Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server? - SCO

This is a discussion on Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server? - SCO ; I have been using samba 3.0.14Aa on SCO Open Server 5.0.6.a with gwxlibs 2.1.0Ba successfully for several months as a Backup Domain Controller using a smbpasswd text file back end. Before that I had used 3.0.9 on SCO 5.0.6 for ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?

  1. Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?

    I have been using samba 3.0.14Aa on SCO Open Server 5.0.6.a with
    gwxlibs 2.1.0Ba successfully for several months as a Backup Domain
    Controller using a smbpasswd text file back end. Before that I had
    used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I
    detailed in this list back in 2005 in
    http://groups.google.com/group/comp....84047be3ad5bb9

    I wanted to use passdb=ldapsam so it could share passwords with my
    PDC, a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. I
    realized that the SCO samba didn't have winbindd support, no PAM, no
    name service switch, and no LDAP server (although there were the
    client programs like ldapadd and some LDAP libraries as part of
    gwxlibs, and ldapsmb (the Suse utility) as part of samba), so LDAP
    didn't look possible - but then I got a bright idea: Just point samba
    to the RedHat box! So I tried changing the passdb to 'ldapsam:ldap://
    /' - and it worked! I was able to access a
    share on the SCO server without any smbpasswd on that server!

    Well, it did work for exactly 15 minutes, then smbd stopped running. I
    could restart smbd and it would work fine for another 15 minutes, then
    stop running again. I started seeing smbd daemons left in a CLOSED
    state but I couldn't see any messages in the logs that showed a
    problem. (For what it's worth, I also tried using the ldapsmb utility
    on the SCO box, and that produced a log that showed it successfully
    bound with the external LDAP server.) Finally I gave up and went back
    to using smbpasswd on my SCO server. Trying ldapsam again later, I
    thought samba survived somewhat more than 15 minutes, but again smbd
    finally stopped running.

    So that's where I am. Does anyone understand what samba is doing every
    15 minutes that would result in smbd crashing? I know that samba has
    an option deadtime = 15 that kills inactive processes every 15
    minutes. Also there is the election process in about that time-frame
    but I don't really know what to look for.

    It's a shame, because I'm so close to having it working. I need the
    SCO server because it's the only platform I have to run old
    WordPerfect 7 for Unix and I need WP7 for some old reports that I
    can't currently replace.

    Do I really need a full LDAP/pam/nss setup (+Kerberos and SASL?) to
    make samba work this way? There was a version of LDAP "3.3" as part
    of the old Skunkware 2000, but I didn't even try to use that due to
    potential conflicts with the current gwxlibs.

    I'm including below my smb.conf for possible clues.

    Thanks in advance. I really do appreciate all the SCO experts on this
    list. Hope there's one who's an expert on _this_ problem!

    Bob Troester
    Systems Developer
    VT Agency of Agriculture, Food & Markets
    -------------------------------------------------------------------------------------------------------------
    # Samba config file created using SWAT
    # from 159.105.50.3 (159.105.50.3)
    # Date: 2007/10/31 22:01:27

    # Global parameters
    [global]
    dos charset = CP850
    unix charset = UTF-8
    display charset = LOCALE
    workgroup = VTAGR
    netbios name = VTAGR02
    netbios aliases =
    netbios scope =
    server string = VT Agr Samba Server (%m) %v
    interfaces =
    bind interfaces only = No
    security = USER
    auth methods =
    encrypt passwords = Yes
    update encrypted = No
    client schannel = Auto
    server schannel = Auto
    allow trusted domains = Yes
    hosts equiv =
    min password length = 5
    map to guest = Bad User
    null passwords = No
    obey pam restrictions = No
    password server = *
    smb passwd file = /etc/samba/smbpasswd
    private dir = /etc/samba
    passdb backend = smbpasswd
    algorithmic rid base = 1000
    root directory =
    guest account = smbprint
    enable privileges = No
    pam password change = No
    passwd program = /bin/passwd %u
    passwd chat = *Enter*choice* \n *New*password* %n\n *enter*password*
    %n\n \n .
    passwd chat debug = No
    passwd chat timeout = 2
    check password script =
    username map = /etc/samba/smbusers
    password level = 8
    username level = 0
    unix password sync = Yes
    restrict anonymous = 0
    lanman auth = Yes
    ntlm auth = Yes
    client NTLMv2 auth = No
    client lanman auth = Yes
    client plaintext auth = Yes
    preload modules =
    use kerberos keytab = No
    log level = 1
    syslog = 1
    syslog only = No
    log file = /var/log/samba/logs/log.%m
    max log size = 5000
    debug timestamp = Yes
    debug hires timestamp = No
    debug pid = No
    debug uid = No
    smb ports = 445 139
    large readwrite = Yes
    max protocol = NT1
    min protocol = CORE
    read bmpx = No
    read raw = Yes
    write raw = Yes
    disable netbios = No
    acl compatibility =
    defer sharing violations = Yes
    nt pipe support = Yes
    nt status support = Yes
    announce version = 4.9
    announce as = NT
    max mux = 50
    max xmit = 16644
    name resolve order = lmhosts wins host bcast
    max ttl = 259200
    max wins ttl = 518400
    min wins ttl = 21600
    time server = No
    unix extensions = Yes
    use spnego = Yes
    client signing = auto
    server signing = No
    client use spnego = Yes
    change notify timeout = 60
    deadtime = 15
    getwd cache = Yes
    keepalive = 300
    kernel change notify = Yes
    lpq cache time = 30
    max smbd processes = 0
    paranoid server security = Yes
    max disk size = 0
    max open files = 10000
    socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192
    SO_RCVBUF=8192
    use mmap = Yes
    hostname lookups = No
    name cache timeout = 660
    load printers = Yes
    printcap cache time = 0
    printcap name = lpstat
    cups server =
    disable spoolss = No
    enumports command =
    addprinter command =
    deleteprinter command =
    show add printer wizard = Yes
    os2 driver map =
    mangling method = hash2
    mangle prefix = 1
    stat cache = Yes
    machine password timeout = 604800
    add user script =
    delete user script =
    add group script =
    delete group script =
    add user to group script =
    delete user from group script =
    set primary group script =
    add machine script =
    shutdown script =
    abort shutdown script =
    logon script = startup.bat
    logon path = \\%N\%U\profile
    logon drive =
    logon home = \\%N\%U\profile
    domain logons = Yes
    os level = 33
    lm announce = Auto
    lm interval = 60
    preferred master = No
    local master = Yes
    domain master = No
    browse list = Yes
    enhanced browsing = Yes
    dns proxy = Yes
    wins proxy = No
    wins server =
    wins support = Yes
    wins hook =
    wins partners =
    kernel oplocks = No
    lock spin count = 3
    lock spin time = 10
    oplock break wait time = 0
    ldap admin dn = cn=Manager,dc=agr,dc=state,dc=vt,dc=us
    ldap delete dn = No
    ldap filter = (uid=%u)
    ldap group suffix = ou=Groups
    ldap idmap suffix = ou=Idmap
    ldap machine suffix = ou=Computers
    ldap passwd sync = Yes
    ldap replication sleep = 1000
    ldap suffix = dc=agr,dc=state,dc=vt,dc=us
    ldap ssl = no
    ldap timeout = 15
    ldap user suffix = ou=People
    add share command =
    change share command =
    delete share command =
    config file =
    preload =
    lock directory = /var/lib/samba
    pid directory = /var/run/samba
    utmp directory =
    wtmp directory =
    utmp = No
    default service =
    message command = /bin/mailx -s'Message from %f on %m' root<%s; rm %s
    dfree command =
    get quota command =
    set quota command =
    remote announce = nnn.nnn.nnn.127/ADMIN
    remote browse sync =
    socket address = 0.0.0.0
    homedir map =
    afs username map =
    afs token lifetime = 604800
    log nt token command =
    time offset = 0
    NIS homedir = No
    panic action =
    host msdfs = No
    enable rid algorithm = Yes
    idmap backend =
    idmap uid =
    idmap gid =
    template primary group = nogroup
    template homedir = /usr/%D/%U
    template shell = /bin/false
    winbind separator = \
    winbind cache time = 300
    winbind enable local accounts = No
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = No
    winbind trusted domains only = No
    winbind nested groups = No
    comment =
    path =
    username =
    invalid users =
    valid users =
    admin users = VTAGR\@domadm
    read list =
    write list =
    printer admin = VTAGR\@domadm
    force user =
    force group =
    read only = Yes
    create mask = 0775
    force create mode = 00
    security mask = 0777
    force security mode = 00
    directory mask = 0775
    force directory mode = 00
    directory security mask = 0777
    force directory security mode = 00
    force unknown acl user = No
    inherit permissions = No
    inherit acls = No
    guest only = No
    guest ok = No
    only user = No
    hosts allow = nnn.nnn.nnn.0/255.255.255.128
    hosts deny =
    allocation roundup size = 1048576
    ea support = No
    nt acl support = Yes
    profile acls = No
    map acl inherit = No
    afs share = No
    block size = 1024
    max connections = 0
    min print space = 0
    strict allocate = No
    strict sync = No
    sync always = No
    use sendfile = No
    write cache size = 0
    max reported print jobs = 0
    max print jobs = 1000
    printable = No
    printing = sysv
    cups options =
    print command = lp -c -d%p %s; rm %s
    lpq command = lpstat -o%p
    lprm command = cancel %p-%j
    lppause command = lp -i %p-%j -H hold
    lpresume command = lp -i %p-%j -H resume
    queuepause command = disable %p
    queueresume command = enable %p
    printer name =
    use client driver = No
    default devmode = No
    force printername = No
    default case = lower
    case sensitive = Auto
    preserve case = Yes
    short preserve case = Yes
    mangling char = ~
    hide dot files = Yes
    hide special files = No
    hide unreadable = No
    hide unwriteable files = No
    delete veto files = No
    veto files =
    hide files =
    veto oplock files =
    map system = No
    map hidden = No
    map archive = No
    mangled names = Yes
    mangled map =
    store dos attributes = No
    browseable = Yes
    blocking locks = Yes
    csc policy = manual
    fake oplocks = No
    locking = Yes
    oplocks = No
    level2 oplocks = No
    oplock contention limit = 2
    posix locking = Yes
    strict locking = Yes
    share modes = Yes
    copy =
    include =
    preexec =
    preexec close = No
    postexec =
    root preexec =
    root preexec close = No
    root postexec =
    available = Yes
    volume =
    fstype = NTFS
    set directory = No
    wide links = No
    follow symlinks = Yes
    dont descend =
    magic script =
    magic output =
    delete readonly = Yes
    dos filemode = No
    dos filetimes = Yes
    dos filetime resolution = No
    fake directory create times = No
    vfs objects =
    msdfs root = No
    msdfs proxy =

