[Samba] Winbind Trust -- grr
gaiseric.vandal at gmail.com
Wed May 25 12:47:04 MDT 2011
It may be related to a caching issue. Use testparm -v to check the
values for the following:
idmap cache time
winbind cache time
I had a problem with samba 3.0.x where idmap entries would populate for
users in a trusted domain- but after the cache time expired the cache
would not repopulate and I would "loose" the trusted users.
Increasing the cache time at least reduced how frequently I had to
delete the cache entries. This is not a solution but may be will help
locate the problem.
On 05/25/2011 12:16 PM, Aaron E. wrote:
> First, Thanks for any and all help!!!!
> I can't seem to figure out what I need to do, I've been fighting this
> for a month and am now beating my head off my desk with no solution to
> be found. I've read others having this issue but they were all older
> versions.. I am using 3.5.4,, Please read over and give me some input..
> Every 7 days winbindd fails on the trust secret. The only way I can
> figure to fix it is rejoin the domain.
> My only solution I can think of is script and cron so the machine
> rejoins the domain every 6 days on it's own..
> I believe I'm forced to use winbind due to dansguardian using
> ntlm_auth. Dansguardian cant use ldap connection.
> Now My smb.conf is as follows on the squid server..
> workgroup = EXAMPLE
> netbios name = squid1
> server string = Squid1
> security = domain
> password server = netfiles1san, netfiles2san
> log level = 3
> log file = /var/log/samba/%m.log
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> preferred master = False
> local master = No
> domain master = False
> dns proxy = No
> winbind refresh tickets = false
> winbind separator = /
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> smb.conf on my DC relevent info is as follows
> security = user
> LDAP Backend
> Possibly an issue with using domain on the squid server and user on
> the DC??
More information about the samba