Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I really hope one of the LDAP experts can shine his/her light on the following:
I'm running the following configuration: openLDAP / Samba on debian etch (same machine).
All is running fine, but there are times that LDAP seems to stop responding. After a while, it resumes its normal operations.
At all times the cpu load is low and there's plenty of memory free.
You can notice the slowdown by the following:
1) Users can't logon to the Samba PDC anymore from windows workstations, or it takes really long (e.g. 10 minutes)
2) Running "ls -l" on a directory with a lot of files takes ages to complete
3) The same is true for running "ps axu"
Thank you all very much for having a look!
The following is a snippet from the syslog at the time the problems occur:
Code:
Nov 20 12:16:18 server1 smbd[29868]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Nov 20 12:16:18 server1 slapd[2676]: conn=11580 fd=132 ACCEPT from IP=127.0.0.1:34251 (IP=0.0.0.0:389)
Nov 20 12:16:20 server1 smbd[29868]: ^I(unknown)
Nov 20 12:16:20 server1 slapd[2676]: conn=11575 op=2 UNBIND
Nov 20 12:16:23 server1 CRON[3637]: pam_ldap: ldap_result Timed out
Nov 20 12:16:23 server1 smbd[1786]: [2008/11/20 12:11:02, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:23 server1 smbd[31434]: [2008/11/20 12:11:09, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:24 server1 slapd[2676]: conn=11575 fd=75 closed
Nov 20 12:16:25 server1 smbd[2253]: [2008/11/20 12:12:28, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2997]: [2008/11/20 12:12:33, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2229]: [2008/11/20 12:12:34, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2251]: [2008/11/20 12:12:36, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2928]: [2008/11/20 12:12:42, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2366]: [2008/11/20 12:12:44, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2234]: [2008/11/20 12:12:44, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2240]: [2008/11/20 12:12:58, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2310]: [2008/11/20 12:13:05, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2310]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Nov 20 12:16:25 server1 smbd[2260]: [2008/11/20 12:13:10, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2354]: [2008/11/20 12:13:25, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2199]: [2008/11/20 12:14:41, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2199]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Nov 20 12:16:25 server1 smbd[2971]: [2008/11/20 12:14:33, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[29830]: [2008/11/20 12:14:54, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[29830]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Nov 20 12:16:25 server1 smbd[1781]: [2008/11/20 12:14:58, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2951]: [2008/11/20 12:15:00, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2989]: [2008/11/20 12:15:26, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[2951]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Nov 20 12:16:25 server1 smbd[2951]: ^I(unknown)
Nov 20 12:16:25 server1 smbd[2989]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Nov 20 12:16:25 server1 smbd[30804]: [2008/11/20 12:15:43, 0] lib/smbldap.c:smbldap_connect_system(977)
Nov 20 12:16:25 server1 smbd[30804]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Nov 20 12:16:25 server1 CRON[3653]: pam_ldap: ldap_result Timed out
Nov 20 12:16:25 server1 smbd[1786]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Nov 20 12:16:25 server1 slapd[2676]: conn=11577 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 20 12:16:26 server1 smbd[2253]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Sounds like a resolution issue! is there more than one machine called "dc=admin"?
Thank you very much for your reply!
There's only one server, which runs ldap and all other services. The rest of the machines on the network are windows workstations. Which makes me conclude (correct me if I'm wrong) that there's only one machine (the server) with cn=admin.
What should I check to make sure if it's a resolution issue?
Distribution: Gentoo, Ubuntu, RHEL, CentOS, BSD, Solaris
Posts: 81
Rep:
Quote:
Originally Posted by bluenix
It has happened a couple of times today again...
Code:
Nov 24 16:16:14 server1 smbd[30077]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Today, every time this happened took only a few minutes....
Your input is greatly appreciated!
Intermittent problems are always fun, is samba the only thing you use to connect to your ldap server? I'm curious to see if any other programs are having this problem.
