ADS Logon ohne Domain-Prefix / Auto Erstellen Home-Share

[hartkorn]

Hallo zusammen,

ich habe einige Probleme mit unserem Fileserver. Zum einen ist es mir nicht möglich ein Netzlaufwerk auf einem Windows-Client zu verbinden ohne den Domain-Prefix (also username statt DOMAIN01\username) zu verwenden, zum anderen funktioniert das automatische Erstellen der Home-Shares bei Logon nicht.

Konfiguration:
- Fileserver als Domänenmitglied an Windows Server 2008 DC
- Fileserver OS ist SLES 11
- Samba Version 3.4.3-1.19.1

smb.conf:

[global]
  workgroup = DOMAIN01
  server string = %h
  realm = DOMAIN.LOCAL
  security = ADS
  password server = dc00, dc01
  domain master = No
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  template shell = /bin/bash
  winbind enum users = yes
  winbind enum groups = yes
  winbind use default domain = yes
  wins server = 192.168.0.249
  name resolve order = wins lmhosts host bcast
  bind interfaces only = yes
  username map = /etc/samba/smbusers
  passdb backend = tdbsam
  log level = 6
  oplocks = No
  level2 oplocks = No
  posix locking = No
  template homedir = /home/%D/%U
  usershare allow guests = No
  idmap config DOMAIN01 : backend = ad
  winbind offline logon = yes
  winbind refresh tickets = yes
  winbind nss info = rfc2307

[homes]
  comment = Nutzerlaufwerk
  valid users = %S, %D%w%S
  writeable = yes
  create mask = 0750
  directory mask = 0750
  inherit acls = yes
  browseable = no
  delete readonly = yes
  force group = root

[group]
  comment = Gruppenlaufwerk
  path = /nas/businessdata/group
  writeable = no
  browseable = yes
  create mask = 0770
  directory mask = 0770
  invalid users = @DOMAIN01\group_deny
  valid users = @DOMAIN01\group_valid
  force group = @DOMAIN01\group_rw
  write list = @DOMAIN01\group_rw
  read list = @DOMAIN01\group_ro

Berechtigungen für das Home-Share auf dem Filesystem:

drwxrwx--- 2 root domusers  4096 Jan 28 13:16 home

wbinfo -u | -g geben User und Gruppen ohne Prefix aus. Die Konfiguration habe ich von einem unserer alten Fileserver übernommen bei dem zumindest das Weglassen des DOMAIN01\ Prefix funktionierte (Samba Version 3.2.4-4.9).

Hat dazu jemand eine Idee? Jeder Ansatz ist mir sehr willkommen!

Grüße

Hartkorn

 

[spoensche]

.local ist eine Multicast Domäne und sollte tunlichst nicht für ein AD verwendet werden. Ändere das mal und überprüfe, ob das problem immer noch auftritt.

 

[hartkorn]

Die Domain heißt natürlich firmenname.de und nicht domain.local. Ich habe das hierfür mal geändert.

 

[spoensche]

Die Domain heißt natürlich firmenname.de und nicht domain.local. Ich habe das hierfür mal geändert.

Dann hebe den Hinweis bitte deutlich hervor, weil sonst so ziemlich jeder den Fehler erst dort sucht und wir nicht wirklich zu einer Lösung des Problems.

Das autom. erstellen der Homeshares erfolgt aus folgenden Gründen nicht:

1. Du hast keinen Abschnitt Netlogon und damit auch keinen Netlogonservice
2. Es existiert auch keine Konfiguration für die Profile der User, die für das Anlegen des Shares nötig sind.
3. Für Netlogon und Profiles muss Samba als Domain Controller konfigureiert werden.

Poste mal bitte den Inhalt deiner Samaba Logfiles (/var/log/samba).

 

[hartkorn]

Hallo spoensche,

das bringt mich doch schon etwas weiter. Ich dachte immer, die Profile braucht man nur, wenn das Windows-Nutzerprofil auch auf dem Server abgelegt werden soll. Ich sollte noch dazu sagen, dass unsere Clients allesamt nicht in der Domäne sind. Mit Ausnahme des TerminalServers, bei dem dann natürlich auch das Verbinden der Shares ohne Domain-Prefix klappt. ;-)

Ich versuche jetzt mal die von Dir beschriebenen Änderungen vorzunehmen. Danke!

Hier die Logfiles (nur relevante Stellen, an denen ich mich versucht habe zu verbinden).

log.nmbd (NAS00 ist der Server um den es hier geht):

