Hello All
Since several weeks, we face a very strange problem with a samba pdc and
ldapsam.
It repeatedly seems to loose its pdc functionality. This brings very strange
behaviours.
The server is then already accessable (shares and browsing works as expected),
but the windows machines cannot make a domain logon anymore (has then a priori
no effect because
they use their cached password), joining new machines to the domain is not
longer possible and a new
user cannot create a new roaming profile (creates only temporary profiles).
After a samba restart, the server works again as expected. But one or a few days
later, it begins again with the
same problems until the samba service is restarted again. The log files
don't say something special to this behaviour.
Nscd isn't running. Using Samba 3.5.10 on a Centos 5.5 x64, 4GB Memory, 35
users.
Has somebody experienced the same problems?
Thanks
Roland
the samba smb.conf:
workgroup = SAMBA
netbios name = HALLE
netbios aliases = INSTALL
security = user
domain logons = yes
load printers = yes
printing = cups
cups options = "raw"
guest account = guest
# log file = /var/log/samba/%M.log
log file = /var/log/samba/smbd.log
log level = 0 sam:1 passdb:1 auth:1 winbind:1
# log level = 1 sam:16 passdb:16 auth:16 winbind:4
# log level = 1 tdb:16 sam:16 passdb:16 auth:16 ldap:16
# algorithmic rid base = 2000
os level = 64
local master = yes
domain master = yes
preferred master = yes
logon script = login.cmd
logon path = \\HALLE\Profiles\%U
logon home = \\HALLE\Profiles\%U\.9xprofile
logon drive = Z:
password level = 8
wins support = yes
dns proxy = yes
passdb backend = ldapsam:ldap://localhost
ldapsam:trusted = yes
ldapsam:editposix = yes
unix password sync = Yes
nt pipe support = Yes
nt status support = Yes
time server = Yes
ldap ssl = no
host msdfs = no
ldap suffix = dc=methabau-pur,dc=local
ldap delete dn = yes
ldap admin dn = uid=admin,dc=methabau-pur,dc=local
ldap idmap suffix = ou=idmap
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap passwd sync = yes
null passwords = yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
admin users = Administrator
map acl inherit = no
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT
SO_SNDBUF=8192 SO_RCVBUF=8192
getwd cache = yes
oplocks = yes
read raw = yes
write raw = yes
level2 oplocks = no
map archive = yes
map hidden = no
map read only = yes
map system = no
store dos attributes = no
passwd program = /usr/sbin/smbldap-passwd %u
idmap backend = ldap:ldap://localhost
idmap uid = 1000-50000
idmap gid = 1000-50000
idmap cache time = 420
winbind cache time = 420
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://localhost
idmap alloc config : ldap_base_dn = ou=idmap,dc=methabau-pur,dc=local
idmap alloc config : ldap_user_dn = uid=admin,dc=methabau-pur,dc=local
idmap alloc config : range = 1000-20000
winbind enum users = yes
winbind enum groups = yes
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m ?%u ? ?%g ?
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
create mode = 0700
vfs objects = recycle
recycle:repository = .Papierkorb
recycle:versions = Yes
recycle:keeptree = yes
recycle:touch = Yes
aio write size = 16384
aio read size = 16384
write cache size = 2097152
[Netlogon]
comment = Network Logon Service
path = /Services/Netlogon
guest ok = yes
writable = no
share modes = no
aio write size = 16384
aio read size = 16384
write cache size = 2097152
[Profiles]
comment = Network Profiles Share
read only = no
store dos attributes = yes
force user = %U
create mask = 0600
directory mask = 0700
path = /Services/Profiles
aio write size = 16384
write cache size = 2097152
allocation roundup size = 2097152
use sendfile = yes
browseable = no
writable = yes
guest ok = no
printable = no
csc policy = programs
hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
profile acls = yes
