[Samba] Urgent: problem with SAMBA+LDAP
Stéphane Purnelle
stephane.purnelle at tiscali.be
Sat Apr 23 10:14:15 GMT 2005
Your ldap server is on the same server or on a other server ?
Have you verify that you not have a network problem with your server
which contain LDAP.
Luiz Alfredo Baggiotto a écrit :
>Greetings Experts!
>
>Sorry for my poor english, but I´m inside of a terrible nightmare!!!
>I´m using Samba+LDAP has about 2 months ago without problems, but in the last 4 hours, the system is absolutelly unstable. I couldn´t upgrade or patched anything. The problem simply has appeared.
>
>Principally system characteristics:
>
>- Sun Fire V880 running Solaris 9
>- openldap-2.2.23
>- nss_ldap-232
>- pam_ldap-176
>- samba-3.0.11 ==> samba-3.0.14a
>
>Symptoms: the users couldn´t make login in Samba domain and the network for those that already connected were was very slow. SSH, NFS and Apache services were ok. The syslog said "nss_ldap: could not get LDAP result - Can't contact LDAP server".
>
>I tried to reinitialize the daemons (samba and ldap) but the problem has persisted. After that, I rebooted the server, but it doesn´t solve the problem too. Then I was upgraded my samba (from 3.0.11 to 3.0.14a) and now is possible to make login and work normally, but as at the moment it has only one few users, I fear that in the Monday the problem can be happened again.
>
>Please, PLEASE: somebody has some idea about as it can happen and as I could solve the problem, in case that it happens again? I´m really despaired. Any help is very appreciated!
>
>My smb.conf is thus:
>
># Global parameters
>[global]
> workgroup = MY_DOMAIN
> netbios name = ARRAKIS
> server string = Server
> security = USER
> passdb backend = ldapsam:ldap://ldap.domain/
> passwd program = /usr/local/sbin/smbldap-passwd -u %u
> passwd chat = *password* %n\n *new*password* %n\n
> passwd chat debug = Yes
> encrypt passwords = Yes
> log level = 3
> max log size = 50000
> load printers = No
> kernel oplocks = No
> utmp = yes
> domain logons = Yes
> domain master = Yes
> use sendfile = no
> keep alive = 60
> smb ports = 445 139
> wins server = 10.40.48.25
> delete user script = /usr/local/sbin/smbldap-userdel "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
> add group script = /usr/local/sbin/smbldap-groupadd "%g"
> delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> logon drive = h:
> logon script = %U.bat
> logon path = \\%N\profiles\%U
> ldap server = ldap.domain
> ldap port = 389
> ldap suffix = dc=domain,dc=mine
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap admin dn = cn=Administrator,dc=domain,dc=min
> ldap passwd sync = Yes
> ldap delete dn = Yes
>
>I was compiled the softs with these options:
>
>OpenLDAP: ./configure --with-tls \
> --disable-wrappers \
> --enable-crypt \
> --enable-bdb \
> --enable-ldbm \
> --enable-spasswd \
> --with-cyrus-sasl \
> --enable-slapd \
> --enable-syslog \
> --enable-ipv6=no \
> --without-kerberos \
> --enable-shared
>
>Samba: ./configure --with-readline \
> --with-smbwrapper \
> --with-ldap \
> --with-ldapsam \
> --with-pam \
> --with-pam_smbpass \
> --with-syslog \
> --with-quotas \
> --with-utmp \
> --with-vfs
>
>Apparently, the most significative system error log says this:
>
>===============================================
>Apr 23 00:09:46 arrakis smbd[22907]: [ID 510469 daemon.error] nss_ldap: could not get LDAP result - Can't contact LDAP server
>Apr 23 00:09:46 arrakis last message repeated 1 time
>Apr 23 00:09:46 arrakis smbd[22907]: [ID 982204 daemon.info] nss_ldap: reconnecting to LDAP server...
>Apr 23 00:09:46 arrakis slapd[159]: [ID 848112 local4.debug] conn=1364 fd=19 ACCEPT from IP=200.132.10.12:34100 (IP=0.0.0.0:389)
>Apr 23 00:09:46 arrakis slapd[159]: [ID 347666 local4.debug] conn=1364 op=0 BIND dn="" method=128
>Apr 23 00:09:46 arrakis slapd[159]: [ID 217296 local4.debug] conn=1364 op=0 RESULT tag=97 err=0 text=
>Apr 23 00:09:46 arrakis smbd[22907]: [ID 569656 daemon.info] nss_ldap: reconnected to LDAP server after 1 attempt(s)
>Apr 23 00:09:46 arrakis slapd[159]: [ID 870088 local4.debug] get_filter: unknown filter type=130
>Apr 23 00:09:46 arrakis last message repeated 3 times
>Apr 23 00:09:46 arrakis slapd[159]: [ID 998954 local4.debug] conn=1364 op=1 SRCH base="dc=domain,dc=mine" scope=2 deref=0 filter="(&(
>objectClass=nisNetgroup)(|(?=undefined)(?=undefined)(?=undefined)(?=undefined)(?=undefined)(?=undefined)(?=undefined)(?=undefined)
>(?=undefined)(?=undefined)(?=undefined)(?=undefined)))"
>
>......
>
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:set_socket_options(202)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Failed to set socket option SO_KEEPALIVE (Error Invalid argument)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:set_socket_options(202)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Failed to set socket option TCP_NODELAY (Error Invalid argument)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/access.c:check_access(328)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Denied connection from (0.0.0.0)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Connection denied from 0.0.0.0
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:write_socket_data(430)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] write_socket_data: write failure. Error = Broken pipe
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:write_socket(455)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] write_socket: Error writing 5 bytes to socket 5: ERRNO = Broken pipe
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:send_smb(647)
>Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Error writing 5 bytes to client. -1. (Broken pipe)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:set_socket_options(202)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Failed to set socket option SO_KEEPALIVE (Error Invalid argument)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:set_socket_options(202)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Failed to set socket option TCP_NODELAY (Error Invalid argument)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/access.c:check_access(328)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Denied connection from (0.0.0.0)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Connection denied from 0.0.0.0
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:write_socket_data(430)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] write_socket_data: write failure. Error = Broken pipe
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:write_socket(455)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] write_socket: Error writing 5 bytes to socket 5: ERRNO = Broken pipe
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:send_smb(647)
>Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Error writing 5 bytes to client. -1. (Broken pipe)
>Apr 23 00:10:59 arrakis smbd[22723]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] smbd/server.c:open_sockets_smbd(388)
>Apr 23 00:10:59 arrakis smbd[22723]: [ID 702911 daemon.error] open_sockets_smbd: accept: Software caused connection abort
>===============================================
>
>I was read about these errors in the samba-list archives and tried to use some options in my smb.conf (more especifically "keep alive = 60", "smb ports = 445 139" e "use sendfile = no"), but this didn´t result. These errors appears to each 1-5 minutes.
>
>THANKS in advance for ANY help.
>
>
>
>
>
--
Stéphane Purnelle <stephane.purnelle at tiscali.be>
Site Web : http://www.linuxplusvalue.be
More information about the samba
mailing list