[Samba] Samba bdc

Sat Jul 2 16:25:30 GMT 2005

Tomasz Chmielewski wrote:
> Scott Mayo schrieb:
> 
>> Tomasz Chmielewski wrote:
>>
>>> Scott Mayo schrieb:
>>>
>>>> I have two serves set up.  One will be my PDC (master) and the other 
>>>> will be my BDC (slave).  I have openldap setup and replicating the 
>>>> data between the two servers.
>>>>
>>>> Everything seems to work fine from the Master, but I have one 
>>>> problem with the slave.  From the slave, I can do an ldapsearch and 
>>>> everthing is fine.  But when I do a 'pdbedit -L', I get the following:
>>>>
>>>> Unknown parameter encountered "ldap map suffix"
>>>> Ignoring unknown parameter "ldap map suffix"
>>>> failed to bind to server with dn="blah,blah"  Error: Can't contact 
>>>> LDAP server (unknown)
>>>> smbldap_search_suffix: Problem during the ldap search (unknown) 
>>>> Timed out
>>>>
>>>> Everything works fine with any ldap command that I enter, so I 
>>>> assume that it is something to do with samba.  Also,I can logon to 
>>>> the Master server with a Windows client just fine.  If I take the 
>>>> Master down and then try to login with my windows client, it tells 
>>>> me the domain is not available.  I would have thought the BDC would 
>>>> have taken over.  Any ideas what to look at?  I can post my conf 
>>>> files if need be.
>>>
>>>
>>>
>>>
>>> It looks like the replication is configured (is it?), but not Samba.
>>>
>>> 1)
>>> Do you see users added on PDC also on BDC?
>>>
>>> use "getent passwd" for that.
>>
>>
>>
>> Yes, that works.
>>
>>>
>>> 2)
>>> Did you do "testparm"?
>>> It will check your smb.conf for errors.
>>
>>
>>
>> Yes, everything seem to be alright there
> 
> 
> well, that contradicts what you said before:
> 
> 
> Unknown parameter encountered "ldap map suffix"
> Ignoring unknown parameter "ldap map suffix"
> 

I might have fixed something since then, but I thought it did not give
any errors the first time.  Not getting that error anymore now though
since I changed a setting.

>>> 3)
>>> BDC would take over domain logons (but not domain joins) only if it's 
>>> configured properly.
>>> In your case, it looks like it isn't.
>>
>>
>>
>> Any idea what I need to look at?  Strange thing is this:
>>
>> I have a script that builds my login batch files on the go and saves 
>> them in the netlogon directory.  If the PDC is up by itself, then it 
>> works fine.  When I bring the BDC up and login with the client, it 
>> saves the batch file to the BDC's netlogon directory.  But if I take 
>> down the PDC then the client cannot login to the BDC.
>>
>> I actually got it to where the 'pdbedit -L' works while the Master is 
>> up, but if I take down the master then I get errors.
> 
> 
> well, I'd do some more things.
> 
> 1) set log level to 3 in smb.conf
> 2) stop Samba
> 3) remove logs from /var/log/samba
> 4) start Samba
> 5) see the logs if there are any indications about failures in 
> contacting LDAP?

Actually the BDC says it failed to get ldap server info.  Not sure why
since ldapsearch and other things seem to work.

> 6) see BDC and PDC logs and search who the PDC *really* is (maybe BDC 
> doesn't know it for some reason)?

How do I do this?  I assume from the nmbd.log file, but not sure how to
tell which server won.

> 7) can you add usernames/workstations from command line on BDC?
> 
> smbldap-useradd -w testworkstation
> 
> getent passwd

I can, but getent does not pull it up from the slave.  It does from the
master after adding it from the slave.  I have just found out that
replication only works if I do a One Shot mode of slurpd.  That has me
bumfuzzled, so I will see what I can figure out on that.

> 
> 8) you might also want to stop Samba, remove all *.tdb files, and start 
> it once again - make a backup of these files, I don't want to break 
> anything in your setup :)

Don't worry about breaking anything.  This is all test.  Once I get it
done, I am going to reset it up. :)  What was removing the tdb files
supposed to do?

It takes forever to log in when the BDC is actually up.

-- 
Scott Mayo
Technology Coordinator
Bloomfield Schools
PH: 573-568-5669
FA: 573-568-4565
Pager: 800-264-2535 X2549

Duct tape is like the force, it has a light side and a dark side and it
holds the universe together.