[Samba] (no subject)

Dale Schroeder dale at BriannasSaladDressing.com
Thu Feb 7 17:01:32 GMT 2008


I have systems using security = ADS and security = domain where 
"password server =" works quite well.  There's something else going on.

Dale

Adam Williams wrote:
> password server = only works when samba is in security = server mode.
>
> security = domain is used when the server is a member server of an NT4 
> style domain (meaning, its not a PDC or a BDC, but another server with 
> some file shares on it and it authenticates to the PDC using LDAP).
>
> when you have a bunch of samba servers like you sound like you do, you 
> should be using an LDAP backend.
>
> Carter, David SIS SB56 ITMOXF POWERGEN wrote:
>> Installed Samba 3.0.10 via 'pkgadd' on Solaris 2.6 workstation s080
>> (137.223.31.80) - previously running Samba 2.2.8 which has worked for a
>> long time.
>> Samba 3.0.10 smb.conf file - changed to security =DOMAIN  from SERVER at
>> 2.2.8 version
>> password server = 137.223.33.45, 137.223.33.72  - these are DCs
>>  
>>
>> # Samba config file created using SWAT
>> # from 127.0.0.1 (127.0.0.1)
>> # Date: 2008/02/07 16:05:52
>>
>> # Global parameters
>> [global]
>>     workgroup = WW007
>>     server string = Samba Server ww007
>>     interfaces = 137.223.31.80/255.255.255.0
>>     bind interfaces only = Yes
>>     security = DOMAIN
>>     password server = 137.223.33.45, 137.223.33.72
>>     client NTLMv2 auth = Yes
>>     client lanman auth = No
>>     client plaintext auth = No
>>     log level = 1
>>     max log size = 50
>>     deadtime = 15
>>     lpq cache time = 30
>>     load printers = No
>>     wins server = 137.223.33.45
>>     follow symlinks = No
>>
>> [ipc$]
>>     path = /tmp
>>     hosts allow = 127.0.0.1, 137.223.26., 137.223.32., 137.223.33.,
>> 137.223.197., 193.35.224.
>>     hosts deny = 0.0.0.0/0
>>
>> [gb400226]
>>     comment = Dave's home directory
>>     path = /d2/home/dgc00226
>>     valid users = gb400226
>>     read only = No
>>     force create mode = 060
>>
>> [gb412533]
>>     comment = Dave Clark's home directory
>>     path = /d2/home/davi
>>     valid users = gb412533, gb4avsched, gb499908
>>     read only = No
>>     force create mode = 060
>>
>>
>>
>> log.nmbd
>> Shows following error approx every 15 mins  Unable to find the Domain 
>> Master Browser name WW007<1b> for the
>> workgroup WW007.
>>   Unable to sync browse lists in this workgroup.
>> [2008/02/06 10:01:49, 0]
>> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>>   find_domain_master_name_query_fail:
>>   Unable to find the Domain Master Browser name WW007<1b> for the
>> workgroup WW007.
>>   Unable to sync browse lists in this workgroup.
>> [2008/02/06 10:16:49, 0]
>> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>>   find_domain_master_name_query_fail:
>>   Unable to find the Domain Master Browser name WW007<1b> for the
>> workgroup WW007.
>>   Unable to sync browse lists in this workgroup.
>> [2008/02/06 10:31:52, 0]
>> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>>   find_domain_master_name_query_fail:
>>   Unable to find the Domain Master Browser name WW007<1b> for the
>> workgroup WW007.
>>   Unable to sync browse lists in this workgroup.
>> [2008/02/06 10:46:52, 0]
>> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
>>
>> log.smbd
>>
>> Shows following at end of log Primary group is 0 and contains 0 
>> supplementary groups
>> [2008/01/30 13:18:24, 5] smbd/uid.c:change_to_root_user(296)
>>   change_to_root_user: now uid=(0,0) gid=(0,0)
>> [2008/01/30 13:18:24, 2] smbd/server.c:exit_server(571)
>>   Closing connections
>> [2008/01/30 13:18:24, 3] smbd/connection.c:yield_connection(69)
>>   Yielding connection to [2008/01/30 13:18:24, 5] 
>> smbd/oplock.c:receive_local_message(107)
>>   receive_local_message: doing select with timeout of 1 ms
>> [2008/01/30 13:18:24, 3] smbd/server.c:exit_server(614)
>>   Server exit (Caught TERM signal)
>> [2008/01/30 13:19:59, 0] smbd/server.c:main(760)
>>   smbd version 3.0.10 started.
>>   Copyright Andrew Tridgell and the Samba Team 1992-2004
>> [2008/01/30 13:36:06, 0] lib/access.c:check_access(328)
>>   Denied connection from  (137.223.31.80)
>> [2008/01/30 13:36:22, 1]
>> auth/auth_server.c:check_smbserver_security(363)
>>   password server 137.223.33.45 rejected the password
>> [2008/02/05 14:30:01, 0] smbd/server.c:main(760)
