[Samba] Users randomly unable to login after machine left idle on boot
Everyone, Perhaps this is an known issue, but: For some time, we have inconsistently been running into an issue where end users are unable to login to their machines if they have been left booted, but idle and not logged in, for some amount of time (it is not clear what the minimum is) after being booted. In (almost) every case, rebooting the machine restores their access. Caveat this only because internal IT staff have only recently decided this is a priority to resolve, instead of a lower priority irritant, so I don't have anything more substantive than a bunch of inconsistent anecdotes to base a problem description off of, and there's an outside chance that we're looking at multiple issues or two inter-related problems. Unfortunately, the problem is not reproducible, either... machines / users that had it happen semi-frequently no longer run into it, other recent reports come from machines / users who have not run into it before. One tech did get wireshark on it at one point, and found requests going out, but replies not making it back in again (this is being relayed through a second party). There was a major instance of this last week, which resulted in a number of users being unable to login, and the resolution was kind of messy, with the result that the problem got pushed up the stack. We are going to attempt to replicate that instance on Monday, in hopes of getting multiple machines in the failed state so that my partner and I can do forensics on the resulting logs and network captures... but it never hurts to simply ask the experts if they've run into this before. We're running samba 3.4.7 on Ubuntu 10.04 (Lucid). The clients are all Windows XP SP3. Fast Ethernet. Local profiles, centralized network authentication via Samba/LDAP. Samba server sits on a different subnet than all the clients. I'm thinking that I'm running into a network timeout issue, where a connection is closed but not re-opened, after some period of idleness. Most likely on the client, but I don't know enough to be sure, or where to look in Windows or Ubuntu. Does this problem description match any known issue? I've already trolled through Google extensively, and haven't found an exact match, or at least not one with a solution attached. Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo -u lists ADS users without domain, getent passwd returns only local users
I'm using Samba/Winbind for single-sign on in a network where Active Directory is the authoritative authentication source. The active directory server is Windows 2003 with Services for Unix installed so that the schema is extended and the management interface has a "Unix Attributes" tab. wbinfo -u produces a list of users, without a DOMAIN+ prefix. getent passwd lists only local users although getent passwd username produces the proper info. Same behavior for groups. Could SELinux interference be the problem? This happens even after I completely disable it, leave the domain, and then rejoin the domain and restart everything. Everything is "working", but this strikes me as incorrect behavior. Here's a dump of my samba config [global] workgroup = BLAH realm = BLAHHQ.BLAH-INC.COM server string = Samba Server Version %v security = ADS auth methods = winbind password server = BLAH-DC-02.BLAHHQ.BLAH-INC.COM BLAH-DC-04.BLAHHQ.BLAH-INC.COM idmap domains = BLAHHQ.BLAH-INC.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = sfu idmap config BLAHHQ.BLAH-INC.COM:range = 1-4 idmap config BLAHHQ.BLAH-INC.COM:backend = ad idmap config BLAHHQ.BLAH-INC.COM:default = yes idmap config BLAHHQ.BLAH-INC.COM:schema_mode = sfu [homes] comment = Home Directories valid users = BLAHHQ.BLAH-INC.COM+%S read only = No browseable = No nsswitch.conf lists "files winbind" There's nothing particularly exotic going on here, as far as I can tell (other than the hassle created by SELinux). What am I missing? If y'all need more info, please tell me. Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba