Rauno Tuul
2003-Oct-10 10:48 UTC
[Samba] step 2 - samba-3 PDC & BDC fail-over with 2 LDAP servers fails
> -----Original Message----- > From: Andrew Bartlett [mailto:abartlet@samba.org] > > passdb backend = ldapsam:"ldaps://ldap1 ldaps://ldap2" > is what you want.This helped me a little bit forward. I suggest to add this line also to samba-pdc help. But still I ran into problems. I fixed the passdb lines on PDC and BDC. If the second server (on PDC slave-ldap and on BDC master-ldap) goes down, everything works fine further. The first (closest) server authenticates the client and all is fine. So I got a bit further. But it gets tricky when I shut the first LDAP server in line down (on PDC master-ldap and on BDC slave-ldap). master ldap down: PDC: smbclient -> session setup failed: NT_STATUS_LOGON_FAILURE [2003/10/10 13:17:15, 1] auth/auth_util.c:make_server_info_sam(818) User myusername in passdb, but getpwnam() fails! [2003/10/10 13:17:15, 0] auth/auth_sam.c:check_sam_security(459) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' BDC: ok slave ldap down: PDC: ok BDC: session setup failed: NT_STATUS_LOGON_FAILURE [2003/10/10 13:15:12, 0] auth/auth_sam.c:check_sam_security(459) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Basically it finds the user in LDAP, but somehow it fails. I don't get. I also have log level 10 log files, but I can't figure much more out of them. Andrew if you want them, I can send them (gzipped logs). regards, Rauno Tuul.
Andrew Bartlett
2003-Oct-10 11:06 UTC
[Samba] step 2 - samba-3 PDC & BDC fail-over with 2 LDAP servers fails
On Fri, 2003-10-10 at 20:48, Rauno Tuul wrote:> > -----Original Message----- > > From: Andrew Bartlett [mailto:abartlet@samba.org] > > > > passdb backend = ldapsam:"ldaps://ldap1 ldaps://ldap2" > > is what you want. > > This helped me a little bit forward. I suggest to add this line also to > samba-pdc help. > > But still I ran into problems. > I fixed the passdb lines on PDC and BDC. If the second server (on PDC > slave-ldap and on BDC master-ldap) goes down, everything works fine further. > The first (closest) server authenticates the client and all is fine. So I > got a bit further. > > But it gets tricky when I shut the first LDAP server in line down (on PDC > master-ldap and on BDC slave-ldap). > > master ldap down: > PDC: > smbclient -> session setup failed: NT_STATUS_LOGON_FAILURE > [2003/10/10 13:17:15, 1] auth/auth_util.c:make_server_info_sam(818) > User myusername in passdb, but getpwnam() fails! > [2003/10/10 13:17:15, 0] auth/auth_sam.c:check_sam_security(459) > check_sam_security: make_server_info_sam() failed with > 'NT_STATUS_NO_SUCH_USER' > BDC: ok> Basically it finds the user in LDAP, but somehow it fails. I don't get. > I also have log level 10 log files, but I can't figure much more out of > them. Andrew if you want them, I can send them (gzipped logs).You need to do exactly the same in nsswitch. /etc/ldap.conf is used to control the behaviour of libnss_ldap, and needs *exactly* the same line. (or else you will get this happening, where Samba finds the server, but nss_ldap doesn't). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20031010/bb171bde/attachment.bin