    -----shares edited------
    [homes]
    comment = Home Directories
    valid users = %S
    read only = No
    inherit acls = Yes
    hosts allow = nnn.nnn.nnn.0/255.255.255.128
    browseable = No

    [Profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    create mask = 0600
    directory mask = 0700
    store dos attributes = Yes
    browseable = No

    [public]
    comment = Temporary storage for all users
    path = /usr2/u/public
    read only = No
    inherit acls = Yes
    hosts allow = nnn.nnn.nnn.0/255.255.255.128

    [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    inherit acls = Yes
    hosts allow = nnn.nnn.nnn.0/255.255.255.128
    browseable = No
    share modes = No

    [printers]
    comment = All Printers
    path = /var/spool/samba
    create mask = 0600
    min print space = 5000
    printable = Yes
    use client driver = Yes
    browseable = No

    [print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin, root
    force group = ntadmin
    create mask = 0664
    hosts allow = nnn.nnn.nnn.0/255.255.255.128

    [L1]
    comment = LaserJet 4350dtn - 1st floor main room
    path = /usr/spool/samba
    read only = No
    create mask = 0600
    guest ok = Yes
    min print space = 5000
    printable = Yes
    printer name = L1


  2. Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?

    On Oct 31, 10:24 pm, Bob Troester wrote:
    > I have been using samba 3.0.14Aa on SCO Open Server 5.0.6.a with
    > gwxlibs 2.1.0Ba successfully for several months as a Backup Domain
    > Controller using a smbpasswd text file back end. Before that I had
    > used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I
    > detailed in this list back in 2005 inhttp://groups.google.com/group/comp.unix.sco.misc/browse_thread/threa...
    >
    > I wanted to use passdb=ldapsam so it could share passwords with my
    > PDC, a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. I
    > realized that the SCO samba didn't have winbindd support, no PAM, no
    > name service switch, and no LDAP server (although there were the
    > client programs like ldapadd and some LDAP libraries as part of
    > gwxlibs, and ldapsmb (the Suse utility) as part of samba), so LDAP
    > didn't look possible - but then I got a bright idea: Just point samba
    > to the RedHat box! So I tried changing the passdb to 'ldapsam:ldap://
    > /' - and it worked! I was able to access a
    > share on the SCO server without any smbpasswd on that server!
    >
    > Well, it did work for exactly 15 minutes, then smbd stopped running. I
    > could restart smbd and it would work fine for another 15 minutes, then
    > stop running again. I started seeing smbd daemons left in a CLOSED
    > state but I couldn't see any messages in the logs that showed a
    > problem. (For what it's worth, I also tried using the ldapsmb utility
    > on the SCO box, and that produced a log that showed it successfully
    > bound with the external LDAP server.) Finally I gave up and went back
    > to using smbpasswd on my SCO server. Trying ldapsam again later, I
    > thought samba survived somewhat more than 15 minutes, but again smbd
    > finally stopped running.
    >
    > So that's where I am. Does anyone understand what samba is doing every
    > 15 minutes that would result in smbd crashing? I know that samba has
    > an option deadtime = 15 that kills inactive processes every 15
    > minutes. Also there is the election process in about that time-frame
    > but I don't really know what to look for.
    >
    > It's a shame, because I'm so close to having it working. I need the
    > SCO server because it's the only platform I have to run old
    > WordPerfect 7 for Unix and I need WP7 for some old reports that I
    > can't currently replace.
    >
    > Do I really need a full LDAP/pam/nss setup (+Kerberos and SASL?) to
    > make samba work this way? There was a version of LDAP "3.3" as part
    > of the old Skunkware 2000, but I didn't even try to use that due to
    > potential conflicts with the current gwxlibs.
    >
    > I'm including below my smb.conf for possible clues.
    >
    > Thanks in advance. I really do appreciate all the SCO experts on this
    > list. Hope there's one who's an expert on _this_ problem!
    >
    > Bob Troester
    > Systems Developer
    > VT Agency of Agriculture, Food & Markets
    > -------------------------------------------------------------------------------------------------------------
    > # Samba config file created using SWAT
    > # from 159.105.50.3 (159.105.50.3)
    > # Date: 2007/10/31 22:01:27
    >
    > # Global parameters
    > [global]
    > dos charset = CP850
    > unix charset = UTF-8
    > display charset = LOCALE
    > workgroup = VTAGR
    > netbios name = VTAGR02
    > netbios aliases =
    > netbios scope =
    > server string = VT Agr Samba Server (%m) %v
    > interfaces =
    > bind interfaces only = No
    > security = USER
    > auth methods =
    > encrypt passwords = Yes
    > update encrypted = No
    > client schannel = Auto
    > server schannel = Auto
    > allow trusted domains = Yes
    > hosts equiv =
    > min password length = 5
    > map to guest = Bad User
    > null passwords = No
    > obey pam restrictions = No
    > password server = *
    > smb passwd file = /etc/samba/smbpasswd
    > private dir = /etc/samba
    > passdb backend = smbpasswd
    > algorithmic rid base = 1000
    > root directory =
    > guest account = smbprint
    > enable privileges = No
    > pam password change = No
    > passwd program = /bin/passwd %u
    > passwd chat = *Enter*choice* \n *New*password* %n\n *enter*password*
    > %n\n \n .
    > passwd chat debug = No
    > passwd chat timeout = 2
    > check password script =
    > username map = /etc/samba/smbusers
    > password level = 8
    > username level = 0
    > unix password sync = Yes
    > restrict anonymous = 0
    > lanman auth = Yes
    > ntlm auth = Yes
    > client NTLMv2 auth = No
    > client lanman auth = Yes
    > client plaintext auth = Yes
    > preload modules =
    > use kerberos keytab = No
    > log level = 1
    > syslog = 1
    > syslog only = No
    > log file = /var/log/samba/logs/log.%m
    > max log size = 5000
    > debug timestamp = Yes
    > debug hires timestamp = No
    > debug pid = No
    > debug uid = No
    > smb ports = 445 139
    > large readwrite = Yes
    > max protocol = NT1
    > min protocol = CORE
    > read bmpx = No
    > read raw = Yes
    > write raw = Yes
    > disable netbios = No
    > acl compatibility =
    > defer sharing violations = Yes
    > nt pipe support = Yes
    > nt status support = Yes
    > announce version = 4.9
    > announce as = NT
    > max mux = 50
    > max xmit = 16644
    > name resolve order = lmhosts wins host bcast
    > max ttl = 259200
    > max wins ttl = 518400
    > min wins ttl = 21600
    > time server = No
    > unix extensions = Yes
    > use spnego = Yes
    > client signing = auto
    > server signing = No
    > client use spnego = Yes
    > change notify timeout = 60
    > deadtime = 15
    > getwd cache = Yes
    > keepalive = 300
    > kernel change notify = Yes
    > lpq cache time = 30
    > max smbd processes = 0
    > paranoid server security = Yes
    > max disk size = 0
    > max open files = 10000
    > socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192
    > SO_RCVBUF=8192