It may also help to enable more verbose logging on the LDAP side of things to see if there's maybe a problem with slapd. Try something like
sudo (or just be root) /usr/local/libexec/slapd -d -1 -h ldap:///
This will enable very verbose logging when you invoke slapd like this and it may help. After you verify that slapd is running like that try your samba connections again and post the output from the logs.
Outside of that whats your firewall & hosts file configuration look like? Is localhost setup correctly in /etc/hosts, and do you at least allow localhost to connect to 389(the default ldap port)? Maybe its just something simple...
Intermittent problems are always fun, is samba the only thing you use to connect to your ldap server? I'm curious to see if any other programs are having this problem.
It may also help to enable more verbose logging on the LDAP side of things to see if there's maybe a problem with slapd. Try something like
sudo (or just be root) /usr/local/libexec/slapd -d -1 -h ldap:///
This will enable very verbose logging when you invoke slapd like this and it may help. After you verify that slapd is running like that try your samba connections again and post the output from the logs.
Outside of that whats your firewall & hosts file configuration look like? Is localhost setup correctly in /etc/hosts, and do you at least allow localhost to connect to 389(the default ldap port)? Maybe its just something simple...
Running ldap with those parameters produces enormous amounts of output! The problem is, the ldap server is always in use, so I can never easily try some samba connections and see what the output of that is...
About you question if samba is the only thing: Some nss_ldap messages appear too:
Code:
/var/log/auth.log:Nov 26 15:33:19 server1 ls: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Unknown error
/var/log/auth.log:Nov 26 15:33:20 server1 ls: nss_ldap: reconnecting to LDAP server...
/var/log/auth.log:Nov 26 15:33:21 server1 ls: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Unknown error
/var/log/auth.log:Nov 26 15:33:24 server1 ls: nss_ldap: reconnecting to LDAP server...
/var/log/auth.log:Nov 26 15:33:26 server1 smbd[29141]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Unknown error
/var/log/auth.log:Nov 26 15:33:28 server1 smbd[29141]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
/var/log/auth.log:Nov 26 15:33:37 server1 smbd[29141]: nss_ldap: reconnected to LDAP server ldap://127.0.0.1/ after 2 attempts
/var/log/auth.log:Nov 26 15:33:37 server1 ls: nss_ldap: reconnected to LDAP server ldap://127.0.0.1/ after 1 attempt
/var/log/auth.log:Nov 26 15:33:37 server1 ls: nss_ldap: reconnected to LDAP server ldap://127.0.0.1/ after 1 attempt
Ok, LDAP is generally a very stable daemon / service to run on any machine? Is there any other daemon or service running on your machine using port 389?
This is a good command to give you an idea of what is running on your server:
Again in the logs today... What about those messages "when not root"? Why do they sometimes show up?
Code:
Dec 2 09:03:52 server1 smbd[21238]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Dec 2 09:03:52 server1 smbd[21281]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Dec 2 09:03:53 server1 smbd[21206]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Dec 2 09:03:53 server1 smbd[21316]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Dec 2 09:03:53 server1 smbd[21242]: failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=domain" Error: Can't contact LDAP server
Dec 2 09:03:53 server1 smbd[21281]: smbldap_open: cannot access LDAP when not root..
Dec 2 09:04:00 server1 smbd[21281]: smbldap_open: cannot access LDAP when not root..
Dec 2 10:43:04 server1 smbd[24916]: smbldap_open: cannot access LDAP when not root..
Dec 2 10:43:04 server1 smbd[24916]: smbldap_open: cannot access LDAP when not root..
Also, did you store the LDAP root / admin password on the LDAP client? It needs to be there, or else the LDAP tree has to not require admin rights to bind to it.
Also, did you store the LDAP root / admin password on the LDAP client? It needs to be there, or else the LDAP tree has to not require admin rights to bind to it.
rock and hard place...
It's there. The strange thing is that this whole setup has worked for a couple of weeks, and then suddenly started behaving like this. Which is really strange, because I didn't really change anything around that time...
The only thing I changed around that time was replacing the dns servers in squid.conf (proxy) with the ones of opendns...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
