[Samba] winbind 3.3.1.5 as 2008 r2 domain member | groups are not resolving after couple of hours
Oliver Weinmann
oliver.weinmann at vega.de
Thu May 5 01:18:41 MDT 2011
Dear All,
I'm facing a really big issue. We have upgraded our Windows 2003 Domain to 2008 R2. I have configured the smb.conf as follows:
[global]
realm = A.SPACE.CORP
workgroup = A
security = ADS
encrypt passwords = true
password server = gedaspw02.a.space.corp gedasvw02.a.space.corp
idmap config A : backend = ad
idmap config A : default = yes
idmap config A : range = 1-999999
idmap config A : schema_mode = rfc2307
winbind nss info = rfc2307
winbind enum users = no
winbind enum groups = no
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
max log size = 50
log level = 10
log file = /var/log/samba/log.%m
dns proxy = no
allow trusted domains = no
client use spnego = Yes
use kerberos keytab = true
winbind refresh tickets = yes
idmap cache time = 60
winbind cache time = 60
When I login as a domain user I always see the following error in /var/log/messages:
May 5 08:10:18 gedaiv22 winbindd[25108]: ERROR: Initialization failed for alloc backend, deferred!
The login works fine, but after a couple of hours, the users report that the groupids are no longer resolving.
This is really a big issue and google is no help. :(
Is there a recommendation what winbind version to use with windows 2008 r2? I used the latest rpm packages from sernet.
Regards,
Oli
More information about the samba
mailing list