[Samba] (no subject)

Adam Williams awilliam at mdah.state.ms.us
Thu Feb 7 16:46:09 GMT 2008 

password server = only works when samba is in security = server mode.

security = domain is used when the server is a member server of an NT4 
style domain (meaning, its not a PDC or a BDC, but another server with 
some file shares on it and it authenticates to the PDC using LDAP).

when you have a bunch of samba servers like you sound like you do, you 
should be using an LDAP backend.

Carter, David SIS SB56 ITMOXF POWERGEN wrote:
> Installed Samba 3.0.10 via 'pkgadd' on Solaris 2.6 workstation s080
> (137.223.31.80) - previously running Samba 2.2.8 which has worked for a
> long time. 
>
> Samba 3.0.10 smb.conf file - changed to security =DOMAIN  from SERVER at
> 2.2.8 version
> password server = 137.223.33.45, 137.223.33.72  - these are DCs
>  
>
> # Samba config file created using SWAT
> # from 127.0.0.1 (127.0.0.1)
> # Date: 2008/02/07 16:05:52
>
> # Global parameters
> [global]
> 	workgroup = WW007
> 	server string = Samba Server ww007
> 	interfaces = 137.223.31.80/255.255.255.0
> 	bind interfaces only = Yes
> 	security = DOMAIN
> 	password server = 137.223.33.45, 137.223.33.72
> 	client NTLMv2 auth = Yes
> 	client lanman auth = No
> 	client plaintext auth = No
> 	log level = 1
> 	max log size = 50
> 	deadtime = 15
> 	lpq cache time = 30
> 	load printers = No
> 	wins server = 137.223.33.45
> 	follow symlinks = No
>
> [ipc$]
> 	path = /tmp
> 	hosts allow = 127.0.0.1, 137.223.26., 137.223.32., 137.223.33.,
> 137.223.197., 193.35.224.
> 	hosts deny = 0.0.0.0/0
>
> [gb400226]
> 	comment = Dave's home directory
> 	path = /d2/home/dgc00226
> 	valid users = gb400226
> 	read only = No
> 	force create mode = 060
>
> [gb412533]
> 	comment = Dave Clark's home directory
> 	path = /d2/home/davi
> 	valid users = gb412533, gb4avsched, gb499908
> 	read only = No
> 	force create mode = 060
>
>
>
> log.nmbd 
>
> Shows following error approx every 15 mins 
>  Unable to find the Domain Master Browser name WW007<1b> for the
> workgroup WW007.
>   Unable to sync browse lists in this workgroup.
> [2008/02/06 10:01:49, 0]
> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>   find_domain_master_name_query_fail:
>   Unable to find the Domain Master Browser name WW007<1b> for the
> workgroup WW007.
>   Unable to sync browse lists in this workgroup.
> [2008/02/06 10:16:49, 0]
> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>   find_domain_master_name_query_fail:
>   Unable to find the Domain Master Browser name WW007<1b> for the
> workgroup WW007.
>   Unable to sync browse lists in this workgroup.
> [2008/02/06 10:31:52, 0]
> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>   find_domain_master_name_query_fail:
>   Unable to find the Domain Master Browser name WW007<1b> for the
> workgroup WW007.
>   Unable to sync browse lists in this workgroup.
> [2008/02/06 10:46:52, 0]
> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>
> log.smbd
>
> Shows following at end of log 
> Primary group is 0 and contains 0 supplementary groups
> [2008/01/30 13:18:24, 5] smbd/uid.c:change_to_root_user(296)
>   change_to_root_user: now uid=(0,0) gid=(0,0)
> [2008/01/30 13:18:24, 2] smbd/server.c:exit_server(571)
>   Closing connections
> [2008/01/30 13:18:24, 3] smbd/connection.c:yield_connection(69)
>   Yielding connection to 
> [2008/01/30 13:18:24, 5] smbd/oplock.c:receive_local_message(107)
>   receive_local_message: doing select with timeout of 1 ms
> [2008/01/30 13:18:24, 3] smbd/server.c:exit_server(614)
>   Server exit (Caught TERM signal)
> [2008/01/30 13:19:59, 0] smbd/server.c:main(760)
>   smbd version 3.0.10 started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2004
> [2008/01/30 13:36:06, 0] lib/access.c:check_access(328)
>   Denied connection from  (137.223.31.80)
> [2008/01/30 13:36:22, 1]
> auth/auth_server.c:check_smbserver_security(363)
>   password server 137.223.33.45 rejected the password
> [2008/02/05 14:30:01, 0] smbd/server.c:main(760)
>   smbd version 3.0.10 started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2004
> [2008/02/05 15:27:53, 0] smbd/server.c:main(760)
>   smbd version 3.0.10 started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2004
>
> log.winbindd
>
> Shows following in parts of log file
> [2008/01/30 13:16:06, 5] rpc_parse/parse_prs.c:prs_uint32s(869)
>               1954 sub_auths : 00000015 4862e393 3973dd20 2b3be507 
> [2008/01/30 13:16:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
>       1964 status: NT_STATUS_OK
> [2008/01/30 13:16:06, 5]
> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>   trustdom_store: storing SID S-1-5-21-789336058-764733703-1417001333 of
> domain WW007
> [2008/01/30 13:16:06, 5]
> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>   trustdom_store: storing SID S-1-5-21-1482476501-261903793-725345543 of
> domain SIEMENS-NET
> [2008/01/30 13:16:06, 5]
> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>   trustdom_store: storing SID S-1-5-21-1834491315-1761740509-1136263860
> of domain BRANDE
> [2008/01/30 13:16:06, 5]
> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>   trustdom_store: storing SID S-1-5-21-65601539-1841329075-1026172630 of
> domain KWUWED1
> [2008/01/30 13:16:06, 5]
> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>
> ......
>
>  winbindd version 3.0.10 started.
>   Copyright The Samba Team 2000-2004
> [2008/02/05 15:27:58, 0]
> nsswitch/winbindd_util.c:winbindd_param_init(560)
>   winbindd: idmap uid range missing or invalid
> [2008/02/05 15:27:58, 0]
> nsswitch/winbindd_util.c:winbindd_param_init(561)
>   winbindd: cannot continue, exiting.
> [2008/02/05 15:27:58, 1] nsswitch/winbindd.c:main(897)
>   Could not init idmap -- netlogon proxy only
> [2008/02/05 15:27:59, 1] nsswitch/winbindd_util.c:init_domain_list(327)
>   Could not fetch sid for our domain WW007
> [2008/02/05 15:28:24, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>   get_trust_pw: could not fetch trust account password for my domain
> WW007
> [2008/02/05 15:28:24, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>   get_trust_pw: could not fetch trust account password for my domain
> WW007
> [2008/02/05 15:28:25, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>   get_trust_pw: could not fetch trust account password for my domain
> WW007
> [2008/02/05 15:28:25, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>   get_trust_pw: could not fetch trust account password for my domain
> WW007
> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>   get_trust_pw: could not fetch trust account password for my domain
> WW007
> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>   get_trust_pw: could not fetch trust account password for my domain
> WW007
> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>   get_trust_pw: could not fetch trust account password for my domain
> WW007
> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>   get_trust_pw: could not fetch trust account password for my domain
> WW007
> [2008/02/05 15:38:02, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>   cli_pipe: return critical error. Error was Call timed out: server did
> not respond after 10000 milliseconds
> [2008/02/05 15:38:18, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>   cli_pipe: return critical error. Error was Call timed out: server did
> not respond after 10000 milliseconds
> [2008/02/05 15:38:41, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>   cli_pipe: return critical error. Error was Call timed out: server did
> not respond after 10000 milliseconds
> [2008/02/05 15:38:59, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>   cli_pipe: return critical error. Error was Call timed out: server did
> not respond after 10000 milliseconds
> [2008/02/05 15:39:17, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>   cli_pipe: return critical error. Error was Call timed out: server did
> not respond after 10000 milliseconds
> [2008/02/05 15:39:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>   cli_pipe: return critical error. Error was Call timed out: server did
> not respond after 10000 milliseconds
> [2008/02/05 15:40:50, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>   cli_pipe: return critical error. Error was Call timed out: server did
> not respond after 10000 milliseconds
>
> although SWAT shows that the daemons ARE running
> version: 3.0.10 
> smbd: running   
> nmbd: running   
> winbindd: running   
>     
> and 'ps -elf' on the Unix Samba server also indicate that the daemons
> are running.
>
> If the DCs recognise the user attempting to obtain a Samba share on Unix
> box s080
> running Samba2.2.8 with the parameters
> "security = SERVER"
> "password server = 137.223.33.45, 137.223.33.72"
> specified in the 2.2.8 smb.conf file, what is causing the problem
> verifying the  
> same user obtaining a Samba share on Unix box s080 running Samba3.0.10
> with parameters
> "security = SERVER"   or   "security = DOMAIN"
> "password server = 137.223.33.45, 137.223.33.72"
>
>
> Any help would be appreciated - this is doing my head in!
>  
>
>
> Kind Regards  
> Dave Carter
>
>

More information about the samba mailing list