Op 06-12-15 om 18:45 schreef Quanah Gibson-Mount:
--On Sunday, December 06, 2015 2:19 PM +0100 Paul van der Vlis paul@vandervlis.nl wrote:
Hello,
I have a replicated LDAP and a few Windows PC's what want to authenticate using Samba. Normally I use "smbpasswd -w" to give the ldap admin dn, but because it's replicated there is no ldap admin!
Is there a way to authenticate using a replicated LDAP?
I've no clue what you mean here. If the data is replicated, then the same data that is on the master is on the replica, and one can authenticate to the replica just like they would to the master.
You would say, but that's not the case. On the replica I don't have an "admin" user. When I do:
ldapsearch -x -b "cn=admin,dc=domain,dc=nl" -H ldapi:///
On the replica I get: "no such object". On the master I get: "0 Success".
The replicated LDAP works fine with Linux.
I don't care the LDAP admin user is replicated or the replicated server has it's own admin user. But I need an admin user with a password.
This are the settings on the replica: provider=ldaps://ldap.domain.nl searchbase=dc=domain,dc=nl type=refreshAndPersist schemachecking=on interval=00:01:00:00 bindmethod=simple tls_reqcert=never tls_cacert=/etc/ssl/certs/CAself-cert.pem retry="60 +" binddn="dc=domain,dc=nl" credentials=xxxxx
I'm guessing what you mean is that portions of Samba unique to samba that have nothing to do with LDAP are not present, and thus samba related tools don't work. I'd suggest discussing with the Samba folks on how to properly replicate Samba environments.
Samba is using the LDAP admin user. This user does not work on the replica. So first I want to have that correct and I expect it will work then.
With regards, Paul van der Vlis.