[Samba] Strange: Repeatedly lose domain functionality

Roland Kaeser roland.kaeser at ziil.ch
Thu Aug 18 02:05:47 MDT 2011


Hello All 

Since several weeks, we face a very strange problem with a samba pdc and ldapsam. 
It repeatedly seems to loose its pdc functionality. This brings very strange behaviours. 
The server is then already accessable (shares and browsing works as expected), 


but the windows machines cannot make a domain logon anymore (has then a priori no effect because 
they use their cached password), joining new machines to the domain is not longer possible and a new 
user cannot create a new roaming profile (creates only temporary profiles). 


After a samba restart, the server works again as expected. But one or a few days later, it begins again with the 
same problems until the samba service is restarted again. The log files don't say something special to this behaviour. 
Nscd isn't running. Using Samba 3.5.10 on a Centos 5.5 x64, 4GB Memory, 35 users. 


Has somebody experienced the same problems? 


Thanks 




Roland 






the samba smb.conf: 



workgroup = SAMBA 
netbios name = HALLE 
netbios aliases = INSTALL 
security = user 
domain logons = yes 
load printers = yes 
printing = cups 
cups options = "raw" 
guest account = guest 
# log file = /var/log/samba/%M.log 
log file = /var/log/samba/smbd.log 
log level = 0 sam:1 passdb:1 auth:1 winbind:1 
# log level = 1 sam:16 passdb:16 auth:16 winbind:4 
# log level = 1 tdb:16 sam:16 passdb:16 auth:16 ldap:16 
# algorithmic rid base = 2000 
os level = 64 
local master = yes 
domain master = yes 
preferred master = yes 
logon script = login.cmd 
logon path = \\HALLE\Profiles\%U 
logon home = \\HALLE\Profiles\%U\.9xprofile 
logon drive = Z: 
password level = 8 
wins support = yes 
dns proxy = yes 
passdb backend = ldapsam:ldap://localhost 
ldapsam:trusted = yes 
ldapsam:editposix = yes 
unix password sync = Yes 
nt pipe support = Yes 
nt status support = Yes 
time server = Yes 
ldap ssl = no 
host msdfs = no 
ldap suffix = dc=methabau-pur,dc=local 
ldap delete dn = yes 
ldap admin dn = uid=admin,dc=methabau-pur,dc=local 
ldap idmap suffix = ou=idmap 
ldap user suffix = ou=users 
ldap group suffix = ou=groups 
ldap machine suffix = ou=machines 
ldap passwd sync = yes 
null passwords = yes 
hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ 
admin users = Administrator 
map acl inherit = no 
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT SO_SNDBUF=8192 SO_RCVBUF=8192 
getwd cache = yes 
oplocks = yes 
read raw = yes 
write raw = yes 
level2 oplocks = no 
map archive = yes 
map hidden = no 
map read only = yes 
map system = no 
store dos attributes = no 
passwd program = /usr/sbin/smbldap-passwd %u 
idmap backend = ldap:ldap://localhost 
idmap uid = 1000-50000 
idmap gid = 1000-50000 
idmap cache time = 420 
winbind cache time = 420 
idmap alloc backend = ldap 
idmap alloc config : ldap_url = ldap://localhost 
idmap alloc config : ldap_base_dn = ou=idmap,dc=methabau-pur,dc=local 
idmap alloc config : ldap_user_dn = uid=admin,dc=methabau-pur,dc=local 
idmap alloc config : range = 1000-20000 
winbind enum users = yes 
winbind enum groups = yes 
add user script = /usr/sbin/smbldap-useradd -m '%u' 
delete user script = /usr/sbin/smbldap-userdel %u 
add group script = /usr/sbin/smbldap-groupadd -p '%g' 
delete group script = /usr/sbin/smbldap-groupdel '%g' 
add user to group script = /usr/sbin/smbldap-groupmod -m ’%u ’ ’%g ’ 
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' 
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' 
add machine script = /usr/sbin/smbldap-useradd -w '%u' 





#============================ Share Definitions ============================== 
[homes] 
comment = Home Directories 
browseable = no 
writable = yes 
create mode = 0700 
vfs objects = recycle 
recycle:repository = .Papierkorb 
recycle:versions = Yes 
recycle:keeptree = yes 
recycle:touch = Yes 
aio write size = 16384 
aio read size = 16384 
write cache size = 2097152 



[Netlogon] 
comment = Network Logon Service 
path = /Services/Netlogon 
guest ok = yes 
writable = no 
share modes = no 
aio write size = 16384 
aio read size = 16384 
write cache size = 2097152 



[Profiles] 
comment = Network Profiles Share 
read only = no 
store dos attributes = yes 
force user = %U 
create mask = 0600 
directory mask = 0700 
path = /Services/Profiles 
aio write size = 16384 
write cache size = 2097152 
allocation roundup size = 2097152 
use sendfile = yes 
browseable = no 
writable = yes 
guest ok = no 
printable = no 
csc policy = programs 
hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ 
profile acls = yes 





More information about the samba mailing list