SMB can't locate LDAP on another host

tezarin · January 20, 2012, 10:08am

Hi,

We have a mail server which has Zimbra installed on it and a file server. Folks use the same login information they use to access their email to access the file server. So the file server is using the same LDAP server as the mail server.

Couple days ago, at around 12 PM all of the sudden, the SSH connection to the mail server failed. The mail server itself was up and running just fine. At the same time, the file server became unavailable to the users. The file server is up and running and I can get to it via SSH just fine.

Here's the log on the file server:

Jan 18 16:57:30 Fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 16:57:30 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:30 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:30 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com/: Can't contact LDAP server
Jan 18 16:57:30 Fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com/: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com/: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 17:47:48 Fileserver restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jan 18 15:31:45 Fileserver smbd[3943]: [2012/01/18 15:31:45, 0] services/services_db.c:svcctl_init_keys(420)
Jan 18 15:31:45 Fileserver smbd[3943]:   svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED)

I ran the following command and looks like the nmpd was stopped. But the smbd dies no matter how many times I try and it complains about not being able to find the LDAP server.

ps aux | grep nmpd

The mail server works just fine and people can log in and get their emails so I'm guessing the LDAP server on the mail server works just fine but can't understand why the file server can't locate the LDAP server.

I tried to find the LDAP process and restart that, but I can't find it anywhere inside /etc/init.d or in /usr/sbin/ directory and ps command doesn't return anything.

Can someone please help me find out what the issue is?

Thanks

Thanks,
tezarin

hergp · January 23, 2012, 10:08am

This might help with your problem: restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory Error and Solution

tezarin · January 23, 2012, 12:10pm

Thanks for your reply, I have already tried this and looks like the error no longer shows up in the logs but the file server still cannot see the LDAP server located on the mail server, therefore Samba keeps dying no matter how many times I start it manually.

The LDAP located on the mail server must be up otherwise folks would not be able to get their emails, please correct me if I'm wrong...

Would you please help me with this?

I would really appreciate it

hergp · January 24, 2012, 2:43am

Hmm, hard to say. The fact, that the authentication used to work and then suddenly failed, may indicate a problem with an update or someone playing with the configuration. On Redhat SELinux is my prime suspect if things go wrong suddenly.

First I would verify that the LDAP server is working properly. Run netstat on the LDAP server to verify, that port 389 is open. Then try to run ldapsearch on both the LDAP server and the fileserver to verify, that communication is possible too.

Example:

ldapsearch -x -b base-dn -D manager-dn -W