OS / Software:
PDC / Master LDAP store:
- Redhat 9
- OpenLDAP 2.1.25
- Samba 3.0.0
BDC / Slave LDAP store:
- Redat 9
- OpenLDAP 2.0.27-8
- Samba 3.0.2
>From the Samba HOWTO Collection on www.samba.org: (Backup Domain Control)
"Can I Do This All with LDAP?
The simple answer is yes. Samba's pdb_ldap code supports binding to a replica LDAP
server, and will also follow referrals and re-bind to the master if it ever needs to
make a modification to the database. (Normally BDCs are read only, so this will not
occur often)."
That's a little vague and misleading.. as referrals are merely pointers to subtrees in
an ldap directory that are stored on different ldap servers, whereas the "updateref"
directive in slapd.conf for a slave ldap server tells connecting clients to connect to
the master to make updates.
Recently I set up a BDC on a slave ldap server on a remote network connected to the
local network via wan. Authentication works great, however, in testing I tried to
change my password on a remote windows client, and got a return error of "Unable to
change password: <MYDOMAINNAME> Domain is unavailable", or something to that degree.
Upon reviewing the slave ldap logs, I saw samba searching for "objectClass=referral",
then "objectClass=*", before returning the failure error to the client.
Now, admittedly, I have the BDC configured as a BDC, when due to the wan, it is unable
to find the PDC. (I have read a couple methods of making this possible without fully
allowing netbios to broadcast through network segments, but have yet to test or
impliment).
However, I would think that if it were trying to contact the PDC, it would not be
searching it's local backend for "referrals".
Before I go digging through source code, perhaps someone could give me some insight on
what's actually going on (or trying to go on for that matter).
As always, great thanks to the Samba team for allowing me to avoid dealing with AD,
and great appreciation to any help given by you kind folks.
Thanks!
-- Cy
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
