[Samba] Replication errors with LDAP and problems with NT machines
Thomas Wigren
thomas.wigren at skola.grums.se
Thu Nov 17 08:37:04 GMT 2005
Hi all!
I work as a computer technician for a small school and have recently
upgraded our network to use samba servers. Our main computers are a PDC,
a BDC, a file server and a backup server, all using Red Hat Fedora Core
3 as a base. The clients on our network consist of machines with Windows
XP and a few with Windows NT.
Everything seems to work just fine except for some minor but annoying
problem. The XP machines work flawlessly but the ones with NT do
“disconnect” themselves from the domain now and then in a random way (or
so it seems). My solution so far is to rejoin them in the domain by
logging in locally as administrator. Sometimes, but that is even more
rare, I have to delete the computer account in the LDAP database and
recreate it.
The PDC updates the BDC via LDAP replication (Slurpd). I do get some
strange errors from this replication and I suspect this have something
to with the strange behaviour since it’s the same computers that are in
the error log that disconnect themselves. It could very well be two
completely diffent issues though.
I attach some config files which I think is the ones needed. If more
info is needed please ask.
I would be grateful for any help.
Thank you!
Thomas Wigren
1. Versions of software
samba-3.0.10-1.fc3
openldap-2.2.13-2
2. LDAP Configuration files
########################
/etc/ldap.conf on ZEUS (PDC)
########################
host 127.0.0.1
base "dc=elysion,dc=lan"
rootbinddn cn=Manager,dc=elysion,dc=lan
nss_base_passwd ou=Users,dc=elysion,dc=lan?one
nss_base_passwd ou=Computers,dc=elysion,dc=lan?one
nss_base_shadow ou=Users,dc=elysion,dc=lan?one
nss_base_group ou=Groups,dc=elysion,dc=lan?one
ssl no
pam_password md5
########################
/etc/openldap/ldap.conf on ZEUS (PDC)
########################
HOST 127.0.0.1
BASE "dc=elysion,dc=lan"
########################
/etc/openldap/slapd.conf on ZEUS (PDC)
########################
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/slapd.pid
loglevel 64
database ldbm
suffix "dc=elysion,dc=lan"
rootdn "cn=Manager,dc=elysion,dc=lan"
rootpw ********
directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
replogfile /var/lib/ldap/replog
replica uri=ldap://hera.elysion.lan:389
binddn="cn=Manager,dc=elysion,dc=lan"
bindmethod=simple
credentials=********
########################
/etc/ldap.conf on HERA (BDC)
########################
host 127.0.0.1
base "dc=elysion,dc=lan"
rootbinddn cn=Manager,dc=elysion,dc=lan
nss_base_passwd ou=Users,dc=elysion,dc=lan?one
nss_base_passwd ou=Computers,dc=elysion,dc=lan?one
nss_base_shadow ou=Users,dc=elysion,dc=lan?one
nss_base_group ou=Groups,dc=elysion,dc=lan?one
ssl no
pam_password md5
########################
/etc/openldap/ldap.conf on HERA (BDC)
########################
HOST 127.0.0.1
BASE "dc=elysion,dc=lan"
########################
/etc/openldap/slapd.conf on HERA (BDC)
########################
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/slapd.pid
database ldbm
suffix "dc=elysion,dc=lan"
rootdn "cn=Manager,dc=elysion,dc=lan"
rootpw ********
directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
updatedn "cn=Manager,dc=elysion,dc=lan"
updateref ldap://zeus.elysion.lan
2. SAMBA Configuration files
########################
/etc/samba/smb.conf on ZEUS (PDC)
########################
[global]
workgroup = ELYSION
netbios name = ZEUS
server string = PDC
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/log.%m
max log size = 100000
security = user
encrypt passwords = yes
min passwd length = 5
obey pam restrictions = No
ldap passwd sync = Yes
time server = Yes
unix password sync = no
log level = 0
syslog = 0
mangling method = hash2
dos charset = 850
unix charset = ISO8859-1
passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0
os level = 65
domain master = yes
local master = yes
preferred master = yes
domain logons = yes
logon script = startup.bat
logon drive = X:
logon home =
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=elysion,dc=lan
ldap suffix = dc=elysion,dc=lan
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap delete dn = Yes
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
logon path = \\ZEUS\profiles
wins support = yes
