[Samba] Samba LDAP PDC BDC quit working
Philip Washington
phwashington at comcast.net
Wed Feb 22 17:35:47 GMT 2006
mallapadi niranjan wrote:
> Hi Philip
>
>
> yes, I have the same properties, (for checking i did the rid*2+1000
> and object class test. , but
> once the computer are rejoined, it gets new rid, not the rid which is
> in the LDIF.
>
> Regards
> Niranjan
>
You might check your MS client event logs for this error.
error 3224
Changing machine account password for account <COMPUTER>$ failed with
the following error:
A remote procedure call (RPC) protocol error occurred.
> On 2/21/06, *Philip Washington* <phwashington at comcast.net
> <mailto:phwashington at comcast.net>> wrote:
>
> mallapadi niranjan wrote:
>
> > Hi Craig
> >
> > Thanks for replying, The samba PDC gets rebooted because of Power
> > outage, at night times.
> > After the system gets rebooted,
> > Scenario -01
> > 1. Either some times the ldap gets hanged, (2.2.13) may be
> because of
> > inconsistency.
> > 2. since ldap hangs, samba doesn't come up properly.
> > 3. so i run db_recover and try to start the ldap service and
> then samba
> >
> > Scenario-02
> > if LDAP doesn't hang, and samba comes up nicely, the computer had to
> > rejoin.
> > but in my ldapdatabase, in OU=Computers, all the computer accounts
> > exist. with
> > rid and Object class intact.
> > but some how i don't know why i have to rejoin,
> >
> Okay I just want to clarify this. After an unplanned reboot (power
> outage) , your PDC comes back up and you find that some of the
> computers
> in your domain need to rejoin the domain?? Do you have recent
> ldiff or
> slapcats indicating that most of these computers have the same
> properties in the LDAP database as before.
>
> > Scenario-03.
> > I take the regular backup of LDAP, to LDIF file, and restore with
> > latest LDIF file,
> > eventhough i don't get the Computer Accounts and also i lose user 's
> > passwords,
> > After restoring from LDIF file.
> >
> > Scenario-04
> > If i do safe reboot or shutdown, there 's no problem , the server
> > works properly without any
> > problem
> >
> > Regards
> > Niranjan
> >
> >
> > On 2/20/06, *Craig White* <craigwhite at azapple.com
> <mailto:craigwhite at azapple.com>
> > <mailto: craigwhite at azapple.com
> <mailto:craigwhite at azapple.com>>> wrote:
> >
> > On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> > > Hi all
> > >
> > >
> > > I too have the same problem , i am also using samba 3.0.21
> with
> > > openldap version 2.2.13 on Redhat Enterprise Linux 4
> enterprise
> > > server.
> > > if the samba PDC gets rebooted aburuptly, some of my clients
> > > workstations (Windows 2000 professional) have to rejoin.
> > > i was asked to check whether RID of the computer name is
> > correct(uid*2
> > > + 1000) , ans whether
> > > computer names have SambaSAMAccount object class.
> > > eventhough my computernames' exist in the database with
> correct
> > object
> > > class and rid, the clients
> > > have to be rejoined. this happens only when samba PDC with
> ldap
> > gets
> > > rebooted abruptly.
> > > having said that, so i assume that LDAP is unable to maintain
> > > consistency when it gets rebooted.
> > >
> > > so i had kept DB_CONFIG file in /var/lib/ldap(this is
> where all bdb
> > > files are there) and use db_recover
> > > in case of any crash of ldap.
> > >
> > > But if we take backup in LDIF file and restore it, but
> still my
> > > computer accounts are not getting back, i had to rejoin.
> > >
> > > this is the problem that i am having, but still could not
> find the
> > > correct solution.
> > ----
> > No - as you and he describe it, these are separate problems.
> >
> > Your issues is that PDC shouldn't get rebooted abruptly and
> newer
> > versions of openldap have a script that automatically runs
> db_recover.
> > This however doesn't come in the version of openldap that
> ships with
> > RHEL
> >
> > You might want to set up a cron script that performs a
> slapcat on
> > a more
> > frequent basis so that if it is necessary to dump the entire
> LDAP DSA
> > and reload from an ldif, the ldif is much more current and
> thus, you
> > wouldn't have to rejoin many if any computers to the domain.
> >
> > Craig
> >
> >
>
>
More information about the samba
mailing list