samba - Oct 2004 - Samba setup with Winbind connecting to NT4 PDC - Login isnow Slow...

Hi,

 

-|  -----Original Message-----
-|  From: 
-|  samba-bounces+dirk.laurenz=fujitsu-siemens.com@lists.samba.o
-|  rg 
-|  [mailto:samba-bounces+dirk.laurenz=fujitsu-siemens.com@lists
-|  .samba.org] On Behalf Of Eric Murray
-|  Sent: Thursday, October 14, 2004 12:20 AM
-|  To: samba@lists.samba.org
-|  Subject: [Samba] Samba setup with Winbind connecting to NT4 
-|  PDC - Login isnow Slow...
-|  
-|      winbind enum users = yes
-|      winbind enum groups = yes
remove those two...

Mit freundlichem Gru?,



Dirk Laurenz
Systems Engineer	

Fujitsu Siemens Computers
Sales Central Europe Deutschland 
Professional Service Organisation Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:	+49 (511) 84 89 - 18 08
Telefax:	+49 (511) 84 89 - 25 18 08
Mobile:	+49 (170) 22 10 781
Email:	mailto:dirk.laurenz@fujitsu-siemens.com
Internet:	http://www.fujitsu-siemens.com
           
http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
*******************************************************************************************************************

>-|  PDC - Login isnow Slow...
>-|  
>-|      winbind enum users = yes
>-|      winbind enum groups = yes
>remove those two...
>
>Mit freundlichem Gru?,
>
>  
>
Ok, I removed those 2 lines and tried again... It still took at least 2 
minutes to login as it just "Sit's" on the KDE welcome screen with
nothing and then all of a sudden up pops the KDE login box and proceeds 
as normal.

Questions :
- Is there a chance that becuase I'm on a trusted Domain with 3 
locations that it is trying to Syncronize with the PDC's on the 3 
domains on startup? Causing it to be slow like that?
- Is there a chance that PAM has something to do with it?  My SMB shares 
are all working and it authenticates with the PDC correctly so I would 
rather not mess with pam as I don't know what I'm doing with it.

Here is my current SMB.CONF and NSSWITCH.CONF files again now.

-------------
SMB.CONF
-------------
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE
# Date: 2004-09-16
[global]
    workgroup = SHELTER
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    printer admin = @ntadmin, root, administrator
    username map = /etc/samba/smbusers
    map to guest = Bad User
###    include = /etc/samba/dhcp.conf
#    logon path = \\%L\profiles\.msprofile
#    logon home = \\%L\%U\.9xprofile
#    logon drive = P:
# My additions...
    security = DOMAIN
    encrypt passwords = yes
    password server = shelternt1 sriesrv2
    obey pam restrictions = yes
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    wins server = shelternt1 sriesrv2
    dns proxy = no
    netbios name = sriemailsrv
    log level = 1
    winbind separator = +
    winbind uid = 10000-20000
    winbind gid = 10000-20000
    winbind cache time = 15
#    winbind enum users = yes
#    winbind enum groups = yes
    template homedir = /home/%U
    template shell = /bin/bash
    winbind use default domain = yes
    name resolve order = wins lmhosts host bcast
[pdf]
    comment = PDF creator
    path = /var/tmp
    printable = Yes
    print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u
'%u' -z %z
    create mask = 0600
[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    create mask = 0600
    browseable = No
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775

[Public]
        comment = Public Folder
        path = /data/Public
        writable = yes

[NetworkAccess]
        writable = yes
        path = /data/NetworkAccess
        write list = @shelter+TestLinuxGroup
        force group = ntadmin
        force user = root
        comment = Network Share for Writability...
        create mode = 0660
        directory mode = 0770

[tmp]
    comment = Temporary File Space
    path = /data/tmp
    read only = no
    public = yes

---------------------
NSSWITCH.CONF
---------------------
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the /var/db databases
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd: compat winbind
group:  compat winbind

hosts:      files dns
networks:       files dns

services:       files
protocols:      files
rpc:        files
ethers:        files
netmasks:       files
netgroup:       files
publickey:    files

bootparams:     files
automount:      files nis
aliases:        files



Thanks,

>-|  PDC - Login isnow Slow...
>-|  
>-|      winbind enum users = yes
>-|      winbind enum groups = yes
>remove those two...
>
>Mit freundlichem Gru?,
>
>  
>
Couple of more things I found...

I tried removing my Linux Server from the NT domain and readding it as 
per a couple websites.  The linux server shows "Joine Domain XXXX" so 
that looks good.
But on the NT server in the event log I get a Event Id 5722 saying :
- The session setup from the computer XXXXX failed to authenticate.
The name of the account referenced in the security database is XXXXXX$. 
the following error occured.
Access is denied.
- Shortly after that there is another event ID 5723 which is saying that 
there is no TRUST ACCOUNT reference in the database.

I'm confused with the fact that my linux server Joined the domain and is 
not running it's own domain so I don't have to add it to the Trust 
relationships, I tried but of course it said could not find domain 
(Because it isn't one)

Is there a step i'm missing that I should have added a trust account or 
something else to make it work, the shares are seen, everything works 
but my login is slow and that is from a timeout of 10000 miliseconds 
becuase it's trying to resolve something.

Confused.
Thanks for all your help!
Eric