    > use mmap = Yes
    > hostname lookups = No
    > name cache timeout = 660
    > load printers = Yes
    > printcap cache time = 0
    > printcap name = lpstat
    > cups server =
    > disable spoolss = No
    > enumports command =
    > addprinter command =
    > deleteprinter command =
    > show add printer wizard = Yes
    > os2 driver map =
    > mangling method = hash2
    > mangle prefix = 1
    > stat cache = Yes
    > machine password timeout = 604800
    > add user script =
    > delete user script =
    > add group script =
    > delete group script =
    > add user to group script =
    > delete user from group script =
    > set primary group script =
    > add machine script =
    > shutdown script =
    > abort shutdown script =
    > logon script = startup.bat
    > logon path = \\%N\%U\profile
    > logon drive =
    > logon home = \\%N\%U\profile
    > domain logons = Yes
    > os level = 33
    > lm announce = Auto
    > lm interval = 60
    > preferred master = No
    > local master = Yes
    > domain master = No
    > browse list = Yes
    > enhanced browsing = Yes
    > dns proxy = Yes
    > wins proxy = No
    > wins server =
    > wins support = Yes
    > wins hook =
    > wins partners =
    > kernel oplocks = No
    > lock spin count = 3
    > lock spin time = 10
    > oplock break wait time = 0
    > ldap admin dn = cn=Manager,dc=agr,dc=state,dc=vt,dc=us
    > ldap delete dn = No
    > ldap filter = (uid=%u)
    > ldap group suffix = ou=Groups
    > ldap idmap suffix = ou=Idmap
    > ldap machine suffix = ou=Computers
    > ldap passwd sync = Yes
    > ldap replication sleep = 1000
    > ldap suffix = dc=agr,dc=state,dc=vt,dc=us
    > ldap ssl = no
    > ldap timeout = 15
    > ldap user suffix = ou=People
    > add share command =
    > change share command =
    > delete share command =
    > config file =
    > preload =
    > lock directory = /var/lib/samba
    > pid directory = /var/run/samba
    > utmp directory =
    > wtmp directory =
    > utmp = No
    > default service =
    > message command = /bin/mailx -s'Message from %f on %m' root<%s; rm %s
    > dfree command =
    > get quota command =
    > set quota command =
    > remote announce = nnn.nnn.nnn.127/ADMIN
    > remote browse sync =
    > socket address = 0.0.0.0
    > homedir map =
    > afs username map =
    > afs token lifetime = 604800
    > log nt token command =
    > time offset = 0
    > NIS homedir = No
    > panic action =
    > host msdfs = No
    > enable rid algorithm = Yes
    > idmap backend =
    > idmap uid =
    > idmap gid =
    > template primary group = nogroup
    > template homedir = /usr/%D/%U
    > template shell = /bin/false
    > winbind separator = \
    > winbind cache time = 300
    > winbind enable local accounts = No
    > winbind enum users = Yes
    > winbind enum groups = Yes
    > winbind use default domain = No
    > winbind trusted domains only = No
    > winbind nested groups = No
    > comment =
    > path =
    > username =
    > invalid users =
    > valid users =
    > admin users = VTAGR\@domadm
    > read list =
    > write list =
    > printer admin = VTAGR\@domadm
    > force user =
    > force group =
    > read only = Yes
    > create mask = 0775
    > force create mode = 00
    > security mask = 0777
    > force security mode = 00
    > directory mask = 0775
    > force directory mode = 00
    > directory security mask = 0777
    > force directory security mode = 00
    > force unknown acl user = No
    > inherit permissions = No
    > inherit acls = No
    > guest only = No
    > guest ok = No
    > only user = No
    > hosts allow = nnn.nnn.nnn.0/255.255.255.128
    > hosts deny =
    > allocation roundup size = 1048576
    > ea support = No
    > nt acl support = Yes
    > profile acls = No
    > map acl inherit = No
    > afs share = No
    > block size = 1024
    > max connections = 0
    > min print space = 0
    > strict allocate = No
    > strict sync = No
    > sync always = No
    > use sendfile = No
    > write cache size = 0
    > max reported print jobs = 0
    > max print jobs = 1000
    > printable = No
    > printing = sysv
    > cups options =
    > print command = lp -c -d%p %s; rm %s
    > lpq command = lpstat -o%p
    > lprm command = cancel %p-%j
    > lppause command = lp -i %p-%j -H hold
    > lpresume command = lp -i %p-%j -H resume
    > queuepause command = disable %p
    > queueresume command = enable %p
    > printer name =
    > use client driver = No
    > default devmode = No
    > force printername = No
    > default case = lower
    > case sensitive = Auto
    > preserve case = Yes
    > short preserve case = Yes
    > mangling char = ~
    > hide dot files = Yes
    > hide special files = No
    > hide unreadable = No
    > hide unwriteable files = No
    > delete veto files = No
    > veto files =
    > hide files =
    > veto oplock files =
    > map system = No
    > map hidden = No
    > map archive = No
    > mangled names = Yes
    > mangled map =
    > store dos attributes = No
    > browseable = Yes
    > blocking locks = Yes
    > csc policy = manual
    > fake oplocks = No
    > locking = Yes
    > oplocks = No
    > level2 oplocks = No
    > oplock contention limit = 2
    > posix locking = Yes
    > strict locking = Yes
    > share modes = Yes
    > copy =
    > include =
    > preexec =
    > preexec close = No
    > postexec =
    > root preexec =
    > root preexec close = No
    > root postexec =
    > available = Yes
    > volume =
    > fstype = NTFS
    > set directory = No
    > wide links = No
    > follow symlinks = Yes
    > dont descend =
    > magic script =
    > magic output =
    > delete readonly = Yes
    > dos filemode = No
    > dos filetimes = Yes
    > dos filetime resolution = No
    > fake directory create times = No
    > vfs objects =
    > msdfs root = No
    > msdfs proxy =
    >
    > -----shares edited------
    > [homes]
    > comment = Home Directories
    > valid users = %S
    > read only = No
    > inherit acls = Yes
    > hosts allow = nnn.nnn.nnn.0/255.255.255.128
    > browseable = No
    >
    > [Profiles]
    > comment = Network Profiles Service
    > path = %H
    > read only = No
    > create mask = 0600
    > directory mask = 0700
    > store dos attributes = Yes
    > browseable = No
    >
    > [public]
    > comment = Temporary storage for all users
    > path = /usr2/u/public
    > read only = No
    > inherit acls = Yes
    > hosts allow = nnn.nnn.nnn.0/255.255.255.128
    >
    > [netlogon]
    > comment = Network Logon Service
    > path = /var/lib/samba/netlogon
    > inherit acls = Yes
    > hosts allow = nnn.nnn.nnn.0/255.255.255.128
    > browseable = No
    > share modes = No
    >
    > [printers]
    > comment = All Printers
    > path = /var/spool/samba
    > create mask = 0600
    > min print space = 5000
    > printable = Yes
    > use client driver = Yes
    > browseable = No
    >
    > [print$]
    > comment = Printer Drivers
    > path = /var/lib/samba/drivers
    > write list = @ntadmin, root
    > force group = ntadmin
    > create mask = 0664
    > hosts allow = nnn.nnn.nnn.0/255.255.255.128
    >
    > [L1]
    > comment = LaserJet 4350dtn - 1st floor main room
    > path = /usr/spool/samba
    > read only = No
    > create mask = 0600
    > guest ok = Yes
    > min print space = 5000
    > printable = Yes
    > printer name = L1


