[Samba] (no subject)
Dale Schroeder
dale at BriannasSaladDressing.com
Thu Feb 7 17:01:32 GMT 2008
I have systems using security = ADS and security = domain where
"password server =" works quite well. There's something else going on.
Dale
Adam Williams wrote:
> password server = only works when samba is in security = server mode.
>
> security = domain is used when the server is a member server of an NT4
> style domain (meaning, its not a PDC or a BDC, but another server with
> some file shares on it and it authenticates to the PDC using LDAP).
>
> when you have a bunch of samba servers like you sound like you do, you
> should be using an LDAP backend.
>
> Carter, David SIS SB56 ITMOXF POWERGEN wrote:
>> Installed Samba 3.0.10 via 'pkgadd' on Solaris 2.6 workstation s080
>> (137.223.31.80) - previously running Samba 2.2.8 which has worked for a
>> long time.
>> Samba 3.0.10 smb.conf file - changed to security =DOMAIN from SERVER at
>> 2.2.8 version
>> password server = 137.223.33.45, 137.223.33.72 - these are DCs
>>
>>
>> # Samba config file created using SWAT
>> # from 127.0.0.1 (127.0.0.1)
>> # Date: 2008/02/07 16:05:52
>>
>> # Global parameters
>> [global]
>> workgroup = WW007
>> server string = Samba Server ww007
>> interfaces = 137.223.31.80/255.255.255.0
>> bind interfaces only = Yes
>> security = DOMAIN
>> password server = 137.223.33.45, 137.223.33.72
>> client NTLMv2 auth = Yes
>> client lanman auth = No
>> client plaintext auth = No
>> log level = 1
>> max log size = 50
>> deadtime = 15
>> lpq cache time = 30
>> load printers = No
>> wins server = 137.223.33.45
>> follow symlinks = No
>>
>> [ipc$]
>> path = /tmp
>> hosts allow = 127.0.0.1, 137.223.26., 137.223.32., 137.223.33.,
>> 137.223.197., 193.35.224.
>> hosts deny = 0.0.0.0/0
>>
>> [gb400226]
>> comment = Dave's home directory
>> path = /d2/home/dgc00226
>> valid users = gb400226
>> read only = No
>> force create mode = 060
>>
>> [gb412533]
>> comment = Dave Clark's home directory
>> path = /d2/home/davi
>> valid users = gb412533, gb4avsched, gb499908
>> read only = No
>> force create mode = 060
>>
>>
>>
>> log.nmbd
>> Shows following error approx every 15 mins Unable to find the Domain
>> Master Browser name WW007<1b> for the
>> workgroup WW007.
>> Unable to sync browse lists in this workgroup.
>> [2008/02/06 10:01:49, 0]
>> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>> find_domain_master_name_query_fail:
>> Unable to find the Domain Master Browser name WW007<1b> for the
>> workgroup WW007.
>> Unable to sync browse lists in this workgroup.
>> [2008/02/06 10:16:49, 0]
>> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>> find_domain_master_name_query_fail:
>> Unable to find the Domain Master Browser name WW007<1b> for the
>> workgroup WW007.
>> Unable to sync browse lists in this workgroup.
>> [2008/02/06 10:31:52, 0]
>> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>> find_domain_master_name_query_fail:
>> Unable to find the Domain Master Browser name WW007<1b> for the
>> workgroup WW007.
>> Unable to sync browse lists in this workgroup.
