[Samba] Discussion: Samba Virtual Server Setup w/ LDAP Backend
Dirk.Laurenz at fujitsu-siemens.com
Dirk.Laurenz at fujitsu-siemens.com
Wed Aug 17 08:11:50 GMT 2005
Hello everybody,
(i can send level 10 logs on demand......the mail is to big for the list)
i'm just building up a complete Samba 3 Domain containing
one pdc
one bdc
four file servers
because i don't want to spent to much hardware, the four fileservers
are 4 seperate samba instances running on one SuSE SLES 9 Operating System.
The Samba Version is:
3.0.14a from ftp.sernet.de <ftp://ftp.sernet.de> for sles9/i386.
Nearly the whole domain is running, but there's one major problem concerning
those 4 fileservers. We're not able to create local groups either using the
usermanager for domains or wbinfo -C. Only the the samba instance which
has been started at last allows creation of local groups (and only /w error's).
And on this we get an error message (see attachements) altough the local group is created.
- usermgr.jpg (Usermanager error)
- fgesbo05.log (the system the user manager ran on)
- smbd.log and winbindd.log
We have those seperate 4 instances for reasons:
- starting an stopping them seperately
- possible testing of newer samba versions
(e.g. instance 1 is running with 3.0.14 and instance 2 is running with 3.0.20)
- easy moving of a samba instance to a new server
The problem is quite urgent and if any additional information is needed, please
ask! I will provide it. Thanks in advance
Additional Infos (smb.conf, etc)
Here's an ps -ef | grep smb of that server:
hgest3301:/samba/agest001/conf/etc # ps -ef | grep smb | egrep -v 'grep|smbe'
domaina 26240 1 0 09:15 ? 00:00:00 /usr/sbin/nmbd -D -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina 26245 1 0 09:15 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina 26248 26245 0 09:15 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina 26253 1 0 09:15 ? 00:00:00 /usr/sbin/winbindd -B -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina 26254 26253 0 09:15 ? 00:00:00 /usr/sbin/winbindd -B -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina 26281 26245 0 09:17 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina 26372 1 0 09:21 ? 00:00:00 /usr/sbin/nmbd -D -s /samba/agest002/conf/etc/smb.conf -l /samba/agest002/conf/log
domaina 26377 1 0 09:21 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest002/conf/etc/smb.conf -l /samba/agest002/conf/log
domaina 26379 26377 0 09:21 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest002/conf/etc/smb.conf -l /samba/agest002/conf/log
domaina 26384 1 0 09:21 ? 00:00:00 /usr/sbin/winbindd -B -s /samba/agest002/conf/etc/smb.conf -l /samba/agest002/conf/log
domaina 26385 26384 0 09:21 ? 00:00:00 /usr/sbin/winbindd -B -s /samba/agest002/conf/etc/smb.conf -l /samba/agest002/conf/log
domaina 26417 1 0 09:21 ? 00:00:00 /usr/sbin/nmbd -D -s /samba/agest003/conf/etc/smb.conf -l /samba/agest003/conf/log
domaina 26422 1 0 09:21 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest003/conf/etc/smb.conf -l /samba/agest003/conf/log
domaina 26424 26422 0 09:21 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest003/conf/etc/smb.conf -l /samba/agest003/conf/log
domaina 26430 1 0 09:21 ? 00:00:00 /usr/sbin/winbindd -B -s /samba/agest003/conf/etc/smb.conf -l /samba/agest003/conf/log
domaina 26431 26430 0 09:21 ? 00:00:00 /usr/sbin/winbindd -B -s /samba/agest003/conf/etc/smb.conf -l /samba/agest003/conf/log
domaina 26462 1 0 09:21 ? 00:00:00 /usr/sbin/nmbd -D -s /samba/agest004/conf/etc/smb.conf -l /samba/agest004/conf/log
domaina 26467 1 0 09:21 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest004/conf/etc/smb.conf -l /samba/agest004/conf/log
domaina 26469 26467 0 09:21 ? 00:00:00 /usr/sbin/smbd -D -s /samba/agest004/conf/etc/smb.conf -l /samba/agest004/conf/log
domaina 26474 1 0 09:21 ? 00:00:00 /usr/sbin/winbindd -B -s /samba/agest004/conf/etc/smb.conf -l /samba/agest004/conf/log