[2011/01/29 17:06:30,  3] nmbd/nmbd_incomingrequests.c:453(process_name_query_request)
  process_name_query_request: Name query from 172.17.17.220 on subnet 172.17.16.5 for name HTTP<00>
[2011/01/29 17:06:30,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:30,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:30,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:30,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:40,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:40,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:40,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:40,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:43,  5] libsmb/nmblib.c:797(read_packet)
  Received a packet of len 50 from (172.17.19.80) port 137
[2011/01/29 17:06:43,  4] libsmb/nmblib.c:106(debug_nmb_packet)
  nmb packet from 172.17.19.80(137) header: id=57847 opcode=Query(0) response=No
      header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No
      header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
      question: q_name=DEVSAPIDM01<20> q_type=32 q_class=1
[2011/01/29 17:06:43,  3] nmbd/nmbd_incomingrequests.c:453(process_name_query_request)
  process_name_query_request: Name query from 172.17.19.80 on subnet 172.17.16.5 for name DEVSAPIDM01<20>
[2011/01/29 17:06:43,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:43,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:43,  4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet     172.17.16.5: netmask=  255.255.252.0:
        DOMAIN01(1) current master browser = DESFILE01
                NAS00 40819b03 (nas00)
                DESFILE01 40849b03 (desfile01)
[2011/01/29 17:06:43,  4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet     192.168.7.5: netmask=  255.255.255.0:
        WORKGROUP(2) current master browser = DESSAP00
        DOMAIN01(1) current master browser = NAS00
                NAS00 40849b03 (nas00)
                VZENTRALE 40009007 (VZENTRALE)
[2011/01/29 17:06:43,  4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet  UNICAST_SUBNET: netmask=        0.0.0.0:
        DOMAIN01(1) current master browser = UNKNOWN
                NAS00 40819b03 (nas00)
[2011/01/29 17:06:43,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:43,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:44,  5] libsmb/nmblib.c:797(read_packet)
  Received a packet of len 201 from (172.17.19.27) port 138
[2011/01/29 17:06:44,  5] nmbd/nmbd_packets.c:1216(process_dgram)
  process_dgram: ignoring dgram packet sent to name WORKGROUP<1e> from 172.17.19.27
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:44,  3] nmbd/nmbd_sendannounce.c:207(send_host_announcement)
  send_host_announcement: type 819b03 for host NAS00 on subnet 172.17.16.5 for workgroup DOMAIN01
[2011/01/29 17:06:44,  4] nmbd/nmbd_packets.c:1952(send_mailslot)
  send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from NAS00<00> IP 172.17.16.5 to DOMAIN01<1d> IP 172.17.19.255
[2011/01/29 17:06:44,  4] nmbd/nmbd_packets.c:95(debug_browse_data)
  debug_browse_data():
    0 char .Z....NAS00..... hex 01 5a 80 fc 0a 00 4e 41 53 30 30 00 00 00 00 00
   10 char ..............U. hex 00 00 00 00 00 00 04 09 03 9b 81 00 0f 01 55 aa
   20 char nas00.           hex 6e 61 73 30 30 00
[2011/01/29 17:06:44,  5] libsmb/nmblib.c:819(send_udp)
  Sending a packet of len 206 to (172.17.19.255) on port 138
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:44,  3] nmbd/nmbd_sendannounce.c:165(send_local_master_announcement)
  send_local_master_announcement: type 849b03 for name NAS00 on subnet 192.168.7.5 for workgroup DOMAIN01
[2011/01/29 17:06:44,  4] nmbd/nmbd_packets.c:1952(send_mailslot)
  send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from NAS00<00> IP 192.168.7.5 to DOMAIN01<1e> IP 192.168.7.255
[2011/01/29 17:06:44,  4] nmbd/nmbd_packets.c:95(debug_browse_data)
  debug_browse_data():
    0 char .Z....NAS00..... hex 0f 5a 80 fc 0a 00 4e 41 53 30 30 00 00 00 00 00
   10 char ..............U. hex 00 00 00 00 00 00 04 09 03 9b 84 00 0f 01 55 aa
   20 char nas00.           hex 6e 61 73 30 30 00
[2011/01/29 17:06:44,  5] libsmb/nmblib.c:819(send_udp)
  Sending a packet of len 206 to (192.168.7.255) on port 138
[2011/01/29 17:06:44,  3] nmbd/nmbd_sendannounce.c:184(send_workgroup_announcement)
  send_workgroup_announcement: on subnet 192.168.7.5 for workgroup DOMAIN01
[2011/01/29 17:06:44,  4] nmbd/nmbd_packets.c:1952(send_mailslot)
  send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from NAS00<00> IP 192.168.7.5 to ^A^B__MSBROWSE__^B<01> IP 192.168.7.25
5
[2011/01/29 17:06:44,  4] nmbd/nmbd_packets.c:95(debug_browse_data)
  debug_browse_data():
    0 char .Z....WORKGROUP0 hex 0c 5a 80 fc 0a 00 43 4f 4d 42 52 49 44 47 45 30
   10 char 1.............U. hex 31 00 00 00 00 00 04 09 00 10 00 80 0f 01 55 aa
   20 char NAS00.           hex 4e 41 53 30 30 00
[2011/01/29 17:06:44,  5] libsmb/nmblib.c:819(send_udp)
  Sending a packet of len 206 to (192.168.7.255) on port 138
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:44,  5] libsmb/nmblib.c:797(read_packet)
  Received a packet of len 206 from (172.17.16.5) port 138
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:44,  5] libsmb/nmblib.c:797(read_packet)
  Received a packet of len 206 from (192.168.7.5) port 138
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:44,  5] libsmb/nmblib.c:797(read_packet)
  Received a packet of len 206 from (192.168.7.5) port 138
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:44,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:54,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:54,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:54,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:54,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:55,  5] libsmb/nmblib.c:797(read_packet)
  Received a packet of len 201 from (172.17.17.219) port 138
[2011/01/29 17:06:55,  5] nmbd/nmbd_packets.c:1216(process_dgram)
  process_dgram: ignoring dgram packet sent to name WORKGROUP02<1e> from 172.17.17.219
[2011/01/29 17:06:55,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:06:55,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:06:55,  4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet     172.17.16.5: netmask=  255.255.252.0:
        DOMAIN01(1) current master browser = DESFILE01
                NAS00 40819b03 (nas00)
                DESFILE01 40849b03 (desfile01)
[2011/01/29 17:06:55,  4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet     192.168.7.5: netmask=  255.255.255.0:
        WORKGROUP(2) current master browser = DESSAP00
        DOMAIN01(1) current master browser = NAS00
                NAS00 40849b03 (nas00)
                VZENTRALE 40009007 (VZENTRALE)
[2011/01/29 17:06:55,  4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet  UNICAST_SUBNET: netmask=        0.0.0.0:
        DOMAIN01(1) current master browser = UNKNOWN
                NAS00 40819b03 (nas00)
[2011/01/29 17:06:55,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:06:55,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:07:05,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 172.17.16.5: found.
[2011/01/29 17:07:05,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet 192.168.7.5: found.
[2011/01/29 17:07:05,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.
[2011/01/29 17:07:05,  4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for DOMAIN01 on subnet UNICAST_SUBNET: found.