    Hi Bob,

    I have not run the 3.0.14 version with an LDAP backend, so no idea
    what would be going wrong. The first recomendation would be to update
    Samba to a later version, 3.0.20 is available from SCO on the 5.0.7
    Supplement CD 5. You will find some release notes that detail the
    prerequisites.

    http://www.sco.com/support/update/do...se.php?rid=187

    A matter of semantics only, SCO Samba does have winbind support but
    without a Name Service Switch library the OS can make no use of it.
    Given the Samba requirement that all Samba accounts must map back to a
    UNIX ID it means that you will be mapping or creating all the users on
    SCO.

    You may also wish to spend some time checking your smb.conf line by
    line and remove inappropriate declarations. Although Samba should
    over rule or ignore conflicting lines and disregard the ones that do
    not apply it may not be perfect and could cause strange results.

    Some examples:

    > smb passwd file = /etc/samba/smbpasswd
    > private dir = /etc/samba
    > passdb backend = smbpasswd


    So you are not connecting to LDAP?

    > password server = *


    Hopefully ignored with "security = user"


    > obey pam restrictions = No


    There is no PAM support on OSR5, and the "encrypt passwords = yes"
    should over rule this.

    > client schannel = Auto
    > server schannel = Auto


    Are you joining a domain and want winbind to use a secure channel?

    > wins server =
    > wins support = Yes


    Why do you want OSR5 to be WINS server? Is there another WINS server
    on the network?


    > comment = LaserJet 4350dtn - 1st floor main room
    > path = /usr/spool/samba
    > read only = No
    > create mask = 0600
    > guest ok = Yes
    > min print space = 5000
    > printable = Yes
    > printer name = L1


    "read only = No" is ignored when "printable = Yes"

    > oplocks = No
    > level2 oplocks = No
    > oplock contention limit = 2
    > posix locking = Yes
    > strict locking = Yes


    Does your application require this? "oplock contention limit = 2"
    will be ignored if oplocks are turned off. With many applications the
    above settings will slow Samba and the client to a crawl and increase
    network load with no benefit.

    > available = Yes


    In the [Global] section? "available = no" in a share section will
    turn off that service, no idea what it does in the global area.


    Mike


  3. Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?

    On Nov 2, 10:02 am, scoace wrote:
    > On Oct 31, 10:24 pm, Bob Troester wrote:
    >
    > > I have been using samba 3.0.14Aa on SCO Open Server 5.0.6.a with
    > > gwxlibs 2.1.0Ba successfully for several months as a Backup Domain
    > > Controller using a smbpasswd text file back end. ...


    > > I wanted to use passdb=ldapsam so it could share passwords with my
    > > PDC, a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. LDAP
    > > didn't look possible - but then I got a bright idea: Just point samba
    > > to the RedHat box! So I tried changing the passdb to 'ldapsam:ldap://
    > > /' - and it worked! I was able to access a
    > > share on the SCO server without any smbpasswd on that server! ...


    > > Well, it did work for exactly 15 minutes, then smbd stopped running. I
    > > could restart smbd and it would work fine for another 15 minutes, then
    > > stop running again. ...


    > > So that's where I am. Does anyone understand what samba is doing every
    > > 15 minutes that would result in smbd crashing? ...
    > > -------------------------------------------------------------------------------------------------------------
    > > # Samba config file created using SWAT
    > > # from 159.105.50.3 (159.105.50.3)
    > > # Date: 2007/10/31 22:01:27

    >

    [smb.conf cut]

    > Hi Bob,
    >
    > I have not run the 3.0.14 version with an LDAP backend, so no idea
    > what would be going wrong. The first recomendation would be to update
    > Samba to a later version, 3.0.20 is available from SCO on the 5.0.7
    > Supplement CD 5. You will find some release notes that detail the
    > prerequisites.
    >
    > http://www.sco.com/support/update/do...se.php?rid=187
    >
    > A matter of semantics only, SCO Samba does have winbind support but
    > without a Name Service Switch library the OS can make no use of it.
    > Given the Samba requirement that all Samba accounts must map back to a
    > UNIX ID it means that you will be mapping or creating all the users on
    > SCO.
    >
    > You may also wish to spend some time checking your smb.conf line by
    > line and remove inappropriate declarations. Although Samba should
    > over rule or ignore conflicting lines and disregard the ones that do
    > not apply it may not be perfect and could cause strange results.
    >
    > Some examples:
    >
    > > smb passwd file = /etc/samba/smbpasswd
    > > private dir = /etc/samba
    > > passdb backend = smbpasswd

