Re: Samba auth on replicated LDAP: no admin user

[Paul van der Vlis <paul@vandervlis.nl>]

Op 06-12-15 om 18:45 schreef Quanah Gibson-Mount:
> --On Sunday, December 06, 2015 2:19 PM +0100 Paul van der Vlis
> <paul@vandervlis.nl> wrote:
> 
>> Hello,
>>
>> I have a replicated LDAP and a few Windows PC's what want to
>> authenticate using Samba. Normally I use "smbpasswd -w" to give the ldap
>> admin dn, but because it's replicated there is no ldap admin!
>>
>> Is there a way to authenticate using a replicated LDAP?
> 
> I've no clue what you mean here.  If the data is replicated, then the
> same data that is on the master is on the replica, and one can
> authenticate to the replica just like they would to the master.

You would say, but that's not the case. On the replica I don't have an
"admin" user. When I do:

ldapsearch -x -b "cn=admin,dc=domain,dc=nl" -H ldapi:///

On the replica I get: "no such object".
On the master  I get: "0 Success".

The replicated LDAP works fine with Linux.

I don't care the LDAP admin user is replicated or the replicated server
has it's own admin user. But I need an admin user with a password.

This are the settings on the replica:
  provider=ldaps://ldap.domain.nl
  searchbase=dc=domain,dc=nl
  type=refreshAndPersist
  schemachecking=on
  interval=00:01:00:00
  bindmethod=simple
  tls_reqcert=never
  tls_cacert=/etc/ssl/certs/CAself-cert.pem
  retry="60 +"
  binddn="dc=domain,dc=nl"
  credentials=xxxxx

> I'm guessing what you mean is that portions of Samba unique to samba
> that have nothing to do with LDAP are not present, and thus samba
> related tools don't work.  I'd suggest discussing with the Samba folks
> on how to properly replicate Samba environments.

Samba is using the LDAP admin user. This user does not work on the
replica. So first I want to have that correct and I expect it will work
then.

With regards,
Paul van der Vlis.

-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/