[Samba] Windows clients losing connection to Samba 3.0.27 PDC on
FC7 i386
Rubin Bennett
rbennett at thatitguy.com
Tue Nov 27 17:46:40 GMT 2007
Hello all...
I have a site of about 50 pcs connected to a Samba domain controller.
The domain has been running flawlessly for several years through several
upgrades, and the last one (From Fedora Core 4/ Samba 3.0.23a to FC7/
Samba 3.0.27) seems to have caused something to come unglued.
The Workstations are periodically booting up in the morning and being
unable to contact the domain controller. The Samba server is giving
failed authentication errors for the workstation itself (not the
username/ password) in log.{workstation}.
The upgrade was done nearly a month ago, and roughly 1/2 of the
workstations in the network were unable to connect the following
morning. It happened again last week and about 10 more workstations
were affected. And it happened again today, where 1 workstation and a
member server (Win2003r2) lost their credentials. This time it was a
really bad deal because the member server runs an application that is
mission critical and therefore no one was able to work until it was
fixed.
In all cases, the users are able to log in by disconnecting their
network cable and rebooting, then logging in with the cached credentials
on the workstations. Reconnecting the NIC after login allowed the users
to connect to network resources on the Samba PDC, and work until a
reboot. A 'permanent' fix is to unjoin the PC from the domain and
rejoin again.
I had assumed that the issue was caused by the upgrade somehow, and that
once every system had been re-joined it would go away. However, the
workstation from this morning had been unjoined and rejoined once before
and now I fear that the issue will keep cropping up all over the place.
Ideas, suggestions, flames? I've copied my smb.conf below for your
review as well.
Thanks very much in advance,
Rubin
/etc/samba/smb.conf
[global]
workgroup = WORKGROUP
netbios name = Server
server string = Network File Server
printcap name = cups
enable privileges = yes
load printers = yes
printcap cache time = 60
printing = cups
keepalive = 10000
log file = /var/log/samba/log.%m
max log size = 50
log level = 3
security = user
encrypt passwords = Yes
map to guest = bad user
os level = 65
domain master = yes
preferred master = yes
passdb backend = tdbsam
pam password change = yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
add machine script = /usr/sbin/useradd -d /dev/null -g 200
-s /bin/false -M %u
oplocks = no
level2 oplocks = no
domain logons = Yes
logon script = login%G.bat
logon drive = Z:
logon home = \\server\%U
logon path = \\server\profiles\%U
wins support = Yes
name resolve order = wins hosts bcast
hide unreadable = Yes
# Added in an attempt to fix broken tdbsam backend...
idmap uid = 10000-20000
idmap gid = 10000-20000
dns proxy = yes
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
create mask = 0700
directory mask = 0700
browseable = No
writable = yes
[netlogon]
comment = Netlogon Scripts
path = /var/lib/samba/netlogon
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = yes
writable = no
printable = yes
create mode = 0700
;print command = lpr-cups -P %p -o raw %s -r
use client driver = yes
[print$]
path = /var/lib/samba/printers
read only = yes
browseable = yes
force group = noyle
write list = @noyle root
guest ok = yes
inherit permissions = yes
[profiles]
path = /var/lib/samba/profiles
browseable = no
read only = No
guest ok = yes
writable = yes
create mask = 0600
directory mask = 0700
root preexec = PROFILE='/var/lib/samba/profiles/%u'; if [ ! -e
$PROFILE ]; \
then mkdir -pm700 $PROFILE; chown '%u':'%g' $PROFILE;fi
More information about the samba
mailing list