samba - Nov 2004 - Samba3 + LDAP - troubles joining domain (have to do it twice)

Hello,

I have the following test setup:

1) Samba3 + slave OpenLDAP - the same PC, win2k in same LAN
2) OpenLDAP master

OpenLDAP slave and master are divided by a rather slow internet VPN link.

Whenever I want to add a PC to a domain, I have to do it twice - with 
first time I get an error on a client side, second join is successful.

I guess it's because master and slave are divided by slow link, and it 
takes some time to replicate from a master to slave, too, and it all 
confuses Samba as it can't find a username (machine name) it just added.

I tried setting "ldap replication sleep", started with 5000, and tried
setting it as high as 100000, but it didn't help.

The only consequence of setting "ldap replication sleep = 100000" is 
that I have to wait a couple of minutes before it joins the domain when 
I try to do it for the second time (and succeeds).

With "ldap replication sleep = 5000", it joins the domain in about 15 
secs (when I join the domain for the second time).

The first time I try to join a domain I get an error after about 10-12 
seconds, no matter value "ldap replication sleep" has.

I use smbldap-tools 0.85 for adding users/machines.

Any clue?


Tomek

> The first time I try to join a domain I get an error after about 10-12 
> seconds, no matter value "ldap replication sleep" has.
I have had this happen almost perfectly consistantly on my network.  To 
fix it, I've added a sleep line in the smbldap tools scripts to make it 
wait.  While this isn't foolproof, I get about a 75% success on the 
first try, probably more if I'd increase the wait.

In smbldap_tools.pm, around line 380 I added the sleep line in this snippet:

        $add->code && warn "failed to add entry: ",
$add->error ;
        # take down the session
        $ldap_master->unbind;
        sleep(5);
  }


-- 
--
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger@ae-solutions.com

Gustavo Lima wrote:
> Hi Tomasz,
> 
> Can you clarify something in your setup?
> 
> How do you setup smbldap-tools and smb.conf on the BDC to work with both 
> master and slave ldap?
I don't have any BDC, I have only PDC as it's enough for my needs.

smb.conf doesn't have anything to do with choosing master or slave.

It is done with smbldap-tools (0.85) - in /etc/smbldap-tools there 
should be two config files.
You can specify there a master and a slave (master will be used for 
writing).

In smb.conf there are configured tools which are used for adding useers 
or machines - these tools are smbldap-useradd etc.
They read settings from /etc/smbldap-tools, and this is the whole mystery :)

If you want, I can send these files anyway.

Tomek