[Samba-it] Problema samba 3.0.28 e winbind su piattaforma Suse 10.2
Sam
samu76 at yahoo.com
Thu May 29 04:14:28 MDT 2008
Buongiorno a tutti , ho un problema con il fileserver aziendale Suse 10.2 su cui ho installato Samba 3.0.28. Si tratta di continui blocchi relativi a winbind e quindi anche all'accesso del server all'interno della rete.
Samba è configurato in un dominio AD win 2003 R2 su cui ho esteso lo schema inserendo la parte relativa allo UNIX mapping. I processi nmb , smb e winbind rimangono attivi , ma dopo qualche ora di funzionamento "wbinfo -p" mi risponde picche (di conseguenza anche wbinfo -u) mentre "net ads group" mi riporta correttamente i risultati. Il comando "getent passwd" mi riporta anch'esso l'elenco corretto degli utenti (ma si tratta forse di quelli in cache nel file TDB). Fin qui il server viene comunque visto ed è possibile entrare nelle varie cartelle , ma ad un certo punto diventa inagibile. Intervenendo sul server se cerco di fare il restart dei demoni sembra che non mi rispondano ed il server non è più visibile nella rete Windows, alla fine con un reboot la situazione rientra. Non riesco a capire se si tratta di un bug della versione di Samba con la distribuzione Suse oppure un problema di come ho installato il tutto.
Di seguito allego la configurazione ed i files di log che vi possono aiutare:
=================================================================
>>>>>>>>>> /etc/krb5.conf
[libdefaults]
default_realm = VARESE.SSY.IT
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
clockskew = 300
[realms]
VARESE.SSY.IT = {
kdc = 170.1.200.11:88
admin_server = 170.1.200.11:749
default_realm = VARESE.SSY.IT
default_domain = SPZ_VA_AMM
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.varese.ssy.it = VARESE.SSY.IT
varese.ssy.it = VARESE.SSY.IT
.SPZ_VA_AMM = VARESE.SSY.IT
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
proxiable = false
retain_after_close = false
minimum_uid = 1
use_shmem = sshd
=================================================================
>>>>>>>>>> /etc/ldap.conf :
uri ldap://vasrvwad01.varese.ssy.it
base DC=varese,DC=ssy,DC=it
host vasrvwad01.varese.ssy.it
#binddn cn=linux-ldap-user,cn=Users,dc=varese,dc=ssy,dc=it
binddn linux-ldap-user at VARESE.SSY.IT
bindpw crack
scope sub
bind_timelimit 15
timelimit 15
ssl no
referrals no
nss_base_passwd dc=varese,dc=ssy,dc=it?sub
nss_base_shadow dc=varese,dc=ssy,dc=it?sub
nss_base_group dc=varese,dc=ssy,dc=it?sub?&(objectCategory=Group)(gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute uid sAMAccountName
nss_map_attribute gecos cn
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member
=================================================================
>>>>>>>>>> /etc/nsswitch.conf:
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files nis
publickey: files
bootparams: files
automount: files nis
aliases: files
===============================================================
>>>>>>>>>> /etc/samba/smb.conf
[global]
workgroup = SPZ_VA_AMM
realm = VARESE.SSY.IT
server string = Fileserver VA ver.01
security = ADS
encrypt passwords = yes
preferred master = no
use kerberos keytab = true
password server = vasrvwad01.varese.ssy.it
netbios name = VASRVL08
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
deadtime = 10
winbind cache time = 10
template shell = /bin/bash
client use spnego = yes
###################################
#IDMAP CFG
###################################
idmap domains = VARESE.SSY.IT
idmap config VARESE.SSY.IT:backend = ad
idmap config VARESE.SSY.IT:default = yes
idmap config VARESE.SSY.IT:schema_mode = rfc2307
idmap config VARESE.SSY.IT:range = 200 - 59999
idmap alloc backend = tdb
idmapalloc config:range = 200 - 59999
idmap uid = 200 - 59999
idmap gid = 200 - 59999
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
ldap admin dn = cn=linux-ldap-user,cn=Users,dc=varese,dc=ssy,dc=it
ldap suffix = dc=varese,dc=ssy,dc=it
dns proxy = no
domain master = no
preferred master = no
==============================================================
>>>>>>>> log.wb-SPZ_VA_AMM
[2008/05/29 02:16:51, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1019)
rpccli_netlogon_sam_network_logon: credentials chain check failed
[2008/05/29 02:17:41, 0] libsmb/credentials.c:creds_client_check(324)
creds_client_check: credentials check failed.
[2008/05/29 02:17:41, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1019)
rpccli_netlogon_sam_network_logon: credentials chain check failed
==================================================================
>>>>>>>>>> smbd.log
[2008/05/29 12:02:01, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:04:13, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:05:49, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:05:49, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:10:09, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:10:09, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
================================================================
>>>>>>>>>>>>>>> log.winbindd-dc-connect
[2008/05/29 02:20:12, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it. Error was SUCCESS - 0
[2008/05/29 02:20:22, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it. Error was SUCCESS - 0
[2008/05/29 02:20:33, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it. Error was SUCCESS - 0
[2008/05/29 02:20:43, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it. Error was SUCCESS - 0
[2008/05/29 02:20:53, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it. Error was SUCCESS - 0
==================================================================
Ringrazio anticipatamente per eventuali consigli o pareri.
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/samba-it/attachments/20080529/4c0d648d/attachment.html>
More information about the samba-it
mailing list