subject:"Re\: \[Samba\] Samba LDAP PDC BDC quit working"

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-26 Thread mallapadi niranjan

Hi philip


I have installed ldap 2.3 with samba 3.0.21c and restored back the ldif file
, this time also i had rejoin systems to the domain after having computer
accounts in the ldif file (with RID and Object classes intact). i had taken
backup of my ldap using the following command
slapcat -l .

can you suggest any other better way of taking backup of ldap so that while
restoration i don't have to rejoin systems.

Regards
Niranjan



On 2/23/06, mallapadi niranjan <[EMAIL PROTECTED]> wrote:
>
> Hi philip
>
> the samba pdc with openldap 2.2.13, i have lot of troubles, i have
> compiled samba 3.0.21.when at the first time was released , i am not sure
> it's called samba 3.0.21a or something. openldap 2.2.13 (shipped with
> Redhat Enterprise linux 4) also need to be tweaked for having a good
> cachesize, checkpoints etc.
>
> so i have decided to go with samba 3.0.21b with openldap 2.3.19.
> see to take backup in ldif and restore it , and check whether it works.
> as i was told that openldap 2.3.19 has auto recovery in case of unclean
> shutdowns.
> hope this works
>
> Regards
> Niranjan
>
>
>
>
> On 2/22/06, Philip Washington <[EMAIL PROTECTED]> wrote:
> >
> > mallapadi niranjan wrote:
> >
> > > Hi Philip
> > >
> > >
> > > yes, I have the same properties, (for checking i did the rid*2+1000
> > > and object class test. , but
> > > once the computer are rejoined, it gets new rid, not the rid which is
> > > in the LDIF.
> > >
> > > Regards
> > > Niranjan
> > >
> > Okay, then this is something else I don't understand.
> > If the LDAP database is getting corrupted then I can see how this
> > problem could happen.  But if the PDC goes down as you describe in
> > scenario-2 then it doesn't make sense that the computers should have to
> > rejoin the domain, unless there is some information which is not being
> > stored in the LDAP database.
> >
> > > On 2/21/06, *Philip Washington* <[EMAIL PROTECTED]
> > > > wrote:
> > >
> > > mallapadi niranjan wrote:
> > >
> > > > Hi Craig
> > > >
> > > > Thanks for replying, The samba PDC gets rebooted because of
> > Power
> > > > outage, at night times.
> > > > After the system gets rebooted,
> > > > Scenario -01
> > > > 1. Either some times the ldap gets hanged, (2.2.13) may be
> > > because of
> > > > inconsistency.
> > > > 2. since ldap hangs, samba doesn't come up properly.
> > > > 3. so i run db_recover and try to start the ldap service and
> > > then samba
> > > >
> > > > Scenario-02
> > > > if LDAP doesn't hang, and samba comes up nicely, the computer
> > had to
> > > > rejoin.
> > > > but in my ldapdatabase, in OU=Computers, all the computer
> > accounts
> > > > exist. with
> > > > rid and Object class intact.
> > > > but some how i don't know why i have to rejoin,
> > > >
> > > Okay I just want to clarify this. After an unplanned reboot (power
> > > outage) , your PDC comes back up and you find that some of the
> > > computers
> > > in your domain need to rejoin the domain??  Do you have recent
> > > ldiff or
> > > slapcats indicating that most of these computers have the same
> > > properties in the LDAP database as before.
> > >
> > > > Scenario-03.
> > > > I take the regular backup of LDAP, to LDIF file, and restore
> > with
> > > > latest LDIF file,
> > > > eventhough i don't get the Computer Accounts and also i lose
> > user 's
> > > > passwords,
> > > > After restoring from LDIF file.
> > > >
> > > > Scenario-04
> > > > If i do safe reboot or shutdown, there 's no problem , the
> > server
> > > > works properly without any
> > > > problem
> > > >
> > > > Regards
> > > > Niranjan
> > > >
> > > >
> > > > On 2/20/06, *Craig White* <[EMAIL PROTECTED]
> > > 
> > > >  > > >> wrote:
> > > >
> > > > On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> > > > > Hi all
> > > > >
> > > > >
> > > > > I too have the same problem , i am also using samba 3.0.21
> > > with
> > > > > openldap  version 2.2.13 on Redhat Enterprise Linux 4
> > > enterprise
> > > > > server.
> > > > > if the samba PDC gets rebooted aburuptly,  some of my
> > clients
> > > > > workstations (Windows 2000 professional) have to rejoin.
> > > > > i was asked to check whether RID of the computer name is
> > > > correct(uid*2
> > > > > + 1000) , ans whether
> > > > > computer names have SambaSAMAccount object class.
> > > > > eventhough my computernames' exist in the database with
> > > correct
> > > > object
> > > > > class and rid, the clients
> > > > > have to be rejoined. this happens only when samba PDC with
> > > ldap
> > > > gets
> > > > > rebooted abr

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-22 Thread mallapadi niranjan

Hi philip

the samba pdc with openldap 2.2.13, i have lot of troubles, i have compiled
samba 3.0.21.when at the first time was released , i am not sure it's called
samba 3.0.21a or something. openldap 2.2.13 (shipped with Redhat Enterprise
linux 4) also need to be tweaked for having a good cachesize, checkpoints
etc.

