[Samba] Windows 7 + Samba domain issues

Moray Henderson Moray.Henderson at ict-software.org
Mon Jul 4 09:22:46 MDT 2011


Ivan H Dichev wrote:

I've found a threat in Samba forum, about an issues with Win7 and Samba
observed by Alex Ferrara. 

 <http://lists.samba.org/archive/samba/2009-December/152353.html>
http://lists.samba.org/archive/samba/2009-December/152353.html 

As I understood, you had similar errors while ago.. Did you realized what
was the problem ? 

 

Hi Ivan,

 

There appear to be (at least) two possible issues.  If a workstation is left
switched on, or hibernates instead of being switched off, its machine
account password can get out out of sync with the server.  See Gaiseric
Vandal, 30 June 2011 03:57, 'Re: [Samba] Windows 7 caching credentials
breaks with hibernation'.  The other is that in newer Samba versions
(samba3-3.4.9-42.el5 and samba3-3.5.9-44.el5) when a machine joins the
domain its username is in upper case in the Samba password database but in
lower case in the Linux password database.  This results in errors in the
Samba logs and possibly other authentication and lookup issues.

 

To fix that last one I am replacing the normal 'add machine script' with
this:

 

add machine script = /var/lib/samba/scripts/machineadd.sh "%u"

 

where /var/lib/samba/scripts/machineadd.sh is:

 

#!/bin/bash

#

# Join a machine to the domain

#

 

machine=`echo $1 | tr '[[:lower:]]' '[[:upper:]]'`

/usr/sbin/useradd -n -g machines -c Machine -d /dev/null -s /bin/false -K
MAIL_DIR=/dev/null "$machine"

 

The '-K MAIL_DIR' thing stops a mailbox being created in /var/spool/mail.
It works on RHEL/CentOS, but perhaps not all Unixes have that option.  For
SELinux systems, the script's security context needs to have type
samba_unconfined_script_exec_t.

 

Best to keep this sort of discussion on-list so that others can benefit or
contribute.

 

 

Moray.

"To err is human; to purr, feline."



More information about the samba mailing list