    >
    > So you are not connecting to LDAP?
    >
    > > password server = *

    >
    > Hopefully ignored with "security = user"
    >
    > > obey pam restrictions = No

    >
    > There is no PAM support on OSR5, and the "encrypt passwords = yes"
    > should over rule this.
    >
    > > client schannel = Auto
    > > server schannel = Auto

    >
    > Are you joining a domain and want winbind to use a secure channel?
    >
    > > wins server =
    > > wins support = Yes

    >
    > Why do you want OSR5 to be WINS server? Is there another WINS server
    > on the network?
    >
    > > comment = LaserJet 4350dtn - 1st floor main room
    > > path = /usr/spool/samba
    > > read only = No
    > > create mask = 0600
    > > guest ok = Yes
    > > min print space = 5000
    > > printable = Yes
    > > printer name = L1

    >
    > "read only = No" is ignored when "printable = Yes"
    >
    > > oplocks = No
    > > level2 oplocks = No
    > > oplock contention limit = 2
    > > posix locking = Yes
    > > strict locking = Yes

    >
    > Does your application require this? "oplock contention limit = 2"
    > will be ignored if oplocks are turned off. With many applications the
    > above settings will slow Samba and the client to a crawl and increase
    > network load with no benefit.
    >
    > > available = Yes

    >
    > In the [Global] section? "available = no" in a share section will
    > turn off that service, no idea what it does in the global area.
    >
    > Mike


    Mike, thanks very much for replying. I would like to upgrade to a
    later Samba release, but we don't have 5.0.7, only 5.0.6. I should
    have upgraded the box years ago but was afraid that the seemingly
    massive changes in 5.0.7 would mess up the WordPerfect 7 for Unix
    installation that we are still depending on, unfortunately.

    I didn't know until your post that the the 5.0.7 Supplement disk is
    available for download! Do you know (of course I'll try it out)
    whether the samba on the disk image is compatible with my updated
    5.0.6? I hope so! Mostly I'm trying to move everything to Linux except
    WP7, it's just that for the next year or so it would really be nice to
    fileshare on the SCO box with samba and use LDAP to make updates
    easier. But as I mentioned in my post I can't seem to run the samba
    environment I have for more than 15 minutes at a time with LDAP so I
    had to go back to smbpasswd.

    As far as the smb.conf conflicts, thanks, I'll check that. The
    listing I provided in my original post was the "Full View" you can get
    from SWAT - most of those values are the defaults and not even visible
    in my /etc/samba/smb.conf file. For instance, the oplocks settings are
    defaults I've never even seen before - from your comment I guess I'd
    better check them out! Same applies to "schannel", "password server",
    and "obey pam restrictions." And to answer your question, the OSR5 box
    _is_ our WINS server, but I may be changing that soon.

    Bob


  4. Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?

    On Nov 2, 12:15 pm, Bob Troester wrote:
    > On Nov 2, 10:02 am, scoace wrote:
    >
    >
    >
    > > On Oct 31, 10:24 pm, Bob Troester wrote:

    >
    > > > I have been using samba 3.0.14Aa on SCO Open Server 5.0.6.a with
    > > > gwxlibs 2.1.0Ba successfully for several months as a Backup Domain
    > > > Controller using a smbpasswd text file back end. ...
    > > > I wanted to use passdb=ldapsam so it could share passwords with my
    > > > PDC, a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. LDAP
    > > > didn't look possible - but then I got a bright idea: Just point samba
    > > > to the RedHat box! So I tried changing the passdb to 'ldapsam:ldap://
    > > > /' - and it worked! I was able to access a
    > > > share on the SCO server without any smbpasswd on that server! ...
    > > > Well, it did work for exactly 15 minutes, then smbd stopped running. I
    > > > could restart smbd and it would work fine for another 15 minutes, then
    > > > stop running again. ...
    > > > So that's where I am. Does anyone understand what samba is doing every
    > > > 15 minutes that would result in smbd crashing? ...
    > > > -------------------------------------------------------------------------------------------------------------
    > > > # Samba config file created using SWAT
    > > > # from 159.105.50.3 (159.105.50.3)
    > > > # Date: 2007/10/31 22:01:27

    >
    > [smb.conf cut]
    >
    >
    >
    > > Hi Bob,

    >
    > > I have not run the 3.0.14 version with an LDAP backend, so no idea
    > > what would be going wrong. The first recomendation would be to update
    > > Samba to a later version, 3.0.20 is available from SCO on the 5.0.7
    > > Supplement CD 5. You will find some release notes that detail the
    > > prerequisites.

    >
    > >http://www.sco.com/support/update/do...se.php?rid=187

    >
    > > A matter of semantics only, SCO Samba does have winbind support but
    > > without a Name Service Switch library the OS can make no use of it.
    > > Given the Samba requirement that all Samba accounts must map back to a
    > > UNIX ID it means that you will be mapping or creating all the users on
    > > SCO.

    >
    > > You may also wish to spend some time checking your smb.conf line by
    > > line and remove inappropriate declarations. Although Samba should
    > > over rule or ignore conflicting lines and disregard the ones that do
    > > not apply it may not be perfect and could cause strange results.

    >
    > > Some examples:

    >
    > > > smb passwd file = /etc/samba/smbpasswd
    > > > private dir = /etc/samba
    > > > passdb backend = smbpasswd

    >
    > > So you are not connecting to LDAP?

    >
    > > > password server = *

    >
    > > Hopefully ignored with "security = user"

    >
    > > > obey pam restrictions = No

    >
    > > There is no PAM support on OSR5, and the "encrypt passwords = yes"
    > > should over rule this.

    >
    > > > client schannel = Auto
    > > > server schannel = Auto

    >
    > > Are you joining a domain and want winbind to use a secure channel?

    >
    > > > wins server =
    > > > wins support = Yes

    >
    > > Why do you want OSR5 to be WINS server? Is there another WINS server
    > > on the network?

    >
    > > > comment = LaserJet 4350dtn - 1st floor main room
    > > > path = /usr/spool/samba
    > > > read only = No
    > > > create mask = 0600
    > > > guest ok = Yes
    > > > min print space = 5000
    > > > printable = Yes
    > > > printer name = L1

    >
    > > "read only = No" is ignored when "printable = Yes"

    >
    > > > oplocks = No
    > > > level2 oplocks = No
    > > > oplock contention limit = 2
    > > > posix locking = Yes
    > > > strict locking = Yes

    >
    > > Does your application require this? "oplock contention limit = 2"
    > > will be ignored if oplocks are turned off. With many applications the
    > > above settings will slow Samba and the client to a crawl and increase
    > > network load with no benefit.

    >
    > > > available = Yes

    >
    > > In the [Global] section? "available = no" in a share section will
    > > turn off that service, no idea what it does in the global area.

