[Samba] step 2 - samba-3 PDC & BDC fail-over with 2 LDAP servers fails

Andrew Bartlett abartlet at samba.org
Fri Oct 10 11:06:38 GMT 2003


On Fri, 2003-10-10 at 20:48, Rauno Tuul wrote:
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at samba.org]
> >
> > passdb backend = ldapsam:"ldaps://ldap1 ldaps://ldap2"
> > is what you want.
> 
> This helped me a little bit forward. I suggest to add this line also to
> samba-pdc help.
> 
> But still I ran into problems.
> I fixed the passdb lines on PDC and BDC. If the second server (on PDC
> slave-ldap and on BDC master-ldap) goes down, everything works fine further.
> The first (closest) server authenticates the client and all is fine. So I
> got a bit further.
> 
> But it gets tricky when I shut the first LDAP server in line down (on PDC
> master-ldap and on BDC slave-ldap).
> 
> master ldap down: 
> PDC:
> smbclient -> session setup failed: NT_STATUS_LOGON_FAILURE
> [2003/10/10 13:17:15, 1] auth/auth_util.c:make_server_info_sam(818)
>   User myusername in passdb, but getpwnam() fails!
> [2003/10/10 13:17:15, 0] auth/auth_sam.c:check_sam_security(459)
>   check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_NO_SUCH_USER'
> BDC: ok

> Basically it finds the user in LDAP, but somehow it fails. I don't get.
> I also have log level 10 log files, but I can't figure much more out of
> them. Andrew if you want them, I can send them (gzipped logs).

You need to do exactly the same in nsswitch.  /etc/ldap.conf is used to
control the behaviour of libnss_ldap, and needs *exactly* the same
line.  (or else you will get this happening, where Samba finds the
server, but nss_ldap doesn't).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031010/bb171bde/attachment.bin


More information about the samba mailing list