Matthias Eichler
2004-Apr-26 08:38 UTC
[Samba] member server is not resolving usernames anymore
Dear List, from one day to the next I am experiencing problems with my Samba/LDAP-Setup. We have one PDC (Master LDAP), a Slave LDAP and a fileserver. The problem is that I can not change the access rights of a file from a windows client. The fileserver a) does not resolve the SIDs anymore b) does not find the username (if e.g. entered one for adding) The problem seems to be that the fileserver does not resolves via LDAP anymore, but local as the shown search path for the user object is \\fileserver. The weird is that the basic access functionality is still there, so the problem is just with changing a files (or directory) access attributes. Thank you very much for any input and help! Matthias --- /etc/samba/smb.conf (fileserver) [global] workgroup = KERNZEIT netbios name = FILESERVER server string = %h announce version = 5.0 os level = 20 passdb backend = ldapsam:"ldap://10.1.1.1 ldap://10.1.1.10" ldap suffix = dc=kernzeit,dc=com ldap machine suffix "ou=smb-machines,ou=NSS,dc=kernzeit,dc=com" ldap admin dn = "cn=admin,dc=kernzeit,dc=com" ldap ssl = no ldap user suffix = "dc=kernzeit,dc=com" ldap group suffix = ou=groups,ou=nss #LOG STUFF log file = /var/log/samba/log.%m max log size = 1000 log level = 3 syslog = 0 #NETWORK interfaces = 10.1.1.20/16 hosts allow = 10.1. 10.99. bind interfaces only = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #SECURITY null passwords = no #admin users = @domadmins encrypt passwords = true guest account = nobody obey pam restrictions = no security = domain #password server = LOGIN, APPSERVER password server = LOGIN #FEATURES panic action = /usr/share/samba/panic-action %d nt acl support = yes wins support = no wins proxy = no wins server = 10.1.1.1 dns proxy = no local master = no preferred master = no #DOMAIN STUFF domain master = no domain logons = no #INTERNATIONALIZATION unix charset = iso8859-15 dos charset = cp850 #======================= Share Definitions ====================== [temp] path = /data/temp browsable = yes writable = yes directory mask = 770 create mask = 770 nt acl support = yes vfs objects = recycle --- --- /var/log/samba/log.client [2004/04/23 14:42:47, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \\fileserver\lf [2004/04/23 14:42:47, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(447) Setting printer type=\\fileserver\lf [2004/04/23 14:42:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2004/04/23 14:42:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 68 [2004/04/23 14:42:47, 3] smbd/process.c:process_smb(890) Transaction 1717 of length 104 [2004/04/23 14:42:47, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 582) [2004/04/23 14:42:47, 3] smbd/error.c:error_packet(118) error packet at smbd/nttrans.c(498) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2004/04/23 14:42:47, 3] smbd/process.c:process_smb(890) Transaction 1718 of length 104 [2004/04/23 14:42:47, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 582) [2004/04/23 14:42:47, 3] smbd/error.c:error_packet(118) error packet at smbd/nttrans.c(498) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2004/04/23 14:43:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 --- -- Matthias Eichler <me-lists@kernzeit.com> kernzeit AG