[Samba] Winbind Trust -- grr

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed May 25 12:47:04 MDT 2011

It may be related to a caching issue.  Use testparm -v to check the 
values for the following:

         idmap cache time
         winbind cache time

I had a problem with samba 3.0.x where idmap entries would populate for 
users in a trusted domain- but after the cache time expired the cache 
would not repopulate and I would "loose" the trusted users.    
Increasing the cache time at least reduced how frequently I had to 
delete the cache entries.    This is not a solution but may be will help 
locate the problem.

On 05/25/2011 12:16 PM, Aaron E. wrote:
> First, Thanks for any and all help!!!!
> I can't seem to figure out what I need to do, I've been fighting this 
> for a month and am now beating my head off my desk with no solution to 
> be found. I've read others having this issue but they were all older 
> versions.. I am using 3.5.4,, Please read over and give me some input..
> Every 7 days winbindd fails on the trust secret. The only way I can 
> figure to fix it is rejoin the domain.
> My only solution I can think of is script and cron so the machine 
> rejoins the domain every 6 days on it's own..
> I believe I'm forced to use winbind due to dansguardian using 
> ntlm_auth. Dansguardian cant use ldap connection.
> Now My smb.conf is as follows on the squid server..
> [global]
>         workgroup = EXAMPLE
>         netbios name = squid1
>         server string = Squid1
>         security = domain
>         password server = netfiles1san, netfiles2san
>     log level = 3
>         log file = /var/log/samba/%m.log
>         max log size = 0
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         preferred master = False
>         local master = No
>         domain master = False
>         dns proxy = No
> ;Winbind
>     winbind refresh tickets = false
>         winbind separator = /
>         winbind enum users = yes
>         winbind enum groups = yes
>         winbind use default domain = yes
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
> smb.conf on my DC relevent info is as follows
> security = user
> LDAP Backend
> master
> Possibly an issue with using domain on the squid server and user on 
> the DC??

More information about the samba mailing list