[Samba] "smbd: nss_ldap: could not search LDAP server - Can't contact LDAP server" and Samba shares are dropped

David Landgren landgren at gmail.com
Mon Jun 19 08:45:41 GMT 2006 

List,

I am encountering some really strange behaviour with Samba 3.0.20 and
OpenLDAP 2.2.28. Everything in terms of PAM and NSS has been working
correctly for a long time and have not been changed in months.

This week it has started playing up, with NT_STATUS_LOGON_FAILURE type
errors. The local ldap server is replicated from a master. In syslog,
I see things like

Jun 16 16:06:14 s-sophia smbd: nss_ldap: could not search LDAP server
- Can't contact LDAP server

At this point, the samba shares are no longer available, but LDAP is
not down: I can do a search:

s-sophia:~# ldapsearch -b "ou=People,dc=bpinet,dc=com" -xh localhost '(uid=xxx)'
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=bpinet,dc=com> with scope sub
# filter: (uid=xxx)
# requesting: ALL
#

# xxx, Sophia Antipolis, People, bpinet.com
dn: uid=xxx,ou=Sophia Antipolis,ou=People,dc=bpinet,dc=com
cn: xxx
description: xxx
displayName: xxx
gecos: xxx
gidNumber: 513
homeDirectory: /home/xxx
loginShell: /bin/false
sambaHomeDrive: H:
[...stuff deleted...]

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

##########

Also, while Samba is out to lunch, I can also see the account via pdbedit:

s-sophia:~# pdbedit -vu xxx
Unix username:        xxx
NT username:          xxx
Account Flags:        [U          ]
User SID:             S-1-5-21-1150874807-1180408084-429402335-13524
Primary Group SID:    S-1-5-21-1150874807-1180408084-429402335-513
[...etc etc...]

##########

Things run fine for a number of minutes (never the same duration) and
then samba sessions begin to be refused. I've cranked up the openldap
logs, and see that queries continue to be sent and answered:

Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SRCH
base="ou=People,dc=bpinet,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uidNumber=6739))"
Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SEARCH RESULT
tag=101 err=0 nentries=1 text=

If I stop samba and slapd and restart slapd and samba (in that order),
things start working again. No db_recover, no nothing else. I don't
know what else to look at. Any ideas on how I can zero in on the
underlying cause?

Thanks,
David

More information about the samba mailing list