samba - Oct 2003 - Samba 2.2.8 - authentication and nscd

Hi 

We have installed and configured Samba 2.2.8 on a Solaris (Sparc) 8
server recently. This server is to replace an existing member server in
a NT4 domain and will act as a file server.

We want to perform as little user maintenance on the Solaris side as
possible so that most of the user setup and maintenance for the domain
is controlled through a NT4 server using usrmgr and want to use NT file
and directory permissions on the shares on the new server through ACL's.
Therefore we have configured Samba with the minimum options i.e.
compiled (with winbindd and acl options), installed and setup basic
smb.conf file. No other changes have been made in relation to
nsswitch.conf (winbind added during install) and we have not made
specific changes to PAM config. Therefore authentication is done
directly with the domain as per the following smb.conf file:-

[global]
	workgroup = DEV1
	netbios name = SUNBLADE
	server string = SunBlade
	interfaces = 192.168.3.10
	bind interfaces only = Yes
	security = DOMAIN
	encrypt passwords = Yes
	password server = NTPDC
	log file = /usr/local/samba/var/log.%m
	max log size = 50
	local master = No
	domain master = No
	dns proxy = No
	winbind uid = 10000-20000
	winbind gid = 10000-20000
	winbind use default domain = Yes

[Apps]
	comment = Applications Share
	path = /data/apps
	read only = No
	create mask = 0775
	directory mask = 0775
	force unknown acl user = 0775
	inherit permissions = Yes
	inherit acls = Yes
	guest ok = Yes
	profile acls = Yes
	mangled names = No

The documentation goes on about the smbpasswd file when using encrypted
passwords. Currently we are not storing any of the users and groups
within /etc/passwd or /etc/groups and are not mapping any NT to UNIX
usernames - the configuration seems to be working although sometimes we
get authentication issues.

Is it viable to run with this configuration? The documentation seems to
imply that smbpasswd entries are required when encryption is on and
using winbind??

Also, we occasionally get core dumps which fills the Solaris server. We
have discovered this to be the nscd process. The Samba 3.0 documentation
states that nscd should not be used when winbindd is running and this is
the likely cause of the authentication issues, but Samba does not
function when the process is not running? We have killed this process
whilst Samba is running and also stopped it from starting when machine
boots, but this prevents Samba from authenticating any users. Any ideas
why this is happening? Could it be due to our configuration?

We have integrated Samba into Veritas Cluster server and is operating in
a fail over environment with another machine.

Thanks in advance.

M. Gill

Hi 

We have installed and configured Samba 2.2.8 on a Solaris (Sparc) 8
server recently. This server is to replace an existing member server in
a NT4 domain and will act as a file server.

We want to perform as little user maintenance on the Solaris side as
possible so that most of the user setup and maintenance for the domain
is controlled through a NT4 server using usrmgr and want to use NT file
and directory permissions on the shares on the new server through ACL's.
Therefore we have configured Samba with the minimum options i.e.
compiled (with winbindd and acl options), installed and setup basic
smb.conf file. No other changes have been made in relation to
nsswitch.conf (winbind added during install) and we have not made
specific changes to PAM config. Therefore authentication is done
directly with the domain as per the following smb.conf file:-

[global]
	workgroup = DEV1
	netbios name = SUNBLADE
	server string = SunBlade
	interfaces = 192.168.3.10
	bind interfaces only = Yes
	security = DOMAIN
	encrypt passwords = Yes
	password server = NTPDC
	log file = /usr/local/samba/var/log.%m
	max log size = 50
	local master = No
	domain master = No
	dns proxy = No
	winbind uid = 10000-20000
	winbind gid = 10000-20000
	winbind use default domain = Yes

[Apps]
	comment = Applications Share
	path = /data/apps
	read only = No
	create mask = 0775
	directory mask = 0775
	force unknown acl user = 0775
	inherit permissions = Yes
	inherit acls = Yes
	guest ok = Yes
	profile acls = Yes
	mangled names = No

The documentation goes on about the smbpasswd file when using encrypted
passwords. Currently we are not storing any of the users and groups
within /etc/passwd or /etc/groups and are not mapping any NT to UNIX
usernames - the configuration seems to be working although sometimes we
get authentication issues.

Is it viable to run with this configuration? The documentation seems to
imply that smbpasswd entries are required when encryption is on and
using winbind??

Also, we occasionally get core dumps which fills the Solaris server. We
have discovered this to be the nscd process. The Samba 3.0 documentation
states that nscd should not be used when winbindd is running and this is
the likely cause of the authentication issues, but Samba does not
function when the process is not running? We have killed this process
whilst Samba is running and also stopped it from starting when machine
boots, but this prevents Samba from authenticating any users. Any ideas
why this is happening? Could it be due to our configuration?

We have integrated Samba into Veritas Cluster server and is operating in
a fail over environment with another machine.

Thanks in advance.

M. Gill