[Samba] Samba LDAP PDC BDC quit working
Philip Washington
phwashington at comcast.net
Mon Feb 20 17:04:27 GMT 2006
mallapadi niranjan wrote:
> Hi all
>
>
> I too have the same problem , i am also using samba 3.0.21 with
> openldap version 2.2.13 on Redhat Enterprise Linux 4 enterprise server.
> if the samba PDC gets rebooted aburuptly, some of my clients
> workstations (Windows 2000 professional) have to rejoin.
> i was asked to check whether RID of the computer name is correct(uid*2
> + 1000) , ans whether
> computer names have SambaSAMAccount object class.
> eventhough my computernames' exist in the database with correct object
> class and rid, the clients
> have to be rejoined. this happens only when samba PDC with ldap gets
> rebooted abruptly.
> having said that, so i assume that LDAP is unable to maintain
> consistency when it gets rebooted.
>
> so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
> files are there) and use db_recover
> in case of any crash of ldap.
>
> But if we take backup in LDIF file and restore it, but still my
> computer accounts are not getting back, i had to rejoin.
>
> this is the problem that i am having, but still could not find the
> correct solution.
>
> Regards
> Niranjan
>
Do you have a BDC? If not then this is very interesting information.
> On 2/19/06, *Philip Washington* <phwashington at comcast.net
> <mailto:phwashington at comcast.net>> wrote:
>
> Craig White wrote:
>
> >On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
> >
> >
> >>We have had a Samba LDAP-PDC-BDC system setup for close to 3
> months with
> >>about 60 computers in the domain. Earlier we had a power outage
> and
> >>about 30 computers no longer were able to log into the domain or
> >>authenticate. Some were NT Workstations and some were W2k. But
> not all
> >>NT or W2K workstations were affected.
> >>If we went to network neighborhood we would see the error message
> >>" "The trust relationship between this workstation and the
> primary domain
> >>failed"
> >>When someone tries to login to these computers then they get the
> error
> >>"The system cannot log you on to this domain because the system's
> >>computer account in it's primary domain is missing or the
> password on
> >>that account is incorrect".
> >>
> >>We were able to fix the problem on the computers by taking the
> computers
> >>out of the domain and re-entering them into the domain. Went into
> >>System->Network Identification-> put the machine in a workgroup ->
> >>reboot -> Go back in and put the machine back into the domain. No
> >>manual deletion on the PDC was done. This was all done on the
> client.
> >>
> >>I reviewed LDAP backups and thus far have not found any
> descrepancies
> >>with the systems profiles before or after the power outage. The
> records
> >>indicate that there has not been any change in the LDAP
> information in
> >>the last 2 months for the machines which have the problem. Of
> course
> >>once the systems have been relogged into the domain the
> SambaNTPassword
> >>changes.
> >>
> >>I am currently both baffled and concerned as to how or why this
> would
> >>happen. If anybody could shed more light on what could have
> happened I
> >>would appreciate it.
> >>I would also like to know if there is a way to re-add or add a
> client on
> >>the Samba-LDAP-PDC instead of going to each individual client.
> >>
> >>
> >----
> >probably would be a good idea to figure out how to troubleshoot your
> >setup as one could only conjecture about what your problem is as you
> >describe it.
> >
> >I do know that there is some faulty logic in your assumptions above
> >since the workstations will automatically change their password
> with the
> >passdb approximately once each month and I am quite certain that
> this is
> >documented in the samba documentation.
> >
> >
> >
> Yep, this does throw a bad domino into the logic. ( I wonder if
> MS will
> give me my money back for all of those MCSE classes). Once I
> fixed that
> domino and started looking at the BDC again, I realized that it's
> samba
> configuration files look identical to the ones on the PDC with the
> exception that ldap is pointing to the ldap on the BDC. So it
> currently looks like the BDC is misconfigured (Basically I'm seeing a
> configuration that deviates quite a bit from what I see in Samba-3 by
> Example).
> I shutdown the BDC for now and put the PDC on a UPS (Yeah it
> should have
> been on one in the first place, but money is tight and we're operating
> under, if it ain't broke don't pay money to fix it). This should
> hold
> us over until the BDC is configured correctly.
>
> Thanks for the enlightenment.
>
>
> >So in view of your faulty assumption, my guess would be that your
> >PDC/BDC setup in LDAP probably isn't working properly as there
> should be
> >evidence in some log somewhere when the workstations change their
> >password and that the password changes propagate from LDAP server to
> >LDAP server and assuming that you are using something like
> 'slurpd' to
> >replicate changes in LDAP, there should be evidence of some failures
> >(aka rejects) unless you are allowing changes directly to the 'slave'
> >LDAP server in which case, you have a lot to fix.
> >
> >Craig
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
> <https://lists.samba.org/mailman/listinfo/samba>
>
>
More information about the samba
mailing list