so i have decided to go with samba 3.0.21b with openldap 2.3.19.
see to take backup in ldif and restore it , and check whether it works.
as i was told that openldap 2.3.19 has auto recovery in case of unclean
shutdowns.
hope this works

Regards
Niranjan




On 2/22/06, Philip Washington <[EMAIL PROTECTED]> wrote:
>
> mallapadi niranjan wrote:
>
> > Hi Philip
> >
> >
> > yes, I have the same properties, (for checking i did the rid*2+1000
> > and object class test. , but
> > once the computer are rejoined, it gets new rid, not the rid which is
> > in the LDIF.
> >
> > Regards
> > Niranjan
> >
> Okay, then this is something else I don't understand.
> If the LDAP database is getting corrupted then I can see how this
> problem could happen.  But if the PDC goes down as you describe in
> scenario-2 then it doesn't make sense that the computers should have to
> rejoin the domain, unless there is some information which is not being
> stored in the LDAP database.
>
> > On 2/21/06, *Philip Washington* <[EMAIL PROTECTED]
> > > wrote:
> >
> > mallapadi niranjan wrote:
> >
> > > Hi Craig
> > >
> > > Thanks for replying, The samba PDC gets rebooted because of Power
> > > outage, at night times.
> > > After the system gets rebooted,
> > > Scenario -01
> > > 1. Either some times the ldap gets hanged, (2.2.13) may be
> > because of
> > > inconsistency.
> > > 2. since ldap hangs, samba doesn't come up properly.
> > > 3. so i run db_recover and try to start the ldap service and
> > then samba
> > >
> > > Scenario-02
> > > if LDAP doesn't hang, and samba comes up nicely, the computer had
> to
> > > rejoin.
> > > but in my ldapdatabase, in OU=Computers, all the computer accounts
> > > exist. with
> > > rid and Object class intact.
> > > but some how i don't know why i have to rejoin,
> > >
> > Okay I just want to clarify this. After an unplanned reboot (power
> > outage) , your PDC comes back up and you find that some of the
> > computers
> > in your domain need to rejoin the domain??  Do you have recent
> > ldiff or
> > slapcats indicating that most of these computers have the same
> > properties in the LDAP database as before.
> >
> > > Scenario-03.
> > > I take the regular backup of LDAP, to LDIF file, and restore with
> > > latest LDIF file,
> > > eventhough i don't get the Computer Accounts and also i lose user
> 's
> > > passwords,
> > > After restoring from LDIF file.
> > >
> > > Scenario-04
> > > If i do safe reboot or shutdown, there 's no problem , the server
> > > works properly without any
> > > problem
> > >
> > > Regards
> > > Niranjan
> > >
> > >
> > > On 2/20/06, *Craig White* <[EMAIL PROTECTED]
> > 
> > >  > >> wrote:
> > >
> > > On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> > > > Hi all
> > > >
> > > >
> > > > I too have the same problem , i am also using samba 3.0.21
> > with
> > > > openldap  version 2.2.13 on Redhat Enterprise Linux 4
> > enterprise
> > > > server.
> > > > if the samba PDC gets rebooted aburuptly,  some of my
> clients
> > > > workstations (Windows 2000 professional) have to rejoin.
> > > > i was asked to check whether RID of the computer name is
> > > correct(uid*2
> > > > + 1000) , ans whether
> > > > computer names have SambaSAMAccount object class.
> > > > eventhough my computernames' exist in the database with
> > correct
> > > object
> > > > class and rid, the clients
> > > > have to be rejoined. this happens only when samba PDC with
> > ldap
> > > gets
> > > > rebooted abruptly.
> > > > having said that, so i assume that LDAP is unable to
> maintain
> > > > consistency when it gets rebooted.
> > > >
> > > > so i had kept DB_CONFIG file in /var/lib/ldap(this is
> > where all bdb
> > > > files are there) and use db_recover
> > > > in case of any crash of ldap.
> > > >
> > > > But if we take backup in LDIF file and restore it, but
> > still my
> > > > computer accounts are not getting back, i had to rejoin.
> > > >
> > > > this is the problem that i am having, but still could not
> > find the
> > > > correct solution.
> > > 
> > > No - as you and he describe it, these are separate problems.
>

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-22 Thread Philip Washington


mallapadi niranjan wrote:


Hi Philip


yes, I have the same properties, (for checking i did the rid*2+1000 
and object class test. , but
once the computer are rejoined, it gets new rid, not the rid which is 
in the LDIF.


Regards
Niranjan


You might check your MS client event logs for this error.
error 3224
Changing machine account password for account $ failed with 
the following error: 
A remote procedure call (RPC) protocol error occurred. 



On 2/21/06, *Philip Washington* <[EMAIL PROTECTED] 
> wrote:


mallapadi niranjan wrote:

> Hi Craig
>
> Thanks for replying, The samba PDC gets rebooted because of Power
> outage, at night times.
> After the system gets rebooted,
> Scenario -01
> 1. Either some times the ldap gets hanged, (2.2.13) may be
because of
> inconsistency.
> 2. since ldap hangs, samba doesn't come up properly.
> 3. so i run db_recover and try to start the ldap service and
then samba
>
> Scenario-02
> if LDAP doesn't hang, and samba comes up nicely, the computer had to
> rejoin.
> but in my ldapdatabase, in OU=Computers, all the computer accounts
> exist. with
> rid and Object class intact.
> but some how i don't know why i have to rejoin,
>
Okay I just want to clarify this. After an unplanned reboot (power
outage) , your PDC comes back up and you find that some of the
computers
in your domain need to rejoin the domain??  Do you have recent
ldiff or
slapcats indicating that most of these computers have the same
properties in the LDAP database as before.

