mallapadi niranjan wrote:
Hi all
I too have the same problem , i am also using samba 3.0.21 with
openldap version 2.2.13 on Redhat Enterprise Linux 4 enterprise server.
if the samba PDC gets rebooted aburuptly, some of my clients
workstations (Windows 2000 professional) have to rejoin.
i was asked to check whether RID of the computer name is correct(uid*2
+ 1000) , ans whether
computer names have SambaSAMAccount object class.
eventhough my computernames' exist in the database with correct object
class and rid, the clients
have to be rejoined. this happens only when samba PDC with ldap gets
rebooted abruptly.
having said that, so i assume that LDAP is unable to maintain
consistency when it gets rebooted.
so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
files are there) and use db_recover
in case of any crash of ldap.
But if we take backup in LDIF file and restore it, but still my
computer accounts are not getting back, i had to rejoin.
this is the problem that i am having, but still could not find the
correct solution.
Regards
Niranjan
Do you have a BDC? If not then this is very interesting information.
On 2/19/06, *Philip Washington* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Craig White wrote:
>On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
>
>
>>We have had a Samba LDAP-PDC-BDC system setup for close to 3
months with
>>about 60 computers in the domain. Earlier we had a power outage
and
>>about 30 computers no longer were able to log into the domain or
>>authenticate. Some were NT Workstations and some were W2k. But
not all
>>NT or W2K workstations were affected.
>>If we went to network neighborhood we would see the error message
>>" "The trust relationship between this workstation and the
primary domain
>>failed"
>>When someone tries to login to these computers then they get the
error
>>"The system cannot log you on to this domain because the system's
>>computer account in it's primary domain is missing or the
password on
>>that account is incorrect".
>>
>>We were able to fix the problem on the computers by taking the
computers
>>out of the domain and re-entering them into the domain. Went into
>>System->Network Identification-> put the machine in a workgroup ->
>>reboot -> Go back in and put the machine back into the domain. No
>>manual deletion on the PDC was done. This was all done on the
client.
>>
>>I reviewed LDAP backups and thus far have not found any
descrepancies
>>with the systems profiles before or after the power outage. The
records
>>indicate that there has not been any change in the LDAP
information in
>>the last 2 months for the machines which have the problem. Of
course
>>once the systems have been relogged into the domain the
SambaNTPassword
>>changes.
>>
>>I am currently both baffled and concerned as to how or why this
would
>>happen. If anybody could shed more light on what could have
happened I
>>would appreciate it.
>>I would also like to know if there is a way to re-add or add a
client on
>>the Samba-LDAP-PDC instead of going to each individual client.
>>
>>
>----
>probably would be a good idea to figure out how to troubleshoot your
>setup as one could only conjecture about what your problem is as you
>describe it.
>
>I do know that there is some faulty logic in your assumptions above
>since the workstations will automatically change their password
with the
>passdb approximately once each month and I am quite certain that
this is
>documented in the samba documentation.
>
>
>
Yep, this does throw a bad domino into the logic. ( I wonder if
MS will
give me my money back for all of those MCSE classes). Once I
fixed that
domino and started looking at the BDC again, I realized that it's
samba
configuration files look identical to the ones on the PDC with the
exception that ldap is pointing to the ldap on the BDC. So it
currently looks like the BDC is misconfigured (Basically I'm seeing a
configuration that deviates quite a bit from what I see in Samba-3 by
Example).
I shutdown the BDC for now and put the PDC on a UPS (Yeah it
should have
been on one in the first place, but money is tight and we're operating
under, if it ain't broke don't pay money to fix it). This should
hold
us over until the BDC is configured correctly.
Thanks for the enlightenment.
>So in view of your faulty assumption, my guess would be that your
>PDC/BDC setup in LDAP probably isn't working properly as there
should be
>evidence in some log somewhere when the workstations change their
>password and that the password changes propagate from LDAP server to
>LDAP server and assuming that you are using something like
'slurpd' to
>replicate changes in LDAP, there should be evidence of some failures
>(aka rejects) unless you are allowing changes directly to the 'slave'
>LDAP server in which case, you have a lot to fix.
>
>Craig
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
<https://lists.samba.org/mailman/listinfo/samba>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
