search for: ldap2

...got everything working, one of my colleagues changed the IP address on the box I did the install on. So after I got passed all the other issues that plaqued me after moving over to fedora 11, I discovered that I could not added Win clients to the domain. I dug into the log files: Jul 8 15:24:03 ldap2 nmbd[13552]: [2009/07/08 15:24:03, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(337) Jul 8 15:24:03 ldap2 nmbd[13552]: become_domain_master_browser_wins: Jul 8 15:24:03 ldap2 nmbd[13552]: Attempting to become domain master browser on workgroup LDAP2, subnet UNICAST_SUBNET. Jul...

hi..... i don't know if its posible. i have two ldap directories, and i want use them to use as my dovecot users backend... so i have two configurations files... "dovecot-ldap1.conf" and " dovecot-ldap2.conf" and i try setting like: Test 1: (simil postfix ) :D This dont work auth default { : : passdb ldap { args= /etc/dovecot/etc/ldap/dovecot-ldap1.conf, /etc/dovecot/etc/ldap/dovecot-ldap2.conf } userdb ldap { args= /etc/dovecot/etc/ldap/dovecot-ldap...

...d ACB_WSTRUST (W) set.  Account will be marked as ACB_WSTRUST (W), i.e. as a domain member   Skipping wellknown rid=501 (for username=nobody) Next rid = 3867 krb5_init_context failed (Invalid argument) smb_krb5_context_init_basic failed (Invalid argument) Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://ldap2.my.domain' with backend 'ldap': LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -...

...domain[WIFICLOUD] dc connection to "open-ldap.wificloud.local" failed wbcPingDc2(WIFICLOUD): error code was NT_STATUS_NETWORK_ACCESS_DENIED (0xc00000ca) real 1m4.560s user 0m0.008s sys 0m0.004s # time wbinfo --ping-dc hecking the NETLOGON for domain[WIFICLOUD] dc connection to "open-ldap2.wificloud.local" succeeded real 0m40.595s user 0m0.008s sys 0m0.008s okay, it works after sime sleeping... open-ldap bringed up, open-ldap2 shutted down, check again: # time wbinfo --ping-dc checking the NETLOGON for domain[WIFICLOUD] dc connection to "open-ldap2.wificloud.local"...

...arked as ACB_WSTRUST (W), i.e. >> as a domain member Skipping wellknown rid=501 (for username=nobody) >> Next rid = 3867 >> krb5_init_context failed (Invalid argument) >> smb_krb5_context_init_basic failed (Invalid argument) >> Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client >> internal error: NT_STATUS_BAD_NETWORK_NAME >> Failed to connect to 'ldap://ldap2.my.domain' with backend 'ldap': >> LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME >> ERROR(<class 'samba.provision.ProvisioningErro...

...600865-3078305116-512 ------- (system) ACL (revision: 4, size: 120, number of ACEs: 2) ------- ACE (type: 0x07, flags: 0x5a, size: 0x38, mask: 0x20, object flags: 0x3) access SID: S-1-1-0 ... (a long output...) # wbinfo --ping-dc checking the NETLOGON for domain[CORE] dc connection to "open-ldap2.core.mydomain.hu" succeeded (note, that the open-ldap2 is the second server). When I halted the open-ldap (which is the primary DC), all of the commands above runs timed out. If I halted the open-ldap2, then wbinfo timed out, but the "net ads status" shows the message above. Wha...

...c=fr         ldap suffix = dc=domain,dc=fr         ldap passwd sync = yes         ldap ssl = no         ldap user suffix = ou=Users         ldap group suffix = ou=Groups         ldap machine suffix = ou=Computers         ldap idmap suffix = ou=Users         passdb backend = ldapsam:ldap://ldap2.my.domain         idmap backend = ldapsam:ldap://ldap2.my.domain         nt acl support = yes         # Rajoute le nom de domaine devant le login         map untrusted to domain = yes         wins support = yes         wins proxy = no         dns proxy = yes         name resolve order = w...

....  Account will be marked as ACB_WSTRUST (W), i.e. > as a domain member Skipping wellknown rid=501 (for username=nobody) > Next rid = 3867 > krb5_init_context failed (Invalid argument) > smb_krb5_context_init_basic failed (Invalid argument) > Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client > internal error: NT_STATUS_BAD_NETWORK_NAME > Failed to connect to 'ldap://ldap2.my.domain' with backend 'ldap': > LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME > ERROR(<class 'samba.provision.ProvisioningError'>): un...

...; > > there are two Samba4 DC server. The first one is the "PDC", and > > after I finished to set up that, I've joined the second one. > > I am a bit confused here, from reading this post, you seem to have > called the two DCs 'open-ldap' & 'open-ldap2' and you refer to the > first one as the 'PDC', yet I think you are talking about an AD domain. the open-ldap and open-ldap2 is just the naming convention... these were installed, because we've started to build a directory infrastructure, and started with OpenLDAP. The cluster h...