    >
    > > Mike

    >
    > Mike, thanks very much for replying. I would like to upgrade to a
    > later Samba release, but we don't have 5.0.7, only 5.0.6. I should
    > have upgraded the box years ago but was afraid that the seemingly
    > massive changes in 5.0.7 would mess up the WordPerfect 7 for Unix
    > installation that we are still depending on, unfortunately.
    >
    > I didn't know until your post that the the 5.0.7 Supplement disk is
    > available for download! Do you know (of course I'll try it out)
    > whether the samba on the disk image is compatible with my updated
    > 5.0.6? I hope so! Mostly I'm trying to move everything to Linux except
    > WP7, it's just that for the next year or so it would really be nice to
    > fileshare on the SCO box with samba and use LDAP to make updates
    > easier. But as I mentioned in my post I can't seem to run the samba
    > environment I have for more than 15 minutes at a time with LDAP so I
    > had to go back to smbpasswd.
    >
    > As far as the smb.conf conflicts, thanks, I'll check that. The
    > listing I provided in my original post was the "Full View" you can get
    > from SWAT - most of those values are the defaults and not even visible
    > in my /etc/samba/smb.conf file. For instance, the oplocks settings are
    > defaults I've never even seen before - from your comment I guess I'd
    > better check them out! Same applies to "schannel", "password server",
    > and "obey pam restrictions." And to answer your question, the OSR5 box
    > _is_ our WINS server, but I may be changing that soon.
    >
    > Bob


    H Bob,

    Samba 3.0.20 from the supp CD is compatible with 5.0.6 with RS506a
    installed,
    there are release notes on the CD in the info/samba directory.

    There is no problem running WINS on OSR5, though if you do have a
    domain set up it would be best to allow the PDC to also be a WINS
    server.

    Wordperfect 7 does run on 5.0.7, if you are contemplating an upgrade
    going to OSR6 or UW7 would make more sense. Also, a full Samba 3.0.24
    release with NSS, winbind, LDAP support for UW7 is available. That
    will allow you to configure a Samba PDC, join a NT4 or WIN2K+ domain
    in mixed mode, or join a AD domain in native mode. It also has some
    of the VFS modules linked in like recycle.

    I am not sure if SWAT, the various defaults and clipped examples from
    the internet will always give you a working smb.conf let alone an
    optimal one. Lots of reading on schannel on 3.0.14, great if you are
    having trouble falling asleep.

    Mike


  5. Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?

    On Nov 2, 12:05 pm, scoace wrote:
    > On Nov 2, 12:15 pm, Bob Troester wrote:
    >
    >
    >
    > > On Nov 2, 10:02 am, scoace wrote:

    >
    > > > On Oct 31, 10:24 pm, Bob Troester wrote:

    >
    > > > > I have been using samba 3.0.14Aa on SCO Open Server 5.0.6.a with
    > > > > gwxlibs 2.1.0Ba successfully for several months as a Backup Domain
    > > > > Controller using a smbpasswd text file back end. ...
    > > > > I wanted to use passdb=ldapsam so it could share passwords with my
    > > > > PDC, a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. LDAP
    > > > > didn't look possible - but then I got a bright idea: Just point samba
    > > > > to the RedHat box! So I tried changing the passdb to 'ldapsam:ldap://
    > > > > /' - and it worked! I was able to access a
    > > > > share on the SCO server without any smbpasswd on that server! ...
    > > > > Well, it did work for exactly 15 minutes, then smbd stopped running. I
    > > > > could restart smbd and it would work fine for another 15 minutes, then
    > > > > stop running again. ...
    > > > > So that's where I am. Does anyone understand what samba is doing every
    > > > > 15 minutes that would result in smbd crashing? ...
    > > > > -------------------------------------------------------------------------------------------------------------
    > > > > # Samba config file created using SWAT
    > > > > # from 159.105.50.3 (159.105.50.3)
    > > > > # Date: 2007/10/31 22:01:27

    >
    > > [smb.conf cut]

    >
    > > > Hi Bob,

    >
    > > > I have not run the 3.0.14 version with an LDAP backend, so no idea
    > > > what would be going wrong. The first recomendation would be to update
    > > > Samba to a later version, 3.0.20 is available from SCO on the 5.0.7
    > > > Supplement CD 5. You will find some release notes that detail the
    > > > prerequisites.

    >
    > > >http://www.sco.com/support/update/do...se.php?rid=187

    >
    > > > A matter of semantics only, SCO Samba does have winbind support but
    > > > without a Name Service Switch library the OS can make no use of it.
    > > > Given the Samba requirement that all Samba accounts must map back to a
    > > > UNIX ID it means that you will be mapping or creating all the users on
    > > > SCO.

    >
    > > > You may also wish to spend some time checking your smb.conf line by
    > > > line and remove inappropriate declarations. Although Samba should
    > > > over rule or ignore conflicting lines and disregard the ones that do
    > > > not apply it may not be perfect and could cause strange results.

    >
    > > > Some examples:

    >
    > > > > smb passwd file = /etc/samba/smbpasswd
    > > > > private dir = /etc/samba
    > > > > passdb backend = smbpasswd

    >
    > > > So you are not connecting to LDAP?

    >
    > > > > password server = *

    >
    > > > Hopefully ignored with "security = user"

    >
    > > > > obey pam restrictions = No

    >
    > > > There is no PAM support on OSR5, and the "encrypt passwords = yes"
    > > > should over rule this.

    >
    > > > > client schannel = Auto
    > > > > server schannel = Auto

    >
    > > > Are you joining a domain and want winbind to use a secure channel?

    >
    > > > > wins server =
    > > > > wins support = Yes

    >
    > > > Why do you want OSR5 to be WINS server? Is there another WINS server
    > > > on the network?

    >
    > > > > comment = LaserJet 4350dtn - 1st floor main room
    > > > > path = /usr/spool/samba
    > > > > read only = No
    > > > > create mask = 0600
    > > > > guest ok = Yes
    > > > > min print space = 5000
    > > > > printable = Yes
    > > > > printer name = L1

    >
    > > > "read only = No" is ignored when "printable = Yes"

    >
    > > > > oplocks = No
    > > > > level2 oplocks = No
    > > > > oplock contention limit = 2
    > > > > posix locking = Yes
    > > > > strict locking = Yes

    >
    > > > Does your application require this? "oplock contention limit = 2"
    > > > will be ignored if oplocks are turned off. With many applications the
    > > > above settings will slow Samba and the client to a crawl and increase
    > > > network load with no benefit.

    >
    > > > > available = Yes

    >
    > > > In the [Global] section? "available = no" in a share section will
    > > > turn off that service, no idea what it does in the global area.

    >
    > > > Mike

    >
    > > Mike, thanks very much for replying. I would like to upgrade to a
    > > later Samba release, but we don't have 5.0.7, only 5.0.6. I should
    > > have upgraded the box years ago but was afraid that the seemingly
    > > massive changes in 5.0.7 would mess up the WordPerfect 7 for Unix
    > > installation that we are still depending on, unfortunately.

    >
    > > I didn't know until your post that the the 5.0.7 Supplement disk is
    > > available for download! Do you know (of course I'll try it out)
    > > whether the samba on the disk image is compatible with my updated
    > > 5.0.6? I hope so! Mostly I'm trying to move everything to Linux except
    > > WP7, it's just that for the next year or so it would really be nice to
    > > fileshare on the SCO box with samba and use LDAP to make updates
    > > easier. But as I mentioned in my post I can't seem to run the samba
    > > environment I have for more than 15 minutes at a time with LDAP so I
    > > had to go back to smbpasswd.

    >
    > > As far as the smb.conf conflicts, thanks, I'll check that. The
    > > listing I provided in my original post was the "Full View" you can get
    > > from SWAT - most of those values are the defaults and not even visible
    > > in my /etc/samba/smb.conf file. For instance, the oplocks settings are
    > > defaults I've never even seen before - from your comment I guess I'd
    > > better check them out! Same applies to "schannel", "password server",
    > > and "obey pam restrictions." And to answer your question, the OSR5 box
    > > _is_ our WINS server, but I may be changing that soon.

