subject:"\[Samba\] Issue with two domains in one LDAP tree"

Re: [Samba] Issue with two domains in one LDAP tree

2004-11-01 Thread Andrew Bartlett

On Sat, 2004-10-30 at 00:18, Misty Stanley-Jones wrote:
 Hi,
 
 I've just moved a second Samba domain to LDAP -- it works great!  However, the 
 first domain is now dead in the water.  It refuses to autenticate, and from 
 the logs it looks like it's not find the SambaDomainName entry in the LDAP 
 tree.  Here is a diagram of how my LDAP tree is set up.
 
 dc=mycompany,dc=com
 |___ ou=computers
 |___ ou=people
 |___ ou=groups
 |___ sambaDomain=domain1
 |___ ou=domain2
   |___ ou=computers
   |___ ou=people
   |___ ou=groups
   |___ sambaDomain=domain2

 I also want to say that the reason I have domain2 off in its own subtree is 
 that it is going to eventually control its portion of the tree and take 
 referrals from the main LDAP tree.  It's over a T1 from the main office and I 
 want to keep bandwidth down.  I could put domain1 in its own subtree as well, 
 but it seems a little overkill if I can avoid it since there will be about 50 
 users of domain1 and only about 10 of domain2.

At 50 and 10 users, then you really should just have one domain.  LDAP
replication is a very small amount of traffic, and you will see more
benefits in having a single domain than splitting them.

Even if it was that 50,000 and 10,000 I would suggest keeping them in
one domain.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Authentication Developer, Samba Teamhttp://samba.org
Student Network Administrator, Hawker College   [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Issue with two domains in one LDAP tree

2004-10-29 Thread Misty Stanley-Jones

Hi,

I've just moved a second Samba domain to LDAP -- it works great!  However, the 
first domain is now dead in the water.  It refuses to autenticate, and from 
the logs it looks like it's not find the SambaDomainName entry in the LDAP 
tree.  Here is a diagram of how my LDAP tree is set up.

dc=mycompany,dc=com
|___ ou=computers
|___ ou=people
|___ ou=groups
|___ sambaDomain=domain1
|___ ou=domain2
|___ ou=computers
|___ ou=people
|___ ou=groups
|___ sambaDomain=domain2

In domain1's smb.conf, I have:
ldap suffix = dc=mydomain,dc=com

In domain2's smb.conf, I have: 
ldap suffix = ou=domain2,dc=mydomain,dc=com

Domain2 is working flawlessly.  Domain1, however, is not.  When I do a simple 
'smbclient -L localhost' as root, I get the following log from slapd at 
loglevel 256:

Oct 29 09:03:23 oink slapd[5290]: conn=88 fd=16 ACCEPT from IP=127.0.0.1:32841 
(IP=0.0.0.0:389) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND 
dn=cn=Manager,dc=borkholder,dc=com method=128 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND 
dn=cn=Manager,dc=borkholder,dc=com mech=SIMPLE ssf=0 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 RESULT tag=97 err=0 text= 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH 
base=dc=borkholder,dc=com scope=2 deref=0 
filter=((objectClass=sambaDomain)(sambaDomainName=corp1)) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH attr=sambaDomainName 
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID 
sambaAlgorithmicRidBase objectClass 
Oct 29 09:03:23 oink slapd[5290]: = bdb_equality_candidates: 
(sambaDomainName) index_param failed (18) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text= 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH 
base=dc=borkholder,dc=com scope=2 deref=0 filter=((uid=root)
(objectClass=sambaSamAccount)) 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive 
sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword 
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory 
modifyTimestamp sambaLogonHours modifyTimestamp 
Oct 29 09:03:26 oink slapd[5290]: = bdb_equality_candidates: (uid) 
index_param failed(18) 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SEARCH RESULT tag=101 err=0 
nentries=2 text= 
Oct 29 09:03:26 oink slapd[5290]: conn=88 fd=16 closed 
Oct 29 09:03:27 oink slapd[5290]: conn=24 fd=18 closed 
 
I also want to say that the reason I have domain2 off in its own subtree is 
that it is going to eventually control its portion of the tree and take 
referrals from the main LDAP tree.  It's over a T1 from the main office and I 
want to keep bandwidth down.  I could put domain1 in its own subtree as well, 
but it seems a little overkill if I can avoid it since there will be about 50 
users of domain1 and only about 10 of domain2.

Thanks for any help you can give,
Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Issue with two domains in one LDAP tree

[Samba] Issue with two domains in one LDAP tree

2 matches

Site Navigation

Mail list logo

Footer information