Ich sehe hier schon das viel um den Status des MasterBrowser gekämpft wird.


log.smbd:

[2011/01/29 17:00:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:00:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:00:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:00:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:00:08,  6] param/loadparm.c:7017(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Fri Jan 28 16:47:10 2011

[2011/01/29 17:01:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:01:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:01:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:01:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:02:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:02:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:02:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:02:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:03:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:03:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:03:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:03:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:03:08,  6] param/loadparm.c:7017(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Fri Jan 28 16:47:10 2011

[2011/01/29 17:03:08,  3] smbd/process.c:1856(check_reload)
  Printcap cache time expired.
[2011/01/29 17:03:08,  3] printing/pcap.c:136(pcap_cache_reload)
  reloading printcap cache
[2011/01/29 17:03:08,  5] printing/print_cups.c:403(cups_pcap_load_async)
  cups_pcap_load_async: asynchronously loading cups printers
[2011/01/29 17:03:08,  5] printing/print_cups.c:453(cups_async_callback)
  cups_async_callback: callback received for printer data. fd = 8
[2011/01/29 17:03:08,  5] printing/print_cups.c:164(cups_cache_reload_async)
  reloading cups printcap cache
[2011/01/29 17:03:08,  2] printing/print_cups.c:545(cups_async_callback)
  cups_async_callback: failed to read a new printer list
[2011/01/29 17:03:08,  3] printing/pcap.c:243(pcap_cache_reload)
  reload status: error
[2011/01/29 17:03:08,  3] printing/pcap.c:136(pcap_cache_reload)
  reloading printcap cache
[2011/01/29 17:03:08,  5] printing/print_cups.c:403(cups_pcap_load_async)
  cups_pcap_load_async: asynchronously loading cups printers
[2011/01/29 17:03:08,  5] printing/print_cups.c:453(cups_async_callback)
  cups_async_callback: callback received for printer data. fd = 8
[2011/01/29 17:03:08,  5] printing/print_cups.c:164(cups_cache_reload_async)
  reloading cups printcap cache
[2011/01/29 17:03:08,  2] printing/print_cups.c:545(cups_async_callback)
  cups_async_callback: failed to read a new printer list
[2011/01/29 17:03:08,  3] printing/pcap.c:243(pcap_cache_reload)
  reload status: error
[2011/01/29 17:03:08,  5] param/loadparm.c:6838(process_registry_service)
  process_registry_service: service name printers
[2011/01/29 17:04:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:04:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:04:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:04:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:05:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:05:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:05:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:05:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:06:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:06:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:06:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:06:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:06:08,  6] param/loadparm.c:7017(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Fri Jan 28 16:47:10 2011

[2011/01/29 17:07:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:07:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:07:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:07:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:08:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:08:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:08:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:08:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:09:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:09:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:09:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:09:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:09:08,  6] param/loadparm.c:7017(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Fri Jan 28 16:47:10 2011

[2011/01/29 17:10:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:10:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:10:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:10:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:11:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:11:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:11:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:11:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:12:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:12:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:12:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:12:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:12:08,  6] param/loadparm.c:7017(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Fri Jan 28 16:47:10 2011

[2011/01/29 17:13:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:13:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:13:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:13:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:14:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:14:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:14:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:14:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:15:08,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:15:08,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:15:08,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:15:08,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:15:08,  6] param/loadparm.c:7017(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Fri Jan 28 16:47:10 2011

[2011/01/29 17:16:09,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/01/29 17:16:09,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/01/29 17:16:09,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/01/29 17:16:09,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/01/29 17:16:09,  3] smbd/process.c:1856(check_reload)
  Printcap cache time expired.
[2011/01/29 17:16:09,  3] printing/pcap.c:136(pcap_cache_reload)
  reloading printcap cache
[2011/01/29 17:16:09,  5] printing/print_cups.c:403(cups_pcap_load_async)
  cups_pcap_load_async: asynchronously loading cups printers
[2011/01/29 17:16:09,  5] printing/print_cups.c:453(cups_async_callback)
  cups_async_callback: callback received for printer data. fd = 8
[2011/01/29 17:16:09,  5] printing/print_cups.c:164(cups_cache_reload_async)
  reloading cups printcap cache
[2011/01/29 17:16:09,  2] printing/print_cups.c:545(cups_async_callback)
  cups_async_callback: failed to read a new printer list
[2011/01/29 17:16:09,  3] printing/pcap.c:243(pcap_cache_reload)
  reload status: error
[2011/01/29 17:16:09,  3] printing/pcap.c:136(pcap_cache_reload)
  reloading printcap cache
[2011/01/29 17:16:09,  5] printing/print_cups.c:403(cups_pcap_load_async)
  cups_pcap_load_async: asynchronously loading cups printers
[2011/01/29 17:16:09,  5] printing/print_cups.c:453(cups_async_callback)
  cups_async_callback: callback received for printer data. fd = 8
[2011/01/29 17:16:09,  5] printing/print_cups.c:164(cups_cache_reload_async)
  reloading cups printcap cache
[2011/01/29 17:16:09,  2] printing/print_cups.c:545(cups_async_callback)
  cups_async_callback: failed to read a new printer list
[2011/01/29 17:16:09,  3] printing/pcap.c:243(pcap_cache_reload)
  reload status: error
[2011/01/29 17:16:09,  5] param/loadparm.c:6838(process_registry_service)
  process_registry_service: service name printers

