[Samba] Samba LDAP PDC BDC quit working

mallapadi niranjan niranjan.ashok at gmail.com
Mon Feb 27 06:06:23 GMT 2006


Hi philip


I have installed ldap 2.3 with samba 3.0.21c and restored back the ldif file
, this time also i had rejoin systems to the domain after having computer
accounts in the ldif file (with RID and Object classes intact). i had taken
backup of my ldap using the following command
slapcat -l <ldiff-filename>.

can you suggest any other better way of taking backup of ldap so that while
restoration i don't have to rejoin systems.

Regards
Niranjan



On 2/23/06, mallapadi niranjan <niranjan.ashok at gmail.com> wrote:
>
> Hi philip
>
> the samba pdc with openldap 2.2.13, i have lot of troubles, i have
> compiled samba 3.0.21.when at the first time was released , i am not sure
> it's called samba 3.0.21a or something. openldap 2.2.13 (shipped with
> Redhat Enterprise linux 4) also need to be tweaked for having a good
> cachesize, checkpoints etc.
>
> so i have decided to go with samba 3.0.21b with openldap 2.3.19.
> see to take backup in ldif and restore it , and check whether it works.
> as i was told that openldap 2.3.19 has auto recovery in case of unclean
> shutdowns.
> hope this works
>
> Regards
> Niranjan
>
>
>
>
> On 2/22/06, Philip Washington <phwashington at comcast.net> wrote:
> >
> > mallapadi niranjan wrote:
> >
> > > Hi Philip
> > >
> > >
> > > yes, I have the same properties, (for checking i did the rid*2+1000
> > > and object class test. , but
> > > once the computer are rejoined, it gets new rid, not the rid which is
> > > in the LDIF.
> > >
> > > Regards
> > > Niranjan
> > >
> > Okay, then this is something else I don't understand.
> > If the LDAP database is getting corrupted then I can see how this
> > problem could happen.  But if the PDC goes down as you describe in
> > scenario-2 then it doesn't make sense that the computers should have to
> > rejoin the domain, unless there is some information which is not being
> > stored in the LDAP database.
> >
> > > On 2/21/06, *Philip Washington* <phwashington at comcast.net
> > > <mailto:phwashington at comcast.net >> wrote:
> > >
> > >     mallapadi niranjan wrote:
> > >
> > >     > Hi Craig
> > >     >
> > >     > Thanks for replying, The samba PDC gets rebooted because of
> > Power
> > >     > outage, at night times.
> > >     > After the system gets rebooted,
> > >     > Scenario -01
> > >     > 1. Either some times the ldap gets hanged, (2.2.13) may be
> > >     because of
> > >     > inconsistency.
> > >     > 2. since ldap hangs, samba doesn't come up properly.
> > >     > 3. so i run db_recover and try to start the ldap service and
> > >     then samba
> > >     >
> > >     > Scenario-02
> > >     > if LDAP doesn't hang, and samba comes up nicely, the computer
> > had to
> > >     > rejoin.
> > >     > but in my ldapdatabase, in OU=Computers, all the computer
> > accounts
> > >     > exist. with
> > >     > rid and Object class intact.
> > >     > but some how i don't know why i have to rejoin,
> > >     >
> > >     Okay I just want to clarify this. After an unplanned reboot (power
> > >     outage) , your PDC comes back up and you find that some of the
> > >     computers
> > >     in your domain need to rejoin the domain??  Do you have recent
> > >     ldiff or
> > >     slapcats indicating that most of these computers have the same
> > >     properties in the LDAP database as before.
> > >
> > >     > Scenario-03.
> > >     > I take the regular backup of LDAP, to LDIF file, and restore
> > with
> > >     > latest LDIF file,
> > >     > eventhough i don't get the Computer Accounts and also i lose
> > user 's
> > >     > passwords,
> > >     > After restoring from LDIF file.
> > >     >
> > >     > Scenario-04
> > >     > If i do safe reboot or shutdown, there 's no problem , the
> > server
> > >     > works properly without any
> > >     > problem
> > >     >
> > >     > Regards
> > >     > Niranjan
> > >     >
> > >     >
> > >     > On 2/20/06, *Craig White* <craigwhite at azapple.com
> > >     <mailto:craigwhite at azapple.com >
> > >     > <mailto: craigwhite at azapple.com
> > >     <mailto:craigwhite at azapple.com>>> wrote:
> > >     >
> > >     >     On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> > >     >     > Hi all
> > >     >     >
> > >     >     >
> > >     >     > I too have the same problem , i am also using samba 3.0.21
> > >     with
> > >     >     > openldap  version 2.2.13 on Redhat Enterprise Linux 4
> > >     enterprise
> > >     >     > server.
> > >     >     > if the samba PDC gets rebooted aburuptly,  some of my
> > clients
> > >     >     > workstations (Windows 2000 professional) have to rejoin.
> > >     >     > i was asked to check whether RID of the computer name is
> > >     >     correct(uid*2
> > >     >     > + 1000) , ans whether
> > >     >     > computer names have SambaSAMAccount object class.
> > >     >     > eventhough my computernames' exist in the database with
> > >     correct
> > >     >     object
> > >     >     > class and rid, the clients
> > >     >     > have to be rejoined. this happens only when samba PDC with
> > >     ldap
> > >     >     gets
> > >     >     > rebooted abruptly.
> > >     >     > having said that, so i assume that LDAP is unable to
> > maintain
> > >     >     > consistency when it gets rebooted.
> > >     >     >
> > >     >     > so i had kept DB_CONFIG file in /var/lib/ldap(this is
> > >     where all bdb
> > >     >     > files are there) and use db_recover
> > >     >     > in case of any crash of ldap.
> > >     >     >
> > >     >     > But if we take backup in LDIF file and restore it, but
> > >     still my
> > >     >     > computer accounts are not getting back, i had to rejoin.
> > >     >     >
> > >     >     > this is the problem that i am having, but still could not
> > >     find the
> > >     >     > correct solution.
> > >     >     ----
> > >     >     No - as you and he describe it, these are separate problems.
> >
> > >     >
> > >     >     Your issues is that PDC shouldn't get rebooted abruptly and
> > >     newer
> > >     >     versions of openldap have a script that automatically runs
> > >     db_recover.
> > >     >     This however doesn't come in the version of openldap that
> > >     ships with
> > >     >     RHEL
> > >     >
> > >     >     You might want to set up a cron script that performs a
> > >     slapcat on
> > >     >     a more
> > >     >     frequent basis so that if it is necessary to dump the entire
> > >     LDAP DSA
> > >     >     and reload from an ldif, the ldif is much more current and
> > >     thus, you
> > >     >     wouldn't have to rejoin many if any computers to the domain.
> > >     >
> > >     >     Craig
> > >     >
> > >     >
> > >
> > >
> >
> >
>


More information about the samba mailing list