> Scenario-03.
> I take the regular backup of LDAP, to LDIF file, and restore with
> latest LDIF file,
> eventhough i don't get the Computer Accounts and also i lose user 's
> passwords,
> After restoring from LDIF file.
>
> Scenario-04
> If i do safe reboot or shutdown, there 's no problem , the server
> works properly without any
> problem
>
> Regards
> Niranjan
>
>
> On 2/20/06, *Craig White* <[EMAIL PROTECTED]

> mailto:[EMAIL PROTECTED]>>> wrote:
>
> On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> > Hi all
> >
> >
> > I too have the same problem , i am also using samba 3.0.21
with
> > openldap  version 2.2.13 on Redhat Enterprise Linux 4
enterprise
> > server.
> > if the samba PDC gets rebooted aburuptly,  some of my clients
> > workstations (Windows 2000 professional) have to rejoin.
> > i was asked to check whether RID of the computer name is
> correct(uid*2
> > + 1000) , ans whether
> > computer names have SambaSAMAccount object class.
> > eventhough my computernames' exist in the database with
correct
> object
> > class and rid, the clients
> > have to be rejoined. this happens only when samba PDC with
ldap
> gets
> > rebooted abruptly.
> > having said that, so i assume that LDAP is unable to maintain
> > consistency when it gets rebooted.
> >
> > so i had kept DB_CONFIG file in /var/lib/ldap(this is
where all bdb
> > files are there) and use db_recover
> > in case of any crash of ldap.
> >
> > But if we take backup in LDIF file and restore it, but
still my
> > computer accounts are not getting back, i had to rejoin.
> >
> > this is the problem that i am having, but still could not
find the
> > correct solution.
> 
> No - as you and he describe it, these are separate problems.
>
> Your issues is that PDC shouldn't get rebooted abruptly and
newer
> versions of openldap have a script that automatically runs
db_recover.
> This however doesn't come in the version of openldap that
ships with
> RHEL
>
> You might want to set up a cron script that performs a
slapcat on
> a more
> frequent basis so that if it is necessary to dump the entire
LDAP DSA
> and reload from an ldif, the ldif is much more current and
thus, you
> wouldn't have to rejoin many if any computers to the domain.
>
> Craig
>
>




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-22 Thread Philip Washington


mallapadi niranjan wrote:


Hi Philip


yes, I have the same properties, (for checking i did the rid*2+1000 
and object class test. , but
once the computer are rejoined, it gets new rid, not the rid which is 
in the LDIF.


Regards
Niranjan

 Okay, then this is something else I don't understand. 
If the LDAP database is getting corrupted then I can see how this 
problem could happen.  But if the PDC goes down as you describe in 
scenario-2 then it doesn't make sense that the computers should have to 
rejoin the domain, unless there is some information which is not being 
stored in the LDAP database.


On 2/21/06, *Philip Washington* <[EMAIL PROTECTED] 
> wrote:


mallapadi niranjan wrote:

> Hi Craig
>
> Thanks for replying, The samba PDC gets rebooted because of Power
> outage, at night times.
> After the system gets rebooted,
> Scenario -01
> 1. Either some times the ldap gets hanged, (2.2.13) may be
because of
> inconsistency.
> 2. since ldap hangs, samba doesn't come up properly.
> 3. so i run db_recover and try to start the ldap service and
then samba
>
> Scenario-02
> if LDAP doesn't hang, and samba comes up nicely, the computer had to
> rejoin.
> but in my ldapdatabase, in OU=Computers, all the computer accounts
> exist. with
> rid and Object class intact.
> but some how i don't know why i have to rejoin,
>
Okay I just want to clarify this. After an unplanned reboot (power
outage) , your PDC comes back up and you find that some of the
computers
in your domain need to rejoin the domain??  Do you have recent
ldiff or
slapcats indicating that most of these computers have the same
properties in the LDAP database as before.

> Scenario-03.
> I take the regular backup of LDAP, to LDIF file, and restore with
> latest LDIF file,
> eventhough i don't get the Computer Accounts and also i lose user 's
> passwords,
> After restoring from LDIF file.
>
> Scenario-04
> If i do safe reboot or shutdown, there 's no problem , the server
> works properly without any
> problem
>
> Regards
> Niranjan
>
>
> On 2/20/06, *Craig White* <[EMAIL PROTECTED]

