[Samba] attempted upgrade this weekend
Mike Eggleston
mikeegg1 at me.com
Mon Apr 27 11:37:53 GMT 2009
Morning,
This weekend I attempted an upgrade of my primary samba server from 3.0.24
to 3.3.3. When testing this primary server after the upgrade I had a
few issues, so rolled back the upgrade until I can find solutions. This
server also has the OpenLDAP server local to and co-located with samba.
The two things that initially didn't seem right are that each time I
logged into a windows XP box I was told my password had exprired and
must be changed, and my roaming profile could not be accessed. Even
after changing my password, when I logged out and back in I got the same
password expired message.
I had another event scheduled and couldn't diagnose the issue. I
hope the issue is simply a difference in the configuration (smb.conf)
between 3.0.24 and 3.3.3. I've attached a sanitized version of my config
below. Does anyone see any issues?
Samba is the first of a series of upgrades. After samba is Cyrus then
OpenLDAP.
Samba is compiled locally on this box, so it pulls in the current library
versions, etc.
The output of the smbd-3.0.24 and smbd-3.3.3 (both -b) seem the same
to me.
Thanks for having a look at this. I'll try another upgrade this coming
weekend.
Mike
Fedora Core 5
Samba upgrade from 3.0.24 to 3.3.3
OpenLDAP 2.3.30
---------------------------
# Samba config file created using SWAT
# from 10.1.2.43 (10.1.2.43)
# Date: 2006/08/03 15:11:35
[global]
security = USER
client plaintext auth = Yes
client lanman auth = Yes
lanman auth = No
ntlm auth = Yes
guest account = nobody
#admin users = manager, root
admin users =
hosts allow = .domain.com, 10.1.2., 10.1.3., 192.168.100.
cups options = raw
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
usershare allow guests = yes
time server = yes
workgroup = PWI
netbios name = elo
netbios aliases = loghost, mailhost, backuphost, ldaphost
server string = Samba Server (%h)
logon drive = H:
logon home = \\%h\%U
logon path = \\%h\profiles\%U
logon script = logon.bat
ldap delete dn = Yes
ldap suffix = dc=domain,dc=com
ldap admin dn = cn=manager,dc=domain,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap ssl = off
ldapsam:trusted = Yes
ldap timeout = 15
utmp directory = /var/run
wtmp directory = /var/log
utmp = Yes
encrypt passwords = Yes
password level = 0
password server = ldaphost.domain.com
passdb backend = ldapsam:ldap://ldaphost.domain.com
ldap passwd sync = Yes
unix password sync = No
passwd program = /usr/sbin/smbldap-passwd %u
#pam password change = Yes
passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new password*" %n\n
passwd chat debug = Yes
#client use spnego = No
#use spnego = No
os level = 66
preferred master = Yes
local master = Yes
domain master = Yes
domain logons = Yes
allow trusted domains = Yes
# log level = 255
# log level = 100
# log level = 4
# log level = 3 ldap:10 passdb:10 auth:10 winbind:10
# log level = 3
# log level = 2
log level = 1
log file = /var/log/samba/%m.log
max log size = 10000
#socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
#socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
#socket options = TCP_NODELAY
# trying to make things faster
#socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=1500
#add user script = /usr/sbin/smbldap-useradd -m "%u"
add user script = /usr/sbin/smbldap-useradd -a -A 1 -B 1 -s /bin/bash -c "%u" -d /home/%u -C "\\\\%h\\%u" -D "H:" -M "%u at domain.com" %u
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%g" "%u"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
#add machine script = /usr/sbin/smbldap-useradd -w "%u"
#add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -s /bin/false -c "%u machine account" -d /dev/null %u
#add machine script = /usr/sbin/smbldap-useradd -w -i "%u" -t 5
#add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -t 5 "%u"
#add machine script = /usr/sbin/smbldap-useradd -w -i -A 0 -B 0 -t 5 "%u"
#max smbd processes = 200
deadtime = 60
# trying to get rid of an error in the smb logs by not listening to port 445
smb ports = 139
[netlogon]
comment = Network Logon Services
path = /etc/samba/netlogon
browseable = No
writable = No
read only = Yes
guest ok = Yes
[profiles]
comment = Roaming User Profiles
path = /etc/samba/profiles
browseable = Yes
writable = Yes
read only = No
guest ok = Yes
hide files = /DESKTOP.INI/Desktop.ini/desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
#store dos attributes = Yes
create mask = 0600
directory mask = 0700
#printable = no
csc policy = disable
#force user = %U
[homes]
comment = Home Directories
read only = No
guest ok = No
browseable = No
map read only = Permissions
directory mask = 0755
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[Pointwise]
comment = Pointwise Corporate Files
path = /opt/domain
#create mask = 0765
force create mode = 664
force group = pwi
browseable = Yes
printable = No
guest ok = No
writeable = Yes
read only = No
[Backups]
comment = Backup files are stored here
path = /opt/backups
browseable = Yes
printable = No
[Data]
comment = Storage for support and other data.
path = /opt/data
browseable = Yes
printable = No
[tmp]
comment = temporary files
path = /tmp
browseable = Yes
printable = No
guest ok = Yes
guest only = No
writeable = Yes
read only = No
force create mode = 664
---------------------------
More information about the samba
mailing list