[Samba] password change problem and no logon servers available
Florian Scholz
florian90 at gmail.com
Wed Aug 8 04:12:00 MDT 2012
Hi,
we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly)
and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend
and manage the users, groups and computer by using the smbldap-tools.
Currently we are experiencing the following problems:
1. changing the passwords takes longer than 30 seconds <- That's bad
because we are using a gigabit ethernet network!
2. sometimes windows tells us that the user can't change their passwords at
the current point of time
3. sometimes windows foces the users to change their passwords (we never
told samba to do it!)
4. sometimes windows tells us that there are no logon server available!
Are there any known bugs regarding to these problems? Do you need further
information to investigate this problem?
Florian Scholz
-------------- next part --------------
[global]
#!!! Authentifizierung des PDC in der Domäne
workgroup = ASTA
netbios name = samba
domain logons = yes
domain master = yes
local master = yes
server string = %h PDC (%v)
comment = %h PDC (%v)
#!!! Sichere, dass der PDC aufjedenfall von den Rechnern als praerer PDC verwend et wird.
preferred master = yes
os level = 20
#!!! Zeitsynchronisation (Synchronisiere die Computerzeit mit dem SAMBA-PDC)
time server = yes
#!!! Einschränkung des Netzwerkzugriffs
interfaces = 192.168.100.253
bind interfaces only = yes
#!!! Authentifizierung von Benutzern und Rechnern gegen den PDC
security = user
#!!! Folgende zwei Einstellungen stehen in Konflikt zueinander
obey pam restrictions = yes
encrypt passwords = yes
admin users = root,admin
#!!! Konfiguration des LDAP-Zugriffs
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=asta,dc=lan
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap admin dn = cn=admin,dc=asta,dc=lan
ldap passwd sync = yes
ldap idmap suffix = ou=Idmap
ldap ssl = no
ldap delete dn = no
ldap passwd sync = yes
# Die IDMAP-Einstellungen sollten mit denen in Krefeld übereinstimmen, so dass SAMBA funktioniert.
# Zweck der IDMAP-Einstellungen ist die Darstellung der Windows-SIDs als UNIX-ID s
idmap uid = 10000-20000
idmap gid = 10000-20000
#!!! UNIX-Passwörter ändern
unix password sync = yes
passwd program = /usr/bin/passwd %u
#!!! Default-Einstellungen für neue SAMBA-Benutzer
template shell = /bin/false
template homedir = /home/%U
#!!! Windows-Anmeldung
logon drive = h:
logon script = netlogon.bat
#!!! Tuning und systemspezifische Einstellungen
# socket options = TCP_NODELAY
#
# kernel oplocks = no
# posix locking = no
socket options = TCP_NODELAY
kernel oplocks = yes
posix locking = yes
# kernel oplocks = yes
# #WINS-Namen nicht via DNS aufl<F6>sen
# dns proxy = no
#Tuning aus Blog
getwd cache = yes
lpq cache = 30
oplocks = yes
#!!! Debug-Logging
# log level = 2 auth:3 smb:3
# log file = /var/log/samba/%U.log
# max log size = 1000
#!!! Sonstiges
hide files = /desktop.ini/profile.V2/$RECYCLE.BIN/
#!!! Zur Authentifizierung benoetigte Shares
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
browseable = no
public = yes
[profiles]
comment = User Profiles
create mask = 0700
directory mask = 0700
writeable = yes
browsable = no
[homes]
comment = Home Directory %U
create mask = 0755
directory mask = 0755
writeable = yes
browsable = no
#!!! Das AStA-Share aus Krefeld
[asta]
comment = asta
path = /home/samba/asta/
browsable = yes
writeable = yes
hide unreadable = yes
hide special files = yes
create mask = 0775
directory mask = 0775
#!!! Die Home-Verzeichnisse ausoenchengladbach
[gladbach]
comment = asta
path = /mnt/mg
browsable = yes
writeable = yes
hide unreadable = yes
hide special files = yes
create mask = 0775
directory mask = 0775
[backup]
comment = asta
path = /home/samba/backup
browsable = yes
writeable = yes
hide unreadable = yes
hide special files = yes
create mask = 0775
directory mask = 0775
guest ok = yes
guest only = yes
guest account = nobody
public = yes
#!!! Die Home-Verzecihnisse aus Krefeld zu Administrationszwecken?
[home]
path = /home
browsable = no
writeable = yes
create mask = 0775
directory mask = 0775
valid users = "@Domain Admins", at edv
admin users = @edv
[scan]
path = /home/samba/scan/
browsable = yes
writeable = yes
guest ok = yes
guest only = yes
guest account = nobody
create mask = 0775
directory mask = 0775
root preexec = /root/cron_recreate_information.sh
public = yes
More information about the samba
mailing list