[Samba] password change problem and no logon servers available

Florian Scholz florian90 at gmail.com
Wed Aug 8 04:12:00 MDT 2012


Hi,

we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly)
and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend
and manage the users, groups and computer by using the smbldap-tools.

Currently we are experiencing the following problems:

1. changing the passwords takes longer than 30 seconds <- That's bad
because we are using a gigabit ethernet network!
2. sometimes windows tells us that the user can't change their passwords at
the current point of time
3. sometimes windows foces the users to change their passwords (we never
told samba to do it!)
4. sometimes windows tells us that there are no logon server available!

Are there any known bugs regarding to these problems? Do you need further
information to investigate this problem?

Florian Scholz
-------------- next part --------------
[global]

#!!! Authentifizierung des PDC in der Domäne

        workgroup = ASTA
        netbios name = samba

        domain logons = yes
        domain master = yes
        local master = yes

        server string = %h PDC (%v)
        comment = %h PDC (%v)

#!!! Sichere, dass der PDC aufjedenfall von den Rechnern als praerer PDC verwend                                                                                                                               et wird.
        preferred master = yes
        os level = 20

#!!! Zeitsynchronisation (Synchronisiere die Computerzeit mit dem SAMBA-PDC)
        time server = yes

#!!! Einschränkung des Netzwerkzugriffs

        interfaces = 192.168.100.253
        bind interfaces only = yes

#!!! Authentifizierung von Benutzern und Rechnern gegen den PDC

        security = user

#!!! Folgende zwei Einstellungen stehen in Konflikt zueinander

        obey pam restrictions = yes
        encrypt passwords = yes

        admin users = root,admin

#!!! Konfiguration des LDAP-Zugriffs

        passdb backend = ldapsam:ldap://127.0.0.1

        ldap suffix = dc=asta,dc=lan
        ldap machine suffix = ou=Computers
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap admin dn = cn=admin,dc=asta,dc=lan
        ldap passwd sync = yes
        ldap idmap suffix = ou=Idmap
        ldap ssl = no
        ldap delete dn = no
        ldap passwd sync = yes

# Die IDMAP-Einstellungen sollten mit denen in Krefeld übereinstimmen, so dass                                                                                                                                SAMBA funktioniert.
# Zweck der IDMAP-Einstellungen ist die Darstellung der Windows-SIDs als UNIX-ID                                                                                                                               s

        idmap uid = 10000-20000
        idmap gid = 10000-20000

#!!! UNIX-Passwörter ändern

        unix password sync = yes

        passwd program = /usr/bin/passwd %u

#!!! Default-Einstellungen für neue SAMBA-Benutzer

        template shell = /bin/false
        template homedir = /home/%U

#!!! Windows-Anmeldung

        logon drive = h:
        logon script = netlogon.bat


#!!! Tuning und systemspezifische Einstellungen

#        socket options = TCP_NODELAY
#
#        kernel oplocks = no
#        posix locking = no


        socket options = TCP_NODELAY

        kernel oplocks = yes
        posix locking = yes
#       kernel oplocks = yes
#       #WINS-Namen nicht via DNS aufl<F6>sen
#       dns proxy = no

#Tuning aus Blog

getwd cache = yes
lpq cache = 30
oplocks = yes


#!!! Debug-Logging

#        log level = 2 auth:3 smb:3
#        log file = /var/log/samba/%U.log
#        max log size = 1000



#!!! Sonstiges

        hide files = /desktop.ini/profile.V2/$RECYCLE.BIN/

#!!! Zur Authentifizierung benoetigte Shares

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        browseable = no
        public = yes

[profiles]
        comment = User Profiles
        create mask = 0700
        directory mask = 0700
        writeable = yes
        browsable = no

[homes]
        comment = Home Directory %U
        create mask = 0755
        directory mask = 0755
        writeable = yes
        browsable = no

#!!! Das AStA-Share aus Krefeld

[asta]
        comment = asta
        path = /home/samba/asta/
        browsable = yes
        writeable = yes
        hide unreadable = yes
        hide special files = yes
        create mask = 0775
        directory mask = 0775

#!!! Die Home-Verzeichnisse ausoenchengladbach

[gladbach]
        comment = asta
        path = /mnt/mg
        browsable = yes
        writeable = yes
        hide unreadable = yes
        hide special files = yes
        create mask = 0775
        directory mask = 0775

[backup]
        comment = asta
        path = /home/samba/backup
        browsable = yes
        writeable = yes
        hide unreadable = yes
        hide special files = yes
        create mask = 0775
        directory mask = 0775
        guest ok = yes
        guest only = yes
        guest account = nobody
        public = yes

#!!! Die Home-Verzecihnisse aus Krefeld zu Administrationszwecken?

[home]
        path = /home
        browsable = no
        writeable = yes
        create mask = 0775
        directory mask = 0775
        valid users = "@Domain Admins", at edv
        admin users = @edv

[scan]
        path = /home/samba/scan/
        browsable = yes
        writeable = yes
        guest ok = yes
        guest only = yes
        guest account = nobody
        create mask = 0775
        directory mask = 0775
        root preexec = /root/cron_recreate_information.sh
        public = yes


More information about the samba mailing list