[Samba] Samba LDAP Failover

[Gaiseric Vandal]

I don't think Samba (depending on the version) supports multiple ldap
backends.    You should have samba_server_1 using ldap_server_1 and
samba_server_2 using ldap_server_2.

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Massimiliano Perantoni
Sent: Saturday, March 31, 2012 6:12 AM
To: samba at lists.samba.org
Subject: [Samba] Samba LDAP Failover

Hi,
I have a quite "simple" setup for a particular customer that loves
redundancy and failover.
PDC + BDC with LDAP Passwords on two 389-ds in multimaster node + several
samba member servers

Actually pointing singularly on both the systems everything works great.
As soon as I modify my passdb backend line from the single form to the form
containing both backends that is from passdb backend =
ldapsam:"ldap://ldap1"
or
passdb backend = ldapsam:"ldap://ldap2"
to
passdb backend = ldapsam:"ldap://ldap1 ldap://ldap2"

I still authenticate on the first LDAP, but as soon I shut this off with
iptables -I OUTPUT -p tcp --dport 389 -d ldap1 -j REJECT #Simulates, from
the samba machine a failure in the service and, yes it is simple plain ol'
LDAP, no TLS I get a timeout and an auth failure.
This is the way I reproduce the problem
#with the first ldap reachable
smbclient -L pdc-01 -U maxper
Password:
Domain: [XXXXXX]....


everything works fine

iptables -I OUTPUT -p tcp --dport 389 -j DROP smbclient -L pdc-01 -U maxper
answers session setup failed: NT_STATUS_LOGON_FAILURE getent passwd works
OK, gives both local and ldap users after the timeout set in ldap.conf,
while samba just drops the authentication after the committed param ldap
timeout = 8 after 8 secs, samba drops and gives that error.

Samba is version 3.4.15, while the distro is CentOS 5.4

any help would be appreciated!
Ciao Massimiliano
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba