To fix this issue on Debian I have rolled back to 3.4.8 using the
following cached deb files:
libwbclient0_2%3a3.4.8~dfsg-2_amd64.deb
samba-common_2%3a3.4.8~dfsg-2_all.deb
smbclient_2%3a3.4.8~dfsg-2_amd64.deb
samba_2%3a3.4.8~dfsg-2_amd64.deb
samba-common-bin_2%3a3.4.8~dfsg-2_amd64.deb
winbind_2%3a3.4.8~dfsg-2_amd64.deb
This has fixed the issue but I'm no closer to discovering what
exactly is broken which is very unsatisfying.
To be sure that its not just a Debian issue I recompiled from source
on Debian and also tested on Gentoo (using 3.5.5) with the same results.
Is anyone aware of any changes in 3.5.5 that would cause this using
my config from the original post ?
Regards
Simon
On 09/28/10 12:18, Haven wrote:
Hi,
I'm running Debian Squeeze on a few machines that are all
authenticating to a pair of Windows 2008 servers. After upgrading
to samba 3.5.5 from 3.4.8 idmap has stopped resolving which is
preventing user authentication on these boxes. The boxes that have
been left at 3.4.8 continue to work fine.
On the 3.5.5 boxes wbinfo and net ads show lists of users and
groups without issue yet id is not able to map uid's any more.
nsswitch.conf is using:
passwd: files winbind
group: files winbind
shadow: files winbind
I can successfully connect the affected servers to the AD domain
using net ads join and the keytab also generates fine.
I have included my smb.conf below and will happily provide any
details that will help.
Many thanks for your time.
Regards
Simon
[global]
# Debuging domain auth issues:
debug level = 10
workgroup = DOMAIN
security = ads
kerberos method = system keytab
winbind use default domain = true
realm = DOMAIN.NET
disable netbios = yes
name resolve order = host lmhosts
hosts allow = 127.0.0.1 192.168.1.0/24 93.97.246.119
hosts deny = 0.0.0.0/0
password server = 192.168.1.2, 192.168.1.3, *
idmap config DOMAIN:default = yes
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:backend = ad
idmap config DOMAIN:range = 10000-20000
idmap backend = ad
winbind offline logon = yes
winbind nested groups = yes
winbind separator = +
winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = rfc2307
template homedir = /home/%U
template shell = /bin/bash
client ntlmv2 auth = yes
encrypt passwords = true
local master = no
domain master = no
preferred master = no
dns proxy = no
server string = Samba Server Version %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
# Fix character set issues:
#
http://www.unixresources.net/linux/lf/59/archive/00/00/13/18/131896.html
dos charset = 850
unix charset = UTF-8
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
