samba - Jun 2006 - "smbd: nss_ldap: could not search LDAP server - Can't contact LDAP server" and Samba shares are dropped

List,

I am encountering some really strange behaviour with Samba 3.0.20 and
OpenLDAP 2.2.28. Everything in terms of PAM and NSS has been working
correctly for a long time and have not been changed in months.

This week it has started playing up, with NT_STATUS_LOGON_FAILURE type
errors. The local ldap server is replicated from a master. In syslog,
I see things like

Jun 16 16:06:14 s-sophia smbd: nss_ldap: could not search LDAP server
- Can't contact LDAP server

At this point, the samba shares are no longer available, but LDAP is
not down: I can do a search:

s-sophia:~# ldapsearch -b "ou=People,dc=bpinet,dc=com" -xh localhost
'(uid=xxx)'
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=bpinet,dc=com> with scope sub
# filter: (uid=xxx)
# requesting: ALL
#

# xxx, Sophia Antipolis, People, bpinet.com
dn: uid=xxx,ou=Sophia Antipolis,ou=People,dc=bpinet,dc=com
cn: xxx
description: xxx
displayName: xxx
gecos: xxx
gidNumber: 513
homeDirectory: /home/xxx
loginShell: /bin/false
sambaHomeDrive: H:
[...stuff deleted...]

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

##########

Also, while Samba is out to lunch, I can also see the account via pdbedit:

s-sophia:~# pdbedit -vu xxx
Unix username:        xxx
NT username:          xxx
Account Flags:        [U          ]
User SID:             S-1-5-21-1150874807-1180408084-429402335-13524
Primary Group SID:    S-1-5-21-1150874807-1180408084-429402335-513
[...etc etc...]

##########

Things run fine for a number of minutes (never the same duration) and
then samba sessions begin to be refused. I've cranked up the openldap
logs, and see that queries continue to be sent and answered:

Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SRCH
base="ou=People,dc=bpinet,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uidNumber=6739))"
Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SEARCH RESULT
tag=101 err=0 nentries=1 text
If I stop samba and slapd and restart slapd and samba (in that order),
things start working again. No db_recover, no nothing else. I don't
know what else to look at. Any ideas on how I can zero in on the
underlying cause?

Thanks,
David

Hi,
I Believe that this could be a corrupted secrets.tdb file that may be
losing your ldap password. Please note that this is only a guess. I
really can't offer you too much in the way of help.

Your logs show a search of ldap for a lot of posix account
information. I don't know if that is normal or not, but if it isn't,
then maybe winbind is causing some trouble cause that might be why the
search chases after those attributes. If I'm off track, sorry about
that.

You could also have one of the two of them causing some locking. How
are you doing for space, as in hard drive space?

I really hope someone else is much more helpful than I am.

Good luck!!!