Strange behaviour of winbind on samba 3.5.4 on RHEL5
Tobias von der Krone
linux at vdkrone.de
Fri Mar 11 01:25:42 MST 2011
Hi,
First: I'm relatively new to samba...
I upgraded an existing samba server 3.0.3 on RHEL5 x86_64 to 3.5.4. The
samba server is a domain member (only one domain, no trusted domains)
with Windows 2003 domain controllers and is configured with kerberos.
It is an english linux system with a german windows domain.
# locale
LANG=en_US.iso885915
After starting nmb, winbind and smb all seems to work well. After some
time (sometimes after some minutes or some hours) the command 'getent
group' shows strange characters, e.g.:
"THEDOMAIN+schema-admins:*:10017:�1{,{,,,1{,,{,,2{,2{,,,,THEDOMAIN+smi,THEDOMAIN+ztr"
and in the logs following entries are found:
==> log.wb-THEDOMAIN <==
[2011/03/11 08:53:39.621522, 1, effective(0, 0), real(0, 0)]
winbindd/winbindd_ads.c:126(ads_cached_connection)
ads_connect for domain THEDOMAIN failed: No logon servers
==> log.0.0.0.0 <==
[2011/03/11 08:53:39.621722, 1, effective(0, 0), real(0, 0)]
winbindd/winbindd_util.c:289(trustdom_recv)
Could not receive trustdoms
Here are some details from /etc/samba/smb.conf (names and ip addresses
are changed):
[global]
# who am I
workgroup = THEDOMAIN
netbios name = MYHOSTNAME
netbios aliases = MYALIAS
server string = Server %L
# debugging
debug level = 2
debug uid = Yes
log file = /var/log/samba/log.%I
max log size = 50
# printing
load printers = no
printcap name = /etc/printcap
#lock directory = /etc/samba/database
lock directory = /etc/samba/lock
state directory = /etc/samba/state
cache directory = /etc/samba/cache
guest account = nobody
# security
# kerberos setup
realm = THEREALM
# for samba 3.0
#use kerberos keytab = yes
# for samba 3.5
kerberos method = secrets and keytab
password server = DC01 DC02 DC03
#password server = *
security = ADS
encrypt passwords = yes
invalid users = root daemon bin sys adm uucp nuucp lpd
imnadm ipsec lp snapp invscout
domain master = no
map to guest = Never
unix extensions = no
# nt pipe support = no
# communication
unix charset = LOCALE
# character set = iso8859-15
hide dot files = no
deadtime = 15
keepalive = 30
os level = 2
interfaces = 1.1.1.1 1.1.1.2
bind interfaces only = yes
name resolve order = wins lmhosts bcast
wins server = 1.2.3.4 2.3.4.5
dns proxy = no
time offset = 0
smb ports = 445
# winbind
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
template homedir = /smbshare1/%U
template shell = /bin/false
follow symlinks = no
NT acl support = no
create mask = 0777
map archive = yes
map hidden = yes
map system = yes
fstype = NTFS
browseable = no
guest ok = no
excerpt from /etc/krb5.conf:
[libdefaults]
default_realm = THEREALM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 10h
forwardable = true
proxyable = true
[realms]
THEREALM = {
kdc = dc1.blabblub:88
kdc = dc2.blablub:88
kdc = dc3.blablub:88
admin_server = dc1.blablub:464
default_domain = THEDOMAIN
}
[domain_realm]
.blablub = THEREALM
.domain.blablub = THEREALM
.bla = THEREALM
If you need more information, please let me know. Thanks for help in
advance.
Bye Tobias von der Krone
More information about the samba-technical
mailing list