[Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)???

[Marcello Melfi]

Hi James,

Thanks for taking the time to reply!

You are right about one smbd process listening and the other one handling a
share being accessed by a client workstation (like a Windows XP machine).
However, if no client workstation is connected to a share, there should be
only one smbd process running. This is not my case... I have two of then
right from the start and it should not be so. At least, it was not the case
when I installed and tested successfully Samba 3.0.2a a few months ago.

As for Winbindd, I am still not sure about it... (maybe I do not understand
it as it should be!). I was able to have Samba 3.0.7 running in ADS security
mode. I only started the smbd and nmbd processes. Prior to that, I joined
the Samba machine to the AD server (a Windows 2000 server) with the "net ads
join -U [admin_user]%[password]" command. When I ran the "klist" command, I
did see a ticket for Kerberos 5, although I am not an expert on this
subject. I was able to connect to a share from a Windows XP machine.
However, it always fails at the first attempt (after a reboot, because I
wanted to make sure the cache was flushed), like if the username or the
password was wrong. The Windows XP machine is in the same domain as the AD
server (which is also the KDC server) and I am logged in with the Windows
username authorized (via the Samba's lib/usermap.txt file, i.e. the Windows
username is associated to a Unix username) to access the share.

Any thought on this?

Regards,
 
Marcello
 

-----Original Message-----
From: James Mauser [mailto:jmauser at fau.edu] 
Sent: October 7, 2004 9:21
To: 'Marcello Melfi'
Subject: RE: [Samba] Small bug with Samba 3.0.7's smbd process (or just a
bad compilation)???

Marcello,
 I am not completely sure however, I believe the 2 smbd process span 2 of
them so that one will listening the other will handle the actual processing
of the request.  (Efficiency is what I think I read) 

Winbindd will be used if you want to have user names and password from your
AD to authenticate  to your samba shares.  Also if you are goining the AD
then winbind will need to be running so that the smb box can pass it's id
information to the AD. 
If you have gotten to the point where the samba box will join the AD then it
rather trivial not having to create another UNIX user and another password),
so winbindd would need to be running if you did not want to create a 2nd set
of user names and passwords. 


PAM would be used only if you wanted to have the user log into the Solaris
machine, which is what you said you did not want/need so PAM in your case
would not need to be installed.

Hope this helps a little
James Mauser
College of Engineering
Florida Atlantic University
-----Original Message-----
From: samba-bounces+jmauser=fau.edu at lists.samba.org
[mailto:samba-bounces+jmauser=fau.edu at lists.samba.org] On Behalf Of Marcello
Melfi
Sent: Wednesday, October 06, 2004 10:31 PM
To: samba at lists.samba.org; jra at samba.org
Subject: [Samba] Small bug with Samba 3.0.7's smbd process (or just a bad
compilation)???

Hi,
 
I have compiled and installed Samba 3.0.7 with MIT Kerberos 1.3.5 and
OpenLDAP 2.2.17. The reason for it is that I need to authenticate Windows'
user accesses to a Samba share via the Samba's ADS security mode.
 
I found out one potential problem with Samba 3.0.7 and I have one general
question:
 
Problem
------------
 
Normally, when Samba is started, there should be one smbd process and one
nmbd process up and running. Then, one additional smbd process is started
for each share established with a client pc. However, this is not the case
here. When I start Samba 3.0.7, I get two (instead of one) smbd processes
and one nmbd process. Other then that, everything seems to work ok (although
I did nor had the time to perform a lot of testing...). Is this a new Samba
feature or is there something wrong here?
 
Please note that I started Samba 3.0.7 with the same smb.conf file I used
with Samba 3.0.2a. It is setup in Domain security mode because I wanted
first to make sure that the binaries I created was at least functional.
 
Question
-------------
 
Whether I use the Domain or ADS security mode, my requirements with Samba is
to have a network share from a Sun Solaris machine to be accessible to a few
(about 15) Windows 2000 machines so that the main application running on
these machines can export many data files on the Sun Solaris machine in a
transparent manner, i.e. thinking it is a Windows server.
 
I do not need (and do not want...) to have users logging on the Sun Solaris
machine and I do not have a need to provide a kind of general file server
service to many Windows users through Samba, nor do I need to implement a
SSO to users having both Windows and UNIX accounts.
 
I was able to implement successfully Samba 3.0.2a in DOMAIN security mode
that way. I need to do it in ADS security mode. The question is: do I really
need Winbindd, PAM, etc. for this? I do not think so in my particular
situation, but I would like to have this confirmed by someone from the Samba
team. Thanks in advance for the answer!
 
Regards,
 
Marcello Melfi
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba