[Samba] Error with winbind following Windows updates

Rory Campbell-Lange rory at campbell-lange.net
Tue Jan 17 06:07:04 MST 2012 

The issue appears to be in relation to Windows security update MS11-095
http://support.microsoft.com/kb/2621146 which has affected Active
Directory. More information about the update is available here:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=28500

On 17/01/12, Rory Campbell-Lange (rory at campbell-lange.net) wrote:
> Hi. We've just installed Windows updates on our Windows 2003 Domain
> Controllers, and have the following issues on our storage server, which
> is running Debian stable 2:3.5.6~dfsg-3squeeze5
> 
>     Jan 17 10:27:51 xxx smbd[2426]: [2012/01/17 10:27:51.286853,  0] lib/util_sock.c:680(write_data)
>     Jan 17 10:27:51 xxx smbd[2426]: [2012/01/17 10:27:51.286915,  0] lib/util_sock.c:1441(get_peer_addr_internal)
>     Jan 17 10:27:51 xxx smbd[2426]:   getpeername failed. Error was Transport endpoint is not connected
>     Jan 17 10:27:51 xxx smbd[2426]:   write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
> 
> We consequently cannot authenticate from the Domain Controllers.
> 
> We have the following settings in the header of our smb file:
> 
>     security = ads
>     workgroup = XXXredactedXXX
>     realm = XXXredactedXXX.LOCAL
>     password server = XXX-dc1.haluk.local, XXX-dc2.haluk.local
>     encrypt passwords = yes
>     update encrypted = yes
>     server string = XXXstorage
>     netbios name = XXXstorage
>     idmap uid = 10000-20000
>     idmap gid = 10000-20000
>     winbind enum users = yes
>     winbind enum groups = yes
>     winbind use default domain = yes
>     winbind offline logon = yes
>     enhanced browsing = no
>     template shell = /bin/false
>     veto files = /TheVolumeSettingsFolder/, /Temporary Items/, /*DS_Store*/, /*AppleDB/, /*AppleDesktop/, /*AppleDouble/, /Network Trash Folder/, /*Trashes/, /*TemporaryItems/, /*FBCLockFolder/, /*FBCIndex/
>     delete veto files = yes
>     create mask = 0775
>     directory mask = 2775
>     invalid users = root
>     panic action = /usr/share/samba/panic-action %d
>     log file = /var/log/samba/log.%m
>     socket options = TCP_NODELAY
>     printing = cups
>     inherit acls = yes
>     inherit permissions = yes
>     map acl inherit = yes
>     nt acl support = yes
>     ea support = yes
>     smb ports = 139 445
> 
> Assistance gratefully received.
> 
> -- 
> Rory Campbell-Lange
> rory at campbell-lange.net
> 
> Campbell-Lange Workshop
> www.campbell-lange.net
> 0207 6311 555
> 3 Tottenham Street London W1T 2AF
> Registered in England No. 04551928
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Rory Campbell-Lange
rory at campbell-lange.net

Campbell-Lange Workshop
www.campbell-lange.net
0207 6311 555
3 Tottenham Street London W1T 2AF
Registered in England No. 04551928

More information about the samba mailing list