[Samba] FW: Samba 2.2.8a / Winbind and Domains

Petty, Robert rpetty at DenverNewspaperAgency.com
Wed Sep 24 05:09:12 GMT 2003


I originally sent this to samba-technical which as a typical first stpe for
me was probably wrong.... ;-)
Anyone here have any ideas?

-----Original Message-----
From: Petty, Robert [mailto:rpetty at denvernewspaperagency.com]
Sent: Tuesday, September 23, 2003 10:07 AM
To: samba-technical at lists.samba.org
Subject: Samba 2.2.8a / Winbind and Domains


I have searched the archived through google and found only a few
suggestions, a couple of which suggested this mailing list so I am posting
here hoping I won't offend anyone...

We have an NT domain which is part of a corporate network with trusts
established to other domains in the corporation.  I have added winbind to my
samba configuration on a Solaris 9 server.  We've been using samba for
years, but this is the first implementation of Winbind.  I am including the
global configuration information below.  I join a single domain (den1), but
winbind add the other trusted domains (cal1,production).  When I access
shares, I can see with winbind in debug mode that it tries all addresses
provided by our wins server for the domain "cal1" before going to even 
the specific domain provided in the username..  Unfortunately it takes
about ten or twelve seconds to get through all 5 addresses which are
provided.  I added "cal1" to my lmhosts file for samba and winbind is
getting the single address for it (127.0.0.1) but still, cal1 is being
queried even though the username in the challenge is "den1\pettyr".

So here are my questions:

1) Can I override and prohibit the querying of trusted domains and limit the
queries to the domain which winbind is a member of?
2) Can I increase the time that a challenge is valid?  Right now, if I
remain inactive for around ten seconds, the next access to any shares
requires a revalidation via winbind.  This is time consuming and very
frusterating.


My smb.conf:

[global]
        workgroup = DEN1
        netbios name = classfs
        interface = classfs
        interfaces = classfs/255.255.255.0
        bind interfaces only = Yes
        security = domain
        encrypt passwords = Yes
        password server = *
        server string = Samba (%v) domain (%h)
        template homedir = /usr/local/samba/home/%D/%U
        lock dir = /dna/samba/locks
        pid directory = /dna/samba/var/locks
        log file = /var/opt/samba/smb.log
        wins server = 10.39.9.1 10.39.10.1
        winbind uid = 19000-21000
        winbind gid = 19000-19000
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = true
        allow trusted domains = no
        keepalive = 300


Thanks in advance for any suggestions!

Robert



More information about the samba mailing list