[Samba] security = domain -- samba adds its netbios name as samba domain to LDAP

Christian Brandes christian.brandes at forschungsgruppe.de
Fri Oct 5 12:11:23 GMT 2007


I am running a RedHat Cluster with Samba shares that can failover to 
other nodes.
On every node there is one Samba instance running permanently and acting 
as BDC (BDC instance) for my Samba domain, that binds to the physical 
network interfaces of the node.

When starting a samba resource on a cluster node, I mount the 
corresponding file system from SAN on that node and start another 
instance of Samba. Each share instance has it's own config- log- and 
pid-files and binds to a virtual network interface that is created by 
the cluster.

For the share instances I set "security = domain" to let this instance 
authenticate against one of the BDC instances.

When starting a share instance, it looks for its samba domain in LDAP, 
when it does not find it, it creates it.
The problem is:
	It takes its' netbios name as domain name and not the workgroup as 

The samba domain should be "mycompany" as stated in workgroup and not 
"USER" as stated in netbios name!

I am running:
	Ubuntu 7.04 with 2.6.20-16-server kernel
	3.0.24-2ubuntu1.2 (included in Ubuntu distribution)

[2007/10/05 14:03:38, 2] lib/smbldap_util.c:smbldap_search_domain_info(219)
   smbldap_search_domain_info: Searching 
[2007/10/05 14:03:38, 2] lib/smbldap.c:smbldap_open_connection(788)
   smbldap_open_connection: connection opened
[2007/10/05 14:03:38, 3] lib/smbldap.c:smbldap_connect_system(992)
   ldap_connect_system: succesful connection to the LDAP server
[2007/10/05 14:03:38, 3] lib/smbldap_util.c:smbldap_search_domain_info(241)
   smbldap_search_domain_info: Got no domain info entries for domain
[2007/10/05 14:03:38, 3] lib/smbldap_util.c:add_new_domain_info(130)
   add_new_domain_info: Adding new domain
[2007/10/05 14:03:38, 2] lib/smbldap_util.c:add_new_domain_info(195)
   add_new_domain_info: added: domain = USER in the LDAP database
[2007/10/05 14:03:38, 3] 
   add_new_domain_account_policies: Adding new account policies for domain
[2007/10/05 14:03:38, 2] lib/smbldap_util.c:smbldap_search_domain_info(219)
   smbldap_search_domain_info: Searching 

My smb.conf for the share instance:

    workgroup = mycompany
    netbios name = user
    server string = %L-%h

    wins server =

    dns proxy = yes

    pid directory = /var/run/samba/%L/
    lock directory = /var/run/samba/%L/locks

    interfaces =
    bind interfaces only = true

    log file = /SERVICE/samba/var/log/samba/%L/log.%m
    log level = 3
    max log size = 1000
    syslog = 0

    panic action = /usr/share/samba/panic-action "%h-%L: %d"

    security = domain
    password server = vserver server1 server2 server3 server4
    encrypt passwords = true

    obey pam restrictions = yes

    guest account = nobody

    unix password sync = yes

    passwd program = /usr/bin/passwd %u
    passwd chat = "*New password:*" %n\n "*Re-enter new password:*" %n\n 
"*LDAP password information changed for*"
    passwd chat debug = yes

    domain logons = no
    local master = no
    os level = 60
    domain master = no
    preferred master = no

    logon path =
    logon drive =

    passdb backend = ldapsam:ldap://
    ldap admin dn = cn=administrator,dc=mylocation,dc=mycompany
    ldap suffix = dc=mylocation,dc=mycompany
    ldap group suffix = ou=Group
    ldap user suffix = ou=User
    ldap machine suffix = ou=Machine

    load printers = no
    printcap name = /dev/null
    disable spoolss = yes

    socket options = TCP_NODELAY

    idmap domains = mycompany

    aio read size = 0
    aio write size = 0
    blocking locks = yes
    fake oplocks = no
    kernel oplocks = yes
    level2 oplocks = no
    oplocks = no
    posix locking = yes
    strict locking = no
    strict sync = no
    sync always = no
    write cache size = 0

    comment = Benutzerdaten
    path = /USER
    browseable = yes
    read only = no
         read only = No
         guest ok = Yes
         hide dot files = No

Any ideas?
I would be glad for some help.

Best regards

More information about the samba mailing list