[Samba] LDAP problem

tom farrel tomfarrel8 at gmail.com
Mon Jan 7 01:11:03 GMT 2008


I had the same problem, as you had, I my Environment,

i had samba PDC (samba 3.0.21c, LDAP openldap-2.2.13, DHCP, dns) running,
and other file server(acting as Domain member server) as happenned to you,
due to power failure ,my pdc went down  and had to restart after which none
of the windows xp or 2000 clients would connect (All saying that computer is
not in domain). I had tried a lot of options including restoring the ldif
file, (Because openldap did not recover from power failure causing openldap
to break, had remove the exising db and restore from ldif file).

when ever there was a power failure or uneven shutdown, this would happen,

So for this i had this solution,

created a BDC  with ldap backend (slave ldap), So all my client would
request to BDC first then PDC (as BDC wins election over PDC).

So that if i had to take PDC down, I had no issues,

Second to openldap to recover DB from power failure,  Upgraded openldap to
2.3 with db recover options like keeping DB_CONFIG file, checkpointing etc.
>From then, I have not faced any issues.

Tom :)
/*Life is too complicated, Lets make it simple*/

On Jan 7, 2008 6:28 AM, Tanguy Léost <tanguy.leost at free.fr> wrote:

> le 07.01.2008 01:44  Quinn Fissler ecrivait :
> > The account which you use to bind can be defined in the database or the
> > rootdn in the slapd.conf
> >
> yes, that's "cn=Manager,dc=company,dc=fr"
> > There is also the option for anonymous binding - that's why I say use
> > slapcat as it sidesteps the binding issue but has the limitation that it
> > must be done on the ldap server (or its shared data area).
> >
> > You can leave slapd running when you do slapcat for diags (you may wish
> > to stop ldap if you wanted to use slapcat to do a full backup of the
> > directory, but for these diags, its just a quick way of sanity checking
> > the data)
> >
> ok. I read that slapd should be stopped before running
> a slap* command, that's why i did that.
> > I asked why you needed to restore as it's very unusual to lose data in
> > this way.
> It was broken, so there was no other choice.
> A colleague tried to put back the files as he found them,
> but slpad wouldn't run, so we had to restore a backup
> >
> > Was ldap reinstalled?
> >
> > How about samba?
> >
> none of them was touched.
> > (Has some other thing changed after this power failure - like the
> > smb.conf , smbldap confs, ldap.conf or slapd.conf)
> >
> As far as I know these files were not modified.
> We just restored the ldif.
> > I take it that you're getting this running for Monday morning.
> >
> > Q
> >
> I wish it was true ;)
> it's just within 6 hours :(
> Thanks a lot for your help
> Do you have any idea how to have this PDC working again?
> ...I'm starting to consider the possibility of bypassing the ldap
> and use another way of authenticating the clients.
> Tanguy
> ps: sorry for my mistakes in english.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list