We've been working with Samba for the last years. Most ( if not all ) of it
has worked as documented. Stability is much better than M$ Windows' and it
is roughly an order of magnitude better on the same hardware ( you can add
this to you customer quotes, Jerry ;) )
We have recently upgraded to RC2 from beta2, and we found this behaviour:
while the "File Server" functions work perfectly well ( as always ),
we
have lost the ability to join machines to the domain, which get rejected
with "username not found" message. Using LDAP backend.
We did a quite big test yesterday, were we joined 32 machines to the
domain, and we only succeeded using smbpasswd backend. LDAP backend
wouldn't let us join machines to the domain. We suspected a corrupted
installation or defective hardware...
A couple hours before we had upgraded our main domain controllers to RC2
and everything seemed to work fine... until this morning, when we needed to
join a machine to this domain. It has all worked flawlessly for the last
two months, with big sustained workloads.
So.. What changed in RC2 which has to do with domain joining? Release notes
do not show anything relevant ( or so it seems )
Anything needs to change in SMB.CONF and/or the LDAP DIT, or we just found
a bug?
Hardware: Dell 2600SC, 2xXeon 2.4GHz, 1GB ECC DDRAM, very recently purchased
Software: Debian Woody base, Samba3.0.0beta2+3.0.0rc2-1 and OpenLDAP
2.1.22-1 from Sid, plus their dependencies.
Clients: W2K and WXP Pro, plus some NT4 ( not relevant )
Note: we have an "administrator" account with UID 0, Primary group SID
DOMAIN-544, member of group with SID DOMAIN-512 ( both mappings checked
with net groupmap )
------8<---- smb.conf ----8<--------------
[global]
workgroup = CNSR
server string = Servidor (%h)
;netbios name = SERVIDOR
load printers = no
; printing = bsd
; printcap name = /etc/printcap
; printing = cups
; printcap name = cups
; guest account = nobody
invalid users = root
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no
syslog = 0
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://localhost, tdbsam, guest
algorithmic rid base = 1000
ldap suffix = dc=xxxxxxxx,dc=xxx
ldap admin dn = uid=samba,ou=daemons,dc=recuerdo,dc=net
ldap delete dn = no
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap,ou=samba
ldap machine suffix = ou=machines
ldap filter = "(uid=%u)"
idmap only = no
idmap backend = winbind
ldap idmap suffix = ou=idmap,ou=samba,dc=recuerdo,dc=net
winbind use default domain = yes
idmap uid = 50000-55000
idmap gid = 50000-55000
#winbind separator = +
username map = /etc/samba/smbusers
; include = /home/samba/etc/smb.conf.%m
socket options = TCP_NODELAY
local master = yes
os level = 20
domain master = yes
preferred master = auto
wins support = no
dns proxy = no
name resolve order = lmhosts host wins bcast
; preserve case = yes
; short preserve case = yes
; unix password sync = true
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword
:* %n\n .
pam password change = no
; message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &
obey pam restrictions = no
domain logons = yes
logon script = netlogon.bat
logon drive = H:
logon path = \\%L\Profiles\%u
panic action = /usr/share/samba/panic-action %d
#======================= Share Definitions ======================
[homes]
comment = Home Directories
browseable = no
writeable = yes
read only = no
csc policy = disable
force create mode = 0640
force directory mode = 2750
[netlogon]
comment = Network Logon Service
path = /profiles/netlogon
guest ok = yes
writable = no
share modes = no
[Profiles]
comment = Directorio de perfiles
path = /profiles
browseable = no
guest ok = yes
writeable = yes
; nt acl support = no
profile acls = yes
create mask = 0600
directory mask = 0700
