Re: [suse-sles-e] SLES9 SP3 - Strange OpenLDAP behavior w/o Samba

From: Mike Petersen (mgpeter_at_pcc-services.com)
Date: Fri Jul 14 2006 - 17:57:45 CEST

• Next message: Johan Kielbaey: "[suse-sles-e] Kernel bug causing NFS block"
• Previous message: Jeff Hanson: "Re: [suse-sles-e] Persistence of tape drive names"
• In reply to: Andre Raabe: "[suse-sles-e] SLES9 SP3 - Strange OpenLDAP behavior w/o Samba"
• Next in thread: Andre Raabe: "Re: [suse-sles-e] SLES9 SP3 - Strange OpenLDAP behavior w/o Samba"
• Reply: Andre Raabe: "Re: [suse-sles-e] SLES9 SP3 - Strange OpenLDAP behavior w/o Samba"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Mike Petersen <mgpeter@pcc-services.com>
Date: Fri, 14 Jul 2006 10:57:45 -0500
Message-Id: <1152892665.12976.9.camel@inspiron2650.private.lan>
Subject: Re: [suse-sles-e] SLES9 SP3 - Strange OpenLDAP behavior w/o Samba

For the Domain Guest Accounts:
Create 3 separate LDAP Groups, one for Domain Admins, Domain Guests and
Domain Users. I use ntadmins, ntguests and ntusers.

Adjust the LDAP properties for the SID for each of the groups, the last
set of numbers change to these:
Domain Admins 512
Domain Users 513
Domain Guests 514

Windows uses these "SID" numbers to specify the groups. If you add
anyone to the "Domain Admins" group they will be Windows Domain
Administrators on the local machine (although they can't add machines or
remove machines to the Domain or other Domain Admin stuff reguarding the
Server).

For the weird LDAP problems, is your /var directory located on a
reiserfs partition ? There is a known problem with the SP2 kernel and
LDAP with the /var directory on a reiserfs partition, I do not know if
SP3 has the same problem, ensure that you are running the latest kernel
release. Also, try to set LDAP to rebuild the databases when it
restarts - you can set it in /etc/sysconf editor within YaST. Finally
make sure your database is not corrupt. I have seen similar issues with
a corrupt LDAP database.

Good Luck and hope you find the problem,
Mike Petersen
mgpeter@pcc-services.com

On Fri, 2006-07-14 at 16:02 +0200, Andre Raabe wrote:
> Hi
>
> I've newly installed a System with SLES9 and SP3 as well as all
> relevant Update Packs. I configured OpenLDAP, PAM and Samba to act as
> PDC. So far so good.
> First, OpenLDAP starts without any error. Samba is starting cleanly
> from time to time with sporadic errors about a missing Guest account.
> I've hunted this problem down to LDAP because the Guest Account is
> defined in LDAP. But that is not the main problem. The real thing that
> is driving me crazy is the strange behavior of OpenLDAP. When i
> execute 'getent passwd' to get all system accounts including
> /etc/passwd as well as ldap accouts it works only for the first time.
> Whenever i reexecute the getent command it fails, until the first tcp
> connections is gone. (see my included log file for detail)
> Next strange thing is whenever Samba is startet i can't telnet to
> 127.0.0.1 389 anymore. Btw. contacting the OpenLDAP Server with a LDAP
> browser works all the time (via external Interface - eth0)
>
> In conclusion it seems that the OpenLDAP server is only allowing single
> connections, until (all) tcp connections are gone. Does someone have
> similar problems or can give me any hint because i haven't seen such
> problems so far?
>
> You can see some output logs as well as config files in the
> attachment.
>
> Ok, my system settings:
>
> fb5:/home/viadmin # SPident -v
>
> Summary (using 368 packages)
> Product/ServicePack conflict match update (shipped)
> SLES-9-i386 0 0% 138 37.5% 24 (1486 9.3%)
> SLES-9-i386-SP1 0 0% 53 14.4% 16 (481 11.0%)
> SLES-9-i386-SP2 0 0% 92 25.0% 20 (647 14.2%)
> SLES-9-i386-SP3 0 0% 204 55.4% 22 (750 27.2%)
> Unknown 25 6.8%
>
> fb5:/home/viadmin # ifconfig
> eth0 Link encap:Ethernet HWaddr 00:50:BA:XX:XX:XX
> inet addr:172.19.2.32 Bcast:172.19.255.255 Mask:255.255.0.0
> inet6 addr: fe80::250:baff:feea:a29d/64 Scope:Link
> UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:7337 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2987 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:738597 (721.2 Kb) TX bytes:631975 (617.1 Kb)
> Interrupt:10 Base address:0xdc00
>
> eth1 Link encap:Ethernet HWaddr 00:50:BA:XX:XX:XX
> inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
> inet6 addr: fe80::250:baff:feea:f71e/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:15 errors:0 dropped:0 overruns:0 frame:0
> TX packets:79 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:3687 (3.6 Kb) TX bytes:12898 (12.5 Kb)
> Interrupt:11 Base address:0xe000
>
> /etc/sysctl.conf isn't touched.
>
> Many thanks and best regards!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
> For additional commands, e-mail: suse-sles-e-help@suse.com

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

• Next message: Johan Kielbaey: "[suse-sles-e] Kernel bug causing NFS block"
• Previous message: Jeff Hanson: "Re: [suse-sles-e] Persistence of tape drive names"
• In reply to: Andre Raabe: "[suse-sles-e] SLES9 SP3 - Strange OpenLDAP behavior w/o Samba"
• Next in thread: Andre Raabe: "Re: [suse-sles-e] SLES9 SP3 - Strange OpenLDAP behavior w/o Samba"
• Reply: Andre Raabe: "Re: [suse-sles-e] SLES9 SP3 - Strange OpenLDAP behavior w/o Samba"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Fri Jul 14 2006 - 17:57:51 CEST