>> [2008/02/06 10:46:52, 0]
>> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>>
>> log.smbd
>>
>> Shows following at end of log Primary group is 0 and contains 0
>> supplementary groups
>> [2008/01/30 13:18:24, 5] smbd/uid.c:change_to_root_user(296)
>> change_to_root_user: now uid=(0,0) gid=(0,0)
>> [2008/01/30 13:18:24, 2] smbd/server.c:exit_server(571)
>> Closing connections
>> [2008/01/30 13:18:24, 3] smbd/connection.c:yield_connection(69)
>> Yielding connection to [2008/01/30 13:18:24, 5]
>> smbd/oplock.c:receive_local_message(107)
>> receive_local_message: doing select with timeout of 1 ms
>> [2008/01/30 13:18:24, 3] smbd/server.c:exit_server(614)
>> Server exit (Caught TERM signal)
>> [2008/01/30 13:19:59, 0] smbd/server.c:main(760)
>> smbd version 3.0.10 started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2004
>> [2008/01/30 13:36:06, 0] lib/access.c:check_access(328)
>> Denied connection from (137.223.31.80)
>> [2008/01/30 13:36:22, 1]
>> auth/auth_server.c:check_smbserver_security(363)
>> password server 137.223.33.45 rejected the password
>> [2008/02/05 14:30:01, 0] smbd/server.c:main(760)
>> smbd version 3.0.10 started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2004
>> [2008/02/05 15:27:53, 0] smbd/server.c:main(760)
>> smbd version 3.0.10 started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2004
>>
>> log.winbindd
>>
>> Shows following in parts of log file
>> [2008/01/30 13:16:06, 5] rpc_parse/parse_prs.c:prs_uint32s(869)
>> 1954 sub_auths : 00000015 4862e393 3973dd20 2b3be507
>> [2008/01/30 13:16:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
>> 1964 status: NT_STATUS_OK
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>> trustdom_store: storing SID S-1-5-21-789336058-764733703-1417001333 of
>> domain WW007
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>> trustdom_store: storing SID S-1-5-21-1482476501-261903793-725345543 of
>> domain SIEMENS-NET
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>> trustdom_store: storing SID S-1-5-21-1834491315-1761740509-1136263860
>> of domain BRANDE
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>> trustdom_store: storing SID S-1-5-21-65601539-1841329075-1026172630 of
>> domain KWUWED1
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>>
>> ......
>>
>> winbindd version 3.0.10 started.
>> Copyright The Samba Team 2000-2004
>> [2008/02/05 15:27:58, 0]
>> nsswitch/winbindd_util.c:winbindd_param_init(560)
>> winbindd: idmap uid range missing or invalid
>> [2008/02/05 15:27:58, 0]
>> nsswitch/winbindd_util.c:winbindd_param_init(561)
>> winbindd: cannot continue, exiting.
>> [2008/02/05 15:27:58, 1] nsswitch/winbindd.c:main(897)
>> Could not init idmap -- netlogon proxy only
>> [2008/02/05 15:27:59, 1] nsswitch/winbindd_util.c:init_domain_list(327)
>> Could not fetch sid for our domain WW007
>> [2008/02/05 15:28:24, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>> get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:24, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>> get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:25, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>> get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:25, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>> get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>> get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>> get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>> get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>> get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:38:02, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>> cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:38:18, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>> cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:38:41, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>> cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:38:59, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>> cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:39:17, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>> cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:39:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>> cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:40:50, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>> cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>>
>> although SWAT shows that the daemons ARE running
>> version: 3.0.10 smbd: running nmbd: running winbindd: running
>> and 'ps -elf' on the Unix Samba server also indicate that the
>> daemons
>> are running.
>>
>> If the DCs recognise the user attempting to obtain a Samba share on Unix
>> box s080
>> running Samba2.2.8 with the parameters
>> "security = SERVER"
>> "password server = 137.223.33.45, 137.223.33.72"
>> specified in the 2.2.8 smb.conf file, what is causing the problem
>> verifying the same user obtaining a Samba share on Unix box s080
>> running Samba3.0.10
>> with parameters
>> "security = SERVER" or "security = DOMAIN"
>> "password server = 137.223.33.45, 137.223.33.72"
>>
>>
>> Any help would be appreciated - this is doing my head in!
>>
>>
>>
>> Kind Regards Dave Carter
>>
>>
>
More information about the samba
mailing list