"J. R�nnblom" wrote: > > I forgot to mention that I "connect" winbind to the W2K DC not as an > anonymous > account but with a normal user account. I use the > > wbinfo -A user%password > > [EMAIL PROTECTED] skriver: > >testparm now (2.2.6pre2) has an option to only display non-default > >values. That makes it easier to figure out what you have actually > >changed... > > [global] > workgroup = SKOLA > server string = Trustix Samba Server > interfaces = br0 > security = DOMAIN > encrypt passwords = Yes > password server = * > log level = 0 > log file = /var/log/samba/log.%I > name resolve order = wins host lmhosts bcast > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > load printers = No > os level = 32 > preferred master = True > domain master = False > wins server = 193.180.x.y > winbind uid = 10000-40000 > winbind gid = 10000-40000 > template homedir = /dev/null > winbind enum users = No > winbind enum groups = No > printer admin = @"SKOLA\Support",@"SKOLA\Administrators"
This all looks pretty sane. However, why not give people 'real' home direcories and put their profiles in there? > >I would avoid the exec on open, just becouse I see Win2k doing a *lot* > >of tree connects/disconnects. I would instead suggest using > >pam_mkhomdir (or a modified varient) becouse they occour per session, > >not per tree. > > It is only for testing so I don't give much about speed now, on to get it > working. I'll look into the pam_mkhomedir later. > > > >> ------------------- > >> > >> Error on W2K DC > >> > >> Event Type: Error > >> Event Source: Srv > >> Event Category: None > >> Event ID: 2006 > >> Date: 2002-09-30 > >> Time: 12:28:58 > >> User: N/A > >> Computer: DC01 > >> Description: > >> The server received an incorrectly formatted request from \\193.180.x.y > >> Data: > >> 0000: 00 00 34 00 02 00 7c 00 ..4...|. > >> 0008: 00 00 00 00 d6 07 00 c0 ....�..� > >> 0010: 00 00 00 00 01 20 98 c0 ..... ?� > >> 0018: 00 00 00 00 00 00 00 00 ........ > >> 0020: 00 00 00 00 00 00 00 00 ........ > >> 0028: b3 06 00 00 ff 53 4d 42 �...�SMB > >> 0030: 25 00 00 00 00 08 01 c0 %......� > >> 0038: 00 00 00 00 00 00 00 00 ........ > >> 0040: 00 00 00 00 00 d0 6d 38 .....�m8 > >> 0048: 02 50 01 00 10 00 00 48 .P.....H > >> 0050: 00 00 00 48 00 00 00 00 ...H.... > >> 0058: 00 00 00 00 .... > > > >Now *this* is interesting. I've only heard of it once, and it was not > >reproducable. Can you reproduce this error, and try to get a packet > >sniff of it? I would be interested to see what it actually is. > > Can't reproduce it. I have a few of these every week in my log files, > both from this server (2.2.6cvs) and the other samba servers (2.2.5). > > I'll examine the logs and see if I can find anything that happend at the > same time. Thanks - I'll be interested to see what this is.. > >> > >> [2002/10/01 13:21:50, 0] smbd/sec_ctx.c:initialise_groups(244) > >> Unable to initgroups. Error was Input/output error > >> > >> The logs are full of those message. However I think the are due to > >> the fact that I have winbind enum groups = no in /etc/samba/smb.conf > > > >That should not be. That error is probably somthing else... > > Yes, could it be this: > > [print$] > path = /samba/printers > write list = @"SKOLA\Support" @"SKOLA\Administrators" > > guest ok = Yes > > root@xx-proxy /var/log/samba# testparm | grep guest > map to guest = Never > domain guest group = > guest account = nobody > guest only = No > guest ok = No > guest ok = Yes > > When the computer/user tries to connect to the share as a guest it fails > since the guest account (nobody) is not allowed to use samba? > > OR could the fact that im using a normal account to connect to w2k > account for the errors? (wbinfo -A user%pass) I don't think this is what's causing that... > >In any case, one course of action might be (assuming you are running an > >Active Directory setup) to move to Samba 3.0. If the Win2k clients get > >kerberos credentials, then Samba doesn't need to contact the DC at all > >for authenticaion. (It might need to contact it for other things > >however, but these can be cached too) Also, Samba 3.0 uses an LDAP > >client on AD, which I suspect will cope much better with 10000 users. > > > >Samba 3.0 also has a 'dual deamon' mode where it can opearate out of > >it's cache while waiting for new answers from the DC, which might help > >avoid a blocking winbind call backloging the entire system. > > > >Finally, Samba 3.0 has *much* better error reporting, so you might get a > >meaningful error message too! > > But isn't samba 3.0 in alpha or beta? Is it really recommended/safe to run > it in production? I use it in production, but that's also becouse I can respond quickly if/when it breaks :-). I find it quite stable, the reason it's still alpha is becouse we have not rounded off the feature set etc, not due to stabiliy. Naturally, it also needs a lot more testing before we move to release. If you are having problems with the 'thundering hurd', then I think it's worth chasing down, becouse connecting to the DC for every user just isn't pretty... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
