We run samba on at least two of our linux servers. Both smb.conf's are
domain members of an NT4 windows server, so all security information is
gathered from the NT4 domain controller. We have a problem on one of the
samba servers whereby samba is unable to recognize the account SID for a
domain user. This is a new problem, only on newer versions of samba.
The problem manifests itself on the windows clients as such:
- let's say our domain is DUDESDOMAIN
- let's say the username is dudeman
- thus, permissions on files used to be "dudeman (DUDESDOMAIN\dudeman)"
- but now, only on newer versions of samba, permissions are now showing up
as: "dudeman (Unix User\dudeman)", and the older permission object is
showing up as an "Account Unknown (SID#)"
I'm not sure there are any other symptoms of this problem, windows
machines work okay. However, just today we discovered that WinZip files
complain about bad permissions on all .zip files, and I'm wondering if
this is another symptom. Either way, samba should be able to resolve the
SID the the DUDESDOMAIN domain, like it used to just fine.
The older server is RHEL3-AS x86 running samba-3.0.9-1.3E.10 RPM from
RedHat. This server is working fine, the permissions are correct on all
files as "dudeman (DUDESDOMAIN\dudeman)".
The new server is RHEL4-AS x64 running a compiled samba-3.0.23a.
I have verified that the older samba server does NOT have this problem at
all. The newer samba server has the problem on all files.
Any ideas? I'm looking through the smb.conf to find the answer, thought it
might be related to the "windbind use default domain", but no matter what
I set that to, the behavior is the same.
Anyone else see this problem, know the solution?
Here is a snippit from our global smb.conf on the newer samba server, the
smb.conf on the older server is exactly the same, except for minor
changes in hostnames and such:
[global]
server string = Samba File Server
interfaces = xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
wins server = xxx.xxx.xxx.xxx
domain master = no
preferred master = no
netbios name = samba-hostname
announce version = 1.0
load printers = no
password level = 8
security = server
password server = IP-of-NT4-PDC
workgroup = DUDESDOMAIN
encrypt passwords = yes
large readwrite = no
hosts allow = xxx.xxx.xxx.xxx
log file = /var/log/samba/hostname-samba.log
log level = 2
max log size = 0
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
# idmap uid = 16777216-33554431
# idmap gid = 16777216-33554431
template shell = /bin/false
# winbind use default domain = no
testparm on smb.conf is fine:
[EMAIL PROTECTED] lib]# testparm
Load smb config files from /usr/local/encap/samba-3.0.23a/lib/smb.conf
Processing section "[homes]"
Processing section "[staff]"
Processing section "[users]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Like I said before, samba has worked fine until a recent upgrade, I'm not
sure when these permissions issues first started showing up though.
Thanks,
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
