Marcello Melfi
2004-Oct-07 02:32 UTC
[Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)???
Hi, I have compiled and installed Samba 3.0.7 with MIT Kerberos 1.3.5 and OpenLDAP 2.2.17. The reason for it is that I need to authenticate Windows' user accesses to a Samba share via the Samba's ADS security mode. I found out one potential problem with Samba 3.0.7 and I have one general question: Problem ------------ Normally, when Samba is started, there should be one smbd process and one nmbd process up and running. Then, one additional smbd process is started for each share established with a client pc. However, this is not the case here. When I start Samba 3.0.7, I get two (instead of one) smbd processes and one nmbd process. Other then that, everything seems to work ok (although I did nor had the time to perform a lot of testing...). Is this a new Samba feature or is there something wrong here? Please note that I started Samba 3.0.7 with the same smb.conf file I used with Samba 3.0.2a. It is setup in Domain security mode because I wanted first to make sure that the binaries I created was at least functional. Question ------------- Whether I use the Domain or ADS security mode, my requirements with Samba is to have a network share from a Sun Solaris machine to be accessible to a few (about 15) Windows 2000 machines so that the main application running on these machines can export many data files on the Sun Solaris machine in a transparent manner, i.e. thinking it is a Windows server. I do not need (and do not want...) to have users logging on the Sun Solaris machine and I do not have a need to provide a kind of general file server service to many Windows users through Samba, nor do I need to implement a SSO to users having both Windows and UNIX accounts. I was able to implement successfully Samba 3.0.2a in DOMAIN security mode that way. I need to do it in ADS security mode. The question is: do I really need Winbindd, PAM, etc. for this? I do not think so in my particular situation, but I would like to have this confirmed by someone from the Samba team. Thanks in advance for the answer! Regards, Marcello Melfi
Marcello Melfi
2004-Oct-09 01:50 UTC
[Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)???
Hi James, Thanks for taking the time to reply! You are right about one smbd process listening and the other one handling a share being accessed by a client workstation (like a Windows XP machine). However, if no client workstation is connected to a share, there should be only one smbd process running. This is not my case... I have two of then right from the start and it should not be so. At least, it was not the case when I installed and tested successfully Samba 3.0.2a a few months ago. As for Winbindd, I am still not sure about it... (maybe I do not understand it as it should be!). I was able to have Samba 3.0.7 running in ADS security mode. I only started the smbd and nmbd processes. Prior to that, I joined the Samba machine to the AD server (a Windows 2000 server) with the "net ads join -U [admin_user]%[password]" command. When I ran the "klist" command, I did see a ticket for Kerberos 5, although I am not an expert on this subject. I was able to connect to a share from a Windows XP machine. However, it always fails at the first attempt (after a reboot, because I wanted to make sure the cache was flushed), like if the username or the password was wrong. The Windows XP machine is in the same domain as the AD server (which is also the KDC server) and I am logged in with the Windows username authorized (via the Samba's lib/usermap.txt file, i.e. the Windows username is associated to a Unix username) to access the share. Any thought on this? Regards, Marcello -----Original Message----- From: James Mauser [mailto:jmauser@fau.edu] Sent: October 7, 2004 9:21 To: 'Marcello Melfi' Subject: RE: [Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)??? Marcello, I am not completely sure however, I believe the 2 smbd process span 2 of them so that one will listening the other will handle the actual processing of the request. (Efficiency is what I think I read) Winbindd will be used if you want to have user names and password from your AD to authenticate to your samba shares. Also if you are goining the AD then winbind will need to be running so that the smb box can pass it's id information to the AD. If you have gotten to the point where the samba box will join the AD then it rather trivial not having to create another UNIX user and another password), so winbindd would need to be running if you did not want to create a 2nd set of user names and passwords. PAM would be used only if you wanted to have the user log into the Solaris machine, which is what you said you did not want/need so PAM in your case would not need to be installed. Hope this helps a little James Mauser College of Engineering Florida Atlantic University -----Original Message----- From: samba-bounces+jmauser=fau.edu@lists.samba.org [mailto:samba-bounces+jmauser=fau.edu@lists.samba.org] On Behalf Of Marcello Melfi Sent: Wednesday, October 06, 2004 10:31 PM To: samba@lists.samba.org; jra@samba.org Subject: [Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)??? Hi, I have compiled and installed Samba 3.0.7 with MIT Kerberos 1.3.5 and OpenLDAP 2.2.17. The reason for it is that I need to authenticate Windows' user accesses to a Samba share via the Samba's ADS security mode. I found out one potential problem with Samba 3.0.7 and I have one general question: Problem ------------ Normally, when Samba is started, there should be one smbd process and one nmbd process up and running. Then, one additional smbd process is started for each share established with a client pc. However, this is not the case here. When I start Samba 3.0.7, I get two (instead of one) smbd processes and one nmbd process. Other then that, everything seems to work ok (although I did nor had the time to perform a lot of testing...). Is this a new Samba feature or is there something wrong here? Please note that I started Samba 3.0.7 with the same smb.conf file I used with Samba 3.0.2a. It is setup in Domain security mode because I wanted first to make sure that the binaries I created was at least functional. Question ------------- Whether I use the Domain or ADS security mode, my requirements with Samba is to have a network share from a Sun Solaris machine to be accessible to a few (about 15) Windows 2000 machines so that the main application running on these machines can export many data files on the Sun Solaris machine in a transparent manner, i.e. thinking it is a Windows server. I do not need (and do not want...) to have users logging on the Sun Solaris machine and I do not have a need to provide a kind of general file server service to many Windows users through Samba, nor do I need to implement a SSO to users having both Windows and UNIX accounts. I was able to implement successfully Samba 3.0.2a in DOMAIN security mode that way. I need to do it in ADS security mode. The question is: do I really need Winbindd, PAM, etc. for this? I do not think so in my particular situation, but I would like to have this confirmed by someone from the Samba team. Thanks in advance for the answer! Regards, Marcello Melfi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Gerald (Jerry) Carter
2004-Oct-12 17:54 UTC
[Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)???
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcello Melfi wrote: | Normally, when Samba is started, there should be one | smbd process and one nmbd process up and running. Then, | one additional smbd process is started for each share established | with a client pc. However, this is not the case here. When I | start Samba 3.0.7, I get two (instead of one) smbd processes | and one nmbd process. Other then that, everything seems to | work ok (although I did nor had the time to perform a lot | of testing...). Is this a new Samba feature or is | there something wrong here? New feature. The second child process is responsible for updating the lpq cache for various printers. Although we're still working out a few issues with it for 3.0.8. cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbBo3IR7qMdg1EfYRApX5AKCgtuCedgZbT06Ndw45S4nHdS67HgCgxloI /ESjmHe0zMU5NGmiWFbT6co=GQJU -----END PGP SIGNATURE-----
Melfi.Marcello@hydro.qc.ca
2004-Oct-12 19:59 UTC
[Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)???
Hi Jerry, Thanks for the explanation! I must point out though that it would be better if the smbd process that is taking care of the lpq cache was renamed so that it would not be confused with the other smbd process. Regards, Marcello -----Message d'origine----- De : Gerald (Jerry) Carter [mailto:jerry@samba.org] Envoy? : mardi 12 octobre 2004 13:54 ? : Marcello Melfi Cc : samba@lists.samba.org; jra@samba.org Objet : Re: [Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)??? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcello Melfi wrote: | Normally, when Samba is started, there should be one | smbd process and one nmbd process up and running. Then, | one additional smbd process is started for each share established with | a client pc. However, this is not the case here. When I start Samba | 3.0.7, I get two (instead of one) smbd processes and one nmbd process. | Other then that, everything seems to work ok (although I did nor had | the time to perform a lot of testing...). Is this a new Samba feature | or is there something wrong here? New feature. The second child process is responsible for updating the lpq cache for various printers. Although we're still working out a few issues with it for 3.0.8. cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbBo3IR7qMdg1EfYRApX5AKCgtuCedgZbT06Ndw45S4nHdS67HgCgxloI /ESjmHe0zMU5NGmiWFbT6co=GQJU -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba