Re: [Samba] Winbind Trust -- grr

Wed, 25 May 2011 11:47:15 -0700

It may be related to a caching issue. Use testparm -v to check the values for the following: 

        idmap cache time
        winbind cache time
I had a problem with samba 3.0.x where idmap entries would populate for users in a trusted domain- but after the cache time expired the cache would not repopulate and I would "loose" the trusted users. Increasing the cache time at least reduced how frequently I had to delete the cache entries. This is not a solution but may be will help locate the problem. 


On 05/25/2011 12:16 PM, Aaron E. wrote:

First, Thanks for any and all help!!!!
I can't seem to figure out what I need to do, I've been fighting this for a month and am now beating my head off my desk with no solution to be found. I've read others having this issue but they were all older versions.. I am using 3.5.4,, Please read over and give me some input..
Every 7 days winbindd fails on the trust secret. The only way I can figure to fix it is rejoin the domain.
My only solution I can think of is script and cron so the machine rejoins the domain every 6 days on it's own..
I believe I'm forced to use winbind due to dansguardian using ntlm_auth. Dansguardian cant use ldap connection. 

Now My smb.conf is as follows on the squid server..
[global]
        workgroup = EXAMPLE
        netbios name = squid1
        server string = Squid1
        security = domain
        password server = netfiles1san, netfiles2san
    log level = 3
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        preferred master = False
        local master = No
        domain master = False
        dns proxy = No
;Winbind
    winbind refresh tickets = false
        winbind separator = /
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000

smb.conf on my DC relevent info is as follows
security = user
LDAP Backend
master
Possibly an issue with using domain on the squid server and user on the DC?? 




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to