> mailto:[EMAIL PROTECTED]>>> wrote:
>
> On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> > Hi all
> >
> >
> > I too have the same problem , i am also using samba 3.0.21
with
> > openldap  version 2.2.13 on Redhat Enterprise Linux 4
enterprise
> > server.
> > if the samba PDC gets rebooted aburuptly,  some of my clients
> > workstations (Windows 2000 professional) have to rejoin.
> > i was asked to check whether RID of the computer name is
> correct(uid*2
> > + 1000) , ans whether
> > computer names have SambaSAMAccount object class.
> > eventhough my computernames' exist in the database with
correct
> object
> > class and rid, the clients
> > have to be rejoined. this happens only when samba PDC with
ldap
> gets
> > rebooted abruptly.
> > having said that, so i assume that LDAP is unable to maintain
> > consistency when it gets rebooted.
> >
> > so i had kept DB_CONFIG file in /var/lib/ldap(this is
where all bdb
> > files are there) and use db_recover
> > in case of any crash of ldap.
> >
> > But if we take backup in LDIF file and restore it, but
still my
> > computer accounts are not getting back, i had to rejoin.
> >
> > this is the problem that i am having, but still could not
find the
> > correct solution.
> 
> No - as you and he describe it, these are separate problems.
>
> Your issues is that PDC shouldn't get rebooted abruptly and
newer
> versions of openldap have a script that automatically runs
db_recover.
> This however doesn't come in the version of openldap that
ships with
> RHEL
>
> You might want to set up a cron script that performs a
slapcat on
> a more
> frequent basis so that if it is necessary to dump the entire
LDAP DSA
> and reload from an ldif, the ldif is much more current and
thus, you
> wouldn't have to rejoin many if any computers to the domain.
>
> Craig
>
>




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-21 Thread Philip Washington

mallapadi niranjan wrote:

Hi Craig

Thanks for replying, The samba PDC gets rebooted because of Power 
outage, at night times.

After the system gets rebooted,
Scenario -01
1. Either some times the ldap gets hanged, (2.2.13) may be because of 
inconsistency.

2. since ldap hangs, samba doesn't come up properly.
3. so i run db_recover and try to start the ldap service and then samba

Scenario-02
if LDAP doesn't hang, and samba comes up nicely, the computer had to 
rejoin.
but in my ldapdatabase, in OU=Computers, all the computer accounts 
exist. with

rid and Object class intact.
but some how i don't know why i have to rejoin,

Okay I just want to clarify this. After an unplanned reboot (power 
outage) , your PDC comes back up and you find that some of the computers 
in your domain need to rejoin the domain??  Do you have recent ldiff or 
slapcats indicating that most of these computers have the same 
properties in the LDAP database as before.

Scenario-03.
I take the regular backup of LDAP, to LDIF file, and restore with 
latest LDIF file,
eventhough i don't get the Computer Accounts and also i lose user 's 
passwords,

After restoring from LDIF file.

Scenario-04
If i do safe reboot or shutdown, there 's no problem , the server 
works properly without any

problem

Regards
Niranjan

On 2/20/06, *Craig White* <[EMAIL PROTECTED] 
> wrote:

On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> Hi all
>
>
> I too have the same problem , i am also using samba 3.0.21 with
> openldap  version 2.2.13 on Redhat Enterprise Linux 4 enterprise
> server.
> if the samba PDC gets rebooted aburuptly,  some of my clients
> workstations (Windows 2000 professional) have to rejoin.
> i was asked to check whether RID of the computer name is
correct(uid*2
> + 1000) , ans whether
> computer names have SambaSAMAccount object class.
> eventhough my computernames' exist in the database with correct
object
> class and rid, the clients
> have to be rejoined. this happens only when samba PDC with ldap
gets
> rebooted abruptly.
> having said that, so i assume that LDAP is unable to maintain
> consistency when it gets rebooted.
>
> so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
> files are there) and use db_recover
> in case of any crash of ldap.
>
> But if we take backup in LDIF file and restore it, but still my
> computer accounts are not getting back, i had to rejoin.
>
> this is the problem that i am having, but still could not find the
> correct solution.

No - as you and he describe it, these are separate problems.

Your issues is that PDC shouldn't get rebooted abruptly and newer
versions of openldap have a script that automatically runs db_recover.
This however doesn't come in the version of openldap that ships with
RHEL

You might want to set up a cron script that performs a slapcat on
a more
frequent basis so that if it is necessary to dump the entire LDAP DSA
and reload from an ldif, the ldif is much more current and thus, you
wouldn't have to rejoin many if any computers to the domain.

Craig

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-20 Thread mallapadi niranjan

Hi Craig

Thanks for replying, The samba PDC gets rebooted because of Power outage, at
night times.
After the system gets rebooted,
Scenario -01
1. Either some times the ldap gets hanged, (2.2.13) may be because of
inconsistency.
2. since ldap hangs, samba doesn't come up properly.
3. so i run db_recover and try to start the ldap service and then samba

Scenario-02
if LDAP doesn't hang, and samba comes up nicely, the computer had to rejoin.

but in my ldapdatabase, in OU=Computers, all the computer accounts exist.
with
rid and Object class intact.
but some how i don't know why i have to rejoin,

Scenario-03.
I take the regular backup of LDAP, to LDIF file, and restore with latest
LDIF file,
eventhough i don't get the Computer Accounts and also i lose user 's
passwords,
After restoring from LDIF file.