domaina 26475 26474 0 09:21 ? 00:00:00 /usr/sbin/winbindd -B -s /samba/agest004/conf/etc/smb.conf -l /samba/agest004/conf/log
hgest3301:/samba/agest001/conf/etc # id
uid=0(domainadmin) gid=0(root) groups=0(root),64(pkcs11)
hgest3301:/samba/agest001/conf/etc # wbinfo -m
AGEST004
BUILTIN
hgest3301:/samba/agest001/conf/etc # l
total 16
drwxr-xr-x 3 domainadmin root 98 2005-08-17 09:14 ./
drwxr-xr-x 12 domainadmin root 125 2005-07-01 11:46 ../
-rwxr-xr-x 1 domainadmin root 835 2005-08-16 12:25 smb.conf*
-rw-r--r-- 1 domainadmin root 1078 2005-08-17 09:14 smb.conf.agest001
-rw-r--r-- 1 domainadmin root 818 2005-07-06 12:06 smb.conf.ldap
-rw-r--r-- 1 domainadmin root 442 2005-07-26 09:41 smb.conf.shares
the smb.conf files (agest001 is local master browser too) :
# SAMBA CONFIGURATION FILE FOR LDAP
#
# THE MAIN SMB.CONF
# MUST NOT BE CHANGED WITHOUT REASON
# COMMON FOR ALL SERVERS
# Global parameters
[global]
unix charset = UTF8
log level = 2
syslog = 1
max log size = 4096
name resolve order = wins lmhosts host bcast
wins server = 192.168.53.44
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
map acl inherit = yes
winbind nested groups = yes
winbind enable local accounts = yes
# INCLUDES
# The following files must be included in order to get a perfect running system
include = /samba/agest001/conf/etc/smb.conf.agest001
include = /samba/agest001/conf/etc/smb.conf.ldap
include = /samba/agest001/conf/etc/smb.conf.shares
hgest3301:/samba/agest001/conf/etc # cat /samba/agest001/conf/etc/smb.conf.agest001
time server = yes
private dir = /samba/agest001/conf/private
pid directory = /samba/agest001/conf/pids
template homedir = /samba/agest001/data/tmp/winbindjail
wtmp directory = /samba/agest001/conf/wtmp
lock directory = /samba/agest001/conf/locks
username map = /samba/agest001/conf/private/smbusers
utmp directory = /samba/agest001/conf/utmp
smb passwd file = /samba/agest001/conf/private/smbpasswd
log file = /samba/agest001/conf/log/%m.log
workgroup = TOPTEST
netbios name = AGEST001
server string = dfsrootserver
interfaces = 192.168.84.73/24
socket address = 192.168.84.73/24
bind interfaces only = yes
# DOMAIN SPECIFIC INFORMATION (THIS IS FOR THE MEMBER SERVER)
os level = 255
local master = yes
preferred master = yes
domain logons = no
domain master = no
security = domain
hgest3301:/samba/agest001/conf/etc # cat /samba/agest001/conf/etc/smb.conf.ldap
ldap admin dn = cn=Samba Server,cn=Samba,cn=Applications,o=Company
ldap suffix = ou=TOPTEST,o=Company
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmaps
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
# GENERAL LDAP OPTIONS
# ldap passwd sync = yes
# ldap replication sleep = 5000
ldapsam:trusted = yes
ldap timeout = 5
# LDAP SERVER DEFINITION
# passdb backend = ldapsam:ldap://hgest3201.sz.Company.test ldapsam:ldap://hgest3202.sz.Company.test
idmap backend = ldap:ldap://hgest3201.sz.Company.test ldap:ldap://hgest3202.sz.Company.test
hgest3301:/samba/agest001/conf/etc # cat /samba/agest001/conf/etc/smb.conf.shares
# This file contains the shares
# NETLOGON SHARE
[dfsroot]
path = /samba/agest001/data/dfsroot
comment = DFSroot der Samba Testdomaene
msdfs root = yes
hide files = /lost+found/
hide dot files = yes
read only = yes
Mit freundlichem Gruß,
Dirk Laurenz
Systems Engineer
PSO - Professional Service Organisation
Fujitsu Siemens Computers
Hildesheimer Strasse 25
30880 Laatzen
Germany
Telephone: +49 (511) 84 89 - 18 08
Telefax: +49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email: mailto:dirk.laurenz at fujitsu-siemens.com <mailto:dirk.laurenz at fujitsu-siemens.com>
Internet: http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
*******************************************************************************************************************
More information about the samba
mailing list