Hier verstehe ich nicht ganz, warum da so viel mit printers geschieht!? Das will ich eigentlich abschalten. Da fehlt mir sicher noch "load printers = no". ;-)


log.wb-DOMAIN01:

[2011/01/29 17:00:16,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 22
[2011/01/29 17:00:16,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [ 8935]: lookupname DOMAIN01\man
[2011/01/29 17:00:16,  3] winbindd/winbindd_rpc.c:295(msrpc_name_to_sid)
  rpc: name_to_sid name=DOMAIN01\man
[2011/01/29 17:00:16,  3] winbindd/winbindd_rpc.c:309(msrpc_name_to_sid)
  name_to_sid [rpc] DOMAIN01\man for domain DOMAIN01
[2011/01/29 17:00:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000000 smb_io_rpc_hdr hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 00
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 0098
      000a auth_len  : 0020
      000c call_id   : 000001a2
[2011/01/29 17:00:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000010 smb_io_rpc_hdr_req hdr_req
      0010 alloc_hint: 00000054
      0014 context_id: 0000
      0016 opnum     : 004d
[2011/01/29 17:00:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000070 smb_io_rpc_hdr_auth hdr_auth
      0070 auth_type    : 44
      0071 auth_level   : 06
      0072 auth_pad_len : 04
      0073 auth_reserved: 00
      0074 auth_context_id: 00000001
[2011/01/29 17:00:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000078 smb_io_rpc_auth_schannel_chk
      0078 sig  : 77 00 7a 00 ff ff 00 00
      0080 seq_num: 17 9c cd cf cb bf 59 3e
      0088 packet_digest: 8b 40 a3 c0 77 49 30 25
      0090 confounder: 69 28 15 78 b7 37 a5 6f
[2011/01/29 17:00:16,  5] rpc_client/cli_pipe.c:1279(rpc_api_pipe_send)
  rpc_api_pipe: host dc00.firmenname.de
[2011/01/29 17:00:16,  5] rpc_client/cli_pipe.c:312(rpc_write_send)
  rpc_write_send: data_to_write: 152
[2011/01/29 17:00:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000000 smb_io_rpc_hdr rpc_hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 02
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 00d0
      000a auth_len  : 0020
      000c call_id   : 000001a2
[2011/01/29 17:00:16,  5] rpc_client/cli_pipe.c:192(rpc_grow_buffer)
  rpc_grow_buffer: grew buffer by 192 bytes to 208
[2011/01/29 17:00:16,  5] rpc_client/cli_pipe.c:230(rpc_read_send)
  rpc_read_send: data_to_read: 192
[2011/01/29 17:00:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
      0010 alloc_hint: 00000084
      0014 context_id: 0000
      0016 cancel_ct : 00
      0017 reserved  : 00
[2011/01/29 17:00:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  0000a8 smb_io_rpc_hdr_auth hdr_auth
      00a8 auth_type    : 44
      00a9 auth_level   : 06
      00aa auth_pad_len : 0c
      00ab auth_reserved: 00
      00ac auth_context_id: 00000001
[2011/01/29 17:00:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  0000b0 smb_io_rpc_auth_schannel_chk
      00b0 sig  : 77 00 7a 00 ff ff 00 00
      00b8 seq_num: 75 b9 05 63 ef 41 89 44
      00c0 packet_digest: e1 13 c3 05 0e 1c d8 4c
      00c8 confounder: 51 fd 45 31 ce 90 db 70
[2011/01/29 17:00:16,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 22
[2011/01/29 17:00:16,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [ 8935]: lookupname DOMAIN01\man
[2011/01/29 17:05:16,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 20
[2011/01/29 17:05:16,  3] winbindd/winbindd_misc.c:359(winbindd_dual_list_trusted_domains)
  [ 8935]: list trusted domains
[2011/01/29 17:05:16,  3] winbindd/winbindd_ads.c:1203(sequence_number)
  ads: fetch sequence_number for DOMAIN01
[2011/01/29 17:05:16,  5] libads/ldap_utils.c:64(ads_do_search_retry_internal)
  Search for (objectclass=*) in <> gave 1 replies
[2011/01/29 17:05:16,  3] winbindd/winbindd_ads.c:1270(trusted_domains)
  ads: trusted_domains
[2011/01/29 17:05:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000000 smb_io_rpc_hdr hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 00
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 0080
      000a auth_len  : 0020
      000c call_id   : 000001a3
[2011/01/29 17:05:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000010 smb_io_rpc_hdr_req hdr_req
      0010 alloc_hint: 00000040
      0014 context_id: 0000
      0016 opnum     : 0028
[2011/01/29 17:05:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000058 smb_io_rpc_hdr_auth hdr_auth
      0058 auth_type    : 44
      0059 auth_level   : 06
      005a auth_pad_len : 00
      005b auth_reserved: 00
      005c auth_context_id: 00000001
[2011/01/29 17:05:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000060 smb_io_rpc_auth_schannel_chk
      0060 sig  : 77 00 7a 00 ff ff 00 00
