[Samba] attempted upgrade this weekend

Mike Eggleston mikeegg1 at me.com
Mon Apr 27 11:37:53 GMT 2009 

Morning,

This weekend I attempted an upgrade of my primary samba server from 3.0.24
to 3.3.3. When testing this primary server after the upgrade I had a
few issues, so rolled back the upgrade until I can find solutions. This
server also has the OpenLDAP server local to and co-located with samba.

The two things that initially didn't seem right are that each time I
logged into a windows XP box I was told my password had exprired and
must be changed, and my roaming profile could not be accessed. Even
after changing my password, when I logged out and back in I got the same
password expired message.

I had another event scheduled and couldn't diagnose the issue. I
hope the issue is simply a difference in the configuration (smb.conf)
between 3.0.24 and 3.3.3. I've attached a sanitized version of my config
below. Does anyone see any issues?

Samba is the first of a series of upgrades. After samba is Cyrus then
OpenLDAP.

Samba is compiled locally on this box, so it pulls in the current library
versions, etc.

The output of the smbd-3.0.24 and smbd-3.3.3 (both -b) seem the same
to me.

Thanks for having a look at this. I'll try another upgrade this coming
weekend.

Mike

Fedora Core 5
Samba upgrade from 3.0.24 to 3.3.3
OpenLDAP 2.3.30


---------------------------
# Samba config file created using SWAT
# from 10.1.2.43 (10.1.2.43)
# Date: 2006/08/03 15:11:35

[global]
	security = USER
	client plaintext auth = Yes
	client lanman auth = Yes
	lanman auth = No
	ntlm auth = Yes
	guest account = nobody
	#admin users = manager, root
	admin users = 
	hosts allow = .domain.com, 10.1.2., 10.1.3., 192.168.100.
	cups options = raw
	wins support = yes
	name resolve order = wins lmhosts host bcast
	dns proxy = no
	usershare allow guests = yes
	time server = yes

	workgroup = PWI
	netbios name = elo
	netbios aliases = loghost, mailhost, backuphost, ldaphost
	server string = Samba Server (%h)
	logon drive = H:
	logon home = \\%h\%U
	logon path = \\%h\profiles\%U
	logon script = logon.bat
	ldap delete dn = Yes
	ldap suffix = dc=domain,dc=com
	ldap admin dn = cn=manager,dc=domain,dc=com
	ldap user suffix = ou=people
	ldap group suffix = ou=groups
	ldap machine suffix = ou=machines
	ldap ssl = off
	ldapsam:trusted = Yes
	ldap timeout = 15
	utmp directory = /var/run
	wtmp directory = /var/log
	utmp = Yes

	encrypt passwords = Yes
	password level = 0
	password server = ldaphost.domain.com
	passdb backend = ldapsam:ldap://ldaphost.domain.com
	ldap passwd sync = Yes
	unix password sync = No
	passwd program = /usr/sbin/smbldap-passwd %u
	#pam password change = Yes
	passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new password*" %n\n
	passwd chat debug = Yes
	#client use spnego = No
	#use spnego = No

	os level = 66
	preferred master = Yes
	local master = Yes
	domain master = Yes
	domain logons = Yes
	allow trusted domains = Yes

#	log level = 255
#	log level = 100
#	log level = 4
#	log level = 3 ldap:10 passdb:10 auth:10 winbind:10
#	log level = 3
#	log level = 2
	log level = 1
	log file = /var/log/samba/%m.log
	max log size = 10000

	#socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
	#socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
	#socket options = TCP_NODELAY
	# trying to make things faster
	#socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=1500

	#add user script = /usr/sbin/smbldap-useradd -m "%u"
	add user script = /usr/sbin/smbldap-useradd -a -A 1 -B 1 -s /bin/bash -c "%u" -d /home/%u -C "\\\\%h\\%u" -D "H:" -M "%u at domain.com" %u
	delete user script = /usr/sbin/smbldap-userdel "%u"
	add group script = /usr/sbin/smbldap-groupadd -p "%g"
	delete group script = /usr/sbin/smbldap-groupdel "%g"
	add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /usr/sbin/smbldap-groupmod -x "%g" "%u"
	set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
	#add machine script = /usr/sbin/smbldap-useradd -w "%u"
	#add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -s /bin/false -c "%u machine account" -d /dev/null %u
	#add machine script = /usr/sbin/smbldap-useradd -w -i "%u" -t 5
	#add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -t 5 "%u"
	#add machine script = /usr/sbin/smbldap-useradd -w -i -A 0 -B 0 -t 5 "%u"

	#max smbd processes = 200
	deadtime = 60

	# trying to get rid of an error in the smb logs by not listening to port 445
	smb ports = 139

[netlogon]
	comment = Network Logon Services
	path = /etc/samba/netlogon
	browseable = No
	writable = No
	read only = Yes
	guest ok = Yes

[profiles]
	comment = Roaming User Profiles
	path = /etc/samba/profiles
	browseable = Yes
	writable = Yes
	read only = No
	guest ok = Yes
	hide files = /DESKTOP.INI/Desktop.ini/desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
	#store dos attributes = Yes
	create mask = 0600
	directory mask = 0700
	#printable = no
	csc policy = disable
	#force user = %U

[homes]
	comment = Home Directories
	read only = No
	guest ok = No
	browseable = No
	map read only = Permissions
	directory mask = 0755

[printers]
	comment = All Printers
	path = /usr/spool/samba
	printable = Yes
	browseable = No

[Pointwise]
	comment = Pointwise Corporate Files
	path = /opt/domain
	#create mask = 0765
	force create mode = 664
	force group = pwi
	browseable = Yes
	printable = No
	guest ok = No
	writeable = Yes
	read only = No

[Backups]
	comment = Backup files are stored here
	path = /opt/backups
	browseable = Yes
	printable = No

[Data]
	comment = Storage for support and other data.
	path = /opt/data
	browseable = Yes
	printable = No

[tmp]
	comment = temporary files
	path = /tmp
	browseable = Yes
	printable = No
	guest ok = Yes
	guest only = No
	writeable = Yes
	read only = No
	force create mode = 664
---------------------------

More information about the samba mailing list