[Samba-it] Problema samba 3.0.28 e winbind su piattaforma Suse 10.2

Sam samu76 at yahoo.com
Thu May 29 04:14:28 MDT 2008 

Buongiorno a tutti , ho un problema con il fileserver aziendale Suse 10.2 su cui ho installato Samba 3.0.28. Si tratta di continui blocchi relativi a winbind e quindi anche all'accesso del server all'interno della rete.
Samba è configurato in un dominio AD win 2003 R2 su cui ho esteso lo schema inserendo la parte relativa allo UNIX mapping. I processi nmb , smb e winbind rimangono attivi , ma dopo qualche ora di funzionamento "wbinfo -p" mi risponde picche (di conseguenza anche wbinfo -u) mentre "net ads group" mi riporta correttamente i risultati. Il comando "getent passwd" mi riporta anch'esso l'elenco corretto degli utenti (ma si tratta forse di quelli in cache nel file TDB). Fin qui il server viene comunque visto ed è possibile entrare nelle varie cartelle , ma ad un certo punto diventa inagibile. Intervenendo sul server se cerco di fare il restart dei demoni sembra che non mi rispondano ed il server non è più visibile nella rete Windows, alla fine con un reboot la situazione rientra. Non riesco a capire se si tratta di un bug della versione di Samba con la distribuzione Suse oppure un problema di come ho installato il tutto.
 
Di seguito allego la configurazione ed i files di log che vi possono aiutare:
=================================================================
>>>>>>>>>> /etc/krb5.conf
 
[libdefaults]
        default_realm = VARESE.SSY.IT
        dns_lookup_realm = false
        dns_lookup_kdc = false
        ticket_lifetime = 24h
        forwardable = yes
        clockskew = 300
[realms]
VARESE.SSY.IT = {
        kdc = 170.1.200.11:88
        admin_server = 170.1.200.11:749
        default_realm = VARESE.SSY.IT
        default_domain = SPZ_VA_AMM
}
[logging]
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON
[domain_realm]
        .varese.ssy.it = VARESE.SSY.IT
        varese.ssy.it = VARESE.SSY.IT
        .SPZ_VA_AMM = VARESE.SSY.IT
[appdefaults]
pam = {
        debug = false
        ticket_lifetime = 36000
        renew_lifetime = 36000
        forwardable = true
        krb4_convert = false
        proxiable = false
        retain_after_close = false
        minimum_uid = 1
        use_shmem = sshd
=================================================================
 
>>>>>>>>>> /etc/ldap.conf :
 
uri     ldap://vasrvwad01.varese.ssy.it
base    DC=varese,DC=ssy,DC=it
host    vasrvwad01.varese.ssy.it
#binddn cn=linux-ldap-user,cn=Users,dc=varese,dc=ssy,dc=it
binddn  linux-ldap-user at VARESE.SSY.IT
bindpw  crack
scope   sub
bind_timelimit  15
timelimit       15
ssl     no
referrals       no
nss_base_passwd dc=varese,dc=ssy,dc=it?sub
nss_base_shadow dc=varese,dc=ssy,dc=it?sub
nss_base_group  dc=varese,dc=ssy,dc=it?sub?&(objectCategory=Group)(gidnumber=*)
nss_map_objectclass     posixAccount user
nss_map_objectclass     shadowAccount user
nss_map_objectclass     posixGroup group
nss_map_attribute       uid sAMAccountName
nss_map_attribute       gecos cn
nss_map_attribute       homeDirectory unixHomeDirectory
nss_map_attribute       uniqueMember member
=================================================================
 
>>>>>>>>>> /etc/nsswitch.conf:
 
passwd: files ldap
group: files ldap
shadow: files ldap
hosts:          files dns
networks:       files dns
services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files nis
publickey:      files
bootparams:     files
automount:      files nis
aliases:        files
===============================================================
 
>>>>>>>>>> /etc/samba/smb.conf
 
[global]
workgroup = SPZ_VA_AMM
realm = VARESE.SSY.IT
server string = Fileserver VA ver.01
security = ADS
encrypt passwords = yes
preferred master = no
use kerberos keytab = true
password server = vasrvwad01.varese.ssy.it
netbios name = VASRVL08
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
deadtime = 10
winbind cache time = 10
template shell = /bin/bash
client use spnego = yes
###################################
#IDMAP CFG
###################################
idmap domains = VARESE.SSY.IT
idmap config VARESE.SSY.IT:backend = ad
idmap config VARESE.SSY.IT:default = yes
idmap config VARESE.SSY.IT:schema_mode = rfc2307
idmap config VARESE.SSY.IT:range   = 200 - 59999
idmap alloc backend = tdb
idmapalloc config:range = 200 - 59999
idmap uid = 200 - 59999
idmap gid = 200 - 59999
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
ldap admin dn = cn=linux-ldap-user,cn=Users,dc=varese,dc=ssy,dc=it
ldap suffix = dc=varese,dc=ssy,dc=it
dns proxy = no
domain master = no
preferred master = no
==============================================================
 
>>>>>>>> log.wb-SPZ_VA_AMM
 
[2008/05/29 02:16:51, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1019)
  rpccli_netlogon_sam_network_logon: credentials chain check failed
[2008/05/29 02:17:41, 0] libsmb/credentials.c:creds_client_check(324)
  creds_client_check: credentials check failed.
[2008/05/29 02:17:41, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1019)
  rpccli_netlogon_sam_network_logon: credentials chain check failed
==================================================================
 
>>>>>>>>>> smbd.log
 
[2008/05/29 12:02:01, 0] lib/util_sock.c:get_peer_addr(1232)
  getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:04:13, 0] lib/util_sock.c:get_peer_addr(1232)
  getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:05:49, 0] lib/util_sock.c:get_peer_addr(1232)
  getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:05:49, 0] lib/util_sock.c:get_peer_addr(1232)
  getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:10:09, 0] lib/util_sock.c:get_peer_addr(1232)
  getpeername failed. Error was Transport endpoint is not connected
[2008/05/29 12:10:09, 0] lib/util_sock.c:get_peer_addr(1232)
  getpeername failed. Error was Transport endpoint is not connected

================================================================
 
>>>>>>>>>>>>>>>  log.winbindd-dc-connect
 
[2008/05/29 02:20:12, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it.  Error was SUCCESS - 0
[2008/05/29 02:20:22, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it.  Error was SUCCESS - 0
[2008/05/29 02:20:33, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it.  Error was SUCCESS - 0
[2008/05/29 02:20:43, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it.  Error was SUCCESS - 0
[2008/05/29 02:20:53, 1] libsmb/clientgen.c:cli_rpc_pipe_close(401)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xd to machine vasrvwad01.varese.ssy.it.  Error was SUCCESS - 0
==================================================================
 
 
Ringrazio anticipatamente per eventuali consigli o pareri.
 
Sam


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/samba-it/attachments/20080529/4c0d648d/attachment.html>

More information about the samba-it mailing list