Samba problems?

Andrew Bartlett abartlet at samba.org
Sat Aug 17 01:41:01 GMT 2002


Eddie Lania wrote:
> 
> Hello everybody,
> 
> I am using Samba in networking environments at home and work.
> 
> I am testing with samba.
> 
> I compile the HEAD version from cvs with regular intervals but keep on
> having the following problems.
> In both environments, samba is
> compiled --with-ldapsam, --with-smbmount, --with-nsswitch

--with-ldapsam doesn't do anything any more, its in by default if you
have ldap on the system.  I don't think we even have a
--with-nsswitch...

> and --with-acl-support on a RedHat 7.0 system with openldap installed.
> 
> Hopefully, the information in this message can be an usefull contribution to
> this list.
> Please observe:
> 
> - First the details of my smb.conf:
> 
> [global]
>         passdb backend = ldapsam:ldap://localhost
>         ldap suffix = "dc=elton-intra,dc=net"
>         ldap user suffix = "ou=Users"
>         ldap machine suffix = "ou=Computers"
>         ldap admin dn = "cn=Manager,dc=elton-intra,dc=net"
>         ldap ssl = off
>         use spnego = No
>         workgroup = ELTON
>         time server = Yes
>         wins support = Yes
>         os level = 64
>         prefered master = Auto
>         domain master = Yes
>         local master = Yes
>         security = user
>         # security = ads
>         encrypt passwords = Yes
>         null passwords = Yes
>         passwd program = /usr/local/sbin/smbldap-passwd.pl
>         guest account = Guest
>         socket address = 192.168.169.192
>         interfaces = 192.168.169.0/24 127.0.0.1
>         bind interfaces only = Yes
>         remote announce = 192.168.168.150
>         remote browse sync = 192.168.168.150
>         domain logons = Yes
>         add user script = /usr/local/sbin/smbldap-useradd.pl -a -E login.bat
> %u
>         add machine script = /usr/local/sbin/smbldap-useradd.pl -g 102 -w %u
>         delete user script = /usr/local/sbin/smbldap-userdel.pl %u
>         logon path = \\%L\profiles\%U
>         logon drive = q:
>         logon home = \\%L\%U\.profile
>         logon script = login.bat
>         debug uid = Yes
>         log file = /var/log/samba3/%m.log
>         max log size = 0
> [netlogon]
>         comment = Network Logon Service
>         path = /home/netlogon
>         read only = Yes
> [homes]
>         path = /home/users/%U
>         read only = No
>         browseable = No
>         inherit acls = Yes
>         inherit permissions = Yes
>         csc policy = disable
> [profiles]
>         comment = User Profiles share
>         path = /home/profiles
>         read only = No
>         inherit acls = Yes
>         inherit permissions = Yes
>         csc policy = disable
> [users]
>         comment = Users directories
>         path = /home/users
>         read only = Yes
>         write list = @"Administrators"
>         inherit acls = Yes
>         inherit permissions = Yes
> [public]
>         comment = Public Files share
>         path = /mnt/big_f32/public
>         force user = nobody
>         read only = No
> [apps]
>         comment = Applications share
>         path = /mnt/big_f32/apps
>         force user = nobody
>         read only = No
> [backup]
>         comment = Backup share
>         path = /mnt/big_f32/backup
>         force user = nobody
>         read only = Yes
> 
> - Using this configuration, testparm outputs the following error:
> 
> Processing section "[netlogon]"
> Processing section "[homes]"
> Processing section "[profiles]"
> Processing section "[users]"
> Processing section "[public]"
> Processing section "[apps]"
> Processing section "[backup]"
> Load smb config files from /usr/local/samba/lib/smb.conf
> Loaded services file OK.
> ERROR: both 'wins support = true' and 'wins server = <server>' cannot be set
> in the smb.conf file. nmbd will abort with this setting.
> 
> Altough the parameter 'wins server = <server>' is not defined in my
> smb.conf.
> 
> Is this a bug?

Quite possible - have a look at the testparm source and see what you can
figure out.  

> - When logging on from a windows 9xx client, there are no errors in the
> samba log file(s).
>   When logging on from Xp the next message is displayed in the log file:
> 
> [2002/08/17 08:53:45, 0, effective(500, 500), real(0, 0)]
> rpc_server/srv_util.c:get_domain_user_groups(342)
>   get_domain_user_groups: primary gid of user [eddie] is not a Domain group
> !
>   get_domain_user_groups: You should fix it, NT doesn't like that
> 
> User "eddie" is in ldap with (uidNumber 500) and member of group 201 (Domain
> Users), primairyGroupID 1403.
> This problem did not appear in 2.2.5 with ldapsam.

We didn't have group support before now.  You need to make sure the
primary group is listed in the group mapping tdb, using smbgroupedit.

> - When a user logs on, a log file is created by samba first named to the ip
> address of the wks, and then again is created with the wks's netbios name:
> 
> ls of /var/log/samba3/
> 
> 192.168.169.253.log
> log.nmbd
> log.smbd
> p450aukje.log
> smbd.log
> 
> Note that 192.168.169.253 is the ip of p450aukje.
> Is this something to worry about?

No, it's just to do with the fact that we don't know a value for %m
until the remote machine sends one.  This wasn't a problem till we
started listening on 445.  In fact, if you use security=ads and 445, we
might *never* get a machine name, so we go with the IP until we get
one.  (In older versions, we used 'smbd' until told otherwise).

> - Swat doesn't work properly:
> 
> Whatever I have tried, I am unable to use swat because the authentication
> through the web interface failes.
> The only thing I receive in my webbrowser is a "401 Bad Authorization -
> username or password incorrect".
> 
> Is this a bug?

Depends - if you are using RedHat 7.0, you probably want --with-pam, and
to setup a PAM config file.

> That's it for now.
> 
> Thank you for any reply.
> 
> With kind regards,
> 
> Eddie Lania.
> 
> ICT Manager.
> Industrie en handelsonderneming Elton B.V.
> the Netherlands
> 
> buisiness page: http://www.elton.nl
> personal page: http://nl3lek.webhop.net

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net



More information about the samba-technical mailing list