[Samba] Samba LDAP PDC BDC quit working

mallapadi niranjan niranjan.ashok at gmail.com
Tue Feb 21 05:00:43 GMT 2006


Hi phlip

No i don't have a BDC,


Regards
Niranjan



On 2/20/06, Philip Washington <phwashington at comcast.net> wrote:
>
> mallapadi niranjan wrote:
>
> > Hi all
> >
> >
> > I too have the same problem , i am also using samba 3.0.21 with
> > openldap  version 2.2.13 on Redhat Enterprise Linux 4 enterprise server.
> > if the samba PDC gets rebooted aburuptly,  some of my clients
> > workstations (Windows 2000 professional) have to rejoin.
> > i was asked to check whether RID of the computer name is correct(uid*2
> > + 1000) , ans whether
> > computer names have SambaSAMAccount object class.
> > eventhough my computernames' exist in the database with correct object
> > class and rid, the clients
> > have to be rejoined. this happens only when samba PDC with ldap gets
> > rebooted abruptly.
> > having said that, so i assume that LDAP is unable to maintain
> > consistency when it gets rebooted.
> >
> > so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
> > files are there) and use db_recover
> > in case of any crash of ldap.
> >
> > But if we take backup in LDIF file and restore it, but still my
> > computer accounts are not getting back, i had to rejoin.
> >
> > this is the problem that i am having, but still could not find the
> > correct solution.
> >
> > Regards
> > Niranjan
> >
> Do you have a BDC?  If not then this is very interesting information.
>
> > On 2/19/06, *Philip Washington* <phwashington at comcast.net
> > <mailto:phwashington at comcast.net>> wrote:
> >
> >     Craig White wrote:
> >
> >     >On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
> >     >
> >     >
> >     >>We have had a Samba LDAP-PDC-BDC system setup for close to 3
> >     months with
> >     >>about 60 computers in the domain.  Earlier we had a power outage
> >     and
> >     >>about 30 computers no longer were able to log into the domain or
> >     >>authenticate.  Some were NT Workstations and some were W2k.  But
> >     not all
> >     >>NT or W2K workstations were affected.
> >     >>If we went to network neighborhood we would see the error message
> >     >>" "The trust relationship between this workstation and the
> >     primary domain
> >     >>failed"
> >     >>When someone tries to login to these computers then they get the
> >     error
> >     >>"The system cannot log you on to this domain because the system's
> >     >>computer account in it's primary domain is missing or the
> >     password on
> >     >>that account is incorrect".
> >     >>
> >     >>We were able to fix the problem on the computers by taking the
> >     computers
> >     >>out of the domain and re-entering them into the domain.    Went
> into
> >     >>System->Network Identification-> put the machine in a workgroup ->
> >     >>reboot -> Go back in and put the machine back into the domain.  No
> >     >>manual deletion on the PDC was done.  This was all done on the
> >     client.
> >     >>
> >     >>I reviewed LDAP backups and thus far have not found any
> >     descrepancies
> >     >>with the systems profiles before or after the power outage.  The
> >     records
> >     >>indicate that there has not been any change in the LDAP
> >     information in
> >     >>the last 2 months for the machines which have the problem.  Of
> >     course
> >     >>once the systems have been relogged into the domain the
> >     SambaNTPassword
> >     >>changes.
> >     >>
> >     >>I am currently both baffled and concerned as to how or why this
> >     would
> >     >>happen.  If anybody could shed more light on what could have
> >     happened I
> >     >>would appreciate it.
> >     >>I would also like to know if there is a way to re-add or add a
> >     client on
> >     >>the Samba-LDAP-PDC instead of going to each individual client.
> >     >>
> >     >>
> >     >----
> >     >probably would be a good idea to figure out how to troubleshoot
> your
> >     >setup as one could only conjecture about what your problem is as
> you
> >     >describe it.
> >     >
> >     >I do know that there is some faulty logic in your assumptions above
> >     >since the workstations will automatically change their password
> >     with the
> >     >passdb approximately once each month and I am quite certain that
> >     this is
> >     >documented in the samba documentation.
> >     >
> >     >
> >     >
> >     Yep, this does throw a bad domino into the logic.  ( I wonder if
> >     MS will
> >     give me my money back for all of those MCSE classes).  Once I
> >     fixed that
> >     domino and started looking at the BDC again, I realized that it's
> >     samba
> >     configuration files look identical to the ones on the PDC with the
> >     exception that  ldap is pointing to the ldap on the BDC.   So it
> >     currently looks like the BDC is misconfigured (Basically I'm seeing
> a
> >     configuration that deviates quite a bit from what I see in Samba-3
> by
> >     Example).
> >     I shutdown the BDC for now and put the PDC on a UPS (Yeah it
> >     should have
> >     been on one in the first place, but money is tight and we're
> operating
> >     under, if it ain't broke don't pay money to fix it).   This should
> >     hold
> >     us over until the BDC is configured correctly.
> >
> >     Thanks for the enlightenment.
> >
> >
> >     >So in view of your faulty assumption, my guess would be that your
> >     >PDC/BDC setup in LDAP probably isn't working properly as there
> >     should be
> >     >evidence in some log somewhere when the workstations change their
> >     >password and that the password changes propagate from LDAP server
> to
> >     >LDAP server and assuming that you are using something like
> >     'slurpd' to
> >     >replicate changes in LDAP, there should be evidence of some
> failures
> >     >(aka rejects) unless you are allowing changes directly to the
> 'slave'
> >     >LDAP server in which case, you have a lot to fix.
> >     >
> >     >Craig
> >     >
> >     >
> >     >
> >
> >     --
> >     To unsubscribe from this list go to the following URL and read the
> >     instructions:  https://lists.samba.org/mailman/listinfo/samba
> >     <https://lists.samba.org/mailman/listinfo/samba>
> >
> >
>
>


More information about the samba mailing list