Hi,
Redhat 4, Samba server 3.0.22.
We are testing LDAP redudancy. We have 2 LDAP servers.
If we stop LDAP services on the first LDAP server, everything works fine :
the samba server detects the failed ldap server and switch to the
available LDAP server.
Clients can be authenticated, everything works fine.
But, if the first LDAP server is unavailable (does not respond to ping),
the samba server does not swith to the second LDAP server :
[2007/04/20 09:36:46, 0] lib/smbldap.c:smbldap_search_suffix(1346)
smbldap_search_suffix: Problem during the LDAP search: (Time limit
exceeded)
[2007/04/20 09:36:46, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [adminocs] -> [adminocs]
FAILED with error NT_STATUS_NO_SUCH_USER
[2007/04/20 09:36:46, 2] smbd/server.c:exit_server(614)
Closing connections
We have tried using smaller and greater values of ldap timeout in smb.conf
but it does not help. ( from 5 to 600)
We have tried using smaller and greater values in the /etc/ldap.conf for
bind_timelimit and timelimit (30 by default, from 5 to 300), but it does
not help.
Here is our smb.conf related to ldap :
passdb backend = ldapsam:"ldap://itdsd1l1.altissemiconductor.com
ldap://itdsd2l2.altissemiconductor.com"
ldap passwd sync = Yes
ldap admin dn =
cn=samba,ou=DSA,ou=manuf,o=altissemiconductor.com,cn=mfg
ldap suffix = ou=manuf,o=altissemiconductor.com,cn=mfg
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap timeout = 15
ldap ssl = start_tls
Is there a way to change the bind timeout for samba server to switch to
the available node before the "search time limit exceeded" ?
Do I miss something ?
Regards,
No idea about this point ?>>Hi, Redhat 4, Samba server 3.0.22. We are testing LDAP redudancy. We have 2 LDAP servers. If we stop LDAP services on the first LDAP server, everything works fine : the samba server detects the failed ldap server and switch to the available LDAP server. Clients can be authenticated, everything works fine. But, if the first LDAP server is unavailable (does not respond to ping), the samba server does not swith to the second LDAP server : [2007/04/20 09:36:46, 0] lib/smbldap.c:smbldap_search_suffix(1346) smbldap_search_suffix: Problem during the LDAP search: (Time limit exceeded) [2007/04/20 09:36:46, 2] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [adminocs] -> [adminocs] FAILED with error NT_STATUS_NO_SUCH_USER [2007/04/20 09:36:46, 2] smbd/server.c:exit_server(614) Closing connections We have tried using smaller and greater values of ldap timeout in smb.conf but it does not help. ( from 5 to 600) We have tried using smaller and greater values in the /etc/ldap.conf for bind_timelimit and timelimit (30 by default, from 5 to 300), but it does not help. Here is our smb.conf related to ldap : passdb backend = ldapsam:"ldap://itdsd1l1.altissemiconductor.com ldap://itdsd2l2.altissemiconductor.com" ldap passwd sync = Yes ldap admin dn = cn=samba,ou=DSA,ou=manuf,o=altissemiconductor.com,cn=mfg ldap suffix = ou=manuf,o=altissemiconductor.com,cn=mfg ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap timeout = 15 ldap ssl = start_tls Is there a way to change the bind timeout for samba server to switch to the available node before the "search time limit exceeded" ? Do I miss something ? Regards,