[Samba] Samba LDAP PDC BDC quit working

[Philip Washington]

mallapadi niranjan wrote:

> Hi Craig
>
> Thanks for replying, The samba PDC gets rebooted because of Power 
> outage, at night times.
> After the system gets rebooted,
> Scenario -01
> 1. Either some times the ldap gets hanged, (2.2.13) may be because of 
> inconsistency.
> 2. since ldap hangs, samba doesn't come up properly.
> 3. so i run db_recover and try to start the ldap service and then samba
>
> Scenario-02
> if LDAP doesn't hang, and samba comes up nicely, the computer had to 
> rejoin.
> but in my ldapdatabase, in OU=Computers, all the computer accounts 
> exist. with
> rid and Object class intact.
> but some how i don't know why i have to rejoin,
>
Okay I just want to clarify this. After an unplanned reboot (power 
outage) , your PDC comes back up and you find that some of the computers 
in your domain need to rejoin the domain??  Do you have recent ldiff or 
slapcats indicating that most of these computers have the same 
properties in the LDAP database as before.

> Scenario-03.
> I take the regular backup of LDAP, to LDIF file, and restore with 
> latest LDIF file,
> eventhough i don't get the Computer Accounts and also i lose user 's 
> passwords,
> After restoring from LDIF file.
>
> Scenario-04
> If i do safe reboot or shutdown, there 's no problem , the server 
> works properly without any
> problem
>
> Regards
> Niranjan
>
>
> On 2/20/06, *Craig White* <craigwhite at azapple.com 
> <mailto:craigwhite at azapple.com>> wrote:
>
>     On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
>     > Hi all
>     >
>     >
>     > I too have the same problem , i am also using samba 3.0.21 with
>     > openldap  version 2.2.13 on Redhat Enterprise Linux 4 enterprise
>     > server.
>     > if the samba PDC gets rebooted aburuptly,  some of my clients
>     > workstations (Windows 2000 professional) have to rejoin.
>     > i was asked to check whether RID of the computer name is
>     correct(uid*2
>     > + 1000) , ans whether
>     > computer names have SambaSAMAccount object class.
>     > eventhough my computernames' exist in the database with correct
>     object
>     > class and rid, the clients
>     > have to be rejoined. this happens only when samba PDC with ldap
>     gets
>     > rebooted abruptly.
>     > having said that, so i assume that LDAP is unable to maintain
>     > consistency when it gets rebooted.
>     >
>     > so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
>     > files are there) and use db_recover
>     > in case of any crash of ldap.
>     >
>     > But if we take backup in LDIF file and restore it, but still my
>     > computer accounts are not getting back, i had to rejoin.
>     >
>     > this is the problem that i am having, but still could not find the
>     > correct solution.
>     ----
>     No - as you and he describe it, these are separate problems.
>
>     Your issues is that PDC shouldn't get rebooted abruptly and newer
>     versions of openldap have a script that automatically runs db_recover.
>     This however doesn't come in the version of openldap that ships with
>     RHEL
>
>     You might want to set up a cron script that performs a slapcat on
>     a more
>     frequent basis so that if it is necessary to dump the entire LDAP DSA
>     and reload from an ldif, the ldif is much more current and thus, you
>     wouldn't have to rejoin many if any computers to the domain.
>
>     Craig
>
>