Scenario-04
If i do safe reboot or shutdown, there 's no problem , the server works
properly without any
problem

Regards
Niranjan


On 2/20/06, Craig White <[EMAIL PROTECTED]> wrote:
>
> On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> > Hi all
> >
> >
> > I too have the same problem , i am also using samba 3.0.21 with
> > openldap  version 2.2.13 on Redhat Enterprise Linux 4 enterprise
> > server.
> > if the samba PDC gets rebooted aburuptly,  some of my clients
> > workstations (Windows 2000 professional) have to rejoin.
> > i was asked to check whether RID of the computer name is correct(uid*2
> > + 1000) , ans whether
> > computer names have SambaSAMAccount object class.
> > eventhough my computernames' exist in the database with correct object
> > class and rid, the clients
> > have to be rejoined. this happens only when samba PDC with ldap gets
> > rebooted abruptly.
> > having said that, so i assume that LDAP is unable to maintain
> > consistency when it gets rebooted.
> >
> > so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
> > files are there) and use db_recover
> > in case of any crash of ldap.
> >
> > But if we take backup in LDIF file and restore it, but still my
> > computer accounts are not getting back, i had to rejoin.
> >
> > this is the problem that i am having, but still could not find the
> > correct solution.
> 
> No - as you and he describe it, these are separate problems.
>
> Your issues is that PDC shouldn't get rebooted abruptly and newer
> versions of openldap have a script that automatically runs db_recover.
> This however doesn't come in the version of openldap that ships with
> RHEL
>
> You might want to set up a cron script that performs a slapcat on a more
> frequent basis so that if it is necessary to dump the entire LDAP DSA
> and reload from an ldif, the ldif is much more current and thus, you
> wouldn't have to rejoin many if any computers to the domain.
>
> Craig
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-20 Thread mallapadi niranjan

Hi phlip

No i don't have a BDC,


Regards
Niranjan



On 2/20/06, Philip Washington <[EMAIL PROTECTED]> wrote:
>
> mallapadi niranjan wrote:
>
> > Hi all
> >
> >
> > I too have the same problem , i am also using samba 3.0.21 with
> > openldap  version 2.2.13 on Redhat Enterprise Linux 4 enterprise server.
> > if the samba PDC gets rebooted aburuptly,  some of my clients
> > workstations (Windows 2000 professional) have to rejoin.
> > i was asked to check whether RID of the computer name is correct(uid*2
> > + 1000) , ans whether
> > computer names have SambaSAMAccount object class.
> > eventhough my computernames' exist in the database with correct object
> > class and rid, the clients
> > have to be rejoined. this happens only when samba PDC with ldap gets
> > rebooted abruptly.
> > having said that, so i assume that LDAP is unable to maintain
> > consistency when it gets rebooted.
> >
> > so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
> > files are there) and use db_recover
> > in case of any crash of ldap.
> >
> > But if we take backup in LDIF file and restore it, but still my
> > computer accounts are not getting back, i had to rejoin.
> >
> > this is the problem that i am having, but still could not find the
> > correct solution.
> >
> > Regards
> > Niranjan
> >
> Do you have a BDC?  If not then this is very interesting information.
>
> > On 2/19/06, *Philip Washington* <[EMAIL PROTECTED]
> > > wrote:
> >
> > Craig White wrote:
> >
> > >On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
> > >
> > >
> > >>We have had a Samba LDAP-PDC-BDC system setup for close to 3
> > months with
> > >>about 60 computers in the domain.  Earlier we had a power outage
> > and
> > >>about 30 computers no longer were able to log into the domain or
> > >>authenticate.  Some were NT Workstations and some were W2k.  But
> > not all
> > >>NT or W2K workstations were affected.
> > >>If we went to network neighborhood we would see the error message
> > >>" "The trust relationship between this workstation and the
> > primary domain
> > >>failed"
> > >>When someone tries to login to these computers then they get the
> > error
> > >>"The system cannot log you on to this domain because the system's
> > >>computer account in it's primary domain is missing or the
> > password on
> > >>that account is incorrect".
> > >>
> > >>We were able to fix the problem on the computers by taking the
> > computers
> > >>out of the domain and re-entering them into the domain.Went
> into
> > >>System->Network Identification-> put the machine in a workgroup ->
> > >>reboot -> Go back in and put the machine back into the domain.  No
> > >>manual deletion on the PDC was done.  This was all done on the
> > client.
> > >>
> > >>I reviewed LDAP backups and thus far have not found any
> > descrepancies
> > >>with the systems profiles before or after the power outage.  The
> > records
> > >>indicate that there has not been any change in the LDAP
> > information in
> > >>the last 2 months for the machines which have the problem.  Of
> > course
> > >>once the systems have been relogged into the domain the
> > SambaNTPassword
> > >>changes.
> > >>
> > >>I am currently both baffled and concerned as to how or why this
> > would
> > >>happen.  If anybody could shed more light on what could have
> > happened I
> > >>would appreciate it.
> > >>I would also like to know if there is a way to re-add or add a
> > client on
> > >>the Samba-LDAP-PDC instead of going to each individual client.
> > >>
> > >>
> > >
> > >probably would be a good idea to figure out how to troubleshoot
> your
> > >setup as one could only conjecture about what your problem is as
> you
> > >describe it.
> > >
> > >I do know that there is some faulty logic in your assumptions above
> > >since the workstations will automatically change their password
> > with the
> > >passdb approximately once each month and I am quite certain that
> > this is
> > >documented in the samba documentation.
> > >
> > >
> > >
> > Yep, this does throw a bad domino into the logic.  ( I wonder if
> > MS will
> > give me my money back for all of those MCSE classes).  Once I
> > fixed that
> > domino and started looking at the BDC again, I realized that it's
> > samba
> > configuration files look identical to the ones on the PDC with the
> > exception that  ldap is pointing to the ldap on the BDC.   So it
> > currently looks like the BDC is misconfigured (Basically I'm seeing
> a
> > configuration that deviates quite a bit from what I see in Samba-3
> by
> > Example).
> > I shutdown the BDC for now and put the PDC on a UPS (Yeah it
> > should hav

