[Samba] member server 3.0.23c drives me nuts
TBarbera at sbli.com
Mon Oct 9 14:50:15 GMT 2006
I've run into a bug with 3.0.23c in terms of groups not showing up.
Given what I have been reading, you may be wise to downgrade back to
3.0.22 (assuming that was stable for you) until the bugs can get ironed
out. Apparently it's a Brave New World with 3.0.23c...
From: samba-bounces+tbarbera=sbli.com at lists.samba.org
[mailto:samba-bounces+tbarbera=sbli.com at lists.samba.org] On Behalf Of
Sent: Monday, October 09, 2006 10:06 AM
To: samba at lists.samba.org
Subject: [Samba] member server 3.0.23c drives me nuts
First of all thanks to the developer team in providing the samba suite.
I have been running samba servers for serveral years now but 3.0.23c
just drives me nuts.
I have a PDC and BDC running samba 3.0.23c with openldap as backend and
also a samba member server trying to run 2.0.23c.
The member server is the primary file server so I can't play with it all
The member server was running 3.0.22 before without any problems. Last
night I upgraded to 3.0.23c and the fun began.
Things I observed:
1) Random people just could not mount any shares on the member server
anymore or the mount process took very very long. All of a sudden, they
could connect to the shares again at normal speed without me changing
2) I could not log in to the member server anymore via ssh and also not
on the console. The server just didn't give me a shell. This led me to
resetting the server who had an uptime of almost 600 days. This is
actually what grieves me most ;-)
After poking around a bit I found in log.winbindd
[2006/10/09 14:41:41, 0] nsswitch/winbindd.c:process_loop(832)
winbindd: Exceeding 200 client connections, no idle connection found
[2006/10/09 14:41:41, 0] nsswitch/winbindd.c:request_main_recv(556)
googling I found someone describing the same problem and also not being
able to log into his box anymore.
If I kill winbindd and fire it up again it works for about an hour or
two before the message appears again.
wbinfo -u then produces an error like "Cannot connect to DOMAIN" or
something like that.
3) When trying to assign acls in windows to files joe suddenly appears
as "joe (Unix User\joe)" instead of "joe (MYDOMAIN\joe)"
Here goes the global part of smb.conf on the member server.
unix charset = ISO8859-1
display charset = ISO8859-1
workgroup = MYDOM
server string = %h (Samba %v)
interfaces = 10.230.1.1/255.255.0.0
security = DOMAIN
password server = pdc, bdc
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = pdc
kernel oplocks = No
ldap admin dn = cn=admin,dc=mydom,dc=de
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap suffix = dc=mydom,dc=de
ldap ssl = start tls
ldap user suffix = ou=people
idmap backend = ldap:ldap://pdc.mydom.de
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = Yes
acl group control = Yes
create mask = 00
force create mode = 0775
directory mask = 00
force directory mode = 0775
map acl inherit = Yes
veto oplock files = /*.xls/*.doc/*.mdb
level2 oplocks = No
strict locking = No
log level = 1
What am I missing or am I getting too old for the job??
Help is greatly appreciated.
"Technological progress has merely provided us
with more efficient means for going backwards"
~ Aldous Huxley
/\ /_ o__
o* ~(_) ,>/'_ o__
Robert Gehr (_)\(_) ,>/'_ o__ o__
Baumann GmbH, 92224 Amberg (_)\(_) ,>/'_ ,>/'_
visit: http://www.baumann-gmbh.de (_)\(_) (_)\(_)
To unsubscribe from this list go to the following URL and read the
The Savings Bank Life Insurance Company of Massachusetts is in no way affiliated with the Savings Bank Life Insurance Company of Connecticut or SBLI USA Mutual Life Insurance Company, Inc. Centrian Life Insurance is the name that the Savings Bank Life Insurance Company of Massachusetts operates under in Connecticut. It is in no way affiliated with the Savings Bank Life Insurance Company, the name that VantisLife Insurance Company operates under in Connecticut.
This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete or destroy the message.
More information about the samba