Dear Samba-Team, I have the following problem: The smbd and winbindd start fine, everthing seems to be okay, all users can be authenticated. The getent passwd command for every user in the WIN Domain SUED looks good. The users are granted in their shares very well. But a few minutes later, the winbindd is suddenly unable to authenticate some users against the Domain. You can see it in the snapshot. Messages like "Unable to initgroups" or "make_server_info_info3: pdb_init_sam failed!" don't look fine. I tried it with samba3.0.1.pre3 and samba3.0.1rc1 Here a snapshot of the log.smbd -------------------------------------------------------- [2003/12/09 09:12:30, 2] smbd/close.c:close_normal_file(228) SUED+Lauf.Barbara closed file Export-GLB-Sued/DP AG/Report GLB3 OLA DPAG.xls (numopen=1) [2003/12/09 09:12:41, 0] smbd/sec_ctx.c:initialise_groups(203) Unable to initgroups. Error was Eingabe-/Ausgabefehler [2003/12/09 09:12:41, 0] smbd/service.c:make_connection_snum(677) '%H/lesen' does not exist or is not a directory, when connecting to [lesen] [2003/12/09 09:12:42, 0] smbd/sec_ctx.c:initialise_groups(203) Unable to initgroups. Error was Eingabe-/Ausgabefehler [2003/12/09 09:12:42, 0] smbd/service.c:make_connection_snum(677) '%H/schreiben' does not exist or is not a directory, when connecting to [schreiben] [2003/12/09 09:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/09 09:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/09 09:12:46, 0] auth/auth_util.c:make_server_info_info3(1066) make_server_info_info3: pdb_init_sam failed! [2003/12/09 09:12:46, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [Ringer.Thomas] -> [Ringer.Thomas] FAILED with error NT_STATUS_NO_SUCH_ USER [2003/12/09 09:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/09 09:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/09 09:12:46, 0] auth/auth_util.c:make_server_info_info3(1066) make_server_info_info3: pdb_init_sam failed! -------------------------------------------------------------------------------------------------------- Now the getent passwd SUED+Ringer.Thomas cannot be resolved. After a restart of the winbindd everything is okay again, but not very long, other users cannot acces to their share. And here is my smb.conf: ; ; /etc/smb.conf ; ; [global] workgroup = T-SYSTEMS netbios name = Q4DEMRSA001 server string = RSC-Fileservice getwd cache = yes keep alive = 600 log level = 2 os level = 2 domain master = no local master = no preferred master = no enhanced browsing = no kernel oplocks = false invalid users = root max log size = 1000 syslog = 0 printing = BSD printcap name = /etc/printcap winbind separator = + winbind uid = 10000-90000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind cache time = 600 template shell = /bin/false template homedir = /space/home/%D+%U name resolve order = wins host bcast auto services = lesen schreiben security = DOMAIN password server = * encrypt passwords = true update encrypted = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 write cache size = 262144 unix charset = ISO8859-15 map to guest = Never passdb backend = tdbsam interfaces = 10.187.10.11/255.255.255.0 wins support = no dns proxy = no wins server = 10.206.162.4 10.206.162.6 [lesen] comment = Lesezugriff read only = yes path = %H/lesen force group = users force create mode = 777 force security mode = 0777 force directory mode = 777 force directory security mode =0777 browseable = yes [schreiben] comment = Schreib- und Lesezugriff read only = no path = %H/schreiben force group = users force create mode = 770 force security mode = 0770 force directory mode = 770 force directory security mode =0770 browseable = yes [sichern] comment = privates Sicherungsverzeichnis read only = no path = %H/sichern force group = users force create mode = 700 force security mode = 0777 force directory mode = 700 force directory security mode =0777 browseable = yes guest ok = no Best regards Robert Kastl
My guess is a disconnected sequence number. Can you tell me 1) if SUED+Lauf.Barbara is a member of more than 32 groups 2) what the output of wbinfo --sequence is (both when winbindd is working and when it fails). ? Thanks.
1. Yes SUED+Lauf.Barbara is a member of more than 32 groups 2. Just after start of winbindd and smbd, nmbd: ------------------------------------------------------------------- My own account works with getent passwd, as you can see: Q4DEMRSA001:~/neu-samba# getent passwd SUED+kastl.robert SUED+kastl.robert:x:10000:10000::/space/home/SUED+kastl.robert:/bin/false Here the output of wbinfo: Q4DEMRSA001:~# /usr/local/samba/bin/wbinfo --sequence T-COM : DISCONNECTED SUED10 : 29973 OST1 : 340553 WEST3 : 447950 WEST2 : 1932890 SUEDWEST : 1937266 SUED13 : 1464 WEST : 2650649 SUEDWEST2 : 1142976 SUED3 : 691117 SUED12 : 5748 OST3 : 1 SUED : 1709397 OST : 1 NORD2 : 27004 OST2 : 1651579 MITTE : 3 NORD : 1930791 MITTE2 : 1158 SUED8 : 235058 WEST1 : 1305298 DITSCOM : 150538 DSH : 1 SUED2 : 1849843 MITTE3 : 138651 OST5 : 1 ADS-TELEKOM : DISCONNECTED T-SYSTEMS : 1 Q4DEMRSA001:~/neu-samba# 20 Minutes later.................... Now my own account failed with getent passwd: Q4DEMRSA001:~/neu-samba# getent passwd SUED+kastl.robert Q4DEMRSA001:~# /usr/local/samba/bin/wbinfo --sequence T-COM : DISCONNECTED SUED10 : 29973 OST1 : 340554 WEST3 : 447950 WEST2 : 1932890 SUEDWEST : 1937266 SUED13 : 1464 WEST : 2650649 SUEDWEST2 : 1142976 SUED3 : 691117 SUED12 : 5748 OST3 : 1 SUED : DISCONNECTED OST : 1 NORD2 : 27004 OST2 : 1651579 MITTE : 3 NORD : 1930791 MITTE2 : 1158 SUED8 : 235058 WEST1 : 1305298 DITSCOM : 150551 DSH : 1 SUED2 : 1849875 MITTE3 : 138653 OST5 : 1 ADS-TELEKOM : DISCONNECTED T-SYSTEMS : 1 I estimate that every user in a disconnected Domain cannot be authenticated. But why have the Domain SUED after the start of the winbindd a sequence-number an later on SUED is disconnected?
Dear Samba-Team, I would like to give you some more informations, which may be helpful. Usually i use the pre-compiled Samba3.0.0 from the Debian-Distribution. When i use this, the output of wbinfo --sequence looks good: Q4DEMRSA001:~# wbinfo --sequence T-COM : 5983116 SUED10 : 129480 OST1 : 340585 WEST3 : 5724521 WEST2 : 4171159 SUEDWEST : 3535657 SUED13 : 5830488 WEST : 863569159 SUEDWEST2 : 4303121 SUED3 : 4203035 SUED12 : 287095 OST3 : 2135990695 SUED : 529870237 OST : 1053422962 NORD2 : 5881490 OST2 : 1064240182 MITTE : 5051426 NORD : 586410753 MITTE2 : 8999625 SUED8 : 5428940 WEST1 : 47310 DITSCOM : 150572 DSH : 1352223 SUED2 : 1851289 MITTE3 : 138661 OST5 : 1934489 ADS-TELEKOM : 6219222 T-SYSTEMS : 6969237 Q4DEMRSA001:~# Unfortunately has the Samba3.0.0 the Bug 551 Excel cannot open read-only files. Therefore i tried to use the latest Samba from samba.org, with the trouble i described. I tried it at three different machines, always with the same result.
Dear Samba-Team, Now i think whats going wrong with my winbind: It depends on the library libldap2-dev, the OpenLDAP development libraries. When i compile the samba-sources and the ibldap2-dev are NOT installed, i have problems with the sequence-numbers. When i compile the samba-sources and the ibldap2-dev are installed, every seem to work well. I compile the sources in both cases: ./configure make make install It would have been better to compile the sources with: ./configure --with-ads --with-ldap than a message tell me, that the ldap-libraries are necessary. In this case, my problems never happend. Thank you for your support, your tip with the the wbinfo --sequence helped me to find out whats happend.
build issues. All of this is documented in the HOWTO Collection,
originally reported against 3.0aph24. Bugzilla spring cleaning. Removing old alpha versions.
database cleanup