RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails
Bonsoir Andrew, I've just tried to test failover with the two syntax. I use ssh tunnel to connect to ldapserver ( using 127.0.0.1 ) With passdb backend = ldapsam:ldap://127.0.0.1:10389/, ldapsam:ldap://127.0.0.1:13389, guest it works after more slowly but it works. I think after 8 times as I can see in log: Connection to LDAP Server failed for the 8 try! [2003/10/13 17:53:36, 0] lib/smbldap.c:smbldap_search(924) smbldap_search: LDAP server is down! [2003/10/13 17:53:36, 0] lib/smbldap.c:smbldap_search_suffix(1075) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Can't contact LDAP server) [2003/10/13 17:53:36, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(939) ldapsam_setsampwent: LDAP search failed: Can't contact LDAP server [2003/10/13 17:53:36, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[((uid=*)(objectclass=sambaSamAccount))] [2003/10/13 17:53:39, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(948) ldapsam_setsampwent: 1388 entries in the base! As I can see in the log , samba try to connect at every stage to the first ldapserver ( there is multiple 'Connection to LDAP Server failed for the 8 try!' ) with this syntax : passdb backend = ldapsam:ldap://127.0.0.1:10389 ldap://127.0.0.1:13389;, guest I am not able to connect to the domain second ldap if I stop the first one. I try to search '8 try' in my old cvs samba code without success. The rpm source is different. Thanks for your previous answers. Jean-Marc. -Message d'origine- De : Andrew Bartlett [mailto:[EMAIL PROTECTED] Envoyé : vendredi 10 octobre 2003 10:12 À : jean-marc pouchoulon Cc : 'Rauno Tuul'; [EMAIL PROTECTED] Objet : Re: RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails On Tue, 2003-10-07 at 19:58, jean-marc pouchoulon wrote: PDC (also master-ldap) smb.conf passdb backend = ldapsam:ldaps://master-ldap.lan ldapsam:ldaps://slave-ldap.lan Beware of the comma : use passdb backend = ldapsam:ldaps://master-ldap.lan, ldapsam:ldaps://slave-ldap.lan, guest Nope. The comma doesn't matter. passdb backend = ldapsam:ldaps://ldap1 ldaps://ldap2 is what you want. That way, OpenLDAP gets to process the 'ldap url' in whatever way they like - which is how we get this support. BTW, the first ldap server in that list should be the 'closest' server, as OpenLDAP will bind it that first. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails
On Tue, 2003-10-14 at 16:18, jean-marc pouchoulon wrote: Bonsoir Andrew, I've just tried to test failover with the two syntax. I use ssh tunnel to connect to ldapserver ( using 127.0.0.1 ) With passdb backend = ldapsam:ldap://127.0.0.1:10389/, ldapsam:ldap://127.0.0.1:13389, guest it works after more slowly but it works. I think after 8 times as passdb backend = ldapsam:ldap://127.0.0.1:10389 ldap://127.0.0.1:13389;, guest I am not able to connect to the domain second ldap if I stop the first one. Thanks for your previous answers. It is quite possible that your LDAP libs do not support that syntax. What exactly is the version are you using? -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails
I can't test it very well in a prod env, but if i stop one ( the first in order ) ldap server and I made a research with my xp PC , I have no result. But I use nestcape directory server. Jean-Marc -Message d'origine- De : Andrew Bartlett [mailto:[EMAIL PROTECTED] Envoyé : vendredi 10 octobre 2003 10:12 À : jean-marc pouchoulon Cc : 'Rauno Tuul'; [EMAIL PROTECTED] Objet : Re: RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails On Tue, 2003-10-07 at 19:58, jean-marc pouchoulon wrote: PDC (also master-ldap) smb.conf passdb backend = ldapsam:ldaps://master-ldap.lan ldapsam:ldaps://slave-ldap.lan Beware of the comma : use passdb backend = ldapsam:ldaps://master-ldap.lan, ldapsam:ldaps://slave-ldap.lan, guest Nope. The comma doesn't matter. passdb backend = ldapsam:ldaps://ldap1 ldaps://ldap2 is what you want. That way, OpenLDAP gets to process the 'ldap url' in whatever way they like - which is how we get this support. BTW, the first ldap server in that list should be the 'closest' server, as OpenLDAP will bind it that first. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails
On Fri, 2003-10-10 at 20:03, jean-marc pouchoulon wrote: I can't test it very well in a prod env, but if i stop one ( the first in order ) ldap server and I made a research with my xp PC , I have no result. But I use nestcape directory server. This is using exactly what syntax? This is expected behaviour, if you don't put the quotes in there... (We will time out looking for the LDAP server). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
