I have two serves set up. One will be my PDC (master) and the other will be my BDC (slave). I have openldap setup and replicating the data between the two servers. Everything seems to work fine from the Master, but I have one problem with the slave. From the slave, I can do an ldapsearch and everthing is fine. But when I do a 'pdbedit -L', I get the following: Unknown parameter encountered "ldap map suffix" Ignoring unknown parameter "ldap map suffix" failed to bind to server with dn="blah,blah" Error: Can't contact LDAP server (unknown) smbldap_search_suffix: Problem during the ldap search (unknown) Timed out Everything works fine with any ldap command that I enter, so I assume that it is something to do with samba. Also,I can logon to the Master server with a Windows client just fine. If I take the Master down and then try to login with my windows client, it tells me the domain is not available. I would have thought the BDC would have taken over. Any ideas what to look at? I can post my conf files if need be. -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together.
Scott Mayo schrieb:> I have two serves set up. One will be my PDC (master) and the other > will be my BDC (slave). I have openldap setup and replicating the data > between the two servers. > > Everything seems to work fine from the Master, but I have one problem > with the slave. From the slave, I can do an ldapsearch and everthing is > fine. But when I do a 'pdbedit -L', I get the following: > > Unknown parameter encountered "ldap map suffix" > Ignoring unknown parameter "ldap map suffix" > failed to bind to server with dn="blah,blah" Error: Can't contact LDAP > server (unknown) > smbldap_search_suffix: Problem during the ldap search (unknown) Timed out > > Everything works fine with any ldap command that I enter, so I assume > that it is something to do with samba. Also,I can logon to the Master > server with a Windows client just fine. If I take the Master down and > then try to login with my windows client, it tells me the domain is not > available. I would have thought the BDC would have taken over. Any > ideas what to look at? I can post my conf files if need be.It looks like the replication is configured (is it?), but not Samba. 1) Do you see users added on PDC also on BDC? use "getent passwd" for that. 2) Did you do "testparm"? It will check your smb.conf for errors. 3) BDC would take over domain logons (but not domain joins) only if it's configured properly. In your case, it looks like it isn't. -- Tomek WPKG - a Windows software deployment tool that works with Samba http://wpkg.org
Scott Mayo schrieb: (...)>> >> well, I'd do some more things. >> >> 1) set log level to 3 in smb.conf >> 2) stop Samba >> 3) remove logs from /var/log/samba >> 4) start Samba >> 5) see the logs if there are any indications about failures in >> contacting LDAP? > > > > Actually the BDC says it failed to get ldap server info. Not sure why > since ldapsearch and other things seem to work.how does the ldap configuration look like in your smb.conf file? generally, smb.conf for PDC and BDC should be the same (with the differences like server name, and domain master = yes/no).>> 6) see BDC and PDC logs and search who the PDC *really* is (maybe BDC >> doesn't know it for some reason)? > > > How do I do this? I assume from the nmbd.log file, but not sure how to > tell which server won.hmm I don't remember exactly, as I can't check it now - but it should indicate that "host HOSTNAME is a domain master for ..."? perhaps it looks a little different.>> 7) can you add usernames/workstations from command line on BDC? >> >> smbldap-useradd -w testworkstation >> >> getent passwd > > > I can, but getent does not pull it up from the slave.why not? you have a slave LDAP, right? you should pull this data from the localhost (127.0.0.1). It's the sense of having a slave. How does smbldap.conf look for a slave and master LDAP? It should point to 127.0.0.1 on a master for both, and to some other IP on a slave in a "masterLDAP" part (see below). # Ex: slaveLDAP=127.0.0.1 slaveLDAP="127.0.0.1" slavePort="389" # Master LDAP : needed for write operations # Ex: masterLDAP=127.0.0.1 masterLDAP="192.168.5.6" masterPort="389"> It does from the > master after adding it from the slave. I have just found out that > replication only works if I do a One Shot mode of slurpd. That has me > bumfuzzled, so I will see what I can figure out on that.adding a user should work both from a slave and a master. getent passwd should show all users on a slave, even just right after adding another user on a slave.>> 8) you might also want to stop Samba, remove all *.tdb files, and >> start it once again - make a backup of these files, I don't want to >> break anything in your setup :) > > > Don't worry about breaking anything. This is all test. Once I get it > done, I am going to reset it up. :) What was removing the tdb files > supposed to do?It can contain some data (especially wins.dat, which you might also delete), like pointing to non-exeisting servers if you experimented with your Samba too much... Does "net getlocalsid" give the same result on PDC and BDC? It should.
>> net setlocalsid your-sid-goes-here >> >> > > Thanks for your help. I think my PDC/BDC is working alright now. I > only see a couple of things I don't like. > > 1. I login to the PDC, then log out from a windows client. I then take > Samba/LDAP down on the PDC. I now log back in with the same user. Here > are the two problems that I notice. > > A. The explorer still shows the drives mapped to the PDC, even > though, it created the batch file to map them to the BDC. If I manually > disconnect the drives and then login, I am fine. Any idea why the the > drives are not redone on the windows client to point to the BDC?I think the client won't notice if a server is down - you'd have to reboot the Windows machine (at least that's my experience). If you map more than one share with different credentials, it won't work with WIndows. If the shares are mapped already as Z: for example, you won't map another share there. Server crashes do not happen often, so it won't be a big problem for you - unless it really crashes :)> B. It takes a long time for the windows client to login (15 seconds > or more). If I browse a network drive, it also takes a long time for it > to show up the first time I browse it(10 seconds or more). If I close > it and then browse it again, then it is quick. > > I can live with these, since I hope that my PDC will be up most of the > time, but was just curious to why it would take longer. If you have > any ideas then I would appreciate the info.for this one I think I already sent an answer (about WINS) to the list? -- Tomek WPKG - automated software deployment http://wpkg.org