G'day all,
I've been getting some strange things happening with my samba setup. At
the moment we've got a SAMBA/LDAP setup to provide single sign/roaming
profiles for our Windows machines. We've got 1 PDC & 3 BDC's all
running
Solaris 10 on Sun-Fire-V440's.
The problem is that the system seems to run fine for about a day or two
(users login/logout, etc), but then for no apparent reason users can't
log in.
If I run 'smbclient -L RAVEN' on the PDC, I get the following error:
session request to RAVEN failed (Call timed out: server did not respond
after 20000 milliseconds)
session request to *SMBSERVER failed (Call timed out: server did not
respond after 20000 milliseconds)
Having run the same command the night before, it all worked fine.
I can restart the SAMBA daemons (and the LDAP daemons), but nothing
seems to fix it. The only fix that seems to work is to reboot the
server. Once the system is rebooted, it all seems to work fine for a day
or two, then it just stops working again.
I've looked through the logs and can't seem to find anything that
indicates the problem. I've also searched the net for answers, but as of
yet, I've found no answer but to reboot the servers.
At the moment we're running samba 3.0.23b on Solaris 10.
Any suggestions about where to go from here would be greatly
appreciated.
Thanks in advance,
Shane
smb.conf:
# Global parameters
[global]
workgroup = SCADA
netbios name = RAVEN
server string = Samba Server %v
interfaces = 159.73.160.13/255.255.255.0
159.73.161.13/255.255.255.0 lo0
bind interfaces only = Yes
hosts allow = 159.73.160.0/255.255.255.0
159.73.161.0/255.255.255.0 127.0.0.1
passdb backend = ldapsam:ldap://127.0.0.1/
enable privileges = Yes
username map = /etc/samba/smbusers
security = user
log level = 3
log file = /var/log/samba/samba.log
max log size = 0
encrypt passwords = Yes
unix password sync = Yes
# smbldap-passwdNT is a hacked script to make it work for us
passwd program = /usr/local/sbin/smbldap-passwdNT "%u"
passwd chat = "Changing UNIX and samba passwords for*\nNew
password*" %n\n "*Retype new password*" %n\n
"*Password*changed*"
passwd chat timeout = 10
passwd chat debug = No
smb ports = 139
name resolve order = wins bcast hosts
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preserve case = yes
short preserve case = yes
case sensitive = no
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
logon script = logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
domain master = Yes
wins support = yes
preferred master = Yes
os level = 99
ldap suffix = dc=scada,dc=ie,dc=com,dc=au
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=scada,dc=ie,dc=com,dc=au
map acl inherit = Yes
ldap ssl = no
ldap passwd sync = Yes
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 15000-20000
idmap gid = 15000-20000
[netlogon]
comment = Network Logon Service
path = /export/home/samba/netlogon/
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /export/home/samba/profiles/
read only = No
profile acls = Yes
[doc]
path = /export/home/samba/doc/
read only = yes
create mask = 0750
guest ok = no
write list = @ie
[homes]
comment = Home Directories
valid users = %U
read only = no
create mask = 0644
directory mask = 0775
browseable = No
**********************************************************************
Please consider our environment before printing this email.
NOTICE - This communication contains information which is confidential and the
copyright of Integral Energy Australia or a third party.
If you are not the intended recipient of this communication please delete and
destroy all copies and telephone Integral Energy on 131081 immediately. If you
are the intended recipient of this communication you should not copy, disclose
or distribute this communication without the authority of Integral Energy.
Any views expressed in this Communication are those of the individual sender,
except where the sender specifically states them to be the views of Integral
Energy.
Except as required at law, Integral Energy does not represent, warrant and/or
guarantee that the integrity of this communication has been maintained nor that
the communication is free of errors, virus, interception or inference.
**********************************************************************