[Samba] winbind is loosing domain prefix

Thorsten Leiser Wed, 22 Sep 2004 02:45:27 -0700

Hi,

we're using the SerNet-release of samba 3.0.7 running on SLES8. Our samba server is running as domain member server (security=ADS) in our w2k domain. On monday we migrated from 3.0.4 to 3.0.7. Since then winbind is trying to relsolve usernames without the domain-prefex and fails. See below: log.winbindd: ... [2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'm019u026' does not exist [2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'm019u026' does not exist [2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'M019U026' does not exist ...

It should be SCHARRNET+m019u026. And in addition i get the following errors in log.winbind. ... [2004/09/22 06:17:12, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain SCHARRNET failed: Invalid credentials ... [2004/09/21 21:56:01, 1] libsmb/clikrb5.c:ads_krb5_mk_req(321) krb5_get_credentials failed for [EMAIL PROTECTED] (Unknown error -1765328347) [2004/09/21 21:56:01, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544) spnego_gen_negTokenTarg failed: Unknown error -1765328347 ...

If we restart winbindd, nmbd and smbd samba runs normal again (until next restart). Can anybody give us a hint what the problem is and how we can fix it?

Regards

Thorsten

smb.conf:
[global]
       unix charset = ISO8859-15
       display charset = ISO8859-15
       workgroup = SCHARRNET
       realm = SCHARRNET.DE
       server string =
       security = ADS
       password server = maire.scharrnet.de, maitre.scharrnet.de
       socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
       os level = 2
       ldap ssl = no
       idmap uid = 10000-20000
       idmap gid = 10000-20000
       template homedir = /data/home/%U
       winbind separator = +
       veto oplock files = /*.mdb/*.doc/*.xls/
       strict locking = No

[data]
       path = /data
       valid users = SCHARRNET+Administrator
       admin users = SCHARRNET+Administrator
       read only = No
       create mask = 0660
       directory mask = 0770
       browseable = No
       volume = DATA
       dos filetimes = Yes
       dos filetime resolution = Yes
       fake directory create times = Yes

[tsshare]
       comment = Share-Laufwerk auf %L
       path = /data/share
       valid users = @SCHARRNET+Dom�nen-Benutzer, SCHARRNET+Administrator
       read only = No
       create mask = 0660
       directory mask = 0770
       hide unreadable = Yes
       browseable = No
       volume = DATA
       dos filetimes = Yes
       dos filetime resolution = Yes
       fake directory create times = Yes

[tssymbole]
       comment = Iconen-Laufwerk auf %L
       path = /data/symbole
       valid users = @SCHARRNET+Dom�nen-Benutzer, SCHARRNET+Administrator
       read only = No
       create mask = 0600
       directory mask = 0700
       browseable = No
       volume = DATA
       dos filetimes = Yes
       dos filetime resolution = Yes
       fake directory create times = Yes

[tsvorlagen]
       comment = Vorlagen-Laufwerk auf %L
       path = /data/vorlagen
       valid users = @SCHARRNET+Dom�nen-Benutzer, SCHARRNET+Administrator
       read only = No
       create mask = 0600
       directory mask = 0700
       browseable = No
       volume = DATA
       dos filetimes = Yes
       dos filetime resolution = Yes
       fake directory create times = Yes

[tshome]
       comment = Home-Laufwerke auf %L
       path = /data/home/
       valid users = @SCHARRNET+Dom�nen-Benutzer
       admin users = SCHARRNET+Administrator
       read only = No
       create mask = 0600
       directory mask = 0700
       browseable = No
       volume = DATA
       dos filetimes = Yes
       dos filetime resolution = Yes
       fake directory create times = Yes

[tsprofile]
       comment = Terminalserver-Profile auf %L
       path = /data/profile
       valid users = @SCHARRNET+Dom�nen-Benutzer
       admin users = SCHARRNET+Administrator
       read only = No
       create mask = 0600
       directory mask = 0700
       nt acl support = No
       browseable = No
       volume = DATA
       dos filetimes = Yes
       dos filetime resolution = Yes
       fake directory create times = Yes

[magic]
       comment = Programmdateien V_Olga auf %L
       path = /data/magic
       valid users = @SCHARRNET+Dom�nen-Benutzer
       write list = "@SCHARRNET+Mandant Synchron 006 Users"
       create mask = 0666
       directory mask = 0777
       browseable = No
       volume = DATA

[klett] comment = Abteilungslaufwerk KLETT auf %L path = /data/abt/Klett valid users = "@SCHARRNET+Mandant 010 Klett_Boeblingen_HEEH", SCHARRNET+Administrator read only = No create mask = 0660 directory mask = 0770 browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes ...

--
Thorsten Leiser
IT-Systembetreuung
FRIEDRICH SCHARR KG
Liebknechtstrasse 50
70565 Stuttgart-Vaihingen


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] winbind is loosing domain prefix

Reply via email to