[Samba] Samba LDAP PDC BDC quit working

Philip Washington phwashington at comcast.net
Wed Feb 22 17:35:47 GMT 2006


mallapadi niranjan wrote:

> Hi Philip
>
>
> yes, I have the same properties, (for checking i did the rid*2+1000 
> and object class test. , but
> once the computer are rejoined, it gets new rid, not the rid which is 
> in the LDIF.
>
> Regards
> Niranjan
>
You might check your MS client event logs for this error.
error 3224
Changing machine account password for account <COMPUTER>$ failed with 
the following error: 
A remote procedure call (RPC) protocol error occurred. 


> On 2/21/06, *Philip Washington* <phwashington at comcast.net 
> <mailto:phwashington at comcast.net>> wrote:
>
>     mallapadi niranjan wrote:
>
>     > Hi Craig
>     >
>     > Thanks for replying, The samba PDC gets rebooted because of Power
>     > outage, at night times.
>     > After the system gets rebooted,
>     > Scenario -01
>     > 1. Either some times the ldap gets hanged, (2.2.13) may be
>     because of
>     > inconsistency.
>     > 2. since ldap hangs, samba doesn't come up properly.
>     > 3. so i run db_recover and try to start the ldap service and
>     then samba
>     >
>     > Scenario-02
>     > if LDAP doesn't hang, and samba comes up nicely, the computer had to
>     > rejoin.
>     > but in my ldapdatabase, in OU=Computers, all the computer accounts
>     > exist. with
>     > rid and Object class intact.
>     > but some how i don't know why i have to rejoin,
>     >
>     Okay I just want to clarify this. After an unplanned reboot (power
>     outage) , your PDC comes back up and you find that some of the
>     computers
>     in your domain need to rejoin the domain??  Do you have recent
>     ldiff or
>     slapcats indicating that most of these computers have the same
>     properties in the LDAP database as before.
>
>     > Scenario-03.
>     > I take the regular backup of LDAP, to LDIF file, and restore with
>     > latest LDIF file,
>     > eventhough i don't get the Computer Accounts and also i lose user 's
>     > passwords,
>     > After restoring from LDIF file.
>     >
>     > Scenario-04
>     > If i do safe reboot or shutdown, there 's no problem , the server
>     > works properly without any
>     > problem
>     >
>     > Regards
>     > Niranjan
>     >
>     >
>     > On 2/20/06, *Craig White* <craigwhite at azapple.com
>     <mailto:craigwhite at azapple.com>
>     > <mailto: craigwhite at azapple.com
>     <mailto:craigwhite at azapple.com>>> wrote:
>     >
>     >     On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
>     >     > Hi all
>     >     >
>     >     >
>     >     > I too have the same problem , i am also using samba 3.0.21
>     with
>     >     > openldap  version 2.2.13 on Redhat Enterprise Linux 4
>     enterprise
>     >     > server.
>     >     > if the samba PDC gets rebooted aburuptly,  some of my clients
>     >     > workstations (Windows 2000 professional) have to rejoin.
>     >     > i was asked to check whether RID of the computer name is
>     >     correct(uid*2
>     >     > + 1000) , ans whether
>     >     > computer names have SambaSAMAccount object class.
>     >     > eventhough my computernames' exist in the database with
>     correct
>     >     object
>     >     > class and rid, the clients
>     >     > have to be rejoined. this happens only when samba PDC with
>     ldap
>     >     gets
>     >     > rebooted abruptly.
>     >     > having said that, so i assume that LDAP is unable to maintain
>     >     > consistency when it gets rebooted.
>     >     >
>     >     > so i had kept DB_CONFIG file in /var/lib/ldap(this is
>     where all bdb
>     >     > files are there) and use db_recover
>     >     > in case of any crash of ldap.
>     >     >
>     >     > But if we take backup in LDIF file and restore it, but
>     still my
>     >     > computer accounts are not getting back, i had to rejoin.
>     >     >
>     >     > this is the problem that i am having, but still could not
>     find the
>     >     > correct solution.
>     >     ----
>     >     No - as you and he describe it, these are separate problems.
>     >
>     >     Your issues is that PDC shouldn't get rebooted abruptly and
>     newer
>     >     versions of openldap have a script that automatically runs
>     db_recover.
>     >     This however doesn't come in the version of openldap that
>     ships with
>     >     RHEL
>     >
>     >     You might want to set up a cron script that performs a
>     slapcat on
>     >     a more
>     >     frequent basis so that if it is necessary to dump the entire
>     LDAP DSA
>     >     and reload from an ldif, the ldif is much more current and
>     thus, you
>     >     wouldn't have to rejoin many if any computers to the domain.
>     >
>     >     Craig
>     >
>     >
>
>



More information about the samba mailing list