Hong K Phooey wrote: > We have a samba server that uses active directory security. We have three > active directory servers and use a dfs namespace (test.local) to encompass > those three servers. We currently are using password server = TEST.local, > but have had all three AD servers listed, but it has not helped. > > Whenever ANY of those servers go down for maintenance, the samba shares do > not come up and restarting the winbind and smb services does not seem to > help. We have to reboot the linux box for the shares to show up again. > > Should samba not try to query one of the other two servers when one is down? > It does not appear to do so, or we have failed to modify a setting that will > allow that. > > Any assistance with this issue would be appreciated. > > Here are the log entries for the failure: > > [2011/01/15 11:19:28, 1] smbd/sesssetup.c:464(reply_spnego_kerberos) > Username TEST\sql-svc-agent-prod is invalid on this system > [2011/01/15 11:19:28, 0] lib/util_sock.c:738(write_data) > [2011/01/15 11:19:28, 0] lib/util_sock.c:1491(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > write_data: write failure in writing to client 0.0.0.0. Error Broken pipe > [2011/01/15 11:19:28, 0] smbd/process.c:62(srv_send_smb) > Error writing 39 bytes to client. -1. (Transport endpoint is not connected) > > PDC: windows 2008 R2 > Samba: 3.4.7 on ubuntu 10.4 > > Load smb config files from /etc/samba/smb.conf > rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) > Processing section "[printers]" > Processing section "[print$]" > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > [global] > workgroup = TEST > realm = TEST.LOCAL > server string = %h server (Samba, Ubuntu) > security = ADS > map to guest = Bad User > obey pam restrictions = Yes > password server = TEST.local > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > unix password sync = Yes > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > machine password timeout = 0 > domain master = No > dns proxy = No > usershare allow guests = Yes > panic action = /usr/share/samba/panic-action %d > idmap uid = 500-10000000 > idmap gid = 500-10000000 > template shell = /bin/bash > winbind refresh tickets = Yes > create mask = 0664 > hosts deny = 172.17.4.0/255.255.255.0, 172.19.4.0/255.255.255.0 > > [printers] > comment = All Printers > path = /var/spool/samba > create mask = 0700 > printable = Yes > browseable = No > browsable = No > > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > I don't have this issue. It looks like you are aiming at producing a printserver. I'm going to show you my working config. it seems to survive reboots of the ADS machines fine. We don't reboot often, but, it's a non-issue so far. I do have a significant problem with my config though. when adding printers (not drivers, just the printers part) via the APW (windows client side), I get an Access Denied error the first time I click. If I dismiss that error, wait 5-10 seconds, and click again, the printer will install correctly. Please let me know if you too run into this.
If I were you, I'd pick out stuff that looks like it might be useful and place it into the new config rather than copy pasting. You'll notice there is a difference in where we put the [print$] directory anyway. Anyway, hope this helps, and if you don't have that problem.. please, please copy me your working smb.conf back. Here's my smb.conf for comparison: [global] display charset = UTF-8 workgroup = KRH realm = KRH.INT server string = Samba Server security = ADS password server = kal-dc3.krh.int, kal-dc4.krh.int, kal-dc2.krh.int, * ntlm auth = No client NTLMv2 auth = Yes syslog = 0 log level= 3 log file = /var/log/samba/log.%m debug prefix timestamp = Yes max protocol = SMB2 unix extensions = No max open files = 20000 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 hostname lookups = Yes printcap name = /usr/local/etc/printcap addprinter command = /usr/local/sbin/smbaddprinter.pl deleteprinter command = /usr/local/sbin/smbdelprinter.pl local master = No domain master = No dns proxy = No wins server = 10.6.1.21 utmp = Yes host msdfs = No idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = Yes winbind enum groups = Yes winbind cache time = 300 winbind use default domain = Yes winbind refresh tickets = Yes cups options = raw force printername = Yes wide links = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [print$] comment = Where the printer drivers are kept path = /home/printserver/drivers write list = root, jax, KRH\jdown force user = printserver force group = printserver create mask = 0666 security mask = 0666 directory mask = 0777 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
