cswingle's questions

Ubuntu 12.04 server, AMD64, authentication via LDAP. I'm having trouble getting the LDAP groups to map to my user account when logging in, even though 'getent group' shows the correct set of groups assigned to my account. More confusingly, sometimes it works, and other times it doesn't.

For example, here's my current login:

$ ssh zoyd
$ id
uid=522(cswingley) gid=513(Domain Users) groups=513(Domain Users), \
4(adm),24(cdrom), 27(sudo),30(dip),46(plugdev),111(lpadmin), \
112(sambashare)

But:

$ getent group | grep cswingley | sort -t : -n -k3 | \
  awk 'BEGIN {FS=":"} {printf("%s(%s)\n", $3, $1);}' | \
  xargs | sed 's/) /),/g'
4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(lpadmin), \
112(sambashare),500(level2),502(gis),503(level3), \
504(management_accounting),544(Administrators),606(abruser),\
619(proposal),621(project_managers),700(unixadmin),\
701(ntadmin),1000(cswingley)

This happens about half the time I log in. The other times, all my groups (both local and LDAP) are mapped successfully. getent group always shows the correct list.

I believe this is also happening to my Samba users, which will often prevent them from getting to shares or directories restricted to certain Unix / Samba groups. It also prevents me from joining computers to my domain because LDAP isn't assigning me to the group with that power (ntadmin).

The only thing I see in the slapd logs (currently set to loglevel 256) that looks suspicious is this, but I'm not sure if it's related:

conn=8570 op=1 SRCH base="dc=abrinc,dc=com" scope=2 deref=0 \
  filter="(&(objectClass=posixAccount)(uid=cswingley))"
conn=8570 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=8570 op=2 DISCONNECT tag=101 err=2 text=controls require LDAPv3
conn=8570 op=2 do_search: get_ctrls failed
conn=8570 fd=57 closed (operations error)

Here's a list of the packages with 'ldap' in their name, currently installed on the server:

$ sudo dpkg --list '*ldap*' | grep '^i' | \
  sed 's/^[^ ]* *\([^ ]* *[^ ]*\).*/\1/'
ldap-auth-client                 0.5.3
ldap-auth-config                 0.5.3
ldap-utils                       2.4.28-1.1ubuntu4
libldap-2.4-2                    2.4.28-1.1ubuntu4
libnet-ldap-perl                 1:0.4300-2ubuntu1
libnss-ldap                      264-2.2ubuntu2
libpam-ldap                      184-8.5ubuntu2
smbldap-tools                    0.9.7-1ubuntu1
sudo-ldap                        1.8.3p1-1ubuntu3.3

Update: I also tried installing the libnss-ldapd and libpam-ldapd packages (to replace the non-*d versions above), but that doesn't resolve the issue either.

Edit: their is an opened bug for this issue on Ubuntu bug tracker : https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1023025

This morning I came in the office to discover that two of the drives on a RAID-6, 3ware 9650SE controller were marked as degraded and it was rebuilding the array. After getting to about 4%, it got ECC errors on a third drive (this may have happened when I attempted to access the filesystem on this RAID and got I/O errors from the controller). Now I'm in this state:

> /c2/u1 show

Unit     UnitType  Status         %RCmpl  %V/I/M  Port  Stripe  Size(GB)
------------------------------------------------------------------------
u1       RAID-6    REBUILDING     4%(A)   -       -     64K     7450.5    
u1-0     DISK      OK             -       -       p5    -       931.312   
u1-1     DISK      OK             -       -       p2    -       931.312   
u1-2     DISK      OK             -       -       p1    -       931.312   
u1-3     DISK      OK             -       -       p4    -       931.312   
u1-4     DISK      OK             -       -       p11   -       931.312   
u1-5     DISK      DEGRADED       -       -       p6    -       931.312   
u1-6     DISK      OK             -       -       p7    -       931.312   
u1-7     DISK      DEGRADED       -       -       p3    -       931.312   
u1-8     DISK      WARNING        -       -       p9    -       931.312   
u1-9     DISK      OK             -       -       p10   -       931.312   
u1/v0    Volume    -              -       -       -     -       7450.5    

Examining the SMART data on the three drives in question, the two that are DEGRADED are in good shape (PASSED without any Current_Pending_Sector or Offline_Uncorrectable errors), but the drive listed as WARNING has 24 uncorrectable sectors.

And, the "rebuild" has been stuck at 4% for ten hours now.

So:

How do I get it to start actually rebuilding? This particular controller doesn't appear to support /c2/u1 resume rebuild, and the only rebuild command that appears to be an option is one that wants to know what disk to add (/c2/u1 start rebuild disk=<p:-p...> [ignoreECC] according to the help). I have two hot spares in the server, and I'm happy to engage them, but I don't understand what it would do with that information in the current state it's in.

Can I pull out the drive that is demonstrably failing (the WARNING drive), when I have two DEGRADED drives in a RAID-6? It seems to me that the best scenario would be for me to pull the WARNING drive and tell it to use one of my hot spares in the rebuild. But won't I kill the thing by pulling a "good" drive in a RAID-6 with two DEGRADED drives?

Finally, I've seen reference in other posts to a bad bug in this controller that causes good drives to be marked as bad and that upgrading the firmware may help. Is flashing the firmware a risky operation given the situation? Is it likely to help or hurt wrt the rebuilding-but-stuck-at-4% RAID? Am I experiencing this bug in action?

Advice outside the spiritual would be much appreciated. Thanks.