LDAP Cannot bind on migration to new server

**drizzt** · 03-02-2009, 05:15 AM

cat /etc/hosts

Code:

127.0.0.1 localhost
78.46.91.12  smtp.netjungle.it smtp

cat /etc/resolv.conf

Code:

nameserver 127.0.0.1
# hetzner
nameserver 213.133.98.98
nameserver 213.133.99.99
nameserver 213.133.100.100
# opendns
nameserver 208.67.222.222
nameserver 208.67.220.220

dig netjungle.it MX

Code:

; <<>> DiG 9.4.2-P2 <<>> netjungle.it MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50075
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 1

;; QUESTION SECTION:
;netjungle.it.			IN	MX

;; ANSWER SECTION:
netjungle.it.		3600	IN	MX	20 smtp2.netjungle.it.
netjungle.it.		3600	IN	MX	10 smtp.netjungle.it.

;; AUTHORITY SECTION:
.			29597	IN	NS	C.ROOT-SERVERS.NET.
.			29597	IN	NS	H.ROOT-SERVERS.NET.
.			29597	IN	NS	K.ROOT-SERVERS.NET.
.			29597	IN	NS	L.ROOT-SERVERS.NET.
.			29597	IN	NS	I.ROOT-SERVERS.NET.
.			29597	IN	NS	M.ROOT-SERVERS.NET.
.			29597	IN	NS	D.ROOT-SERVERS.NET.
.			29597	IN	NS	B.ROOT-SERVERS.NET.
.			29597	IN	NS	J.ROOT-SERVERS.NET.
.			29597	IN	NS	E.ROOT-SERVERS.NET.
.			29597	IN	NS	A.ROOT-SERVERS.NET.
.			29597	IN	NS	G.ROOT-SERVERS.NET.
.			29597	IN	NS	F.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
smtp.netjungle.it.	2592000	IN	A	127.0.0.1

;; Query time: 110 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar  2 14:13:36 2009
;; MSG SIZE  rcvd: 300

dig netjungle.it ANY

Code:

; <<>> DiG 9.4.2-P2 <<>> netjungle.it ANY
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23037
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 1

;; QUESTION SECTION:
;netjungle.it.			IN	ANY

;; ANSWER SECTION:
netjungle.it.		3542	IN	MX	10 smtp.netjungle.it.
netjungle.it.		3542	IN	MX	20 smtp2.netjungle.it.

;; AUTHORITY SECTION:
.			29539	IN	NS	B.ROOT-SERVERS.NET.
.			29539	IN	NS	I.ROOT-SERVERS.NET.
.			29539	IN	NS	J.ROOT-SERVERS.NET.
.			29539	IN	NS	A.ROOT-SERVERS.NET.
.			29539	IN	NS	E.ROOT-SERVERS.NET.
.			29539	IN	NS	D.ROOT-SERVERS.NET.
.			29539	IN	NS	H.ROOT-SERVERS.NET.
.			29539	IN	NS	C.ROOT-SERVERS.NET.
.			29539	IN	NS	K.ROOT-SERVERS.NET.
.			29539	IN	NS	F.ROOT-SERVERS.NET.
.			29539	IN	NS	L.ROOT-SERVERS.NET.
.			29539	IN	NS	G.ROOT-SERVERS.NET.
.			29539	IN	NS	M.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
smtp.netjungle.it.	2592000	IN	A	127.0.0.1

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar  2 14:14:34 2009
;; MSG SIZE  rcvd: 300

host `hostname`

Code:

smtp.netjungle.it has address 127.0.0.1
smtp.netjungle.it mail is handled by 10 smtp.netjungle.it.

I can confirm you that I had the same problem both with source server up or not.
At the moment I can't switch off it because it's in production. I've got a backup MX server but I can shutdown Zimbra just in the night.

**phoenix** · 03-02-2009, 05:27 AM

You need zimbra to have an IP on your LAN not localhost and you also need the following in your /etc/hosts file:

Code:

127.0.0.1 localhost.localdomain localhost

**uxbod** · 03-02-2009, 05:29 AM

As you have a local BIND install just point the MX and A records at the IP 78.46.91.12 which you have assigned; plus fixing the localhost entry which Phoenix has advised.

**drizzt** · 03-02-2009, 05:46 AM

smtp.netjungle.it is pointing to 127.0.0.1 in both configurations.

New Server

Code:

; <<>> DiG 9.4.2-P2 <<>> smtp.netjungle.it ANY
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24368
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;smtp.netjungle.it.		IN	ANY

;; ANSWER SECTION:
smtp.netjungle.it.	2592000	IN	SOA	smtp.netjungle.it. hostmaster.smtp.netjungle.it. 10118 43200 3600 3600000 2592000
smtp.netjungle.it.	2592000	IN	NS	127.0.0.1.smtp.netjungle.it.
smtp.netjungle.it.	2592000	IN	A	127.0.0.1
smtp.netjungle.it.	2592000	IN	MX	10 smtp.netjungle.it.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar  2 14:45:17 2009
;; MSG SIZE  rcvd: 138

Old Server

Code:

; <<>> DiG 9.4.2-P2 <<>> smtp.netjungle.it ANY
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 861
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;smtp.netjungle.it.             IN      ANY

;; ANSWER SECTION:
smtp.netjungle.it.      2592000 IN      SOA     smtp.netjungle.it. hostmaster.smtp.netjungle.it. 10118 43200 3600 3600000 2592000
smtp.netjungle.it.      2592000 IN      NS      127.0.0.1.smtp.netjungle.it.
smtp.netjungle.it.      2592000 IN      A       127.0.0.1
smtp.netjungle.it.      2592000 IN      MX      10 smtp.netjungle.it.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar  2 14:43:29

**phoenix** · 03-02-2009, 05:55 AM

Originally Posted by drizzt

smtp.netjungle.it is pointing to 127.0.0.1 in both configurations.

That is incorrect, you need to point it to a real IP address. Is this server behind a firewall and on a public IP?

**drizzt** · 03-02-2009, 05:58 AM

Originally Posted by phoenix

That is incorrect, you need to point it to a real IP address. Is this server behind a firewall and on a public IP?

The old server is behind a firewall, the new one has a public IP.

**uxbod** · 03-02-2009, 06:00 AM

If your new server going to be sat in a DMZ using your public IP or will it still be behind a firewall on a private IP/NATd ?

**drizzt** · 03-02-2009, 06:11 AM

The current Zimbra server is behind my company firewall in Italy, using NAT for needed ports.
The new server is out of my network, in a german webfarm, and it has just a public IP.

**uxbod** · 03-02-2009, 06:12 AM

Okay, so install your new server with the public IP and update /etc/resolv.conf so that it points to the locally installed BIND server. Then for BIND setup the A and MX records to use the public IP.

**drizzt** · 03-02-2009, 07:42 AM

Render unto sysadmin what is sysadmin's!

Yes, my internal DNS was saying smtp.netjungle.it is 127.0.0.1, and my /etc/hosts was saying it's the public IP.
I kept the Split DNS configuration but it's just for a firewalled installation.
I think it will be ok next time I try to move it.

Many thanks, I owe a pint of beer to you.

Zimbra

Thread: LDAP Cannot bind on migration to new server

LinkBack

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Similar Threads

[Network Edition Trial] OS X Installation

Mac OSX install: Java errors & LDAP CA error

Error 256 on Installation

Authenticating to the LDAP

ldap pasword problem

Posting Permissions