    >
    > > Bob

    >
    > H Bob,
    >
    > Samba 3.0.20 from the supp CD is compatible with 5.0.6 with RS506a
    > installed,
    > there are release notes on the CD in the info/samba directory.
    >
    > There is no problem running WINS on OSR5, though if you do have a
    > domain set up it would be best to allow the PDC to also be a WINS
    > server.
    >
    > Wordperfect 7 does run on 5.0.7, if you are contemplating an upgrade
    > going to OSR6 or UW7 would make more sense. Also, a full Samba 3.0.24
    > release with NSS, winbind, LDAP support for UW7 is available. That
    > will allow you to configure a Samba PDC, join a NT4 or WIN2K+ domain
    > in mixed mode, or join a AD domain in native mode. It also has some
    > of the VFS modules linked in like recycle.
    >
    > I am not sure if SWAT, the various defaults and clipped examples from
    > the internet will always give you a working smb.conf let alone an
    > optimal one. Lots of reading on schannel on 3.0.14, great if you are
    > having trouble falling asleep.
    >
    > Mike


    Mike - sorry for the delay in responding - but I seem to have solved
    my immediate problem: I was shooting myself in the foot on this one:
    indeed samba-3.0.14Aa on Open Server 5.0.6 (and various additions as
    detailed in the post referenced below) does work perfectly with an
    external LDAP server. In my previous post I wondered if the smb.conf
    'deadtime=15' parameter had anything to do with samba dying after
    running fine for 15 minutes, but no it doesn't. The fact that smbd was
    dying after 15 minutes was my own fault!

    Some history: When I installed the earlier SCO compilation of
    samba-3.0.9 I ran into a problem with large numbers of smbd processes
    left in a CLOSED or CLOSE_WAIT state but using cpu at a rapid rate.
    To "solve" that problem I eventually wrote a cron script that killed
    all such processes it found. You guessed it, it ran every 15 minutes.
    When I started to use samba-3.0.14 with smbpasswd I found that the
    smbd processes were no longer being left as before, but I kept the
    shell script running just in case and essentially forgot about it.

    When I switched from backend=smbpasswd to backend=ldapsam I started
    seeing CLOSED smbd processes again - the first two smbd processes
    spawned were in CLOSED state, even though samba and LDAP were working
    just fine. Here's the lsof output followed by the ps output showing
    all the samba processes:

    lsof -Ts -c smbd -a -i TCP|grep CLOSE:
    smbd 4282 root 6u inet 0xf151b600 0t1741 TCP
    :1478 (CLOSED)
    smbd 4283 root 6u inet 0xf151b600 0t1741 TCP
    :1478 (CLOSED)

    ps -ef|grep smbd:
    root 4283 4282 0 17:30:40 ? 00:00:03 /usr/sbin/smbd -D
    root 4282 1 0 17:30:40 ? 00:00:05 /usr/sbin/smbd -D
    root 20848 4282 0 07:59:37 ? 00:00:08 /usr/sbin/smbd -D
    root 24895 4282 0 08:46:27 ? 00:00:03 /usr/sbin/smbd -D
    root 3334 4282 0 11:54:29 ? 00:00:00 /usr/sbin/smbd -D

    So after 15 minutes my shell script killed 4282 and 4283 and samba
    stopped working. Woops.

    So without the cron script, now I'm happy. I did try to install
    samba-3.0.20a that you referenced, but unfortunately I found that it
    requires cups (as shown by ldd) - from what I've read 3.0.14 is the
    last SCO version that does not require it. It would be nice to upgrade
    this server as you suggest to 5.0.7, or even better, OSR6, but I'm
    afraid it's not in the cards.

    Thanks for the insights into smb.conf. As I said, the listing I gave
    was confusing in that most of the parameters shown don't exist in my
    smb.conf but were output by swat in its Full View tab, and I assumed
    they were just innocuous defaults.

    For the 3 people in the world who might be interested, here's the 2005
    reference I mentioned on getting 3.0.9 to run on OS506; 3.0.14 only
    required the gwxlibs 2.1.0Ba update in addition.
    http://groups.google.com/group/comp....84047be3ad5bb9


  6. Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?

    On Nov 7, 6:58 pm, Bob Troester wrote:
    > On Nov 2, 12:05 pm, scoace wrote:
    >
    >
    >
    > > On Nov 2, 12:15 pm, Bob Troester wrote:

    >
    > > > On Nov 2, 10:02 am, scoace wrote:

    >
    > > > > On Oct 31, 10:24 pm, Bob Troester wrote:

    >
    > > > > > I have been using samba 3.0.14Aa on SCO Open Server 5.0.6.a with
    > > > > > gwxlibs 2.1.0Ba successfully for several months as a Backup Domain
    > > > > > Controller using a smbpasswd text file back end. ...
    > > > > > I wanted to use passdb=ldapsam so it could share passwords with my
    > > > > > PDC, a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. LDAP
    > > > > > didn't look possible - but then I got a bright idea: Just point samba
    > > > > > to the RedHat box! So I tried changing the passdb to 'ldapsam:ldap://
    > > > > > /' - and it worked! I was able to access a
    > > > > > share on the SCO server without any smbpasswd on that server! ...
    > > > > > Well, it did work for exactly 15 minutes, then smbd stopped running. I
    > > > > > could restart smbd and it would work fine for another 15 minutes, then
    > > > > > stop running again. ...
    > > > > > So that's where I am. Does anyone understand what samba is doing every
    > > > > > 15 minutes that would result in smbd crashing? ...
    > > > > > -------------------------------------------------------------------------------------------------------------
    > > > > > # Samba config file created using SWAT
    > > > > > # from 159.105.50.3 (159.105.50.3)
    > > > > > # Date: 2007/10/31 22:01:27

    >
    > > > [smb.conf cut]

    >
    > > > > Hi Bob,

    >
    > > > > I have not run the 3.0.14 version with an LDAP backend, so no idea
    > > > > what would be going wrong. The first recomendation would be to update
    > > > > Samba to a later version, 3.0.20 is available from SCO on the 5.0.7
    > > > > Supplement CD 5. You will find some release notes that detail the
    > > > > prerequisites.

    >
    > > > >http://www.sco.com/support/update/do...se.php?rid=187

    >
    > > > > A matter of semantics only, SCO Samba does have winbind support but
    > > > > without a Name Service Switch library the OS can make no use of it.
    > > > > Given the Samba requirement that all Samba accounts must map back to a
    > > > > UNIX ID it means that you will be mapping or creating all the users on
    > > > > SCO.

    >
    > > > > You may also wish to spend some time checking your smb.conf line by
    > > > > line and remove inappropriate declarations. Although Samba should
    > > > > over rule or ignore conflicting lines and disregard the ones that do
    > > > > not apply it may not be perfect and could cause strange results.

    >
    > > > > Some examples:

    >
    > > > > > smb passwd file = /etc/samba/smbpasswd
    > > > > > private dir = /etc/samba
    > > > > > passdb backend = smbpasswd

    >
    > > > > So you are not connecting to LDAP?

    >
    > > > > > password server = *

    >
    > > > > Hopefully ignored with "security = user"

    >
    > > > > > obey pam restrictions = No

    >
    > > > > There is no PAM support on OSR5, and the "encrypt passwords = yes"
    > > > > should over rule this.

    >
    > > > > > client schannel = Auto
    > > > > > server schannel = Auto

    >
    > > > > Are you joining a domain and want winbind to use a secure channel?

