On 05/10/2012 11:21 AM, sigunas wrote:
We have similar problem to with samba file server, serving about 800 users.
After server restart samba/winbind works as intended. After some time (it
may be couple of weeks, or it may be 1 day) server does not authenticate new
connections. Old connections work.
For example: I don't turn off my computer, and next day I can access samba
shares, reade/create/delete files and directories as usual. Users who just
started computers and try to access shares are rejected with unknown
user/password. After winbind restart (don't need to restart samba)
everything works as intended again for day or sometimes for couple of weeks.
Server configuration:
security=ADS
realm=our.domain.com
client schanel=no
wins support=no
domain logons=no
domain master=auto
password server=dc.our.domain.com
server string=failai
local master=yes
idmap uid=10000-20000
idmap gid=10000-20000
winbind enum users=yes
winbind enum groups=yes
encrypt password=true
keepalive=600
socket options=TCP_NODELAY
dns proxy=no
log level=1
large readwrite=yes
From my experience reducing idmap cache time seems to solve the problem.
I also experienced problems with idmap uid and idmap gid to such values
(10000-20000); try lo raise over 65536 (100000-200000).
I made some tests on another server acting as a file server with
validation on AD (no user and group mappings) in which winbind is
usually off. Starting winbind and playing with parameters brought samba
to deny the service after about 1 day; after stopping winbind and
restarting nmbd smbd it works good ...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