      0068 seq_num: b3 f5 96 43 a5 83 70 9b
      0070 packet_digest: e3 ed 62 16 ce f5 78 27
      0078 confounder: 1e cb 79 1d a8 f8 e9 10
[2011/01/29 17:05:16,  5] rpc_client/cli_pipe.c:1279(rpc_api_pipe_send)
  rpc_api_pipe: host dc00.firmenname.de
[2011/01/29 17:05:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000000 smb_io_rpc_hdr rpc_hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 02
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 00f0
      000a auth_len  : 0020
      000c call_id   : 000001a3
[2011/01/29 17:05:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
      0010 alloc_hint: 000000a4
      0014 context_id: 0000
      0016 cancel_ct : 00
      0017 reserved  : 00
[2011/01/29 17:05:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  0000c8 smb_io_rpc_hdr_auth hdr_auth
      00c8 auth_type    : 44
      00c9 auth_level   : 06
      00ca auth_pad_len : 0c
      00cb auth_reserved: 00
      00cc auth_context_id: 00000001
[2011/01/29 17:05:16,  5] rpc_parse/parse_prs.c:88(prs_debug)
  0000d0 smb_io_rpc_auth_schannel_chk
      00d0 sig  : 77 00 7a 00 ff ff 00 00
      00d8 seq_num: a5 4d 3a 1e 89 37 b6 f5
      00e0 packet_digest: d2 69 8d 34 d7 52 53 c9
      00e8 confounder: 50 10 60 fd 0e 13 31 06
[2011/01/29 17:07:18,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 22
[2011/01/29 17:07:18,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [ 8935]: lookupname DOMAIN01\af-admin
[2011/01/29 17:07:18,  3] winbindd/winbindd_rpc.c:295(msrpc_name_to_sid)
  rpc: name_to_sid name=DOMAIN01\af-admin
[2011/01/29 17:07:18,  3] winbindd/winbindd_rpc.c:309(msrpc_name_to_sid)
  name_to_sid [rpc] DOMAIN01\af-admin for domain DOMAIN01
[2011/01/29 17:07:18,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000000 smb_io_rpc_hdr hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 00
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 00a0
      000a auth_len  : 0020
      000c call_id   : 000001a4
[2011/01/29 17:07:18,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000010 smb_io_rpc_hdr_req hdr_req
      0010 alloc_hint: 0000005c
      0014 context_id: 0000
      0016 opnum     : 004d
[2011/01/29 17:07:18,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000078 smb_io_rpc_hdr_auth hdr_auth
      0078 auth_type    : 44
      0079 auth_level   : 06
      007a auth_pad_len : 04
      007b auth_reserved: 00
      007c auth_context_id: 00000001
[2011/01/29 17:07:18,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000080 smb_io_rpc_auth_schannel_chk
      0080 sig  : 77 00 7a 00 ff ff 00 00
      0088 seq_num: 1d 1c e7 33 a6 78 60 8b
      0090 packet_digest: 5e c1 8c 45 b4 f7 ad 84
      0098 confounder: 80 b7 ad 2c 29 60 ae 98
[2011/01/29 17:07:18,  5] rpc_client/cli_pipe.c:1279(rpc_api_pipe_send)
  rpc_api_pipe: host dc00.firmenname.de
[2011/01/29 17:07:18,  5] rpc_client/cli_pipe.c:312(rpc_write_send)
  rpc_write_send: data_to_write: 160
[2011/01/29 17:07:18,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000000 smb_io_rpc_hdr rpc_hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 02
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 00f0
      000a auth_len  : 0020
      000c call_id   : 000001a4
[2011/01/29 17:07:18,  5] rpc_client/cli_pipe.c:192(rpc_grow_buffer)
  rpc_grow_buffer: grew buffer by 224 bytes to 240
[2011/01/29 17:07:18,  5] rpc_client/cli_pipe.c:230(rpc_read_send)
  rpc_read_send: data_to_read: 224
[2011/01/29 17:07:18,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
      0010 alloc_hint: 000000a4
      0014 context_id: 0000
      0016 cancel_ct : 00
      0017 reserved  : 00
[2011/01/29 17:07:18,  5] rpc_parse/parse_prs.c:88(prs_debug)
  0000c8 smb_io_rpc_hdr_auth hdr_auth
      00c8 auth_type    : 44
      00c9 auth_level   : 06
      00ca auth_pad_len : 0c
      00cb auth_reserved: 00
      00cc auth_context_id: 00000001
[2011/01/29 17:07:18,  5] rpc_parse/parse_prs.c:88(prs_debug)
  0000d0 smb_io_rpc_auth_schannel_chk
      00d0 sig  : 77 00 7a 00 ff ff 00 00
      00d8 seq_num: 8f f4 67 f1 1d 88 72 9e
      00e0 packet_digest: 83 7c ac d3 91 42 fb 35
      00e8 confounder: 6f eb aa 8c ac 76 30 07
[2011/01/29 17:07:18,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 59
[2011/01/29 17:07:18,  3] winbindd/winbindd_user.c:166(winbindd_dual_userinfo)
  [ 8935]: lookupsid S-1-5-21-2043704838-242237007-121937100-1107
[2011/01/29 17:07:18,  3] winbindd/winbindd_ads.c:467(query_user)
  ads: query_user
[2011/01/29 17:07:18,  5] winbindd/winbindd_ads.c:479(query_user)
  query_user: Cache lookup succeeded for S-1-5-21-2043704838-242237007-121937100-1107
