[Samba] Samba LDAP PDC BDC quit working
mallapadi niranjan
niranjan.ashok at gmail.com
Mon Feb 27 06:06:23 GMT 2006
Hi philip
I have installed ldap 2.3 with samba 3.0.21c and restored back the ldif file
, this time also i had rejoin systems to the domain after having computer
accounts in the ldif file (with RID and Object classes intact). i had taken
backup of my ldap using the following command
slapcat -l <ldiff-filename>.
can you suggest any other better way of taking backup of ldap so that while
restoration i don't have to rejoin systems.
Regards
Niranjan
On 2/23/06, mallapadi niranjan <niranjan.ashok at gmail.com> wrote:
>
> Hi philip
>
> the samba pdc with openldap 2.2.13, i have lot of troubles, i have
> compiled samba 3.0.21.when at the first time was released , i am not sure
> it's called samba 3.0.21a or something. openldap 2.2.13 (shipped with
> Redhat Enterprise linux 4) also need to be tweaked for having a good
> cachesize, checkpoints etc.
>
> so i have decided to go with samba 3.0.21b with openldap 2.3.19.
> see to take backup in ldif and restore it , and check whether it works.
> as i was told that openldap 2.3.19 has auto recovery in case of unclean
> shutdowns.
> hope this works
>
> Regards
> Niranjan
>
>
>
>
> On 2/22/06, Philip Washington <phwashington at comcast.net> wrote:
> >
> > mallapadi niranjan wrote:
> >
> > > Hi Philip
> > >
> > >
> > > yes, I have the same properties, (for checking i did the rid*2+1000
> > > and object class test. , but
> > > once the computer are rejoined, it gets new rid, not the rid which is
> > > in the LDIF.
> > >
> > > Regards
> > > Niranjan
> > >
> > Okay, then this is something else I don't understand.
> > If the LDAP database is getting corrupted then I can see how this
> > problem could happen. But if the PDC goes down as you describe in
> > scenario-2 then it doesn't make sense that the computers should have to
> > rejoin the domain, unless there is some information which is not being
> > stored in the LDAP database.
> >
> > > On 2/21/06, *Philip Washington* <phwashington at comcast.net
> > > <mailto:phwashington at comcast.net >> wrote:
> > >
> > > mallapadi niranjan wrote:
> > >
> > > > Hi Craig
> > > >
> > > > Thanks for replying, The samba PDC gets rebooted because of
> > Power
> > > > outage, at night times.
> > > > After the system gets rebooted,
> > > > Scenario -01
> > > > 1. Either some times the ldap gets hanged, (2.2.13) may be
> > > because of
> > > > inconsistency.
> > > > 2. since ldap hangs, samba doesn't come up properly.
> > > > 3. so i run db_recover and try to start the ldap service and
> > > then samba
> > > >
> > > > Scenario-02
> > > > if LDAP doesn't hang, and samba comes up nicely, the computer
> > had to
> > > > rejoin.
> > > > but in my ldapdatabase, in OU=Computers, all the computer
> > accounts
> > > > exist. with
> > > > rid and Object class intact.
> > > > but some how i don't know why i have to rejoin,
> > > >
> > > Okay I just want to clarify this. After an unplanned reboot (power
> > > outage) , your PDC comes back up and you find that some of the
> > > computers
> > > in your domain need to rejoin the domain?? Do you have recent
> > > ldiff or
> > > slapcats indicating that most of these computers have the same
> > > properties in the LDAP database as before.
> > >
> > > > Scenario-03.
> > > > I take the regular backup of LDAP, to LDIF file, and restore
> > with
> > > > latest LDIF file,
> > > > eventhough i don't get the Computer Accounts and also i lose
> > user 's
> > > > passwords,
> > > > After restoring from LDIF file.
> > > >
> > > > Scenario-04
> > > > If i do safe reboot or shutdown, there 's no problem , the
> > server
> > > > works properly without any
> > > > problem
> > > >
> > > > Regards
> > > > Niranjan
> > > >
> > > >
> > > > On 2/20/06, *Craig White* <craigwhite at azapple.com
> > > <mailto:craigwhite at azapple.com >
> > > > <mailto: craigwhite at azapple.com
> > > <mailto:craigwhite at azapple.com>>> wrote:
> > > >
> > > > On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> > > > > Hi all
> > > > >
> > > > >
> > > > > I too have the same problem , i am also using samba 3.0.21
> > > with
> > > > > openldap version 2.2.13 on Redhat Enterprise Linux 4
> > > enterprise
> > > > > server.
> > > > > if the samba PDC gets rebooted aburuptly, some of my
> > clients
> > > > > workstations (Windows 2000 professional) have to rejoin.
> > > > > i was asked to check whether RID of the computer name is
> > > > correct(uid*2
> > > > > + 1000) , ans whether
> > > > > computer names have SambaSAMAccount object class.
> > > > > eventhough my computernames' exist in the database with
> > > correct
> > > > object
> > > > > class and rid, the clients
> > > > > have to be rejoined. this happens only when samba PDC with
> > > ldap
> > > > gets
> > > > > rebooted abruptly.
> > > > > having said that, so i assume that LDAP is unable to
> > maintain
> > > > > consistency when it gets rebooted.
> > > > >
> > > > > so i had kept DB_CONFIG file in /var/lib/ldap(this is
> > > where all bdb
> > > > > files are there) and use db_recover
> > > > > in case of any crash of ldap.
> > > > >
> > > > > But if we take backup in LDIF file and restore it, but
> > > still my
> > > > > computer accounts are not getting back, i had to rejoin.
> > > > >
> > > > > this is the problem that i am having, but still could not
> > > find the
> > > > > correct solution.
> > > > ----
> > > > No - as you and he describe it, these are separate problems.
> >
> > > >
> > > > Your issues is that PDC shouldn't get rebooted abruptly and
> > > newer
> > > > versions of openldap have a script that automatically runs
> > > db_recover.
> > > > This however doesn't come in the version of openldap that
> > > ships with
> > > > RHEL
> > > >
> > > > You might want to set up a cron script that performs a
> > > slapcat on
> > > > a more
> > > > frequent basis so that if it is necessary to dump the entire
> > > LDAP DSA
> > > > and reload from an ldif, the ldif is much more current and
> > > thus, you
> > > > wouldn't have to rejoin many if any computers to the domain.
> > > >
> > > > Craig
> > > >
> > > >
> > >
> > >
> >
> >
>
More information about the samba
mailing list