[Samba] Samba 2.2.8 - authentication and nscd
Manjinder Gill (Fathom)
manjinder.gill at fathom.co.uk
Thu Oct 23 18:20:36 GMT 2003
Hi
We have installed and configured Samba 2.2.8 on a Solaris (Sparc) 8
server recently. This server is to replace an existing member server in
a NT4 domain and will act as a file server.
We want to perform as little user maintenance on the Solaris side as
possible so that most of the user setup and maintenance for the domain
is controlled through a NT4 server using usrmgr and want to use NT file
and directory permissions on the shares on the new server through ACL's.
Therefore we have configured Samba with the minimum options i.e.
compiled (with winbindd and acl options), installed and setup basic
smb.conf file. No other changes have been made in relation to
nsswitch.conf (winbind added during install) and we have not made
specific changes to PAM config. Therefore authentication is done
directly with the domain as per the following smb.conf file:-
[global]
workgroup = DEV1
netbios name = SUNBLADE
server string = SunBlade
interfaces = 192.168.3.10
bind interfaces only = Yes
security = DOMAIN
encrypt passwords = Yes
password server = NTPDC
log file = /usr/local/samba/var/log.%m
max log size = 50
local master = No
domain master = No
dns proxy = No
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = Yes
[Apps]
comment = Applications Share
path = /data/apps
read only = No
create mask = 0775
directory mask = 0775
force unknown acl user = 0775
inherit permissions = Yes
inherit acls = Yes
guest ok = Yes
profile acls = Yes
mangled names = No
The documentation goes on about the smbpasswd file when using encrypted
passwords. Currently we are not storing any of the users and groups
within /etc/passwd or /etc/groups and are not mapping any NT to UNIX
usernames - the configuration seems to be working although sometimes we
get authentication issues.
Is it viable to run with this configuration? The documentation seems to
imply that smbpasswd entries are required when encryption is on and
using winbind??
Also, we occasionally get core dumps which fills the Solaris server. We
have discovered this to be the nscd process. The Samba 3.0 documentation
states that nscd should not be used when winbindd is running and this is
the likely cause of the authentication issues, but Samba does not
function when the process is not running? We have killed this process
whilst Samba is running and also stopped it from starting when machine
boots, but this prevents Samba from authenticating any users. Any ideas
why this is happening? Could it be due to our configuration?
We have integrated Samba into Veritas Cluster server and is operating in
a fail over environment with another machine.
Thanks in advance.
M. Gill
More information about the samba
mailing list