[2011/01/29 17:07:18,  5] libads/ldap_utils.c:64(ads_do_search_retry_internal)
  Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\06\76\D0\79\4F\3E\70\0E\CC\9C\44\07\53\04\00\00) in <dc=FIRMENNAME,dc=DE> gave 1 replies
[2011/01/29 17:07:18,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 22
[2011/01/29 17:07:18,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [ 8935]: lookupname DOMAIN01\af-admin
[2011/01/29 17:07:18,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 59
[2011/01/29 17:07:18,  3] winbindd/winbindd_user.c:166(winbindd_dual_userinfo)
  [ 8935]: lookupsid S-1-5-21-2043704838-242237007-121937100-1107
[2011/01/29 17:07:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 22
[2011/01/29 17:07:33,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [ 8935]: lookupname DOMAIN01\afabel
[2011/01/29 17:07:33,  3] winbindd/winbindd_rpc.c:295(msrpc_name_to_sid)
  rpc: name_to_sid name=DOMAIN01\afabel
[2011/01/29 17:07:33,  3] winbindd/winbindd_rpc.c:309(msrpc_name_to_sid)
  name_to_sid [rpc] DOMAIN01\afabel for domain DOMAIN01
[2011/01/29 17:07:33,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000000 smb_io_rpc_hdr hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 00
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 0098
      000a auth_len  : 0020
      000c call_id   : 000001a5
[2011/01/29 17:07:33,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000010 smb_io_rpc_hdr_req hdr_req
      0010 alloc_hint: 00000058
      0014 context_id: 0000
      0016 opnum     : 004d
[2011/01/29 17:07:33,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000070 smb_io_rpc_hdr_auth hdr_auth
      0070 auth_type    : 44
      0071 auth_level   : 06
      0072 auth_pad_len : 00
      0073 auth_reserved: 00
      0074 auth_context_id: 00000001
[2011/01/29 17:07:33,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000078 smb_io_rpc_auth_schannel_chk
      0078 sig  : 77 00 7a 00 ff ff 00 00
      0080 seq_num: a3 ff a5 db 21 92 f2 85
      0088 packet_digest: 82 b2 1f 94 b1 ea 7c 98
      0090 confounder: 58 3c 51 2a ae 39 6b df
[2011/01/29 17:07:33,  5] rpc_client/cli_pipe.c:1279(rpc_api_pipe_send)
  rpc_api_pipe: host dc00.firmenname.de
[2011/01/29 17:07:33,  5] rpc_client/cli_pipe.c:312(rpc_write_send)
  rpc_write_send: data_to_write: 152
[2011/01/29 17:07:33,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000000 smb_io_rpc_hdr rpc_hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 02
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 00f0
      000a auth_len  : 0020
      000c call_id   : 000001a5
[2011/01/29 17:07:33,  5] rpc_client/cli_pipe.c:192(rpc_grow_buffer)
  rpc_grow_buffer: grew buffer by 224 bytes to 240
[2011/01/29 17:07:33,  5] rpc_client/cli_pipe.c:230(rpc_read_send)
  rpc_read_send: data_to_read: 224
[2011/01/29 17:07:33,  5] rpc_parse/parse_prs.c:88(prs_debug)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
      0010 alloc_hint: 000000a4
      0014 context_id: 0000
      0016 cancel_ct : 00
      0017 reserved  : 00
[2011/01/29 17:07:33,  5] rpc_parse/parse_prs.c:88(prs_debug)
  0000c8 smb_io_rpc_hdr_auth hdr_auth
      00c8 auth_type    : 44
      00c9 auth_level   : 06
      00ca auth_pad_len : 0c
      00cb auth_reserved: 00
      00cc auth_context_id: 00000001
[2011/01/29 17:07:33,  5] rpc_parse/parse_prs.c:88(prs_debug)
  0000d0 smb_io_rpc_auth_schannel_chk
      00d0 sig  : 77 00 7a 00 ff ff 00 00
      00d8 seq_num: 91 ba 71 0e 3d 68 50 2d
      00e0 packet_digest: 3d e3 ac 8b 1e 54 a8 57
      00e8 confounder: 1f 6f c1 f6 7c b6 ce 4d
[2011/01/29 17:07:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 59
[2011/01/29 17:07:33,  3] winbindd/winbindd_user.c:166(winbindd_dual_userinfo)
  [ 8935]: lookupsid S-1-5-21-2043704838-242237007-121937100-1349
[2011/01/29 17:07:33,  3] winbindd/winbindd_ads.c:467(query_user)
  ads: query_user
[2011/01/29 17:07:33,  5] winbindd/winbindd_ads.c:479(query_user)
  query_user: Cache lookup succeeded for S-1-5-21-2043704838-242237007-121937100-1349
[2011/01/29 17:07:33,  5] libads/ldap_utils.c:64(ads_do_search_retry_internal)
  Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\06\76\D0\79\4F\3E\70\0E\CC\9C\44\07\45\05\00\00) in <dc=FIRMENNAME,dc=DE> gave 1 replies
[2011/01/29 17:07:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 22
[2011/01/29 17:07:33,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [ 8935]: lookupname DOMAIN01\afabel
[2011/01/29 17:07:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 59
[2011/01/29 17:07:33,  3] winbindd/winbindd_user.c:166(winbindd_dual_userinfo)
  [ 8935]: lookupsid S-1-5-21-2043704838-242237007-121937100-1349

