Failed to bind to LDAP server

[tezarin]

Hi,

We have a mail server and a file server. Folks use the same login information they use to access their email to access the file server. So the file server is using the same LDAP server as the mail server.

Today, at around 12 PM all of the sudden, the SSH connection to the mail server failed. The mail server itself was up and running just fine. At the same time, the file server became unavailable to the users. The file server is up and running and I can get to it via SSH just fine. Here's the log on the file server:

Code:

Jan 18 16:57:30 Fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 16:57:30 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:30 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:30 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com/: Can't contact LDAP server
Jan 18 16:57:30 Fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com/: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://servername.domain.com/: Can't contact LDAP server
Jan 18 16:57:45 Fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 17:47:48 Fileserver restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jan 18 15:31:45 Fileserver smbd[3943]: [2012/01/18 15:31:45, 0] services/services_db.c:svcctl_init_keys(420)
Jan 18 15:31:45 Fileserver smbd[3943]:   svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED)

I am not at the console right now where the actual mail server is and as I mentioned above, the SSH to the box doesn't work anymore. Could it be the firewall issue or maybe the ldap failed?

When I try to ssh to the mail server, I get this error:

ssh: connect to host Mailserver port x: No route to host

I ping the mail server from the file server and it pings just fine:

Code:

[root@Fileserver ~]# ping mailserver
PING mailserver.domain.com (Mail Server IP address) 56(84) bytes of data.
64 bytes from mailservers.domain.com (Mail Server IP address): icmp_seq=1 ttl=63 time=0.680 ms
64 bytes from mailserver.domain.com (Mail Server IP address): icmp_seq=2 ttl=63 time=0.646 ms
64 bytes from mailserver.domain.com (Mail Server IP address): icmp_seq=3 ttl=63 time=0.633 ms

But telnet to mail server doesn't work:

Code:

[root@Fileserver ~]# telnet mailserver 389
Trying [Mail Server IP address]...
telnet: connect to address [Mail Server IP address]: No route to host
telnet: Unable to connect to remote host: No route to host

I know the mail server is up as folks can send/receive emails, but the box is not accessible via PuTTy or SSH from the file server. On the other hand, since the problem happened so suddenly and has always been working just fine, I think the firewall could be blocking SSH but I can't seem to find out why the LDAP server on the mail server cannot be accessed by the file server.

The file server keeps showing the errors below:

Code:

Jan 18 16:57:45 fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 18 17:47:48 fileserver restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jan 18 19:22:16 fileserver restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jan 18 19:56:06 fileserver restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jan 19 07:30:13 fileserver avahi-daemon[3219]: Invalid query packet.
Jan 19 07:30:53 fileserver last message repeated 8 times
Jan 19 07:43:05 fileserver avahi-daemon[3219]: Invalid query packet.
Jan 19 07:43:45 fileserver last message repeated 7 times
Jan 19 07:59:36 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com: Can't contact LDAP server
Jan 19 07:59:36 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com: Can't contact LDAP server
Jan 19 07:59:36 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com/: Can't contact LDAP server
Jan 19 07:59:36 fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 19 07:59:36 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com: Can't contact LDAP server
Jan 19 07:59:36 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com: Can't contact LDAP server
Jan 19 07:59:36 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com/: Can't contact LDAP server
Jan 19 07:59:36 fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 19 07:59:39 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com: Can't contact LDAP server
Jan 19 07:59:39 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com: Can't contact LDAP server
Jan 19 07:59:39 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com/: Can't contact LDAP server
Jan 19 07:59:39 fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 19 07:59:43 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com: Can't contact LDAP server
Jan 19 07:59:43 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com: Can't contact LDAP server
Jan 19 07:59:43 fileserver nscd: nss_ldap: failed to bind to LDAP server ldap://mailserver.domain.com/: Can't contact LDAP server
Jan 19 07:59:43 fileserver nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jan 19 09:48:11 fileserver smbd[7155]: [2012/01/19 09:48:11, 0] lib/smbldap.c:smbldap_connect_system(982)
Jan 19 09:48:11 fileserver smbd[7155]:   failed to bind to server ldap://mailserver.domain.com/ with dn="uid=zimbra,cn=admins,cn=zimbra" Error: Can't contact LDAP server

Can someone please shed some light on it please?

Thanks

[sjangra]

Hi tezarin

i am facing this problem many time with my centos server. every service will be running only SSH hangs out. restarting my server get it solved but as you mentioned that you are not able to telnet on port 389 then you should check at ldap server that is listening on its ip address through namp. if it is ok then try to telnet from localhost to ldap ip on 389.

#nmap <serverip>
also check iptables and selinux.

best of luck.

[tezarin]

Thanks for your reply.

I have already reboored the mail server twice and no luck, manually started the ssh and still doesn't work. What did you mean I should do with SELinux and iptables? Reset them or something? Would you please write me the commands?

The most important problem I am facing right now is that one of my file servers needs users to authenticate against the LDAP server located on the mail server and it keeps giving me error messages which I pasted below in my previous message.
I look at the slapd status and it's says slapd is running. Then I even restarted the slapd service with user zimbra and still no luck.

The mail server works fine so I am guessing the LDAP server works otherwise users couldn't access their emails but the file server can't locate the LDAP server on the mail server. I first thought there maybe a ldap process which needs to be started but I can't find the ldap process on that file server.

Please help,

Thanks

[sjangra]

command to temporarily disable SElinux is :

#setenforce 0

and stop iptables using :
#/etc/init.d/iptables stop

your main problem is this :
[root@Fileserver ~]# telnet mailserver 389
Trying [Mail Server IP address]...
telnet: connect to address [Mail Server IP address]: No route to host
telnet: Unable to connect to remote host: No route to host

your file server should be able to telnet ldap on port 389. you can't bind with ldap unless you do not achieve this.

try nmap command to which port ldap is listening.

can you post command output of #nmap <your_ldap_host_ip>


if your server say command not found then install nmap using yum or apt-get.

[tezarin]

Thanks for your reply.

telnet works on the mail server and LDAP is up and running on that box. The problem is the file server which cannot locate the LDAP server on that mail server. NMAP is not installed on the file server, did you mean i should run the iptables, firewall and nmap command on the mail server or on the file server?

I disabled firewall and iptables on the file server but that didn't make any difference.

Mail server is no longer accessible via SSH, the port is not the default port.

Can someone please help me with this? I did so much research but can't find out why all of the sudden, the mail server cannot be accessed via PuTTY and the file server no longer can locate the LDAP server on the mail server?

Thanks,
t