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-20 Thread Craig White

On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
> Hi all
> 
> 
> I too have the same problem , i am also using samba 3.0.21 with
> openldap  version 2.2.13 on Redhat Enterprise Linux 4 enterprise
> server. 
> if the samba PDC gets rebooted aburuptly,  some of my clients
> workstations (Windows 2000 professional) have to rejoin. 
> i was asked to check whether RID of the computer name is correct(uid*2
> + 1000) , ans whether 
> computer names have SambaSAMAccount object class. 
> eventhough my computernames' exist in the database with correct object
> class and rid, the clients 
> have to be rejoined. this happens only when samba PDC with ldap gets
> rebooted abruptly. 
> having said that, so i assume that LDAP is unable to maintain
> consistency when it gets rebooted. 
> 
> so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
> files are there) and use db_recover 
> in case of any crash of ldap. 
> 
> But if we take backup in LDIF file and restore it, but still my
> computer accounts are not getting back, i had to rejoin. 
> 
> this is the problem that i am having, but still could not find the
> correct solution.

No - as you and he describe it, these are separate problems.

Your issues is that PDC shouldn't get rebooted abruptly and newer
versions of openldap have a script that automatically runs db_recover.
This however doesn't come in the version of openldap that ships with
RHEL

You might want to set up a cron script that performs a slapcat on a more
frequent basis so that if it is necessary to dump the entire LDAP DSA
and reload from an ldif, the ldif is much more current and thus, you
wouldn't have to rejoin many if any computers to the domain.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-20 Thread Philip Washington


mallapadi niranjan wrote:


Hi all


I too have the same problem , i am also using samba 3.0.21 with 
openldap  version 2.2.13 on Redhat Enterprise Linux 4 enterprise server.
if the samba PDC gets rebooted aburuptly,  some of my clients 
workstations (Windows 2000 professional) have to rejoin.
i was asked to check whether RID of the computer name is correct(uid*2 
+ 1000) , ans whether

computer names have SambaSAMAccount object class.
eventhough my computernames' exist in the database with correct object 
class and rid, the clients
have to be rejoined. this happens only when samba PDC with ldap gets 
rebooted abruptly.
having said that, so i assume that LDAP is unable to maintain 
consistency when it gets rebooted.


so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb 
files are there) and use db_recover

in case of any crash of ldap.

But if we take backup in LDIF file and restore it, but still my 
computer accounts are not getting back, i had to rejoin.


this is the problem that i am having, but still could not find the 
correct solution.


Regards
Niranjan


Do you have a BDC?  If not then this is very interesting information.

On 2/19/06, *Philip Washington* <[EMAIL PROTECTED] 
> wrote:


Craig White wrote:

>On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
>
>
>>We have had a Samba LDAP-PDC-BDC system setup for close to 3
months with
>>about 60 computers in the domain.  Earlier we had a power outage
and
>>about 30 computers no longer were able to log into the domain or
>>authenticate.  Some were NT Workstations and some were W2k.  But
not all
>>NT or W2K workstations were affected.
>>If we went to network neighborhood we would see the error message
>>" "The trust relationship between this workstation and the
primary domain
>>failed"
>>When someone tries to login to these computers then they get the
error
>>"The system cannot log you on to this domain because the system's
>>computer account in it's primary domain is missing or the
password on
>>that account is incorrect".
>>
>>We were able to fix the problem on the computers by taking the
computers
>>out of the domain and re-entering them into the domain.Went into
>>System->Network Identification-> put the machine in a workgroup ->
>>reboot -> Go back in and put the machine back into the domain.  No
>>manual deletion on the PDC was done.  This was all done on the
client.
>>
>>I reviewed LDAP backups and thus far have not found any
descrepancies
>>with the systems profiles before or after the power outage.  The
records
>>indicate that there has not been any change in the LDAP
information in
>>the last 2 months for the machines which have the problem.  Of
course
>>once the systems have been relogged into the domain the
SambaNTPassword
>>changes.
>>
>>I am currently both baffled and concerned as to how or why this
would
>>happen.  If anybody could shed more light on what could have
happened I
>>would appreciate it.
>>I would also like to know if there is a way to re-add or add a
client on
>>the Samba-LDAP-PDC instead of going to each individual client.
>>
>>
>
>probably would be a good idea to figure out how to troubleshoot your
>setup as one could only conjecture about what your problem is as you
>describe it.
>
>I do know that there is some faulty logic in your assumptions above
>since the workstations will automatically change their password
with the
>passdb approximately once each month and I am quite certain that
this is
>documented in the samba documentation.
>
>
>
Yep, this does throw a bad domino into the logic.  ( I wonder if
MS will
give me my money back for all of those MCSE classes).  Once I
fixed that
domino and started looking at the BDC again, I realized that it's
samba
configuration files look identical to the ones on the PDC with the
exception that  ldap is pointing to the ldap on the BDC.   So it
currently looks like the BDC is misconfigured (Basically I'm seeing a
configuration that deviates quite a bit from what I see in Samba-3 by
Example).
I shutdown the BDC for now and put the PDC on a UPS (Yeah it
should have
been on one in the first place, but money is tight and we're operating
under, if it ain't broke don't pay money to fix it).   This should
hold
us over until the BDC is configured correctly.