log.winbindd:

[2011/01/29 17:00:16,  3] winbindd/winbindd_group.c:1552(winbindd_getgroups)
  [ 3835]: getgroups man
[2011/01/29 17:00:16,  5] winbindd/winbindd_async.c:296(lookupname_recv2)
  lookup_name returned an error
[2011/01/29 17:07:18,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [ 3835]: getpwnam domain01\af-admin
[2011/01/29 17:07:18,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [ 3835]: getpwnam DOMAIN01\af-admin
[2011/01/29 17:07:33,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [ 3835]: getpwnam domain01\afabel
[2011/01/29 17:07:33,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [ 3835]: getpwnam DOMAIN01\afabel
[2011/01/29 17:17:33,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [ 3835]: getpwnam domain01\af-admin
[2011/01/29 17:17:33,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [ 3835]: getpwnam DOMAIN01\af-admin
[2011/01/29 17:17:48,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [ 3835]: getpwnam domain01\afabel
[2011/01/29 17:17:48,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [ 3835]: getpwnam DOMAIN01\afabel

log.winbindd-idmap:

[2011/01/29 17:07:18,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2011/01/29 17:07:18,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)
  [ 8935]: sid to uid S-1-5-21-2043704838-242237007-121937100-1107
[2011/01/29 17:07:18,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 52
[2011/01/29 17:07:18,  3] winbindd/winbindd_idmap.c:364(winbindd_dual_sid2gid)
  [ 8935]: sid to gid S-1-5-21-2043704838-242237007-121937100-513
[2011/01/29 17:07:18,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2011/01/29 17:07:18,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)
  [ 8935]: sid to uid S-1-5-21-2043704838-242237007-121937100-1107
[2011/01/29 17:07:18,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 52
[2011/01/29 17:07:18,  3] winbindd/winbindd_idmap.c:364(winbindd_dual_sid2gid)
  [ 8935]: sid to gid S-1-5-21-2043704838-242237007-121937100-513
[2011/01/29 17:07:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2011/01/29 17:07:33,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)
  [ 8935]: sid to uid S-1-5-21-2043704838-242237007-121937100-1349
[2011/01/29 17:07:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 52
[2011/01/29 17:07:33,  3] winbindd/winbindd_idmap.c:364(winbindd_dual_sid2gid)
  [ 8935]: sid to gid S-1-5-21-2043704838-242237007-121937100-513
[2011/01/29 17:07:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2011/01/29 17:07:33,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)
  [ 8935]: sid to uid S-1-5-21-2043704838-242237007-121937100-1349
[2011/01/29 17:07:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 52
[2011/01/29 17:07:33,  3] winbindd/winbindd_idmap.c:364(winbindd_dual_sid2gid)
  [ 8935]: sid to gid S-1-5-21-2043704838-242237007-121937100-513
[2011/01/29 17:17:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2011/01/29 17:17:33,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)
  [ 8935]: sid to uid S-1-5-21-2043704838-242237007-121937100-1107
[2011/01/29 17:17:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 52
[2011/01/29 17:17:33,  3] winbindd/winbindd_idmap.c:364(winbindd_dual_sid2gid)
  [ 8935]: sid to gid S-1-5-21-2043704838-242237007-121937100-513
[2011/01/29 17:17:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2011/01/29 17:17:33,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)
  [ 8935]: sid to uid S-1-5-21-2043704838-242237007-121937100-1107
[2011/01/29 17:17:33,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 52
[2011/01/29 17:17:33,  3] winbindd/winbindd_idmap.c:364(winbindd_dual_sid2gid)
  [ 8935]: sid to gid S-1-5-21-2043704838-242237007-121937100-513
[2011/01/29 17:17:48,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2011/01/29 17:17:48,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)
  [ 8935]: sid to uid S-1-5-21-2043704838-242237007-121937100-1349
[2011/01/29 17:17:48,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 52
[2011/01/29 17:17:48,  3] winbindd/winbindd_idmap.c:364(winbindd_dual_sid2gid)
  [ 8935]: sid to gid S-1-5-21-2043704838-242237007-121937100-513
[2011/01/29 17:17:48,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2011/01/29 17:17:48,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)
  [ 8935]: sid to uid S-1-5-21-2043704838-242237007-121937100-1349
[2011/01/29 17:17:48,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 52
[2011/01/29 17:17:48,  3] winbindd/winbindd_idmap.c:364(winbindd_dual_sid2gid)
  [ 8935]: sid to gid S-1-5-21-2043704838-242237007-121937100-513

Danke und Gruß

Hartkorn

 

[spoensche]

Also die Client-PC´s sind selber nicht Mitglied der Domäne und die Benutzer sind Mitglied der Domäne?

