Thanks. As requested my smb.conf file (General section) configured
according to the Samba 3 Docs.
workgroup = STW
password server = kdc
security = ADS
winbind enum users = yes
winbind enum groups = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
realm = INTERNAL.STW.NL
client use spnego = yes
client signing = yes
server signing = yes
winbind separator = +
wins server = 172.16.2.146
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
encrypt passwords = true
passdb backend = guest
/etc/krb5.conf snippet
[libdefaults]
default_realm = INTERNAL.STW.NL
[realms]
INTERNAL.STW.NL = {
kdc = kdc.internal.stw.nl
admin_server = kdc.internal.stw.nl
}
/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat winbind
The Samba server is a member server (net ads join) of the native mode
Windows 2003 domain and was working fine till the latest 3.0.14 update.
Some group resolving must be possible because I have w2k3 groups listed
as group owner for a complete directory structure. When winbind is not
running an ls looks like:
ls -l
drwx------ 2 www-data 10069 1352 May 15 15:30 apache2-default
After starting Winbind an ls -l looks like:
ls -l
drwx------ 2 www-data website 1352 May 15 15:30 apache2-default
>From which it would appear that (some) group resolution works. As soon
as I do a wbinfo -g then the Winbind processes get locked and mailq
(amongst others?) cannot show the queue status.
Example when Winbind has not crashed but is running:
mailq
MSP Queue status...
/var/spool/mqueue-client is empty
Total requests: 0
MTA Queue status...
/var/spool/mqueue is empty
Total requests: 0
After doing a wbinfo -g to force the crash mailq gives:
MSP Queue status...
and it stops there until I kill the winbindd processes with a kill
-KILL.
I've tried to put as much relevant info here as possible. Hopefully too
much than too little. :-) If you need more info, please do not hesitate
to contact me.
Thanks once again for all your help.
Regards,
Matthew
