[Samba] Samba LDAP Failover

Massimiliano Perantoni massimiliano at perantoni.net
Sat Mar 31 06:42:38 MDT 2012 

The matter is that, since the manual indicates so, it should be
supported and delegated to the ldap api in use...
The openldap api supports rebinding. The proof of it is that if in
/etc/ldap.conf I put in the uri 2 ldap servers everything works fine.
The matter seems that samba, even using such an infrastructure, doesn't work.
I'd like at least to know if it is some mistake I do or it is just
deprecated/never supported, just to go in other directions
implementing other failover-by-hand systems.

Thanks!



Il 31 marzo 2012 14:37, Gaiseric Vandal <gaiseric.vandal at gmail.com> ha scritto:
> I don't think Samba (depending on the version) supports multiple ldap
> backends.    You should have samba_server_1 using ldap_server_1 and
> samba_server_2 using ldap_server_2.
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Massimiliano Perantoni
> Sent: Saturday, March 31, 2012 6:12 AM
> To: samba at lists.samba.org
> Subject: [Samba] Samba LDAP Failover
>
> Hi,
> I have a quite "simple" setup for a particular customer that loves
> redundancy and failover.
> PDC + BDC with LDAP Passwords on two 389-ds in multimaster node + several
> samba member servers
>
> Actually pointing singularly on both the systems everything works great.
> As soon as I modify my passdb backend line from the single form to the form
> containing both backends that is from passdb backend =
> ldapsam:"ldap://ldap1"
> or
> passdb backend = ldapsam:"ldap://ldap2"
> to
> passdb backend = ldapsam:"ldap://ldap1 ldap://ldap2"
>
> I still authenticate on the first LDAP, but as soon I shut this off with
> iptables -I OUTPUT -p tcp --dport 389 -d ldap1 -j REJECT #Simulates, from
> the samba machine a failure in the service and, yes it is simple plain ol'
> LDAP, no TLS I get a timeout and an auth failure.
> This is the way I reproduce the problem
> #with the first ldap reachable
> smbclient -L pdc-01 -U maxper
> Password:
> Domain: [XXXXXX]....
>
>
> everything works fine
>
> iptables -I OUTPUT -p tcp --dport 389 -j DROP smbclient -L pdc-01 -U maxper
> answers session setup failed: NT_STATUS_LOGON_FAILURE getent passwd works
> OK, gives both local and ldap users after the timeout set in ldap.conf,
> while samba just drops the authentication after the committed param ldap
> timeout = 8 after 8 secs, samba drops and gives that error.
>
> Samba is version 3.4.15, while the distro is CentOS 5.4
>
> any help would be appreciated!
> Ciao Massimiliano
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list