Have you set in the slapd.conf on the slaves something like updateref ldap://master.ldap The slave / consumers need to redirect the request to the master ldap database.
It may also be a good idea to have samba use fail over for the ldap backend. You would need to set this in your ldap.conf as too. for pdc / ldap master passdb backend =ldapsam:"ldap://master.ldap ldap://slave.ldap"; for bdc / ldap slave passdb backend =ldapsam:"ldap://slave ldap://master"; One possible bad way to test this is to install smbldap-tools on the bdc and attempt to add a user from there and see if the user is added on the master ldap server. Adrian Sender. On Thu, 2007-10-11 at 12:01 +0000, [EMAIL PROTECTED] wrote: Dear Help, > > Here is my situation: > We have offices located in several areas around the country, all of > which can > communicate with each other through VPNs we have established. I have > set up a > Samba domain in which the PDC is located here in our home office, and > there are > BDCs for the same domain in each of the remote offices. > > I have been able to successfully join machines here in our home > office to the > domain through Windows, but am not having any luck when I try to join > the domain > at one of the remote locations. When I go through the manual process > of joining > the domain on a Windows XP machine, I get a password prompt for the > domain user > that can add the machine (so I know it's at least finding the BDC)... > but then > after I type in the username and password, I get the following error: > "The following error occurred attempting to join the domain > "ourdomain": The > specified domain either does not exist or could not be contacted." > > I've searched Google for this error and have not found anything > useful. I've > gone back through the Samba-HowTo on BDC configuration and have not > yet found > anything. > > Any help would be greatly appreciated! -Matt > > Here are my configuration files. (Oh, and for whatever reason, even > with a log > level of 5, whenever I attempt to join the machine to the domain, no > log entry > is created). > > For the PDC: > [global] > netbios name = ds-pdc-1 > workgroup = OURDOMAIN > server string = Samba PDC %v %h > obey pam restrictions = Yes > passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE" > security = user > log level = 3 > log file = /var/log/samba/%m.log > max log size = 5000 > add machine script = /usr/sbin/smbldap-useradd -w -d > /dev/null/ -g machine -c > 'Machine Account for %u' -s /bin/false %u > logon path = > logon home = > domain logons = Yes > os level = 128 > preferred master = Yes > domain master = Yes > ldap admin dn = cn=admin,o=ORGANIZATION > ldap group suffix = ou=Groups > ldap idmap suffix = ou=IDMap > ldap machine suffix = ou=Workstations > ldap user suffix = > ldap filter = (cn=%u) > ldap suffix = o=ORGANZIATION > ldap passwd sync = No > unix password sync = Yes > passwd program = /usr/sbin/smbldap-passwd -u %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > idmap backend = "ldaps://IP.HERE ldaps://IP.HERE" > idmap uid = 10000-20000 > idmap gid = 10000-20000 > veto files = /.?*/ > dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd > wins support = Yes > encrypt passwords = Yes > logon script = %U.bat > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > write list = root > browseable = No > share modes = No > > And here is a BDC -- located offsite: > [global] > workgroup = OURDOMAIN > server string = Samba BDC %v %h > obey pam restrictions = Yes > passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE" > log level = 2 > log file = /var/log/samba/%m.log > max log size = 1000 > logon path = > logon home = > domain logons = Yes > domain master = No > preferred master = Yes > ldap admin dn = cn=admin,o=ORGANIZATION > ldap group suffix = ou=Groups > ldap idmap suffix = ou=IDMap > ldap machine suffix = ou=Workstations > ldap suffix = o=ORGANIZATION > ldap passwd sync = No > unix password sync = Yes > passwd program = /usr/sbin/smbldap-passwd -u %u > passwd chat = *New*password* %n\n *retype*new*password* %n\n > idmap backend = "ldaps://IP.HERE ldaps://IP.HERE" > idmap uid = 10000-20000 > idmap gid = 10000-20000 > veto files = /.?*/ > dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd > wins server = IP.OF.PDC.HERE > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > write list = root > browseable = No > share modes = No > > _________________________________________________________________ New music from the Rogue Traders - listen now! http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=832&referral=hotmailtaglineOct07&URL=http://music.ninemsn.com.au/roguetraders-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