...in dn = cn=Manager,dc=dom,dc=domain     ldap suffix = dc=dom,dc=domain     ldap passwd sync = yes     ldap ssl = no     ldap user suffix = ou=Users     ldap group suffix = ou=Groups     ldap machine suffix = ou=Computers     ldap idmap suffix = ou=Users     passdb backend = ldapsam:ldap://ldap2.dom.domain     idmap backend = ldapsam:ldap://ldap2.dom.domain     nt acl support = yes     map untrusted to domain = yes     wins support = yes     wins proxy = no         dns proxy = yes     name resolve order = wins lmhosts bcast     interfaces = eth* lo     bind interfaces only = yes...

...assdb-ldap.conf driver = ldap } Is it legitimate to include multiple ldap userdb's, like: userdb { args = /etc/dovecot/dovecot-usrdb-ldap1.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-passdb-ldap1.conf driver = ldap } userdb { args = /etc/dovecot/dovecot-usrdb-ldap2.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-passdb-ldap2.conf driver = ldap } If it is legitimate (in case configuration is different, please correct me), in which sequence userdb's are evaluated? Thanks, Nick

...open-ldap: > > -------- > /etc/hostname > open-ldap.core.mydomain.hu This should just be the short hostname not the fqdn > > -------- > /etc/hosts > 127.0.0.1 localhost > > #10.10.20.202 open-ldap.core.mydomain.hu Uncomment the above line > #10.10.20.204 open-ldap2.core.mydomain.hu > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > -------- > /etc/resolv.conf > search core.mydomain.hu > nameserver 127.0.0.1 > namese...

...> Philippe Maladjian via samba <samba at lists.samba.org> wrote: > >> >> >> Le 05/09/2018 à 18:32, Rowland Penny via samba a écrit : >>> If you are going to sanitise an object, please use it everywhere. >>> >>> The upgrade is trying to use ldap2.my.domain >>> in the ldapsearch you use 'dc=domain,dc=fr' from which I would have >>> expected 'ldap2.domain.fr' >> my.domain is the internal dns domain name, it is also used by the >> current samba domain controller and windows station. >> >&g...

...suffix = dc=dom,dc=domain >     ldap passwd sync = yes >     ldap ssl = no > >     ldap user suffix = ou=Users >     ldap group suffix = ou=Groups >     ldap machine suffix = ou=Computers >     ldap idmap suffix = ou=Users > >     passdb backend = ldapsam:ldap://ldap2.dom.domain >     idmap backend = ldapsam:ldap://ldap2.dom.domain > >     nt acl support = yes >     map untrusted to domain = yes > >     wins support = yes >     wins proxy = no >         dns proxy = yes >     name resolve order = wins lmhosts bcast >     in...

...rks for our network without any problems. If I try to use ldapsearch from the Dovecot host, while I see the messages, ldapsearch works withouch any timeout. I enabled caching for auth too, but the problem still exists. My DoveCot Config: http://pastebin.com/W7zHf4fT the LDAP part: hosts = ldap ldap2 auth_bind = yes ldap_version = 3 base = cn=accounts, dc=foo user_attrs = postalAddress=domain, homeDirectory=/imap/spool/%d/%1n/%n, myMailQuota=quota_rule=*:storage=%$M user_filter = (&(objectClass=posixAccount)(uid=%n)) pass_attrs = postalAddress=domain, uid=user, userPassword=password pass_fi...

...ldap passwd sync = yes >>     ldap ssl = no >> >>     ldap user suffix = ou=Users >>     ldap group suffix = ou=Groups >>     ldap machine suffix = ou=Computers >>     ldap idmap suffix = ou=Users >> >>     passdb backend = ldapsam:ldap://ldap2.dom.domain >>     idmap backend = ldapsam:ldap://ldap2.dom.domain >> >>     nt acl support = yes >>     map untrusted to domain = yes >> >>     wins support = yes >>     wins proxy = no >>         dns proxy = yes >>     name resolv...

Hi , I 've been trying to get my 2 Samba DCs to replicate between each other but it fails DC1: Freebsd-9.1-Release, Samba 4.02, hostname ldap1, objectGUID: a2454bb4-9f94-4879-a5ff-c1a40537cb5e DC2: Freebsd-9.1-Release, Samba 4.02, hostname ldap2, objectGUID: 0103c98e-0b54-4ca4-a4e5-2259fa6b0563 ===the output showrepl command========== [root at ldap1 ~]# samba-tool drs showrepl Default-First-Site-Name\LDAP1 DSA Options: 0x00000001 DSA object GUID: 0103c98e-0b54-4ca4-a4e5-2259fa6b0563 DSA invocationId: d9975fad-ca2d-447d-8138-0fd5957f8fa3...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does anyone know what this error means: [root@ldap2 samba]# net getlocalsid [2009/07/07 17:04:00, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:04:01, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:04:02, 0] lib/smblda...

.... I'm testing the client side of this configuration on virtual CentOS 5 i386 machine. /etc/ldap.conf reads ----- %< ----- base dc=DOMAIN,dc=com timelimit 30 bind_timelimit 30 idle_timelimit 300 nss_initgroups_ignoreusers root,ldap,named,[... trimmed ...] uri ldap://ldap1.DOMAIN.com ldap://ldap2.DOMAIN.com ssl start_tls tls_cacertdir /etc/openldap/cacerts pam_password md5 ----- %< ----- The client will bind to whichever server is listed first after the 'uri' directive. In the config snippet, it's 'ldap1' -- but it works the other way too. If the first-listed serv...

Can somebody explain to me how to fix this?