[Samba] winbindd instability, inconsistent handling of Domain name

Gerald (Jerry) Carter jerry at samba.org
Sat Sep 20 15:37:09 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander List wrote:
| Hello world,
|
| I'm currently experimenting with a new Samba server that is to be
| integrated in an existing ADS domain.
|
| System is Debian Woody, plus samba 3.0.0beta2+3.0.0rc2-1 and necessary
| dependencies. Kernel is 2.4.21 + Debian patches + XFS
|
| ii  libc6          2.3.2-5        GNU C Library: Shared libraries and
| Linux bigberta 2.4.21-4-686-xfs #1 Mon Aug 25 15:44:37 CEST 2003 i686
|
| smbd, nmbd and winbindd are working fine, I could joint the AD Domain in
| native mode, created partitions using XFS (with ACL support), and
| wbinfo -u bzw. wbinfo -g list the domain users and groups correctly.
|
| My first problem:
|
| After a while, wbinfo [-u|-g] returns
|
| server:/var/log/samba# wbinfo -g
| Error looking up domain groups
|
| After restarting winbindd, it works again for a while. What's the proper
| way to produce useful debugging information for the developers?

I think this has already been fixed in our CVS tree.  The bedian
packaging script should be fine for RC4 so you might just want to build
your own package from that tree and see if things work better for you.

| I created a directory /mnt/admin with this ACL:
|
| # file: .
| # owner: root
| # group: root
| user::rwx
| user:DOMAIN+username:rwx
| group::r-x
| mask::rwx
| other::r-x
|
| When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
| only DOMAIN+username (the short NETBIOS name of the domain) is listed in
| the ACL.

Haven't we already talked about this one?  I'm having serious
deja vu here.  winbindd mostly operates on the short name of the do9main.

| [admin]
|     browsable = no
|     path = /mnt/admin
|     public = no
|     write list = DOMAIN+username
|
| This won't work. Windows domain user "username" gets "Access denied" when
| trying to create a file on the share.
|
| However, this works:
|
|     write list = INTERNAL.DOMAIN.COM+username
|
| Is this a bug or a configuration problem on my side?

did you define the workgroup and realm in smb.conf?






cheers, jerry
- ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "You can never go home again, Oatman, but I guess you can shop there."
~                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/bHQlIR7qMdg1EfYRAoAaAKCRFtI2IlVBu0dUMyZotZuupdyu9ACgkpkC
qN/N7CKFidvRp68XUFMyD0Y=
=qk9+
-----END PGP SIGNATURE-----

More information about the samba mailing list