[Samba] Samba and LDAP Base DN
Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
More info: I tried deleting ou=corp (after making a backup of course) and still no dice. As soon as I put back ou=corp and make the baseDN in smb.conf ou=corp, everything works. If I take all the entries under ou=corp and copy them one level up, I can't authenticate to Samba anymore. It doesn't make any sense. On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
Misty Stanley-Jones wrote: More info: I tried deleting ou=corp (after making a backup of course) and still no dice. As soon as I put back ou=corp and make the baseDN in smb.conf ou=corp, everything works. If I take all the entries under ou=corp and copy them one level up, I can't authenticate to Samba anymore. It doesn't make any sense. Hrm... where is your admin DN? Is it part of ou=corp and you're not setting that and the relevent data in secrets.tdb? (grasping at straws) On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
Misty, If your binddn has changed you need to re-run: smbpasswd -w 'secret' to update your secrets.tdb file. - John T. On Wednesday 16 March 2005 09:06, Misty Stanley-Jones wrote: More info: I tried deleting ou=corp (after making a backup of course) and still no dice. As soon as I put back ou=corp and make the baseDN in smb.conf ou=corp, everything works. If I take all the entries under ou=corp and copy them one level up, I can't authenticate to Samba anymore. It doesn't make any sense. On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
On Wed, 2005-03-16 at 10:57 -0500, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? change nss/padl stuff? /etc/ldap.conf ??? Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
On Wednesday 16 March 2005 02:43 pm, Craig White wrote: On Wed, 2005-03-16 at 10:57 -0500, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? change nss/padl stuff? /etc/ldap.conf ??? Yes I already did that, and nss_ldap is working just fine on all systems concerned (it's still changed). Samba is the only thing still using the ou=corp DN. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
Misty Stanley-Jones: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? Your /etc/ldap.conf doesn't have anything to do with /etc/samba/smb.conf. Further copying leaves in containers to other leaves in other containers is bound to end you up in some deep trouble, since you will then have duplicate UIDs and a lot more shit. First understand LDAP, then adapt it to Samba. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
SOLVED Re: [Samba] Samba and LDAP Base DN
It appears that Samba needs to be restarted in order for the search base to be reset. Is this a bug? The BaseDN was reset without doing anything other than editing the smb.conf. But even then, viewing of the LDAP logs showed that the search base was still including the old DN. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
