Bella Wong
2004-Oct-12 03:46 UTC
[Samba] openldap2 + samba3 user changed password on BDC wouldn't sync with PDC
Hi all, I am newbie on this and I couldn't figure out what I have configured wrong. I have setup three Linux Debian Sarge servers with openldap2 + samba3. PDC and master ldap on one machine and BDC slave ldap on the other two. I followed instructions on http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html to set them up. I am using utilities smbldap-passwd.pl from idealx for password changing. User could change password on PDC and it will populate to DBC, but when the user change password on BDC, it will not populate to PDC. All machines are on the same subnet and all services are running. Can any expert please help? Following are some configuration files: BDC: slapd.conf ------------------------ # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/samba.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_ldbm moduleload back_bdb database ldbm suffix "dc=cas,dc=edu,dc=au" rootdn "cn=Manager,dc=cas,dc=edu,dc=au" rootpw {SSHA}k/1J1yvtDnmX/4kfQdzQReD9YLyysQxK directory "/var/lib/ldap" # Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub # The following part is for slave slapd updatedn "cn=Manager,dc=cas,dc=edu,dc=au" updateref <ldaps://cassia.cas.edu.au> ldaps://cassia.cas.edu.au =============================BDC: smb.conf -------------------- # Global parameters [global] unix charset = LOCALE workgroup = CAS netbios name = cashew server string = CAS SAMBA-LDAP BDC Server cashew passdb backend = ldapsam:ldap://cashew.cas.edu.au username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = X: domain logons = Yes domain master = No wins server = 172.17.7.243 ldap suffix = dc=cas,dc=edu,dc=au ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=cas,dc=edu,dc=au idmap backend = ldap:ldap://cashew.cas.edu.au idmap uid = 10000-20000 idmap gid = 10000-20000 printing = cups printer admin = Administrator, bellaadmin [accounts] comment = Accounting Files path = /data/accounts read only = No [service] comment = Financial Services Files path = /data/service read only = No [pidata] comment = Property Insurance Files path = /data/pidata read only = No [homes] comment = Home Directories valid users = %S read only = No browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [apps] comment = Application Files path = /apps admin users = bellaadmin read only = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes [profdata] comment = Profile Data Share path = /var/lib/samba/profdata read only = No profile acls = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers browseable = yes guest ok = no read only = yes write list = Administrator [projects] comment = Projects Share path = /projects writeable = yes printable = no browsable = yes public = no create mask = 0644 directory mask = 2775 delete readonly = yes ======================= Bella Wong
Andrew Bartlett
2004-Oct-13 03:35 UTC
[Samba] openldap2 + samba3 user changed password on BDC wouldn't sync with PDC
On Tue, 2004-10-12 at 13:44, Bella Wong wrote:> Hi all, > > I am newbie on this and I couldn't figure out what I have configured wrong. > > I have setup three Linux Debian Sarge servers with openldap2 + samba3. > PDC and master ldap on one machine and BDC slave ldap on the other two. > I followed instructions on > http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html to set them up. > I am using utilities smbldap-passwd.pl from idealx for password changing. > > User could change password on PDC and it will populate to DBC, but when the > user change password on BDC, it will not populate to PDC.> # The following part is for slave slapd > updatedn "cn=Manager,dc=cas,dc=edu,dc=au"See, it all seems to easy to just use the same DN, but you *must* use a *separate* 'replicator' DN. Otherwise the salve cannot tell the difference between the local samba and the replications - samba relies on being told to 'go elsewhere' to update the master first. Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20041013/146c0dd3/attachment-0001.bin