[Samba] Samba LDAP Failover
Massimiliano Perantoni
massimiliano at perantoni.net
Sat Mar 31 04:11:58 MDT 2012
Hi,
I have a quite "simple" setup for a particular customer that loves
redundancy and failover.
PDC + BDC with LDAP Passwords on two 389-ds in multimaster node +
several samba member servers
Actually pointing singularly on both the systems everything works great.
As soon as I modify my passdb backend line from the single form to the
form containing both backends that is
from
passdb backend = ldapsam:"ldap://ldap1"
or
passdb backend = ldapsam:"ldap://ldap2"
to
passdb backend = ldapsam:"ldap://ldap1 ldap://ldap2"
I still authenticate on the first LDAP, but as soon I shut this off with
iptables -I OUTPUT -p tcp --dport 389 -d ldap1 -j REJECT #Simulates,
from the samba machine a failure in the service and, yes it is simple
plain ol' LDAP, no TLS
I get a timeout and an auth failure.
This is the way I reproduce the problem
#with the first ldap reachable
smbclient -L pdc-01 -U maxper
Password:
Domain: [XXXXXX]....
everything works fine
iptables -I OUTPUT -p tcp --dport 389 -j DROP
smbclient -L pdc-01 -U maxper
answers
session setup failed: NT_STATUS_LOGON_FAILURE
getent passwd works OK, gives both local and ldap users after the
timeout set in ldap.conf, while samba just drops the authentication
after the committed param
ldap timeout = 8
after 8 secs, samba drops and gives that error.
Samba is version 3.4.15, while the distro is CentOS 5.4
any help would be appreciated!
Ciao Massimiliano
More information about the samba
mailing list