Univention Bugzilla – Bug 36805
Shares on member server unreachable if master is shut down
Last modified: 2015-03-25 16:41:44 CET
UCS 4.0 master, backup, slave and member on the member i set ucr set ldap/server/addition="slave.fb.test backup.fb.test" ucr set nameserver2='10.200.7.80' # master ucr set nameserver2='10.200.7.81' # slave is i shut down the master, samba shares on the slave and backup are still accessible, but not on the member @member -> wbinfo -u FB+join-slave FB+join-backup FB+administrator FB+töst1 FB+töst2 FB+töst3 FB+töst4 FB+töst7 -> getent passwd ... win7pro$:x:2014:1005:win7pro:/dev/null:/bin/false töst1:x:2016:5001:test1:/home/töst1:/bin/bash töst2:x:2017:5001:test1:/home/töst2:/bin/bash töst3:x:2018:5001:test1:/home/töst3:/bin/bash töst4:x:2019:5001:test1:/home/töst4:/bin/bash töst7:x:2022:5001:test1:/home/töst7:/bin/bash -> smbclient //member/opt -U Administrator%univention session setup failed: NT_STATUS_IO_TIMEOUT -> smbstatus Samba version 4.2.0rc2-Debian PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 24590 -1 -1 10.200.7.83 (ipv4:10.200.7.83:46673) NT1 24593 -1 -1 10.200.7.83 (ipv4:10.200.7.83:46681) NT1
I was able to add multiple LDAP server. Unfortunately, winbind didn't switch automatically. root@member405:~# testparm -s 2>&1 | grep -i ldap_url idmap config * : ldap_url = ldap://slve403.deadlock40.intranet:7389 ldap://backup402.deadlock40.intranet:7389 ldap://master401.deadlock40.intranet:7389 root@member405:~#
Ticket #2015012921000958
At least with UCS 4.0 it is not a samba/winbind issue. The problem is the univention-home-mounter which creates a LDAP connection via getMachineConnection. By default getMachineConnection uses the reconnect option which results into a 10 seconds timeout.
(In reply to Stefan Gohmann from comment #3) > At least with UCS 4.0 it is not a samba/winbind issue. The problem is the > univention-home-mounter which creates a LDAP connection via > getMachineConnection. By default getMachineConnection uses the reconnect > option which results into a 10 seconds timeout. To be exact not only a samba/winbind issue. I also need to add the multiple LDAP servers to the idmap backend otherwise winbindd will run into a timeout: [2015/01/14 02:29:55.614817, 0] ../source3/lib/smbldap.c:575(smbldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2015/01/14 02:29:55.615582, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect) Connection to LDAP server failed for the 11 try! [2015/01/14 02:29:56.617526, 0] ../source3/lib/smbldap.c:575(smbldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2015/01/14 02:29:56.620058, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect) Connection to LDAP server failed for the 12 try!
I've changed the following packages to solve this issue: * univention-python I've added an option to disable the reconnect to getAdminConnection and getMachineConnection. YAML: 2015-03-18-univention-python.yaml Fix: r59175 * univention-home-mounter The home-mounter script now disables the LDAP reconnect. YAML: 2015-03-18-univention-home-mounter.yaml Fix: r59177 * univention-quota The user-quota script now disables the LDAP reconnect. YAML: 2015-03-18-univention-quota.yaml Fix: r59192 * univention-samba ldap/server/addtion LDAP servers are now automatically added to the ldap_url idmap configuration. YAML: 2015-03-19-univention-samba.yaml Fix: r59199
still some long timeouts (master with s4 shut down, slave with s4 and member with univention-samba) -> time smbclient //member/opt -U Administrator%univention -c exit session setup failed: NT_STATUS_IO_TIMEOUT ->time smbclient //member/opt -U Administrator%univention -c exit Domain=[FOUR] OS=[Windows 6.1] Server=[Samba 4.2.0rc2-Debian] real 0m12.210s -> time smbclient //member/opt -U Administrator%univention -c exit real 0m10.369s -> time smbclient //member/opt -U Administrator%univention -c exit real 0m12.185s -> time smbclient //member/opt -U Administrator%univention -c exit Domain=[FOUR] OS=[Windows 6.1] Server=[Samba 4.2.0rc2-Debian] Problem seems to be /etc/pam.d/common-session. Without univention-mount-homedir and univention-user-quota in /etc/pam.d/common-session, i get -> time smbclient //member/opt -U Administrator%univention -c exit real 0m3.263s -> time smbclient //member/opt -U Administrator%univention -c exit real 0m2.056s
That's right. As discussed, we will solve it with Bug #36989 / Bug #28729.
OK - share access without running master server (univention-samba, s4) OK - univention-home-mounter (reconnect option) OK - univention-python (reconnect option) OK - univention-quota (reconnect option) OK - univention-samba (idmap config * : ldap_url) OK - 2015-03-19-univention-samba.yaml OK - 2015-03-18-univention-home-mounter.yaml OK - 2015-03-18-univention-quota.yaml OK - 2015-03-18-univention-python.yaml
<http://errata.univention.de/ucs/4.0/134.html>
<http://errata.univention.de/ucs/4.0/135.html>
<http://errata.univention.de/ucs/4.0/140.html>
<http://errata.univention.de/ucs/4.0/136.html>