[Samba] winbindd instability, inconsistent handling of Domain name
Alexander List
alexlist at sbox.tugraz.at
Mon Sep 8 12:52:35 GMT 2003
Hello world,
I'm currently experimenting with a new Samba server that is to be
integrated in an existing ADS domain.
System is Debian Woody, plus samba 3.0.0beta2+3.0.0rc2-1 and necessary
dependencies. Kernel is 2.4.21 + Debian patches + XFS
ii libc6 2.3.2-5 GNU C Library: Shared libraries and
Linux bigberta 2.4.21-4-686-xfs #1 Mon Aug 25 15:44:37 CEST 2003 i686
smbd, nmbd and winbindd are working fine, I could joint the AD Domain in
native mode, created partitions using XFS (with ACL support), and
wbinfo -u bzw. wbinfo -g list the domain users and groups correctly.
My first problem:
After a while, wbinfo [-u|-g] returns
server:/var/log/samba# wbinfo -g
Error looking up domain groups
After restarting winbindd, it works again for a while. What's the proper
way to produce useful debugging information for the developers?
My second problem:
I created a directory /mnt/admin with this ACL:
# file: .
# owner: root
# group: root
user::rwx
user:DOMAIN+username:rwx
group::r-x
mask::rwx
other::r-x
When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
only DOMAIN+username (the short NETBIOS name of the domain) is listed in
the ACL.
I created the following Samba share:
[admin]
browsable = no
path = /mnt/admin
public = no
write list = DOMAIN+username
This won't work. Windows domain user "username" gets "Access denied" when
trying to create a file on the share.
However, this works:
write list = INTERNAL.DOMAIN.COM+username
Is this a bug or a configuration problem on my side?
Another thing I found in the winbindd log file:
[2003/09/07 16:36:26, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147)
user 'MACHINE$' does not exist
MACHINE$ is the Windows client I'm using to access the share.
Thanks for any hints!
Alex
--
"UNLESS someone like you cares a whole awful lot, nothing is going to get
better. It's not." --Dr. Seuss, fromThe Lorax
More information about the samba
mailing list