Hi, You can't write to a slave. Even in a pure Windows NT domain environment you can't do write operations against a BDC. Whenever a slave LDAP server needs to write anything to database, it returns the updateref. That's exactly what is happening and beeing logged in your log's.
[2006/05/31 15:32:48, 1] > passdb/pdb_ldap.c:ldapsam_modify_entry(1495) > >> > ldapsam_modify_entry: Failed to modify user dn= > > >> uid=pc00829$,ou=Machines,dc=brrc,dc=be with: Referral > On the other hand, read operations work just fine. [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > >> > init_sam_from_ldap: Entry found for user: pc00829$ > Did you set up your ldap admin dn value correctly? Best Regards, Bruno Guerreiro > -----Original Message----- > From: Michael Gasch [mailto:[EMAIL PROTECTED] > Sent: terça-feira, 10 de Outubro de 2006 10:22 > To: [EMAIL PROTECTED] > Cc: 'samba' > Subject: Re: [Samba] [Follow-UP] samba BDC + LDAP slave > Referral errors > > hi, > > sorry to confuse you. i did set up updateref but no > additional referrals. > > as i read here http://tech.stlsawall.com/index.php/?page_id=4 > it´s impossible to have simple bind working with referrals. > so i think i have to switch to SASL. > > i think i should google a little bit on openldap, sasl, > referrals and samba. > > possibly someone has an idea/link/...??? > > thx! > > Bruno Guerreiro wrote: > > Hi, > > I may be overlooking something, but how did you set up a LDAP slave > > without a referral? > > > > > > From man 5 slapd.conf > > > > updateref <url> > > Specify the referral to pass back when slapd(8) is asked to > > modify a replicated local database. If specified multiple > times, each > > url is provided. > > > > Best Regards, > > Bruno Guerreiro > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] > >> On Behalf Of Michael Gasch > >> Sent: terça-feira, 10 de Outubro de 2006 7:37 > >> To: samba > >> Subject: [Samba] [Follow-UP] samba BDC + LDAP slave Referral errors > >> > >> hi, > >> > >> i see the same error message with samba 3.0.14a and OpenLDAP > >> 2.2.23 (Debian Packages) with Master/Slave setup. > >> > >> i did not set up a referral to the master, so why does samba get a > >> referral when attempting to write to a slave? is this an in-build > >> samba feature? do i have to enable referrals to get this to work > >> properly? > >> > >> any advise is appreciated! > >> thx! > >> micha > >> > >> Zwonarz Ivo wrote: > >> > We use sambaPDC + LDAP > >> > On our BDC we have a replicated ldap slave. > >> > Everything seems to work fine. > >> > > >> > Hower, in the smbd log file we have the following > messages (only > >> on the > BDC's) > > [2006/05/31 15:25:08, 1] > >> passdb/pdb_ldap.c:ldapsam_modify_entry(1495) > >> > ldapsam_modify_entry: Failed to modify user dn= > > >> uid=pc01233$,ou=Machines,dc=brrc,dc=be with: Referral > > >> [2006/05/31 15:25:08, 0] > >> passdb/pdb_ldap.c:ldapsam_update_sam_account(1720) > >> > ldapsam_update_sam_account: failed to modify user with uid = > >> pc01233$, > error: (Success) > [2006/05/31 15:25:08, 1] > >> passdb/pdb_ldap.c:ldapsam_modify_entry(1495) > >> > ldapsam_modify_entry: Failed to modify user dn= > > >> uid=pc01233$,ou=Machines,dc=brrc,dc=be with: Referral > > >> [2006/05/31 15:25:08, 0] > >> passdb/pdb_ldap.c:ldapsam_update_sam_account(1720) > >> > ldapsam_update_sam_account: failed to modify user with uid = > >> pc01233$, > error: (Success) > > > Can someone prevent this > >> errors? > >> > Does samba/openldap need to be changed? > >> > What is actually happening? > >> > > >> > > >> > With more Debug info: > >> > log level = 2 passdb:3 auth:3 > >> > in smb.conf > >> > > >> > [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(219) > >> > check_ntlm_password: Checking password for unmapped user > > >> [EMAIL PROTECTED] with the new password interface > > >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(222) > >> > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > > >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(268) > >> > check_ntlm_password: guest authentication for user [] > succeeded > >> > [2006/05/31 15:32:48, 2] > >> lib/smbldap.c:smbldap_open_connection(692) > >> > smbldap_open_connection: connection opened > [2006/05/31 > >> 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > >> > init_sam_from_ldap: Entry found for user: pc00829$ > > >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > >> > init_sam_from_ldap: Entry found for user: pc00829$ > > >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(219) > >> > check_ntlm_password: Checking password for unmapped user > > >> [EMAIL PROTECTED] with the new password interface > > >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(222) > >> > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > > >> [2006/05/31 15:32:48, 3] auth/auth.c:check_ntlm_password(268) > >> > check_ntlm_password: guest authentication for user [] > succeeded > >> > [2006/05/31 15:32:48, 2] > >> passdb/pdb_ldap.c:init_sam_from_ldap(499) > >> > init_sam_from_ldap: Entry found for user: pc00829$ > > >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912) > >> > init_ldap_from_sam: Setting entry for user: pc00829$ > > >> [2006/05/31 15:32:48, 1] > passdb/pdb_ldap.c:ldapsam_modify_entry(1495) > >> > ldapsam_modify_entry: Failed to modify user dn= > > >> uid=pc00829$,ou=Machines,dc=brrc,dc=be with: Referral > > >> [2006/05/31 15:32:48, 0] > >> passdb/pdb_ldap.c:ldapsam_update_sam_account(1720) > >> > ldapsam_update_sam_account: failed to modify user with uid = > >> pc00829$, > error: (Success) > > [2006/05/31 15:32:48, 2] > >> passdb/pdb_ldap.c:init_sam_from_ldap(499) > >> > init_sam_from_ldap: Entry found for user: pc00829$ > > >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > >> > init_sam_from_ldap: Entry found for user: pc00829$ > > >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > >> > init_sam_from_ldap: Entry found for user: pc00829$ > > >> [2006/05/31 15:32:48, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912) > >> > init_ldap_from_sam: Setting entry for user: pc00829$ > > >> [2006/05/31 15:32:48, 1] > passdb/pdb_ldap.c:ldapsam_modify_entry(1495) > >> > ldapsam_modify_entry: Failed to modify user dn= > > >> uid=pc00829$,ou=Machines,dc=brrc,dc=be with: Referral > > >> [2006/05/31 15:32:48, 0] > >> passdb/pdb_ldap.c:ldapsam_update_sam_account(1720) > >> > ldapsam_update_sam_account: failed to modify user with uid = > >> pc00829$, > error: (Success) > > > Kind regards, > >>> Ivo Zwonarz. > >> -- > >> Michael Gasch > >> Max Planck Institute for Evolutionary Anthropology Department of > >> Human Evolution (IT Staff) Deutscher Platz 6 > >> D-04103 Leipzig > >> Germany > >> > >> Phone: 49 (0)341 - 3550 137 > >> 49 (0)341 - 3550 374 > >> > >> Fax: 49 (0)341 - 3550 399 > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/listinfo/samba > >> > > > > > > > > -- > Michael Gasch > Max Planck Institute for Evolutionary Anthropology Department > of Human Evolution (IT Staff) Deutscher Platz 6 > D-04103 Leipzig > Germany > > Phone: 49 (0)341 - 3550 137 > 49 (0)341 - 3550 374 > > Fax: 49 (0)341 - 3550 399 > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