>>   smbd version 3.0.10 started.
>>   Copyright Andrew Tridgell and the Samba Team 1992-2004
>> [2008/02/05 15:27:53, 0] smbd/server.c:main(760)
>>   smbd version 3.0.10 started.
>>   Copyright Andrew Tridgell and the Samba Team 1992-2004
>>
>> log.winbindd
>>
>> Shows following in parts of log file
>> [2008/01/30 13:16:06, 5] rpc_parse/parse_prs.c:prs_uint32s(869)
>>               1954 sub_auths : 00000015 4862e393 3973dd20 2b3be507 
>> [2008/01/30 13:16:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
>>       1964 status: NT_STATUS_OK
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>>   trustdom_store: storing SID S-1-5-21-789336058-764733703-1417001333 of
>> domain WW007
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>>   trustdom_store: storing SID S-1-5-21-1482476501-261903793-725345543 of
>> domain SIEMENS-NET
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>>   trustdom_store: storing SID S-1-5-21-1834491315-1761740509-1136263860
>> of domain BRANDE
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>>   trustdom_store: storing SID S-1-5-21-65601539-1841329075-1026172630 of
>> domain KWUWED1
>> [2008/01/30 13:16:06, 5]
>> libsmb/trustdom_cache.c:trustdom_cache_store(127)
>>
>> ......
>>
>>  winbindd version 3.0.10 started.
>>   Copyright The Samba Team 2000-2004
>> [2008/02/05 15:27:58, 0]
>> nsswitch/winbindd_util.c:winbindd_param_init(560)
>>   winbindd: idmap uid range missing or invalid
>> [2008/02/05 15:27:58, 0]
>> nsswitch/winbindd_util.c:winbindd_param_init(561)
>>   winbindd: cannot continue, exiting.
>> [2008/02/05 15:27:58, 1] nsswitch/winbindd.c:main(897)
>>   Could not init idmap -- netlogon proxy only
>> [2008/02/05 15:27:59, 1] nsswitch/winbindd_util.c:init_domain_list(327)
>>   Could not fetch sid for our domain WW007
>> [2008/02/05 15:28:24, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>>   get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:24, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>>   get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:25, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>>   get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:25, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>>   get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>>   get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>>   get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>>   get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:28:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034)
>>   get_trust_pw: could not fetch trust account password for my domain
>> WW007
>> [2008/02/05 15:38:02, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>>   cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:38:18, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>>   cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:38:41, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>>   cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:38:59, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>>   cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:39:17, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>>   cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:39:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>>   cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>> [2008/02/05 15:40:50, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>>   cli_pipe: return critical error. Error was Call timed out: server did
>> not respond after 10000 milliseconds
>>
>> although SWAT shows that the daemons ARE running
>> version: 3.0.10 smbd: running   nmbd: running   winbindd: running   
>>     and 'ps -elf' on the Unix Samba server also indicate that the 
>> daemons
>> are running.
>>
>> If the DCs recognise the user attempting to obtain a Samba share on Unix
>> box s080
>> running Samba2.2.8 with the parameters
>> "security = SERVER"
>> "password server = 137.223.33.45, 137.223.33.72"
>> specified in the 2.2.8 smb.conf file, what is causing the problem
>> verifying the  same user obtaining a Samba share on Unix box s080 
>> running Samba3.0.10
>> with parameters
>> "security = SERVER"   or   "security = DOMAIN"
>> "password server = 137.223.33.45, 137.223.33.72"
>>
>>
>> Any help would be appreciated - this is doing my head in!
>>  
>>
>>
>> Kind Regards  Dave Carter
>>
>>   
>


More information about the samba mailing list