On Wed, Apr 28, 2010 at 12:29 AM, William Jojo <[email protected]> wrote: > > Sorry about that. All of my package were initially 32-bit, then I offered the > 64-bit code as >BETA for about 6 months, and after some testing and feedback > from users, I marked it as >production quality. The Samba Team makes no > guarantees whatsoever on what I produce. >This is simply a statement of > usability. > > I will remove that line from the site.
I thought some more information should be provided, which shall help visitors clearly if they can use 64bit samba into the production. >> >> 3. After changing mehtods.cfg, user file, Is there any program need to be >> restarted apart from samba or server reboot? >> > > The most you may need to do is stop Samba and run "slibclean", then restart > Samba. I have installed samba 3.4.3, 32bit Path: /usr/lib/objrepos pware53.base.rte 5.3.0.0 COMMITTED pWare base for 5.3 pware53.bdb.rte 4.7.25.4 COMMITTED Berkeley DB 4.7.25 pware53.cyrus-sasl.rte 2.1.23.1 COMMITTED cyrus-sasl 2.1.23 pware53.gettext.rte 0.17.0.0 COMMITTED GNU gettext 0.17 pware53.krb5.rte 1.7.1.1 COMMITTED MIT Kerberos 1.7.1 pware53.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1 pware53.ncurses.rte 5.7.0.1 COMMITTED ncurses 5.7.0.1 pware53.openldap.rte 2.4.21.1 COMMITTED OpenLDAP 2.4.21 pware53.openssl.rte 0.9.8.13 COMMITTED OpenSSL 0.9.8m pware53.popt.rte 1.10.4.0 COMMITTED popt 1.10.4 pware53.samba.rte 3.4.3.0 COMMITTED Samba 3.4.3 pware53.zlib.rte 1.2.4.0 COMMITTED zlib 1.2.4 I got these errors-- ------------------------------------------------------------------------- [2010/04/28 10:50:44, 1] winbindd/idmap_tdb.c:445(idmap_tdb_allocate_id) Fatal Error: GID range full!! (max: 500000) [2010/04/28 10:50:44, 3] winbindd/idmap.c:695(idmap_new_mapping) Could not allocate id: NT_STATUS_UNSUCCESSFUL ..... log.winbindd: lookupname_recv: lookup_name() failed! log.winbindd: Could not lookup name for user MYGRP\USER1 log.winbindd:[2010/04/29 10:28:30, 3] winbindd/winbindd_sid.c:107(winbindd_lookupname) log.winbindd: [160060]: lookupname MYGRP\USER1 ------------------------------------------------------------------------- Once I copied the winbind_idmap.tdb from other server like you suggested, and keep the same idmap uid/gid range as on the server, I could able to list SID for users. In my case wbinfo -t/-m/-p/-g works but wbinfo -u doesn't work!. I'am not sure what is the reason, but the same works Okay on the other server. wbinfo -u - returns - Error looking up domain users. net ads users - too lists all the users but wbinfo -u doesn't. GID range full!! - Error persists no matter, I remove all the *.tdb or even if I change the larger GID range as well. I used the following to create machine account. net ads join -S DOMSERVER -Uuser_adm createcomputer="/Servers/Non Windows Servers" I have repated this command replacing DOMSERVER with other DC names into the TDK.DK realm which I think has helped to keep machine account trust OK. My smb.conf is [global] workgroup = MYGRP server string = Samba Server security = ADS log level = 5 netbios name = FOO log file = /var/log/samba/log.%m max log size = 500 password server = * realm = AA.DK allow trusted domains = no encrypt passwords = yes client use spnego = yes client ntlmv2 auth = yes local master = no domain master = no wins server = namesrv04 namesrv03 dns proxy = no idmap uid = 100000-999999 idmap gid = 1000000-1999999 restrict anonymous = yes name resolve order = wins bcast winbind enum groups = no winbind enum users = no winbind cache time = 300 winbind use default domain = yes I think I was missing "client ntlmv2 auth = yes". At present I'm able to authenticate with the AD Users, and shares are give permission based upon AD groups which is working Ok. My question now are - 1. Since I have copied the winbind_idmap.tdb from other working servers, will it be updating the existing and adding new SID? 2. what is reason for user lookup errors in winbindd.log, I have noticed they only appear which one get NT_STATUS_UNSUCCESSFUL 3. User who has logged into MYGRP domain, are able to see the shares without any prompt since they have already logged into the domain, but those shares which they don't have access, I'm prompted for authentication - Then I provide a valid user credentials but it doesn't give the access to the shares, Is it normal? Many thanks for your help! Yash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