Thanks for the enlightenment.


>So in view of your faulty assumption, my guess would be that your
>PDC/BDC setup in LDAP probably isn't working properly as there
should be
>evidence in some log somewhere when the workstations change their
>password and that the password changes propagate from LDAP server to
>LDAP serve

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-19 Thread mallapadi niranjan

Hi all


I too have the same problem , i am also using samba 3.0.21 with openldap
version 2.2.13 on Redhat Enterprise Linux 4 enterprise server.
if the samba PDC gets rebooted aburuptly,  some of my clients workstations
(Windows 2000 professional) have to rejoin.
i was asked to check whether RID of the computer name is correct(uid*2 +
1000) , ans whether
computer names have SambaSAMAccount object class.
eventhough my computernames' exist in the database with correct object class
and rid, the clients
have to be rejoined. this happens only when samba PDC with ldap gets
rebooted abruptly.
having said that, so i assume that LDAP is unable to maintain consistency
when it gets rebooted.

so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb files
are there) and use db_recover
in case of any crash of ldap.

But if we take backup in LDIF file and restore it, but still my computer
accounts are not getting back, i had to rejoin.

this is the problem that i am having, but still could not find the correct
solution.

Regards
Niranjan

On 2/19/06, Philip Washington <[EMAIL PROTECTED]> wrote:
>
> Craig White wrote:
>
> >On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
> >
> >
> >>We have had a Samba LDAP-PDC-BDC system setup for close to 3 months with
> >>about 60 computers in the domain.  Earlier we had a power outage and
> >>about 30 computers no longer were able to log into the domain or
> >>authenticate.  Some were NT Workstations and some were W2k.  But not all
> >>NT or W2K workstations were affected.
> >>If we went to network neighborhood we would see the error message
> >>" "The trust relationship between this workstation and the primary
> domain
> >>failed"
> >>When someone tries to login to these computers then they get the error
> >>"The system cannot log you on to this domain because the system's
> >>computer account in it's primary domain is missing or the password on
> >>that account is incorrect".
> >>
> >>We were able to fix the problem on the computers by taking the computers
> >>out of the domain and re-entering them into the domain.Went into
> >>System->Network Identification-> put the machine in a workgroup ->
> >>reboot -> Go back in and put the machine back into the domain.  No
> >>manual deletion on the PDC was done.  This was all done on the client.
> >>
> >>I reviewed LDAP backups and thus far have not found any descrepancies
> >>with the systems profiles before or after the power outage.  The records
> >>indicate that there has not been any change in the LDAP information in
> >>the last 2 months for the machines which have the problem.  Of course
> >>once the systems have been relogged into the domain the SambaNTPassword
> >>changes.
> >>
> >>I am currently both baffled and concerned as to how or why this would
> >>happen.  If anybody could shed more light on what could have happened I
> >>would appreciate it.
> >>I would also like to know if there is a way to re-add or add a client on
> >>the Samba-LDAP-PDC instead of going to each individual client.
> >>
> >>
> >
> >probably would be a good idea to figure out how to troubleshoot your
> >setup as one could only conjecture about what your problem is as you
> >describe it.
> >
> >I do know that there is some faulty logic in your assumptions above
> >since the workstations will automatically change their password with the
> >passdb approximately once each month and I am quite certain that this is
> >documented in the samba documentation.
> >
> >
> >
> Yep, this does throw a bad domino into the logic.  ( I wonder if MS will
> give me my money back for all of those MCSE classes).  Once I fixed that
> domino and started looking at the BDC again, I realized that it's samba
> configuration files look identical to the ones on the PDC with the
> exception that  ldap is pointing to the ldap on the BDC.   So it
> currently looks like the BDC is misconfigured (Basically I'm seeing a
> configuration that deviates quite a bit from what I see in Samba-3 by
> Example).
> I shutdown the BDC for now and put the PDC on a UPS (Yeah it should have
> been on one in the first place, but money is tight and we're operating
> under, if it ain't broke don't pay money to fix it).   This should hold
> us over until the BDC is configured correctly.
>
> Thanks for the enlightenment.
>
>
> >So in view of your faulty assumption, my guess would be that your
> >PDC/BDC setup in LDAP probably isn't working properly as there should be
> >evidence in some log somewhere when the workstations change their
> >password and that the password changes propagate from LDAP server to
> >LDAP server and assuming that you are using something like 'slurpd' to
> >replicate changes in LDAP, there should be evidence of some failures
> >(aka rejects) unless you are allowing changes directly to the 'slave'
> >LDAP server in which case, you have a lot to fix.
> >
> >Craig
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instruct

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-18 Thread Philip Washington


Craig White wrote:


On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
 

We have had a Samba LDAP-PDC-BDC system setup for close to 3 months with 
about 60 computers in the domain.  Earlier we had a power outage and 
about 30 computers no longer were able to log into the domain or 
authenticate.  Some were NT Workstations and some were W2k.  But not all 
NT or W2K workstations were affected.

If we went to network neighborhood we would see the error message
" "The trust relationship between this workstation and the primary domain
failed"
When someone tries to login to these computers then they get the error
"The system cannot log you on to this domain because the system's 
computer account in it's primary domain is missing or the password on 
that account is incorrect".


We were able to fix the problem on the computers by taking the computers 
out of the domain and re-entering them into the domain.Went into 
System->Network Identification-> put the machine in a workgroup -> 
reboot -> Go back in and put the machine back into the domain.  No 
manual deletion on the PDC was done.  This was all done on the client.


I reviewed LDAP backups and thus far have not found any descrepancies 
with the systems profiles before or after the power outage.  The records 
indicate that there has not been any change in the LDAP information in 
the last 2 months for the machines which have the problem.  Of course 
once the systems have been relogged into the domain the SambaNTPassword 
changes.


I am currently both baffled and concerned as to how or why this would 
happen.  If anybody could shed more light on what could have happened I 
would appreciate it.
I would also like to know if there is a way to re-add or add a client on 
the Samba-LDAP-PDC instead of going to each individual client.
   



probably would be a good idea to figure out how to troubleshoot your
setup as one could only conjecture about what your problem is as you
describe it.

I do know that there is some faulty logic in your assumptions above
since the workstations will automatically change their password with the
passdb approximately once each month and I am quite certain that this is
documented in the samba documentation.

 

Yep, this does throw a bad domino into the logic.  ( I wonder if MS will 
give me my money back for all of those MCSE classes).  Once I fixed that 
domino and started looking at the BDC again, I realized that it's samba 
configuration files look identical to the ones on the PDC with the 
exception that  ldap is pointing to the ldap on the BDC.   So it 
currently looks like the BDC is misconfigured (Basically I'm seeing a 
configuration that deviates quite a bit from what I see in Samba-3 by 
Example).
I shutdown the BDC for now and put the PDC on a UPS (Yeah it should have 
been on one in the first place, but money is tight and we're operating 
under, if it ain't broke don't pay money to fix it).   This should hold 
us over until the BDC is configured correctly.


Thanks for the enlightenment.



So in view of your faulty assumption, my guess would be that your
PDC/BDC setup in LDAP probably isn't working properly as there should be
evidence in some log somewhere when the workstations change their
password and that the password changes propagate from LDAP server to
LDAP server and assuming that you are using something like 'slurpd' to
replicate changes in LDAP, there should be evidence of some failures
(aka rejects) unless you are allowing changes directly to the 'slave'
LDAP server in which case, you have a lot to fix.

Craig

 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP PDC BDC quit working

2006-02-18 Thread Craig White

On Sat, 2006-02-18 at 11:11 -0600, Philip Washington wrote:
> We have had a Samba LDAP-PDC-BDC system setup for close to 3 months with 
> about 60 computers in the domain.  Earlier we had a power outage and 
> about 30 computers no longer were able to log into the domain or 
> authenticate.  Some were NT Workstations and some were W2k.  But not all 
> NT or W2K workstations were affected.
> If we went to network neighborhood we would see the error message
> " "The trust relationship between this workstation and the primary domain
> failed"
> When someone tries to login to these computers then they get the error
> "The system cannot log you on to this domain because the system's 
> computer account in it's primary domain is missing or the password on 
> that account is incorrect".
> 
> We were able to fix the problem on the computers by taking the computers 
> out of the domain and re-entering them into the domain.Went into 
> System->Network Identification-> put the machine in a workgroup -> 
> reboot -> Go back in and put the machine back into the domain.  No 
> manual deletion on the PDC was done.  This was all done on the client.
> 
> I reviewed LDAP backups and thus far have not found any descrepancies 
> with the systems profiles before or after the power outage.  The records 
> indicate that there has not been any change in the LDAP information in 
> the last 2 months for the machines which have the problem.  Of course 
> once the systems have been relogged into the domain the SambaNTPassword 
> changes.
> 
> I am currently both baffled and concerned as to how or why this would 
> happen.  If anybody could shed more light on what could have happened I 
> would appreciate it.
> I would also like to know if there is a way to re-add or add a client on 
> the Samba-LDAP-PDC instead of going to each individual client.

probably would be a good idea to figure out how to troubleshoot your
setup as one could only conjecture about what your problem is as you
describe it.

I do know that there is some faulty logic in your assumptions above
since the workstations will automatically change their password with the
passdb approximately once each month and I am quite certain that this is
documented in the samba documentation.

So in view of your faulty assumption, my guess would be that your
PDC/BDC setup in LDAP probably isn't working properly as there should be
evidence in some log somewhere when the workstations change their
password and that the password changes propagate from LDAP server to
LDAP server and assuming that you are using something like 'slurpd' to
replicate changes in LDAP, there should be evidence of some failures
(aka rejects) unless you are allowing changes directly to the 'slave'
LDAP server in which case, you have a lot to fix.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

Re: [Samba] Samba LDAP PDC BDC quit working

12 matches

Site Navigation

Mail list logo

Footer information