I have four SLES 10 servers working as Samba servers on the same domain
with an LDAP account backend. Relevant smb.conf entries are:
[global]
workgroup = UNIX
realm = UNIX.UIB.NO
server string = ukl-samba
netbios name = ukl-samba
security = user
allow trusted domains = yes
domain master = yes
local master = yes
encrypt passwords = yes
Only one of the servers is set as domain and local master, server string
and netbios name obviously differ while workgroup and realm are set to
the same. When I first set them up (smbpasswd -w, etc.) they created
seperate sambaDomain entries in the LDAP root, with separate SIDs. the
sambaDomain entries are named after each server. The user SIDs we
simply set to be based on the SID of the first server we set up. It all
worked, so I never questioned it.
Then just before the weekend I took the first server up to SLES 10 SP1,
which brought Samba up from 3.0.21 to 3.0.24, and this server was
effectively broken. On startup, every single user (all 35.0000 of
them...) would get a line in /var/log/messages:
ukl-samba smbd[16336]: User <SNIP> with invalid SID <SNIP> in passdb
Nobody could get at the Samba shares until I edited the LDAP tree to
switch the SIDs between this server and the server with the SID the user
SIDs were based on.
Clearly, I need to clean something up before upgrading the next server
to SLES 10 SP1, or things will be really, really broken. Either a
setting to switch of the SID validation, or Someting(tm) to clean up the
LDAP tree. The latter is probably better, but I have no idea where to
start. I was hoping someone here had an answer which saved me the
trouble of setting up a full test domain with LDAP and Samba-servers...
Can I just set the same SID on all four domains? Or delete three of the
four domains and rename the one with the correct SID to the _domain_
name in sted of the server name?
Thanks,
Bjørn
--
Bj¯rn Tore Sund Phone: 555-84894 Email: [EMAIL PROTECTED]
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
