Thomas Wigren
2005-Nov-17 22:26 UTC
[Samba] Replication errors with LDAP and problems with NT machines
Hi all! I work as a computer technician for a small school and have recently upgraded our network to use samba servers. Our main computers are a PDC, a BDC, a file server and a backup server, all using Red Hat Fedora Core 3 as a base. The clients on our network consist of machines with Windows XP and a few with Windows NT. Everything seems to work just fine except for some minor but annoying problem. The XP machines work flawlessly but the ones with NT do ?disconnect? themselves from the domain now and then in a random way (or so it seems). My solution so far is to rejoin them in the domain by logging in locally as administrator. Sometimes, but that is even more rare, I have to delete the computer account in the LDAP database and recreate it. The PDC updates the BDC via LDAP replication (Slurpd). I do get some strange errors from this replication and I suspect this have something to with the strange behaviour since it?s the same computers that are in the error log that disconnect themselves. It could very well be two completely diffent issues though. I attach some config files which I think is the ones needed. If more info is needed please ask. I would be grateful for any help. Thank you! Thomas Wigren 1. Versions of software samba-3.0.10-1.fc3 openldap-2.2.13-2 2. LDAP Configuration files ######################## /etc/ldap.conf on ZEUS (PDC) ######################## host 127.0.0.1 base "dc=elysion,dc=lan" rootbinddn cn=Manager,dc=elysion,dc=lan nss_base_passwd ou=Users,dc=elysion,dc=lan?one nss_base_passwd ou=Computers,dc=elysion,dc=lan?one nss_base_shadow ou=Users,dc=elysion,dc=lan?one nss_base_group ou=Groups,dc=elysion,dc=lan?one ssl no pam_password md5 ######################## /etc/openldap/ldap.conf on ZEUS (PDC) ######################## HOST 127.0.0.1 BASE "dc=elysion,dc=lan" ######################## /etc/openldap/slapd.conf on ZEUS (PDC) ######################## include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/slapd.pid loglevel 64 database ldbm suffix "dc=elysion,dc=lan" rootdn "cn=Manager,dc=elysion,dc=lan" rootpw ******** directory /var/lib/ldap index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub replogfile /var/lib/ldap/replog replica uri=ldap://hera.elysion.lan:389 binddn="cn=Manager,dc=elysion,dc=lan" bindmethod=simple credentials=******** ######################## /etc/ldap.conf on HERA (BDC) ######################## host 127.0.0.1 base "dc=elysion,dc=lan" rootbinddn cn=Manager,dc=elysion,dc=lan nss_base_passwd ou=Users,dc=elysion,dc=lan?one nss_base_passwd ou=Computers,dc=elysion,dc=lan?one nss_base_shadow ou=Users,dc=elysion,dc=lan?one nss_base_group ou=Groups,dc=elysion,dc=lan?one ssl no pam_password md5 ######################## /etc/openldap/ldap.conf on HERA (BDC) ######################## HOST 127.0.0.1 BASE "dc=elysion,dc=lan" ######################## /etc/openldap/slapd.conf on HERA (BDC) ######################## include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/slapd.pid database ldbm suffix "dc=elysion,dc=lan" rootdn "cn=Manager,dc=elysion,dc=lan" rootpw ******** directory /var/lib/ldap index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub updatedn "cn=Manager,dc=elysion,dc=lan" updateref ldap://zeus.elysion.lan 2. SAMBA Configuration files ######################## /etc/samba/smb.conf on ZEUS (PDC) ######################## [global] workgroup = ELYSION netbios name = ZEUS server string = PDC printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/log.%m max log size = 100000 security = user encrypt passwords = yes min passwd length = 5 obey pam restrictions = No ldap passwd sync = Yes time server = Yes unix password sync = no log level = 0 syslog = 0 mangling method = hash2 dos charset = 850 unix charset = ISO8859-1 passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0 os level = 65 domain master = yes local master = yes preferred master = yes domain logons = yes logon script = startup.bat logon drive = X: logon home passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=elysion,dc=lan ldap suffix = dc=elysion,dc=lan ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap delete dn = Yes add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" logon path = \\ZEUS\profiles wins support = yes name resolve order = wins host lmhosts bcast use sendfile = no smb ports = 139 #============================ Share Definitions =============================idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = %U valid users = %S browsable = no writable = yes hide dot files = yes force group = Teachers create mask = 0660 force create mode = 0660 force directory mode = 0770 hide files = /RECYCLER/desktop.ini/ [studiematerial] path = /home/teacher2student write list = @Teachers browsable = no writable = no force group = Teachers force create mode = 664 force directory mode = 775 [elevadministration] path = /home/students browsable = no writeable = yes valid users = @Teachers force create mode = 664 force directory mode = 775 force group = Teachers [gemensamma filer] path = /home/teacher2teacher browsable = no writable = yes valid users = @Teachers force create mode = 660 force directory mode = 770 force group = Teachers [clipart] path = /home/clipart writable = no browsable = no write list = Thomas.Wigren, Susanne.Hammerich, root force group = Teachers force create mode = 644 force directory mode = 755 [nytto] path = /home/nytto browsable = no writable = yes valid users = Thomas.Wigren, Susanne.Hammerich, root force group = Teachers force create mode = 644 force directory mode = 755 [netlogon] comment = Network Logon Service path = /home/netlogon/%a [profiles] path = /home/profiles/%a writeable = yes browsable = no force create mode = 0644 force directory mode = 0755 ######################## /etc/samba/smb.conf on HERA (BDC) ######################## [global] workgroup = ELYSION netbios name = HERA server string = BDC printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/log.%m max log size = 100000 security = user encrypt passwords = yes min passwd length = 5 obey pam restrictions = No ldap passwd sync = Yes time server = Yes unix password sync = no log level = 0 syslog = 0 mangling method = hash2 dos charset = 850 unix charset = ISO8859-1 passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0 os level = 64 domain master = no local master = no preferred master = no domain logons = yes logon script = startup.bat logon drive = X: logon home passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=elysion,dc=lan ldap suffix = dc=elysion,dc=lan ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap delete dn = yes add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" logon path name resolve order = wins host lmhosts bcast wins support = no wins server = 172.16.232.1 use sendfile = no smb ports = 139 #============================ Share Definitions =============================idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = %U valid users = %S browsable = no writable = yes hide dot files = yes force group = Teachers create mask = 0660 force create mode = 0660 force directory mode = 0770 hide files = /RECYCLER/desktop.ini/ [studiematerial] path = /home/teacher2student write list = @Teachers browsable = no writable = no force group = Teachers force create mode = 664 force directory mode = 775 [elevadministration] path = /home/students public = no writable = yes browsable = no valid users = @Teachers force create mode = 664 force directory mode = 775 force group = Teachers [gemensamma filer] path = /home/teacher2teacher browsable = yes writable = yes valid users = @Teachers force create mode = 660 force directory mode = 770 force group = Teachers [clipart] path = /home/clipart writable = no browsable = no write list = Thomas.Wigren, Susanne.Hammerich, root force group = Teachers force crwate mode = 644 force directory mode = 755 [nytto] path = /home/nytto browsable = no writable = yes valid users = Thomas.Wigren, Susanne.Hammerich, root force group = Teachers force create mode = 644 force directory mode = 755 [netlogon] comment = Network Logon Service path = /home/netlogon/%a [profiles] path = /home/profiles/%a writeable = yes browsable = no force create mode = 0644 force directory mode = 0755 3. Replication log ######################## /var/lib/ldap/replica/hera.elysion.lan:389.rej ######################## ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value replica: hera.elysion.lan:389 time: 1132047279.0 dn: uid=eurydice$,ou=Computers,dc=elysion,dc=lan changetype: modify delete: sambaPwdCanChange sambaPwdCanChange: 1132045192 - add: sambaPwdCanChange sambaPwdCanChange: 1132047279 - delete: sambaLMPassword sambaLMPassword: 60F9BE525098FB3917306D272A9441BB - delete: sambaNTPassword sambaNTPassword: 82ABE317EDABC40E2D3DF00A4E8C76AF - add: sambaNTPassword sambaNTPassword: BD4E5B924259E25B210B39F6F2AB3A27 - delete: sambaPwdLastSet sambaPwdLastSet: 1132045192 - add: sambaPwdLastSet sambaPwdLastSet: 1132047279 - replace: entryCSN entryCSN: 20051115093439Z#000001#00#000000 - replace: modifiersName modifiersName: cn=Manager,dc=elysion,dc=lan - replace: modifyTimestamp modifyTimestamp: 20051115093439Z - ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value replica: hera.elysion.lan:389 time: 1132048516.0 dn: uid=amphion$,ou=Computers,dc=elysion,dc=lan changetype: modify delete: sambaPwdCanChange sambaPwdCanChange: 1131615883 - add: sambaPwdCanChange sambaPwdCanChange: 1132048516 - delete: sambaNTPassword sambaNTPassword: 10925D43182FE76C866950D0223D039C - add: sambaNTPassword sambaNTPassword: 6E2C27B37D7FC0DD49A03DFCE82F8390 - delete: sambaPwdLastSet sambaPwdLastSet: 1131615883 - add: sambaPwdLastSet sambaPwdLastSet: 1132048516 - replace: entryCSN entryCSN: 20051115095516Z#000001#00#000000 - replace: modifiersName modifiersName: cn=Manager,dc=elysion,dc=lan - replace: modifyTimestamp modifyTimestamp: 20051115095516Z - ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value replica: hera.elysion.lan:389 time: 1132130840.0 dn: uid=harmonia$,ou=Computers,dc=elysion,dc=lan changetype: modify delete: sambaPwdCanChange sambaPwdCanChange: 1131455803 - add: sambaPwdCanChange sambaPwdCanChange: 1132130840 - delete: sambaNTPassword sambaNTPassword: 492A7157FCC6BAFC965E7B48263D7A48 - add: sambaNTPassword sambaNTPassword: A26A1280212749F6481A791E15247E77 - delete: sambaPwdLastSet sambaPwdLastSet: 1131455803 - add: sambaPwdLastSet sambaPwdLastSet: 1132130840 - replace: entryCSN entryCSN: 20051116084720Z#000001#00#000000 - replace: modifiersName modifiersName: cn=Manager,dc=elysion,dc=lan - replace: modifyTimestamp modifyTimestamp: 20051116084720Z - ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value replica: hera.elysion.lan:389 time: 1132211749.0 dn: uid=paris$,ou=Computers,dc=elysion,dc=lan changetype: modify delete: sambaPwdCanChange sambaPwdCanChange: 1130487874 - add: sambaPwdCanChange sambaPwdCanChange: 1132211748 - delete: sambaNTPassword sambaNTPassword: 70A10FEDF47A7A6E316E95592AC76FEB - add: sambaNTPassword sambaNTPassword: 7D2D3C5E2B9BEA3C580B9B73158D236A - delete: sambaPwdLastSet sambaPwdLastSet: 1130487874 - add: sambaPwdLastSet sambaPwdLastSet: 1132211748 - replace: entryCSN entryCSN: 20051117071548Z#000001#00#000000 - replace: modifiersName modifiersName: cn=Manager,dc=elysion,dc=lan - replace: modifyTimestamp modifyTimestamp: 20051117071548Z - ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value replica: hera.elysion.lan:389 time: 1132212952.0 dn: uid=polyhymnia$,ou=Computers,dc=elysion,dc=lan changetype: modify delete: sambaPwdCanChange sambaPwdCanChange: 1131091378 - add: sambaPwdCanChange sambaPwdCanChange: 1132212952 - delete: sambaNTPassword sambaNTPassword: 00C187D5F563F71719556DE753FC1D78 - add: sambaNTPassword sambaNTPassword: F7D581AB7BA54A60BC3B1532A5D4E7C8 - delete: sambaPwdLastSet sambaPwdLastSet: 1131091378 - add: sambaPwdLastSet sambaPwdLastSet: 1132212952 - replace: entryCSN entryCSN: 20051117073552Z#000001#00#000000 - replace: modifiersName modifiersName: cn=Manager,dc=elysion,dc=lan - replace: modifyTimestamp modifyTimestamp: 20051117073552Z - ERROR: No such attribute: modify/delete: sambaPwdCanChange: no such value replica: hera.elysion.lan:389 time: 1132213972.0 dn: uid=acheron$,ou=Computers,dc=elysion,dc=lan changetype: modify delete: sambaPwdCanChange sambaPwdCanChange: 1130835051 - add: sambaPwdCanChange sambaPwdCanChange: 1132213972 - delete: sambaNTPassword sambaNTPassword: 5F5F6E59EAB13D17BDDE61A7222388DE - add: sambaNTPassword sambaNTPassword: 7B45687322E58179FCD73D7CAB451770 - delete: sambaPwdLastSet sambaPwdLastSet: 1130835051 - add: sambaPwdLastSet sambaPwdLastSet: 1132213972 - replace: entryCSN entryCSN: 20051117075252Z#000001#00#000000 - replace: modifiersName modifiersName: cn=Manager,dc=elysion,dc=lan - replace: modifyTimestamp modifyTimestamp: 20051117075252Z -