Supported Extension
by Techie
Greetings all,
Is it possible to add the supportedExtension: 1.3.6.1.4.1.4203.1.11.1
to the 389 Directory server?
Thank you
13 years, 8 months
Enable SSL in console issue
by Prashanth Sundaram
Dear folks,
I configured the FDS and as trying to setup the encryption and I ran into
this.
When I enabled ³Use SSL in console² and restarted the server. I was able to
get into console and see that Admin server is fine, but the Directory server
shows ³Stopped² and port is 636. Now it prompts me for password.
Menubar: Log in to Directory
Distinguished Name:
uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot.
Password: *******
Here I entered the admin password that I setup during the
setup-ds-admin.pl¹ phase. It is not accepting that. :(
I also tried changing the DN to CN=Directory Manager, Dc=, dc=. It still
doesn¹t let me in.
I went back to check the dse.ldif and tried editing the entry cn=encryption,
cn=config....... nsSSLClientAuth: off nsSSL2: off nsSSL3=on
Is there anything that can be done to turn the SSL off the console?
13 years, 8 months
Samba integration with FDS and Heartbeat for HA Samba
by David Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I successfully setup heartbeat and glusterfs (instead of DRBD) to
provide an HA Samba configuration. I tested that fail over worked fine
all the existing computers were able to get to their shares and re
authenticate users.
However I discovered that I was not able to join computers to the domain
after the configuration was setup. The netbios name was changed to
accommodate the new heartbeat VIP and the new VIP is the only address I
have samba bound to.
When I go to add the computer to the domain, type to the domain in and
hit enter, I am presented with a login dialog box. When I enter the
admin and password and hit enter, after a few seconds I get the warning
that a controller for the domain could not be foumd.
I suspect that there is some caching going on and (maybe) winbind is
using the old info for the PDC and not the new?
Are there any caches I could clear that may fix this? Am I on the right
track or is there somethign else I should be looking at?
When I compare the ldap access logs with and without heartbeat, there is
a difference in the query. As I previously mentioned, without
heartbeat, adding is successful, with heartbeat it is not. I found that
the search base is different:
With heartbeat - SRCH base="cn=groups,cn=accounts,dc=example,dc=com"
scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))"
attrs="gidNumber sambaSID sambaGroupType sambaSIDList description
displayName cn objectClass"
W/heartbeat - SRCH
base="sambaDomainName=exampleHQ,sambaDomainName=exampleHQ,dc=example,dc=com"
scope=2
filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=exampleHQ))"
attrs=ALL
When I compared the logs when executing pdbedit -Lv with both setups,
the queries are the same.
Why would samba do a different query to the same instance of ldap when
configured with heartbeat and without heartbeat?
The address that samba is binding to/from for access to ldap is not the
VIP provided by heartbeat.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkpzTW4ACgkQ5B+8XEnAvqub1ACdGFBhVRaePH0fuTD0mORGIMgB
V48AnR0znBY9KD3nhYYdPtR2dQXUWxBO
=jrTm
-----END PGP SIGNATURE-----
13 years, 8 months
