On Mon, 2004-02-23 at 12:35, Cybr0t McWhulf wrote: > OS / Software: > > PDC / Master LDAP store: > - Redhat 9 > - OpenLDAP 2.1.25 > - Samba 3.0.0 > > BDC / Slave LDAP store: > - Redat 9 > - OpenLDAP 2.0.27-8 > - Samba 3.0.2 > > >From the Samba HOWTO Collection on www.samba.org: (Backup Domain Control) > > "Can I Do This All with LDAP? > > The simple answer is yes. Samba's pdb_ldap code supports binding to a > replica LDAP server, and will also follow referrals and re-bind to > the master if it ever needs to make a modification to the database. > (Normally BDCs are read only, so this will not occur often)." > > That's a little vague and misleading.. as referrals are merely > pointers to subtrees in an ldap directory that are stored on > different ldap servers, whereas the "updateref" directive in > slapd.conf for a slave ldap server tells connecting clients > to connect to the master to make updates.
Whatever. Feel free to provide a better paragraph, but I've always heard it referred to as generating a referral. (Watch out that the average admin doesn't know nor care about the semantic difference, and we should not baffle them in the quest for perfect correctness). > Recently I set up a BDC on a slave ldap server on a remote > network connected to the local network via wan. Authentication > works great, however, in testing I tried to change my password > on a remote windows client, and got a return error of "Unable > to change password: <MYDOMAINNAME> Domain is unavailable", or something to that > degree. The windows client is trying to find the PDC (in netbios) > Upon reviewing the slave ldap logs, I saw samba searching > for "objectClass=referral", then "objectClass=*", before > returning the failure error to the client. I think this is just the ldap libs, and unrelated. For password changes, the BDC is not contacted. > Now, admittedly, I have the BDC configured as a BDC, when due > to the wan, it is unable to find the PDC. (I have read a > couple methods of making this possible without fully allowing > netbios to broadcast through network segments, but have yet to > test or impliment). You should configure your remote server as a netbios PDC. > However, I would think that if it were trying to contact > the PDC, it would not be searching it's local backend for > "referrals". I think this is unrelated. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
