browseable = yes 
guest ok = no 
read only = yes 
write list = Administrator
 
[projects]
comment = Projects Share
path = /projects
writeable = yes
printable = no
browsable = yes
public = no
create mask = 0644
directory mask = 2775
delete readonly = yes
======================= 
 
 
Bella Wong

On Tue, 2004-10-12 at 13:44, Bella Wong wrote:
> Hi all,
>  
> I am newbie on this and I couldn't figure out what I have configured
wrong.
>  
> I have setup three Linux Debian Sarge servers with openldap2 + samba3.  
> PDC and master ldap on one machine and BDC slave ldap on the other two.  
> I followed instructions on
> http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html to set them up.
> I am using utilities smbldap-passwd.pl from idealx for password changing.
>  
> User could change password on PDC and it will populate to DBC, but when the
> user change password on BDC, it will not populate to PDC.
> # The following part is for slave slapd
> updatedn "cn=Manager,dc=cas,dc=edu,dc=au"
See, it all seems to easy to just use the same DN, but you *must* use a
*separate* 'replicator' DN.  Otherwise the salve cannot tell the
difference between the local samba and the replications - samba relies
on being told to 'go elsewhere' to update the master first.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20041013/146c0dd3/attachment-0001.bin