Hi phlip No i don't have a BDC,
Regards Niranjan On 2/20/06, Philip Washington <[EMAIL PROTECTED]> wrote: > > mallapadi niranjan wrote: > > > Hi all > > > > > > I too have the same problem , i am also using samba 3.0.21 with > > openldap version 2.2.13 on Redhat Enterprise Linux 4 enterprise server. > > if the samba PDC gets rebooted aburuptly, some of my clients > > workstations (Windows 2000 professional) have to rejoin. > > i was asked to check whether RID of the computer name is correct(uid*2 > > + 1000) , ans whether > > computer names have SambaSAMAccount object class. > > eventhough my computernames' exist in the database with correct object > > class and rid, the clients > > have to be rejoined. this happens only when samba PDC with ldap gets > > rebooted abruptly. > > having said that, so i assume that LDAP is unable to maintain > > consistency when it gets rebooted. > > > > so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb > > files are there) and use db_recover > > in case of any crash of ldap. > > > > But if we take backup in LDIF file and restore it, but still my > > computer accounts are not getting back, i had to rejoin. > > > > this is the problem that i am having, but still could not find the > > correct solution. > > > > Regards > > Niranjan > > > Do you have a BDC? If not then this is very interesting information. > > > On 2/19/06, *Philip Washington* <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > Craig White wrote: > > > > >On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote: > > > > > > > > >>We have had a Samba LDAP-PDC-BDC system setup for close to 3 > > months with > > >>about 60 computers in the domain. Earlier we had a power outage > > and > > >>about 30 computers no longer were able to log into the domain or > > >>authenticate. Some were NT Workstations and some were W2k. But > > not all > > >>NT or W2K workstations were affected. > > >>If we went to network neighborhood we would see the error message > > >>" "The trust relationship between this workstation and the > > primary domain > > >>failed" > > >>When someone tries to login to these computers then they get the > > error > > >>"The system cannot log you on to this domain because the system's > > >>computer account in it's primary domain is missing or the > > password on > > >>that account is incorrect". > > >> > > >>We were able to fix the problem on the computers by taking the > > computers > > >>out of the domain and re-entering them into the domain. Went > into > > >>System->Network Identification-> put the machine in a workgroup -> > > >>reboot -> Go back in and put the machine back into the domain. No > > >>manual deletion on the PDC was done. This was all done on the > > client. > > >> > > >>I reviewed LDAP backups and thus far have not found any > > descrepancies > > >>with the systems profiles before or after the power outage. The > > records > > >>indicate that there has not been any change in the LDAP > > information in > > >>the last 2 months for the machines which have the problem. Of > > course > > >>once the systems have been relogged into the domain the > > SambaNTPassword > > >>changes. > > >> > > >>I am currently both baffled and concerned as to how or why this > > would > > >>happen. If anybody could shed more light on what could have > > happened I > > >>would appreciate it. > > >>I would also like to know if there is a way to re-add or add a > > client on > > >>the Samba-LDAP-PDC instead of going to each individual client. > > >> > > >> > > >---- > > >probably would be a good idea to figure out how to troubleshoot > your > > >setup as one could only conjecture about what your problem is as > you > > >describe it. > > > > > >I do know that there is some faulty logic in your assumptions above > > >since the workstations will automatically change their password > > with the > > >passdb approximately once each month and I am quite certain that > > this is > > >documented in the samba documentation. > > > > > > > > > > > Yep, this does throw a bad domino into the logic. ( I wonder if > > MS will > > give me my money back for all of those MCSE classes). Once I > > fixed that > > domino and started looking at the BDC again, I realized that it's > > samba > > configuration files look identical to the ones on the PDC with the > > exception that ldap is pointing to the ldap on the BDC. So it > > currently looks like the BDC is misconfigured (Basically I'm seeing > a > > configuration that deviates quite a bit from what I see in Samba-3 > by > > Example). > > I shutdown the BDC for now and put the PDC on a UPS (Yeah it > > should have > > been on one in the first place, but money is tight and we're > operating > > under, if it ain't broke don't pay money to fix it). This should > > hold > > us over until the BDC is configured correctly. > > > > Thanks for the enlightenment. > > > > > > >So in view of your faulty assumption, my guess would be that your > > >PDC/BDC setup in LDAP probably isn't working properly as there > > should be > > >evidence in some log somewhere when the workstations change their > > >password and that the password changes propagate from LDAP server > to > > >LDAP server and assuming that you are using something like > > 'slurpd' to > > >replicate changes in LDAP, there should be evidence of some > failures > > >(aka rejects) unless you are allowing changes directly to the > 'slave' > > >LDAP server in which case, you have a lot to fix. > > > > > >Craig > > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > <https://lists.samba.org/mailman/listinfo/samba> > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba