samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] smb.conf works for 3.4.0; doesn't work for

[Samba] smb.conf works for 3.4.0; doesn't work for 3.4.7

From: Mike Leone <turgon_at_nospam>
Date: Sat May 08 2010 - 03:42:59 GMT
To: Samba <samba@lists.samba.org>

Some may remember all my issues trying to get one Samba server to mount
shares from another Samba server. Well, I decided to completely reformat
my laptop with Ubuntu 10.04, and start over (leaving the other Samba
server at Ubuntu 9.10)

(to recap - I have a Win2003 AD (not R2), with SFU installed)

I took the smb.conf from the 9.10 server (running 3.4.0) and loaded it
on the Ubuntu 10.04 laptop, which is running 3.4.7. The only editing I
did was to remove the share definitions, which don't exist on the laptop
(no shares defined at all). Also copied the krb5.conf, to configure
Kerberos. Cleared the /var/lib/samba, /var/cache/samba, /var/log/samba
directories. Even tho Ubuntu 10.04 seems to have the /etc/pam.d files
already configured for samba, I copied over the common-account,
common-auth, common-password, common-session files from the 9.10 server
to the 10.04 server. Did the same with the nsswitch.conf file.

Figured I should get identical results, right? HA! :-(

Got a ticket.
Joined the domain. It gave me an error message, something about the
client not existing in the Kerberos database. It worked, tho, as the
computer account did appear in AD.

wbinfo -t works.
wbinfo -u works.
wbinfo -g works.
If I use sudo, then wbinfo -a DOMAIN+user works. (I used "+" as a delimiter)

Getent passwd fails.
Getent group fails.

I am seeing this, in log.winbind on the 10.04 server:

[2010/05/07 23:16:59, 1] winbindd/winbindd_user.c:97(winbindd_fill_pwent)
  error getting user id for sid S-1-5-21-2780757143-49591276-3462498634-500
[2010/05/07 23:16:59, 1] winbindd/winbindd_user.c:856(winbindd_getpwent)
  could not lookup domain user Administrator
[2010/05/07 23:16:59, 1] winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids)
  Could not get unix ID

and repeating, for all domain users.

I'm pretty much ready to just give up, and use the Windows installed on
this laptop. That one has no problem accessing shares from the Samba
server, or the Windows stations on the LAN.

Anyone? Please. :-)

Testparm of smb.conf: (I had to add the "idmap uid/gid" statements to
the 10.04 server)

[global]
    workgroup = DACRIB
    realm = DACRIB.LOCAL
    server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
    security = ADS
    auth methods = winbind
    allow trusted domains = No
    map to guest = Bad User
    obey pam restrictions = Yes
    password server = dim-win2300.DaCrib.local
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    client NTLMv2 auth = Yes
    log level = 3
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    server signing = auto
    os level = 2
    local master = No
    domain master = No
    dns proxy = No
    eventlog list = Application, System, Security, SyslogLinux
    usershare allow guests = Yes
    panic action = /usr/share/samba/panic-action %d
    idmap uid = 100000-200000
    idmap gid = 100000-200000
    template shell = /bin/bash
    winbind separator = +
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind nss info = sfu
    winbind refresh tickets = Yes
    idmap config DACRIB: schema_mode = sfu
    idmap config DACRIB: range = 100000 - 200000
    idmap config DACRIB: backend = ad
    hide dot files = No

Testparm of smb.conf of 9.10 server:

[global]
    workgroup = DACRIB
    realm = DACRIB.LOCAL
    server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
    security = ADS
    auth methods = winbind
    map to guest = Bad User
    obey pam restrictions = Yes
    password server = dim-win2300.DaCrib.local
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    client NTLMv2 auth = Yes
    log level = 4
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    server signing = auto
    os level = 2
    local master = No
    domain master = No
    dns proxy = No
    eventlog list = Application, System, Security, SyslogLinux
    usershare allow guests = Yes
    panic action = /usr/share/samba/panic-action %d
    template shell = /bin/bash
    winbind separator = +
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind nss info = sfu
    winbind refresh tickets = Yes
    idmap config DCRIB:schema_mode = sfu
    idmap config DACRIB: range = 100000 - 200000
    idmap config DACRIB: backend = ad
    hide dot files = No
    wide links = No

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba