[Samba] Samba LDAP PDC BDC quit working

Craig White craigwhite at azapple.com
Sat Feb 18 20:52:47 GMT 2006 

On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
> We have had a Samba LDAP-PDC-BDC system setup for close to 3 months with 
> about 60 computers in the domain.  Earlier we had a power outage and 
> about 30 computers no longer were able to log into the domain or 
> authenticate.  Some were NT Workstations and some were W2k.  But not all 
> NT or W2K workstations were affected.
> If we went to network neighborhood we would see the error message
> " "The trust relationship between this workstation and the primary domain
> failed"
> When someone tries to login to these computers then they get the error
> "The system cannot log you on to this domain because the system's 
> computer account in it's primary domain is missing or the password on 
> that account is incorrect".
> 
> We were able to fix the problem on the computers by taking the computers 
> out of the domain and re-entering them into the domain.    Went into 
> System->Network Identification-> put the machine in a workgroup -> 
> reboot -> Go back in and put the machine back into the domain.  No 
> manual deletion on the PDC was done.  This was all done on the client.
> 
> I reviewed LDAP backups and thus far have not found any descrepancies 
> with the systems profiles before or after the power outage.  The records 
> indicate that there has not been any change in the LDAP information in 
> the last 2 months for the machines which have the problem.  Of course 
> once the systems have been relogged into the domain the SambaNTPassword 
> changes.
> 
> I am currently both baffled and concerned as to how or why this would 
> happen.  If anybody could shed more light on what could have happened I 
> would appreciate it.
> I would also like to know if there is a way to re-add or add a client on 
> the Samba-LDAP-PDC instead of going to each individual client.
----
probably would be a good idea to figure out how to troubleshoot your
setup as one could only conjecture about what your problem is as you
describe it.

I do know that there is some faulty logic in your assumptions above
since the workstations will automatically change their password with the
passdb approximately once each month and I am quite certain that this is
documented in the samba documentation.

So in view of your faulty assumption, my guess would be that your
PDC/BDC setup in LDAP probably isn't working properly as there should be
evidence in some log somewhere when the workstations change their
password and that the password changes propagate from LDAP server to
LDAP server and assuming that you are using something like 'slurpd' to
replicate changes in LDAP, there should be evidence of some failures
(aka rejects) unless you are allowing changes directly to the 'slave'
LDAP server in which case, you have a lot to fix.

Craig

More information about the samba mailing list