We've been working with Samba for the last years. Most ( if not all ) of it has worked as documented. Stability is much better than M$ Windows' and it is roughly an order of magnitude better on the same hardware ( you can add this to you customer quotes, Jerry ;) )
We have recently upgraded to RC2 from beta2, and we found this behaviour: while the "File Server" functions work perfectly well ( as always ), we have lost the ability to join machines to the domain, which get rejected with "username not found" message. Using LDAP backend.
We did a quite big test yesterday, were we joined 32 machines to the domain, and we only succeeded using smbpasswd backend. LDAP backend wouldn't let us join machines to the domain. We suspected a corrupted installation or defective hardware...
A couple hours before we had upgraded our main domain controllers to RC2 and everything seemed to work fine... until this morning, when we needed to join a machine to this domain. It has all worked flawlessly for the last two months, with big sustained workloads.
So.. What changed in RC2 which has to do with domain joining? Release notes do not show anything relevant ( or so it seems )
Anything needs to change in SMB.CONF and/or the LDAP DIT, or we just found a bug?
Hardware: Dell 2600SC, 2xXeon 2.4GHz, 1GB ECC DDRAM, very recently purchased
Software: Debian Woody base, Samba3.0.0beta2+3.0.0rc2-1 and OpenLDAP 2.1.22-1 from Sid, plus their dependencies.
Clients: W2K and WXP Pro, plus some NT4 ( not relevant )
Note: we have an "administrator" account with UID 0, Primary group SID DOMAIN-544, member of group with SID DOMAIN-512 ( both mappings checked with net groupmap )
------8<---- smb.conf ----8<-------------- [global]
workgroup = CNSR
server string = Servidor (%h) ;netbios name = SERVIDOR
load printers = no ; printing = bsd ; printcap name = /etc/printcap ; printing = cups ; printcap name = cups
; guest account = nobody invalid users = root
log file = /var/log/samba/log.%m max log size = 1000 syslog only = no syslog = 0
security = user encrypt passwords = true
passdb backend = ldapsam:ldap://localhost, tdbsam, guest
algorithmic rid base = 1000
ldap suffix = dc=xxxxxxxx,dc=xxx ldap admin dn = uid=samba,ou=daemons,dc=recuerdo,dc=net ldap delete dn = no ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=idmap,ou=samba ldap machine suffix = ou=machines
ldap filter = "(uid=%u)"
idmap only = no idmap backend = winbind ldap idmap suffix = ou=idmap,ou=samba,dc=recuerdo,dc=net winbind use default domain = yes idmap uid = 50000-55000 idmap gid = 50000-55000
#winbind separator = +
username map = /etc/samba/smbusers ; include = /home/samba/etc/smb.conf.%m
socket options = TCP_NODELAY
local master = yes os level = 20 domain master = yes preferred master = auto
wins support = no dns proxy = no name resolve order = lmhosts host wins bcast
; preserve case = yes ; short preserve case = yes
; unix password sync = true
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword
:* %n\n .
pam password change = no
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
obey pam restrictions = no
domain logons = yes logon script = netlogon.bat logon drive = H: logon path = \\%L\Profiles\%u
panic action = /usr/share/samba/panic-action %d
#======================= Share Definitions =======================
[homes] comment = Home Directories browseable = no writeable = yes read only = no csc policy = disable force create mode = 0640 force directory mode = 2750
[netlogon] comment = Network Logon Service path = /profiles/netlogon guest ok = yes writable = no share modes = no
[Profiles]
comment = Directorio de perfiles
path = /profiles
browseable = no
guest ok = yes
writeable = yes
; nt acl support = no
profile acls = yes
create mask = 0600
directory mask = 0700
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