Das NAS ist auch ein NAS oder? Wenn du das NAS als Backuplaufwerk einsetzt, rate ich dir dringends davon ab, dass sich die "ottonormal" Benutzer an der Maschine anmelden können. Auf ein Backupmedium sollten nur die dafür verantwortlichen Personen und die Geschäftsleitung Zugriffsberechtigt sein.

Stell bitte mal mehr Informationen zur Verfügung.

 

[hartkorn]

Hi spoensche,

kein Problem. Die Client-PCs sind nicht in der Domäne. Die User sind die gleichen wie in der Domäne. Also Lokaler Benutzername = Domänenbenutzername. Passwörter in der Domäne und auf den PCs werden immer gleich gehalten. Wie gesagt, hat das auch immer prima auf dem alten Fileserver funktioniert, von dem ich die Konfiguration übernommen habe.

NAS00 soll und wird nicht als Backupmedium eingesetzt werden, sondern als stinknormaler Fileserver für User- und Group-Shares.

 

[spoensche]

Die Client-PCs sind nicht in der Domäne. Die User sind die gleichen wie in der Domäne. Also Lokaler Benutzername = Domänenbenutzername. Passwörter in der Domäne und auf den PCs werden immer gleich gehalten. Wie gesagt, hat das auch immer prima auf dem alten Fileserver funktioniert, von dem ich die Konfiguration übernommen habe.

Dann hast du die Kerberos Konfiguration vom alten Fileserver nicht übernommen. Die ist aber Notwendig, damit Samba die Useranmeldung am DC durchführen kann.

Lokale Benutzer sind auf dem Samba- Server nicht notwendig, da sie sich am DC anmelden, der das AD verwaltet.
Folglich bringen die Homes auf dem Samba nichts, weil sie lokale Benutzerverzeichnisse sind. IMHO solltest du die Usershares ändern.
Das ganze sieht allerdings anders aus, wenn Samba als Backup DC arbeitet.

 

[hartkorn]

Hallo spoensche,

ich glaube ich habe mich da etwas missverständlich ausgedrückt. Sorry. Mit lokalen Benutzern meinte ich natürlich lokale Benutzer auf den Windows-Workstations. Es gibt keine lokalen User auf NAS00, diese werden aus dem AD abgerufen.

Samba kann laut Buch nicht als BDC für einen ActiveDirectory PDC arbeiten:

Seit der Veröffentlichung von MS Windows 2000 und Active Directory werden diese Informationen nun in einem Verzeichnis abgelegt, das repliziert werden kann und für das die Administration teilweise oder vollständig delegiert werden kann. Samba-3 kann NICHT Domänencontroller innerhalb eines Active-Directory-Baums sein und es kann NICHT ein Active-Directory-Server sein. Das bedeutet, dass Samba-3 auch NICHT als BDC für einen Active-Directory-DC arbeiten kann.

Quelle: http://gertranssmb3.berlios.de/output/samba-bdc.html

Heißt das jetzt, dass ich auf das automatische erstellen der Home-Shares verzichten muss?

Die Konfiguration der krb5.conf habe ich ebenso wie die nsswitch.conf vom alten Fileserver übernommen:

krb5.conf:

[libdefaults]
        default_realm = FIRMENNAME.DE

[realms]
        FIRMENNAME.DE = {
                kdc = 192.168.0.249
        }

[logging]
                 kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmin.log
             default = SYSLOG:NOTICE:DAEMON

nsswitch.conf:

passwd: files winbind
group:  files winbind

hosts:  files mdns4_minimal [NOTFOUND=return] dns wins
networks:   files dns

services:   files
protocols:  files
rpc:    files
ethers: files
netmasks:   files
netgroup:   files nis
publickey:  files

bootparams: files
automount:  files nis
aliases:    files

 

[spoensche]

Heißt das jetzt, dass ich auf das automatische erstellen der Home-Shares verzichten muss?

Nein. Du kannst sie nur nicht mit der [homes] Section konfigurieren, sondern musst ein Template in der [globals] Section verwenden. (Wusste ich bis gerade auch nicht)

Siehe: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

 

[Tooltime]

Die Konfiguration der krb5.conf habe ich ebenso wie die nsswitch.conf vom alten Fileserver übernommen:

Ist denn die Kiste denn überhaupt schon in die Domäne eingetreten? Hast du denn pam überhaupt angepasst? Soweit ich weiss, werden die Homeverzeichnisse von pam_mkhomedir erstellt.

[global]
  workgroup = DOMAIN01
  server string = %h
  realm = DOMAIN.LOCAL

Sieht auch schon merkwürdig aus, Workgroup und Domäne (realm) sollten identisch sein, bis auf die TLD-Komponente.
Und das hier sieht für mich auch schon komisch aus:

• password server = dc00, dc01

Im AD findet man die DC's über DNS. Wird der richtige DNS-Server benutzt?

Und warum das Ganze so kompliziert?
1. Testen ob die Domäne per DNS aufgelöst werden kann (nslookup DOMAIN.LOKAL).
Wenn nicht dafür sorgen das ein DC als DNS-Server benutzt wird.
2. YaST --> Netzwerkservices --> Windows-Domänenmitgliedschaft.
Erschreckender Weise gibt es da eine Checkbox für das automatische Erstellen der Homeverzeichnisse

Schon ist die Kiste fertig. Dann entspannt zurücklehnen und darüber nachdenken ob es sinnvoll ist idmap's zu zentralisieren.