[Samba] Samba 3.6 issues

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Jul 17 07:04:10 MDT 2013 



When I upgraded from samba 3.0.x to 3.4.x I ran into several issues.

First of all, I would look through the logs.   (They did not attach to 
your messgae.)  I would also run "testparm -v" in case some default 
settings have changed.   NTLM should be enabled.  If you require NTLMv2 
that may cause problems (I couldn't get it to work.)

1st, with  idmap and domain trusts:      With 3.0.x the idmap entries 
for trusted users were automatically created but they would expire in a 
week and have to be manually purged.   With 3.4.x the idmap cache issue 
was fixed BUT the entries were no longer auto created.   I had to 
manually add idmap entries in ldap for users in the trusted domain (only 
5 or 6 anyway.)

Do you use idmap for assigning user id's for users in primary domain?  I 
explicitly create user and group accounts.      I would verify with 
"pbedit -Lv username" and "pdbedit -Lv comptuername$" that  the samba 
accounts haven't lost their unix id and that everything looks OK.

I also found with 3.4.x (vs 3.0.x) that the  I needed to explicitly map 
the guest user and group.     This could affect the share permissions.  
Generally I leave the share permissions unrestricted and rely on the 
file system permissions for all the control.


Also make sure that the well known groups (e.g. Domain Users) look ok 
with "net groupmap list" -

Multiple smbd processes is normal-  should be one for each connection.

I also found it is better not to specify ports in the smb.conf.     
Although samba does not use 445 for data, windows clients NOT using 
wins  may have problems connecting to to samba servers if 445 is not 
running .



On 07/17/13 03:57, wong lmark wrote:
> Dear Samba Team,
>
> There are three issues happening in my Samba 3.6.6
>
> Issue 1: After upgrade, when upload file which is more 100mb to Samba, it
> shows error "File name too long cannot copy" in windows xp. Tried to use 3
> different pc to upload different files more than 100mb, it also fail to
> transfer the file and show the error. Tested to upload file which is 25mb
> or 50mb, it is okay, no problem . Before upgrade the samba 3.6, I am using
> samba 3.0.28.
>
> Issue 2: Users could logon to the pc within the domain, but the network
> drive could not be mapped from 15-7-16 after 18:00 around (e.g.
> \\dc01\netlogon). And the network drive could not be mapped through net use
> command in windows xp. Also, the trust relationship with anthoner domain
> chb lost. Attached the samba log and error screen capture for reference
>
> Issue 3. When enter the command "service smb status", it show many process
> id, is it normal?
>
> Thanks for your help.
>
> There my smb.conf:
>
> [global]
> workgroup = HB
> server string = DC01
> netbios name = DC01
> interfaces = eth0
> hosts allow = 10. 172. 127.0.0.1
>      security = user
> encrypt passwords = yes
> unix password sync = no
> socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> username map = /etc/samba/smbusers
> admin users = root lh2 jos1
> hide unreadable = yes
> smb ports = 139
>
> local master = yes
> os level = 33
> domain master = no
> preferred master = yes
>
> domain logons = yes
> logon path =
> logon home =
> #logon path = \\%L\profiles\%U
> #logon path = \\%L\%U\profiles
> logon drive =
> #logon home = \\%L\%U
> #logon home = \\%L\homes
> #logon script = %U.bat
> logon script = %g.bat
>
> wins support = yes
> name resolve order = wins lmhosts host
> dns proxy = no
>
> add user script = /usr/sbin/smbldap-useradd -a -m "%u"
> add machine script = /usr/sbin/smbldap-useradd -W "%u"
> add group script = /usr/sbin/smbldap-groupadd -a -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap delete dn = yes
> ldap ssl = no
> ;winbind nested groups = no
>
> ldap suffix = dc=ch,dc=com
> ldap admin dn = uid=edp,dc=ch,dc=com
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
> ldap passwd sync = yes
> ldap delete dn = no
>
> log file = /var/log/samba/%m.log
> log level = 5
> max log size = 10000
>
>     template shell = /bin/false
>     ;winbind use default domain = no
>     idmap uid = 16777216-33554431
>     idmap gid = 16777216-33554431
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> valid users = %S
>
> [netlogon]
> comment = Network Logon Service
> path = /home2/samba/netlogon
> guest ok = yes
> writable = no
> share modes = no
>
> [testing]
>          path = /home2/test
>          comment = testing
>          writable = yes
>          browseable = no
>          create mode = 0770
>          directory mode = 2770
>          public = no
>          valid users = @testing

More information about the samba mailing list