[Samba] failed to bind to server ldap://.... Error: Can't contact LDAP server, but it works

Allen Chen achen at harbourfrontcentre.com
Thu Feb 18 11:42:45 MST 2010

Hi, there

I created a new samba 3.4.5 server on RHEL 5.2(it's a VirtualBox!)
 and only copied over the old smb.conf from samba 2.0.22(it's a real 
box) with little changes.
I shutdown the old samba and startup the new one with the same IP and 
domain name.
Everything works fine on XP client side without any changes.
LDAP backend stays the same on a separate machine.
I use the same package smbldap-tools-0.9.2a.tgz on the new samba server.
The problem is I found ldap connection error in log.smbd:
I don't care about "getpeername failed. Error was Transport endpoint is 
not connected" (samba 3.0.22 also has it)
[2010/02/18 12:29:19,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
[2010/02/18 12:29:19,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
[2010/02/18 12:29:44,  0] lib/smbldap.c:1052(smbldap_connect_system)
  failed to bind to server ldap:// ldap:// 
with dn="cn=Manager,dc=mydomain,dc=com" Error: Can't contact LDAP server
These messages come up in the log file randomly and it depends on the 
activities of samba share or login,
though my 200 XP machines are working fine: this means join a new 
machine to the domain, login, all shares.
I did ldapsearch and ldapmodify on the new samba 3.4.5 server without 
any problems.
There is no this kind of ldap connection messages on the old samba 3.0.22.
here is the [global] section in smb.conf:
        workgroup                       = mydomain
        netbios name                    = dnshostname
        server string                   = Master
        domain master                   = Yes
        os level                        = 65
        domain logons                   = Yes
        logon drive                     = G:
        logon script                    = %u.bat
        logon path                      =
        logon home                      = \\%L\%U
        encrypt passwords               = yes
        time server                     = Yes
        wins support                    = Yes
        client plaintext auth           = No
        client lanman auth              = Yes
        lanman auth                     = Yes
        log level                       = 0
        max log size                    = 9000
        preferred master                = Yes
        security                        = user
        load printers                   = yes
        printing                        = cups
        printcap                        = cups
        interfaces                      = eth0  # this is the main 
network interface
                                                          # eth1 and 
eth2 are used for iscsi storage, on separate networks
        smb ports                       = 445
        ldap ssl                        = no
        username map                    = /usr/local/samba/lib/smb.map
        passdb backend                  = 
ldapsam:"ldap:// ldap://"         # I have 
only one ldap server, so I put it here twice
        ldap connection timeout         = 3     # the default is 2, I 
changed to 3(no fix)
        ldap admin dn                   = cn=Manager,dc=mydomain,dc=com
        ldap delete dn                  = no
        ldap suffix                     = dc=mydomain,dc=com
        ldap user suffix                = ou=Users
        ldap group suffix               = ou=Groups
        ldap machine suffix             = ou=Computers
        add user script                 = 
/usr/local/sbin/smbldap-useradd -m "%u"
        add user to group script        = 
/usr/local/sbin/smbldap-groupmod -m "%u" "%g"
        delete user script              = /bin/rm -rf /home/employees/%u
        add machine script              = 
/usr/local/sbin/smbldap-useradd -w "%u"
        set primary group script        = 
/usr/local/sbin/smbldap-usermod -g "%g" "%u"
        delete user from group script   = 
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
        add group script                = 
/usr/local/sbin/smbldap-groupadd -p "%g"
        lm announce                     = no
        socket options                  = TCP_NODELAY SO_RCVBUF=8192 

Can anybody help to fix the error messages?
 or is it related to the VirtualBox? I don't get any complaints from XP 
clients! No performance issue(the virtual network interface is only 100M)


More information about the samba mailing list