    >
    > > > > > wins server =
    > > > > > wins support = Yes

    >
    > > > > Why do you want OSR5 to be WINS server? Is there another WINS server
    > > > > on the network?

    >
    > > > > > comment = LaserJet 4350dtn - 1st floor main room
    > > > > > path = /usr/spool/samba
    > > > > > read only = No
    > > > > > create mask = 0600
    > > > > > guest ok = Yes
    > > > > > min print space = 5000
    > > > > > printable = Yes
    > > > > > printer name = L1

    >
    > > > > "read only = No" is ignored when "printable = Yes"

    >
    > > > > > oplocks = No
    > > > > > level2 oplocks = No
    > > > > > oplock contention limit = 2
    > > > > > posix locking = Yes
    > > > > > strict locking = Yes

    >
    > > > > Does your application require this? "oplock contention limit = 2"
    > > > > will be ignored if oplocks are turned off. With many applications the
    > > > > above settings will slow Samba and the client to a crawl and increase
    > > > > network load with no benefit.

    >
    > > > > > available = Yes

    >
    > > > > In the [Global] section? "available = no" in a share section will
    > > > > turn off that service, no idea what it does in the global area.

    >
    > > > > Mike

    >
    > > > Mike, thanks very much for replying. I would like to upgrade to a
    > > > later Samba release, but we don't have 5.0.7, only 5.0.6. I should
    > > > have upgraded the box years ago but was afraid that the seemingly
    > > > massive changes in 5.0.7 would mess up the WordPerfect 7 for Unix
    > > > installation that we are still depending on, unfortunately.

    >
    > > > I didn't know until your post that the the 5.0.7 Supplement disk is
    > > > available for download! Do you know (of course I'll try it out)
    > > > whether the samba on the disk image is compatible with my updated
    > > > 5.0.6? I hope so! Mostly I'm trying to move everything to Linux except
    > > > WP7, it's just that for the next year or so it would really be nice to
    > > > fileshare on the SCO box with samba and use LDAP to make updates
    > > > easier. But as I mentioned in my post I can't seem to run the samba
    > > > environment I have for more than 15 minutes at a time with LDAP so I
    > > > had to go back to smbpasswd.

    >
    > > > As far as the smb.conf conflicts, thanks, I'll check that. The
    > > > listing I provided in my original post was the "Full View" you can get
    > > > from SWAT - most of those values are the defaults and not even visible
    > > > in my /etc/samba/smb.conf file. For instance, the oplocks settings are
    > > > defaults I've never even seen before - from your comment I guess I'd
    > > > better check them out! Same applies to "schannel", "password server",
    > > > and "obey pam restrictions." And to answer your question, the OSR5 box
    > > > _is_ our WINS server, but I may be changing that soon.

    >
    > > > Bob

    >
    > > H Bob,

    >
    > > Samba 3.0.20 from the supp CD is compatible with 5.0.6 with RS506a
    > > installed,
    > > there are release notes on the CD in the info/samba directory.

    >
    > > There is no problem running WINS on OSR5, though if you do have a
    > > domain set up it would be best to allow the PDC to also be a WINS
    > > server.

    >
    > > Wordperfect 7 does run on 5.0.7, if you are contemplating an upgrade
    > > going to OSR6 or UW7 would make more sense. Also, a full Samba 3.0.24
    > > release with NSS, winbind, LDAP support for UW7 is available. That
    > > will allow you to configure a Samba PDC, join a NT4 or WIN2K+ domain
    > > in mixed mode, or join a AD domain in native mode. It also has some
    > > of the VFS modules linked in like recycle.

    >
    > > I am not sure if SWAT, the various defaults and clipped examples from
    > > the internet will always give you a working smb.conf let alone an
    > > optimal one. Lots of reading on schannel on 3.0.14, great if you are
    > > having trouble falling asleep.

    >
    > > Mike

    >
    > Mike - sorry for the delay in responding - but I seem to have solved
    > my immediate problem: I was shooting myself in the foot on this one:
    > indeed samba-3.0.14Aa on Open Server 5.0.6 (and various additions as
    > detailed in the post referenced below) does work perfectly with an
    > external LDAP server. In my previous post I wondered if the smb.conf
    > 'deadtime=15' parameter had anything to do with samba dying after
    > running fine for 15 minutes, but no it doesn't. The fact that smbd was
    > dying after 15 minutes was my own fault!
    >
    > Some history: When I installed the earlier SCO compilation of
    > samba-3.0.9 I ran into a problem with large numbers of smbd processes
    > left in a CLOSED or CLOSE_WAIT state but using cpu at a rapid rate.
    > To "solve" that problem I eventually wrote a cron script that killed
    > all such processes it found. You guessed it, it ran every 15 minutes.
    > When I started to use samba-3.0.14 with smbpasswd I found that the
    > smbd processes were no longer being left as before, but I kept the
    > shell script running just in case and essentially forgot about it.
    >
    > When I switched from backend=smbpasswd to backend=ldapsam I started
    > seeing CLOSED smbd processes again - the first two smbd processes
    > spawned were in CLOSED state, even though samba and LDAP were working
    > just fine. Here's the lsof output followed by the ps output showing
    > all the samba processes:
    >
    > lsof -Ts -c smbd -a -i TCP|grep CLOSE:
    > smbd 4282 root 6u inet 0xf151b600 0t1741 TCP
    > :1478 (CLOSED)
    > smbd 4283 root 6u inet 0xf151b600 0t1741 TCP
    > :1478 (CLOSED)
    >
    > ps -ef|grep smbd:
    > root 4283 4282 0 17:30:40 ? 00:00:03 /usr/sbin/smbd -D
    > root 4282 1 0 17:30:40 ? 00:00:05 /usr/sbin/smbd -D
    > root 20848 4282 0 07:59:37 ? 00:00:08 /usr/sbin/smbd -D
    > root 24895 4282 0 08:46:27 ? 00:00:03 /usr/sbin/smbd -D
    > root 3334 4282 0 11:54:29 ? 00:00:00 /usr/sbin/smbd -D
    >
    > So after 15 minutes my shell script killed 4282 and 4283 and samba
    > stopped working. Woops.
    >
    > So without the cron script, now I'm happy. I did try to install
    > samba-3.0.20a that you referenced, but unfortunately I found that it
    > requires cups (as shown by ldd) - from what I've read 3.0.14 is the
    > last SCO version that does not require it. It would be nice to upgrade
    > this server as you suggest to 5.0.7, or even better, OSR6, but I'm
    > afraid it's not in the cards.
    >
    > Thanks for the insights into smb.conf. As I said, the listing I gave
    > was confusing in that most of the parameters shown don't exist in my
    > smb.conf but were output by swat in its Full View tab, and I assumed
    > they were just innocuous defaults.
    >
    > For the 3 people in the world who might be interested, here's the 2005
    > reference I mentioned on getting 3.0.9 to run on OS506; 3.0.14 only
    > required the gwxlibs 2.1.0Ba update in addition.http://groups.google.com/group/comp....e_thread/threa...


    Thanks for the update, I had a chuckle on your solution :-)

    3.0.4 was so broken I went back to 2.2.8. Due to some testing and
    research I never implemented 3.0.9. Since I did not have your cron
    script my 3.0.14 worked.

    I confirmed that the Samba 3.0.20 requires the cups libraries, sorry
    for the misdirection. The release notes are obviously deficient, and
    compiling and installing cups would be a bit of work. I suspect it
    would be easier to just compile Samba without the cups support.

    All moot since you have fixed the problem.

    Mike


+ Reply to Thread