Matthias Eichler
2004-Apr-26 08:38 UTC
[Samba] member server is not resolving usernames anymore
Dear List,
from one day to the next I am experiencing problems with my
Samba/LDAP-Setup.
We have one PDC (Master LDAP), a Slave LDAP and a fileserver.
The problem is that I can not change the access rights of a
file from a windows client.
The fileserver
a) does not resolve the SIDs anymore
b) does not find the username (if e.g. entered one for adding)
The problem seems to be that the fileserver does not resolves
via LDAP anymore, but local as the shown search path for the
user object is \\fileserver.
The weird is that the basic access functionality is still there,
so the problem is just with changing a files (or directory) access
attributes.
Thank you very much for any input and help!
Matthias
--- /etc/samba/smb.conf (fileserver)
[global]
workgroup = KERNZEIT
netbios name = FILESERVER
server string = %h
announce version = 5.0
os level = 20
passdb backend = ldapsam:"ldap://10.1.1.1 ldap://10.1.1.10"
ldap suffix = dc=kernzeit,dc=com
ldap machine suffix
"ou=smb-machines,ou=NSS,dc=kernzeit,dc=com"
ldap admin dn = "cn=admin,dc=kernzeit,dc=com"
ldap ssl = no
ldap user suffix = "dc=kernzeit,dc=com"
ldap group suffix = ou=groups,ou=nss
#LOG STUFF
log file = /var/log/samba/log.%m
max log size = 1000
log level = 3
syslog = 0
#NETWORK
interfaces = 10.1.1.20/16
hosts allow = 10.1. 10.99.
bind interfaces only = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#SECURITY
null passwords = no
#admin users = @domadmins
encrypt passwords = true
guest account = nobody
obey pam restrictions = no
security = domain
#password server = LOGIN, APPSERVER
password server = LOGIN
#FEATURES
panic action = /usr/share/samba/panic-action %d
nt acl support = yes
wins support = no
wins proxy = no
wins server = 10.1.1.1
dns proxy = no
local master = no
preferred master = no
#DOMAIN STUFF
domain master = no
domain logons = no
#INTERNATIONALIZATION
unix charset = iso8859-15
dos charset = cp850
#======================= Share Definitions ======================
[temp]
path = /data/temp
browsable = yes
writable = yes
directory mask = 770
create mask = 770
nt acl support = yes
vfs objects = recycle
---
--- /var/log/samba/log.client
[2004/04/23 14:42:47, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509)
api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX
checking name: \\fileserver\lf
[2004/04/23 14:42:47, 3]
rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(447)
Setting printer type=\\fileserver\lf
[2004/04/23 14:42:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2004/04/23 14:42:47, 3]
rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 68
[2004/04/23 14:42:47, 3] smbd/process.c:process_smb(890)
Transaction 1717 of length 104
[2004/04/23 14:42:47, 3] smbd/process.c:switch_message(685)
switch message SMBntcreateX (pid 582)
[2004/04/23 14:42:47, 3] smbd/error.c:error_packet(118)
error packet at smbd/nttrans.c(498) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2004/04/23 14:42:47, 3] smbd/process.c:process_smb(890)
Transaction 1718 of length 104
[2004/04/23 14:42:47, 3] smbd/process.c:switch_message(685)
switch message SMBntcreateX (pid 582)
[2004/04/23 14:42:47, 3] smbd/error.c:error_packet(118)
error packet at smbd/nttrans.c(498) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2004/04/23 14:43:47, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
---
--
Matthias Eichler <me-lists@kernzeit.com>
kernzeit AG