[Samba] security = domain -- samba adds its netbios name as samba
domain to LDAP
Christian Brandes
christian.brandes at forschungsgruppe.de
Fri Oct 5 12:11:23 GMT 2007
Hi!
I am running a RedHat Cluster with Samba shares that can failover to
other nodes.
On every node there is one Samba instance running permanently and acting
as BDC (BDC instance) for my Samba domain, that binds to the physical
network interfaces of the node.
When starting a samba resource on a cluster node, I mount the
corresponding file system from SAN on that node and start another
instance of Samba. Each share instance has it's own config- log- and
pid-files and binds to a virtual network interface that is created by
the cluster.
For the share instances I set "security = domain" to let this instance
authenticate against one of the BDC instances.
When starting a share instance, it looks for its samba domain in LDAP,
when it does not find it, it creates it.
The problem is:
It takes its' netbios name as domain name and not the workgroup as
supposed.
The samba domain should be "mycompany" as stated in workgroup and not
"USER" as stated in netbios name!
I am running:
Ubuntu 7.04 with 2.6.20-16-server kernel
3.0.24-2ubuntu1.2 (included in Ubuntu distribution)
log.smbd:
[2007/10/05 14:03:38, 2] lib/smbldap_util.c:smbldap_search_domain_info(219)
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=USER))]
[2007/10/05 14:03:38, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2007/10/05 14:03:38, 3] lib/smbldap.c:smbldap_connect_system(992)
ldap_connect_system: succesful connection to the LDAP server
[2007/10/05 14:03:38, 3] lib/smbldap_util.c:smbldap_search_domain_info(241)
smbldap_search_domain_info: Got no domain info entries for domain
[2007/10/05 14:03:38, 3] lib/smbldap_util.c:add_new_domain_info(130)
add_new_domain_info: Adding new domain
[2007/10/05 14:03:38, 2] lib/smbldap_util.c:add_new_domain_info(195)
add_new_domain_info: added: domain = USER in the LDAP database
[2007/10/05 14:03:38, 3]
lib/smbldap_util.c:add_new_domain_account_policies(43)
add_new_domain_account_policies: Adding new account policies for domain
[2007/10/05 14:03:38, 2] lib/smbldap_util.c:smbldap_search_domain_info(219)
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=USER))]
My smb.conf for the share instance:
[global]
workgroup = mycompany
netbios name = user
server string = %L-%h
wins server = 192.168.2.235
dns proxy = yes
pid directory = /var/run/samba/%L/
lock directory = /var/run/samba/%L/locks
interfaces = 192.168.6.236 192.168.1.236
bind interfaces only = true
log file = /SERVICE/samba/var/log/samba/%L/log.%m
log level = 3
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action "%h-%L: %d"
security = domain
password server = vserver server1 server2 server3 server4
encrypt passwords = true
obey pam restrictions = yes
guest account = nobody
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = "*New password:*" %n\n "*Re-enter new password:*" %n\n
"*LDAP password information changed for*"
passwd chat debug = yes
domain logons = no
local master = no
os level = 60
domain master = no
preferred master = no
logon path =
logon drive =
passdb backend = ldapsam:ldap://192.168.6.229/
ldap admin dn = cn=administrator,dc=mylocation,dc=mycompany
ldap suffix = dc=mylocation,dc=mycompany
ldap group suffix = ou=Group
ldap user suffix = ou=User
ldap machine suffix = ou=Machine
load printers = no
printcap name = /dev/null
disable spoolss = yes
socket options = TCP_NODELAY
idmap domains = mycompany
#Cache
aio read size = 0
aio write size = 0
blocking locks = yes
fake oplocks = no
kernel oplocks = yes
level2 oplocks = no
oplocks = no
posix locking = yes
strict locking = no
strict sync = no
sync always = no
write cache size = 0
#Shares
[USER]
comment = Benutzerdaten
path = /USER
browseable = yes
read only = no
read only = No
guest ok = Yes
hide dot files = No
Any ideas?
I would be glad for some help.
Best regards
Christian
More information about the samba
mailing list