On Wed, 2012-11-28 at 14:52 -0800, todd kman wrote: > Hi all, > I am just experimenting with Samba 4. > I have a Ubuntu server 12.04 with samba 4 compiled successfully. I have webmin installed as well. > I am trying to connect the Ubuntu/Samba server to a web domain called CODOMAIN. > CODOMAIN is administered by gis-server-2 a Microsoft Windows Server 2003 R2, Standard x64 - Edition Version 5.2 (Build 3790 : Service Pack 2) (x64). > Gis-server-2 is an Active Directory server, and Exchange server. (Exchange Server 2007 Microsoft Corporation Version: 08.01.0436.000) > If I was to guess it looks like the Exchange server component is causing some problem. > As I said on IRC (but following up here so others might understand the situation better, and so we can loop back to you about fixing this up properly): In short, your other DCs have sent you the same value twice in a multi-valued attribute. This isn't valid LDAP, and we are being stricter than Microsoft is, or we consider two values to be equivalent when Microsoft considers them distinct. The issue is that we haven't tested much with importing exchange-enabled domains so we just haven't seen this before, and so we need to work out how to handle this particular 'violation'. Mostly, we have found that AD doesn't re-check schema syntax during replication, so if somehow a duplicate does get into the system, it will not cause replication to fail. We are stricter, mostly due to the layering of our databases. We may have to turn that off. Running this: ldbsearch -Uadministrator -H ldap://ms-dc -s base -b "CN=owa (Default Web Site),CN=HTTP,CN=Protocols,CN=GIS-SERVER-2,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=CODomain,DC=local" msExchOWATranscodingFileTypes should give us more clues here, and help us solve this for the long term. Please file a bug with this info in the meantime, so we can track this. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
I am unable to get the suggested command to run. ldbsearch -Uadministrator -H ldap://ms-dc -s base -b "CN=owa companywebsite.local ,CN=HTTP,CN=Protocols,CN=GIS-SERVER-2,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=CODomain,DC=local" msExchOWATranscodingFileTypes It comes up with the error "search failed - Can't contact LDAP server" Is the command I entered in the correct format?
change 'ms-dc' to the name or IP of your Microsoft DC
OK modified the ms-dc to the microsoft server and ran it. Now I get the following error when I run this: "search error - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece" Is this a bit of the chicken and the egg. When I try the bind it gives me an error, but to get information to help resolve the bind error I need to do a bind. I feel a bit like a blind man exploring an unknown environment and blundering around. Any suggestions about how to move forward and solve this would be appreciated.