name resolve order = wins host lmhosts bcast
use sendfile = no
smb ports = 139
#============================ Share Definitions
==============================
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = %U
valid users = %S
browsable = no
writable = yes
hide dot files = yes
force group = Teachers
create mask = 0660
force create mode = 0660
force directory mode = 0770
hide files = /RECYCLER/desktop.ini/
[studiematerial]
path = /home/teacher2student
write list = @Teachers
browsable = no
writable = no
force group = Teachers
force create mode = 664
force directory mode = 775
[elevadministration]
path = /home/students
browsable = no
writeable = yes
valid users = @Teachers
force create mode = 664
force directory mode = 775
force group = Teachers
[gemensamma filer]
path = /home/teacher2teacher
browsable = no
writable = yes
valid users = @Teachers
force create mode = 660
force directory mode = 770
force group = Teachers
[clipart]
path = /home/clipart
writable = no
browsable = no
write list = Thomas.Wigren, Susanne.Hammerich, root
force group = Teachers
force create mode = 644
force directory mode = 755
[nytto]
path = /home/nytto
browsable = no
writable = yes
valid users = Thomas.Wigren, Susanne.Hammerich, root
force group = Teachers
force create mode = 644
force directory mode = 755
[netlogon]
comment = Network Logon Service
path = /home/netlogon/%a
[profiles]
path = /home/profiles/%a
writeable = yes
browsable = no
force create mode = 0644
force directory mode = 0755
########################
/etc/samba/smb.conf on HERA (BDC)
########################
[global]
workgroup = ELYSION
netbios name = HERA
server string = BDC
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/log.%m
max log size = 100000
security = user
encrypt passwords = yes
min passwd length = 5
obey pam restrictions = No
ldap passwd sync = Yes
time server = Yes
unix password sync = no
log level = 0
syslog = 0
mangling method = hash2
dos charset = 850
unix charset = ISO8859-1
passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0
os level = 64
domain master = no
local master = no
preferred master = no
domain logons = yes
logon script = startup.bat
logon drive = X:
logon home =
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=elysion,dc=lan
ldap suffix = dc=elysion,dc=lan
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap delete dn = yes
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
logon path =
name resolve order = wins host lmhosts bcast
wins support = no
wins server = 172.16.232.1
use sendfile = no
smb ports = 139
#============================ Share Definitions
==============================
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = %U
valid users = %S
browsable = no
writable = yes
hide dot files = yes
force group = Teachers
create mask = 0660
force create mode = 0660
force directory mode = 0770
hide files = /RECYCLER/desktop.ini/
[studiematerial]
path = /home/teacher2student
write list = @Teachers
browsable = no
writable = no
force group = Teachers
force create mode = 664
force directory mode = 775
[elevadministration]
path = /home/students
public = no
writable = yes
browsable = no
valid users = @Teachers
force create mode = 664
force directory mode = 775
force group = Teachers
[gemensamma filer]
path = /home/teacher2teacher
browsable = yes
writable = yes
valid users = @Teachers
force create mode = 660
force directory mode = 770
force group = Teachers
[clipart]
path = /home/clipart
writable = no
browsable = no
write list = Thomas.Wigren, Susanne.Hammerich, root
force group = Teachers
force crwate mode = 644
force directory mode = 755
[nytto]
path = /home/nytto
browsable = no
writable = yes
valid users = Thomas.Wigren, Susanne.Hammerich, root
force group = Teachers
force create mode = 644
force directory mode = 755
[netlogon]
comment = Network Logon Service
path = /home/netlogon/%a
[profiles]
path = /home/profiles/%a
writeable = yes
browsable = no
force create mode = 0644
force directory mode = 0755
3. Replication log
########################
/var/lib/ldap/replica/hera.elysion.lan:389.rej
########################
ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value
replica: hera.elysion.lan:389
time: 1132047279.0
dn: uid=eurydice$,ou=Computers,dc=elysion,dc=lan
changetype: modify
delete: sambaPwdCanChange
sambaPwdCanChange: 1132045192
-
add: sambaPwdCanChange
sambaPwdCanChange: 1132047279
-
delete: sambaLMPassword
sambaLMPassword: 60F9BE525098FB3917306D272A9441BB
-
delete: sambaNTPassword
sambaNTPassword: 82ABE317EDABC40E2D3DF00A4E8C76AF
-
add: sambaNTPassword
sambaNTPassword: BD4E5B924259E25B210B39F6F2AB3A27
-
delete: sambaPwdLastSet
sambaPwdLastSet: 1132045192
-
add: sambaPwdLastSet
sambaPwdLastSet: 1132047279
-
replace: entryCSN
entryCSN: 20051115093439Z#000001#00#000000
-
replace: modifiersName
modifiersName: cn=Manager,dc=elysion,dc=lan
-
replace: modifyTimestamp
modifyTimestamp: 20051115093439Z
-
ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value
replica: hera.elysion.lan:389
time: 1132048516.0
dn: uid=amphion$,ou=Computers,dc=elysion,dc=lan
changetype: modify
delete: sambaPwdCanChange
sambaPwdCanChange: 1131615883
-
add: sambaPwdCanChange
sambaPwdCanChange: 1132048516
-
delete: sambaNTPassword
sambaNTPassword: 10925D43182FE76C866950D0223D039C
-
add: sambaNTPassword
sambaNTPassword: 6E2C27B37D7FC0DD49A03DFCE82F8390
-
delete: sambaPwdLastSet
sambaPwdLastSet: 1131615883
-
add: sambaPwdLastSet
sambaPwdLastSet: 1132048516
-
replace: entryCSN
entryCSN: 20051115095516Z#000001#00#000000
-
replace: modifiersName
modifiersName: cn=Manager,dc=elysion,dc=lan
-
replace: modifyTimestamp
modifyTimestamp: 20051115095516Z
-
ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value
replica: hera.elysion.lan:389
time: 1132130840.0
dn: uid=harmonia$,ou=Computers,dc=elysion,dc=lan
changetype: modify
delete: sambaPwdCanChange
sambaPwdCanChange: 1131455803
-
add: sambaPwdCanChange
sambaPwdCanChange: 1132130840
-
delete: sambaNTPassword
sambaNTPassword: 492A7157FCC6BAFC965E7B48263D7A48
-
add: sambaNTPassword
sambaNTPassword: A26A1280212749F6481A791E15247E77
-
delete: sambaPwdLastSet
sambaPwdLastSet: 1131455803
-
add: sambaPwdLastSet
sambaPwdLastSet: 1132130840
-
replace: entryCSN
entryCSN: 20051116084720Z#000001#00#000000
-
replace: modifiersName
modifiersName: cn=Manager,dc=elysion,dc=lan
-
replace: modifyTimestamp
modifyTimestamp: 20051116084720Z
-
ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value
replica: hera.elysion.lan:389
time: 1132211749.0
dn: uid=paris$,ou=Computers,dc=elysion,dc=lan
changetype: modify
delete: sambaPwdCanChange
sambaPwdCanChange: 1130487874
-
add: sambaPwdCanChange
sambaPwdCanChange: 1132211748
-
delete: sambaNTPassword
sambaNTPassword: 70A10FEDF47A7A6E316E95592AC76FEB
-
add: sambaNTPassword
sambaNTPassword: 7D2D3C5E2B9BEA3C580B9B73158D236A
-
delete: sambaPwdLastSet
sambaPwdLastSet: 1130487874
-
add: sambaPwdLastSet
sambaPwdLastSet: 1132211748
-
replace: entryCSN
entryCSN: 20051117071548Z#000001#00#000000
-
replace: modifiersName
modifiersName: cn=Manager,dc=elysion,dc=lan
-
replace: modifyTimestamp
modifyTimestamp: 20051117071548Z
-
ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value
replica: hera.elysion.lan:389
time: 1132212952.0
dn: uid=polyhymnia$,ou=Computers,dc=elysion,dc=lan
changetype: modify
delete: sambaPwdCanChange
sambaPwdCanChange: 1131091378
-
add: sambaPwdCanChange
sambaPwdCanChange: 1132212952
-
delete: sambaNTPassword
sambaNTPassword: 00C187D5F563F71719556DE753FC1D78
-
add: sambaNTPassword
sambaNTPassword: F7D581AB7BA54A60BC3B1532A5D4E7C8
-
delete: sambaPwdLastSet
sambaPwdLastSet: 1131091378
-
add: sambaPwdLastSet
sambaPwdLastSet: 1132212952
-
replace: entryCSN
entryCSN: 20051117073552Z#000001#00#000000
-
replace: modifiersName
modifiersName: cn=Manager,dc=elysion,dc=lan
-
replace: modifyTimestamp
modifyTimestamp: 20051117073552Z
-
ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value
replica: hera.elysion.lan:389
time: 1132213972.0
dn: uid=acheron$,ou=Computers,dc=elysion,dc=lan
changetype: modify
delete: sambaPwdCanChange
sambaPwdCanChange: 1130835051
-
add: sambaPwdCanChange
sambaPwdCanChange: 1132213972
-
delete: sambaNTPassword
sambaNTPassword: 5F5F6E59EAB13D17BDDE61A7222388DE
-
add: sambaNTPassword
sambaNTPassword: 7B45687322E58179FCD73D7CAB451770
-
delete: sambaPwdLastSet
sambaPwdLastSet: 1130835051
-
add: sambaPwdLastSet
sambaPwdLastSet: 1132213972
-
replace: entryCSN
entryCSN: 20051117075252Z#000001#00#000000
-
replace: modifiersName
modifiersName: cn=Manager,dc=elysion,dc=lan
-
replace: modifyTimestamp
modifyTimestamp: 20051117075252Z
-
More information about the samba
mailing list