Hi Thanks for your reply, much appreciated.
When I run ldapsearch on the Samba server it prompts me for a password and this fails when tried with the credentials for the ldap bind account specified in smb.conf, also with the root pw for either machine, as follows: ldap_sasl_interactive_bind_s: Invalid credentials (49) I have tried resetting the smbpasswd -w as you suggested and setting the bind account password to the same on the ldap server, but i still get this message. This suggests you are right and it is a credentials issue, is there anything I need to do beyond smbpasswd -w <password> on the samba machine and passwd <bind account> on ldap server ? The LDAP does appear to be running on the primary LDAP server as I can look at it on the console of the (unused) instance of zimbra on there, it looks OK. That said if I do a ldapsearch on the that machine I get an error: [root@primaryldapserver cacerts]# ldapsearch ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Regards Fergus ----- Original Message ----- From: "Gaiseric Vandal" <gaiseric.van...@gmail.com> To: samba@lists.samba.org Sent: Monday, 13 February, 2012 5:51:43 PM Subject: Re: [Samba] openldap integration failed after power cut Can you use "ldapsearch" or a GUI Ldap browser/editor (e.g. Apache Directory Studio) to make sure that your primary LDAP server really is working . Verify that the credentials are good. You may need to re enter the ldap pw in samba if your password store got corrupted # smbpasswd -w LDAPBINDPW On 02/13/2012 11:12 AM, Fergus Clarke wrote: > Hi > > We have a Samba server that authenticates with an openldap server. Or it > used to. > We had a power cut last week and after a bit of struggling everything came > back, but not Samba. > Previously our smb.conf file included the line > > passdb backend = ldapsam:ldap://server.domain.net/ > > With this line in place the connection to the LDAP server fails, and peoples > shares drop off every few minutes. I changed this to point to our 2nd, > backup ldap server and now shares and logon work again. I need to get > communication started again between our Samba and primary LDAP server. > > Symptoms include the following: (with the new config, ie pointing at the > backup ldap server) > > On the samba server: > > servername:/etc/samba# smbclient '\\servername\data' > WARNING: The "printer admin" option is deprecated > Enter root's password: > session setup failed: NT_STATUS_LOGON_FAILURE > > but > > servername:/etc/samba# smbclient -L localhost -U% > WARNING: The "printer admin" option is deprecated > Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.2.5] > > Sharename Type Comment > --------- ---- ------- > netlogon Disk Network Logon Service > print$ Disk Printer Drivers > > etc > > also: > > servername:/etc/samba# pdbedit -u username -c "[X]" > doing parameter syslog = 1 > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 1000 > doing parameter smb ports = 139 > doing parameter name resolve order = wins bcast hosts > doing parameter printcap name = cups > doing parameter add user script = /usr/sbin/adduser --quiet > --disabled-password --gecos "" %u > doing parameter add machine script = /usr/sbin/smbldap-useradd -w %m > doing parameter logon script = logon.cmd > doing parameter logon path = \\server.domain.net\%U\profile > doing parameter logon home = \\server.domain.net\%U > doing parameter domain logons = Yes > doing parameter os level = 33 > doing parameter preferred master = Yes > doing parameter domain master = Yes > doing parameter dns proxy = No > doing parameter wins support = Yes > doing parameter ldap admin dn = "uid=username,cn=admins,cn=thenameofthecn" > doing parameter ldap group suffix = ou=groups > doing parameter ldap machine suffix = ou=machines > doing parameter ldap passwd sync = Yes > doing parameter ldap suffix = dc=ixico,dc=com > doing parameter ldap user suffix = ou=people > doing parameter panic action = /usr/share/samba/panic-action %d > pm_process() returned Yes > smbldap_search_domain_info: Searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] > smbldap_open_connection: connection opened > ldap_connect_system: successful connection to the LDAP server > The LDAP server is successfully connected > smbldap_search_domain_info: Searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] > smbldap_open_connection: connection opened > ldap_connect_system: successful connection to the LDAP server > The LDAP server is successfully connected > init_sam_from_ldap: Entry found for user: username > ldapsam_update_sam_account: user username to be modified has dn: > uid=username,ou=people,dc=domain,dc=com > init_ldap_from_sam: Setting entry for user: username > Unable to modify entry! > > > If I change the setting back to point at our original LDAP server I get the > following errors, for example: > > > servername:/etc/samba# pdbedit -u username -c "[X]" > doing parameter syslog = 1 > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 1000 > doing parameter smb ports = 139 > doing parameter name resolve order = wins bcast hosts > doing parameter printcap name = cups > doing parameter add user script = /usr/sbin/adduser --quiet > --disabled-password --gecos "" %u > doing parameter add machine script = /usr/sbin/smbldap-useradd -w %m > doing parameter logon script = logon.cmd > doing parameter logon path = \\server.domain.net\%U\profile > doing parameter logon home = \\server.domain.net\%U > doing parameter domain logons = Yes > doing parameter os level = 33 > doing parameter preferred master = Yes > doing parameter domain master = Yes > doing parameter dns proxy = No > doing parameter wins support = Yes > doing parameter ldap admin dn = "uid=user,cn=admins,cn=relevantcn" > doing parameter ldap group suffix = ou=groups > doing parameter ldap machine suffix = ou=machines > doing parameter ldap passwd sync = Yes > doing parameter ldap suffix = dc=domain,dc=com > doing parameter ldap user suffix = ou=people > doing parameter panic action = /usr/share/samba/panic-action %d > pm_process() returned Yes > smbldap_search_domain_info: Searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] > smbldap_open_connection: connection opened > failed to bind to server ldap://ldap2.domain.net/ with > dn="uid=username,cn=admins,cn=thecn" Error: Can't contact LDAP server > (unknown) > Connection to LDAP server failed for the 1 try! > smbldap_open_connection: connection opened > failed to bind to server ldap://ldap2.domain.net/ with > dn="uid=username,cn=admins,cn=thecn" Error: Can't contact LDAP server > > etc > > but I can ping the LDAP server with its hostname and the LDAP alias. > > I have upped the log level to 10 and grepped for relevant hostnames and > things but I am somewhat at a loss as to whats gone wrong, any help you can > offer would be very gratefully received. I would also be v happy to post any > logs etc to assist. > > Thanks > > Fergus > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba