[Samba] Samba LDAP PDC BDC quit working
mallapadi niranjan
niranjan.ashok at gmail.com
Tue Feb 21 05:00:43 GMT 2006
Hi phlip
No i don't have a BDC,
Regards
Niranjan
On 2/20/06, Philip Washington <phwashington at comcast.net> wrote:
>
> mallapadi niranjan wrote:
>
> > Hi all
> >
> >
> > I too have the same problem , i am also using samba 3.0.21 with
> > openldap version 2.2.13 on Redhat Enterprise Linux 4 enterprise server.
> > if the samba PDC gets rebooted aburuptly, some of my clients
> > workstations (Windows 2000 professional) have to rejoin.
> > i was asked to check whether RID of the computer name is correct(uid*2
> > + 1000) , ans whether
> > computer names have SambaSAMAccount object class.
> > eventhough my computernames' exist in the database with correct object
> > class and rid, the clients
> > have to be rejoined. this happens only when samba PDC with ldap gets
> > rebooted abruptly.
> > having said that, so i assume that LDAP is unable to maintain
> > consistency when it gets rebooted.
> >
> > so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
> > files are there) and use db_recover
> > in case of any crash of ldap.
> >
> > But if we take backup in LDIF file and restore it, but still my
> > computer accounts are not getting back, i had to rejoin.
> >
> > this is the problem that i am having, but still could not find the
> > correct solution.
> >
> > Regards
> > Niranjan
> >
> Do you have a BDC? If not then this is very interesting information.
>
> > On 2/19/06, *Philip Washington* <phwashington at comcast.net
> > <mailto:phwashington at comcast.net>> wrote:
> >
> > Craig White wrote:
> >
> > >On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
> > >
> > >
> > >>We have had a Samba LDAP-PDC-BDC system setup for close to 3
> > months with
> > >>about 60 computers in the domain. Earlier we had a power outage
> > and
> > >>about 30 computers no longer were able to log into the domain or
> > >>authenticate. Some were NT Workstations and some were W2k. But
> > not all
> > >>NT or W2K workstations were affected.
> > >>If we went to network neighborhood we would see the error message
> > >>" "The trust relationship between this workstation and the
> > primary domain
> > >>failed"
> > >>When someone tries to login to these computers then they get the
> > error
> > >>"The system cannot log you on to this domain because the system's
> > >>computer account in it's primary domain is missing or the
> > password on
> > >>that account is incorrect".
> > >>
> > >>We were able to fix the problem on the computers by taking the
> > computers
> > >>out of the domain and re-entering them into the domain. Went
> into
> > >>System->Network Identification-> put the machine in a workgroup ->
> > >>reboot -> Go back in and put the machine back into the domain. No
> > >>manual deletion on the PDC was done. This was all done on the
> > client.
> > >>
> > >>I reviewed LDAP backups and thus far have not found any
> > descrepancies
> > >>with the systems profiles before or after the power outage. The
> > records
> > >>indicate that there has not been any change in the LDAP
> > information in
> > >>the last 2 months for the machines which have the problem. Of
> > course
> > >>once the systems have been relogged into the domain the
> > SambaNTPassword
> > >>changes.
> > >>
> > >>I am currently both baffled and concerned as to how or why this
> > would
> > >>happen. If anybody could shed more light on what could have
> > happened I
> > >>would appreciate it.
> > >>I would also like to know if there is a way to re-add or add a
> > client on
> > >>the Samba-LDAP-PDC instead of going to each individual client.
> > >>
> > >>
> > >----
> > >probably would be a good idea to figure out how to troubleshoot
> your
> > >setup as one could only conjecture about what your problem is as
> you
> > >describe it.
> > >
> > >I do know that there is some faulty logic in your assumptions above
> > >since the workstations will automatically change their password
> > with the
> > >passdb approximately once each month and I am quite certain that
> > this is
> > >documented in the samba documentation.
> > >
> > >
> > >
> > Yep, this does throw a bad domino into the logic. ( I wonder if
> > MS will
> > give me my money back for all of those MCSE classes). Once I
> > fixed that
> > domino and started looking at the BDC again, I realized that it's
> > samba
> > configuration files look identical to the ones on the PDC with the
> > exception that ldap is pointing to the ldap on the BDC. So it
> > currently looks like the BDC is misconfigured (Basically I'm seeing
> a
> > configuration that deviates quite a bit from what I see in Samba-3
> by
> > Example).
> > I shutdown the BDC for now and put the PDC on a UPS (Yeah it
> > should have
> > been on one in the first place, but money is tight and we're
> operating
> > under, if it ain't broke don't pay money to fix it). This should
> > hold
> > us over until the BDC is configured correctly.
> >
> > Thanks for the enlightenment.
> >
> >
> > >So in view of your faulty assumption, my guess would be that your
> > >PDC/BDC setup in LDAP probably isn't working properly as there
> > should be
> > >evidence in some log somewhere when the workstations change their
> > >password and that the password changes propagate from LDAP server
> to
> > >LDAP server and assuming that you are using something like
> > 'slurpd' to
> > >replicate changes in LDAP, there should be evidence of some
> failures
> > >(aka rejects) unless you are allowing changes directly to the
> 'slave'
> > >LDAP server in which case, you have a lot to fix.
> > >
> > >Craig
> > >
> > >
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> > <https://lists.samba.org/mailman/listinfo/samba>
> >
> >
>
>
More information about the samba
mailing list