From yann.hamon at thehumanjourney.net Fri Jan 1 02:13:06 2010 From: yann.hamon at thehumanjourney.net (Yann Hamon) Date: Fri, 1 Jan 2010 09:13:06 +0000 (GMT) Subject: [Samba] Samba as a AD slave Message-ID: <159716963.17241262337186609.JavaMail.root@mail.thehumanjourney.net> Dear Samba team, I have read with great interest your recent progress in compatibility with Active Directory, and seen that you have asked to hear from people with interest in this. I am in charge of the IT server infrastructure of a small/medium company (400 people, 5 offices) currently running Active Directory on Windows 2000 with windows XP clients. We haven't upgraded the AD yet in hope to move to a samba Domain Controller. What I would like to do to start my migration would be to keep my Windows 2k AD servers in our main office, and build slaves in all our other offices using samba. Once this is done and works well, I would upgrade the primary DC. Is this possible yet? Happy testing alphas if good documentation is provided. We do not have any replication in other offices at the moment (using basic workgroups...) so not much could go wrong. And btw: Happy new year to the samba team! -- Yann HAMON Systems Manager Oxford Archaeology: Exploring the Human Journey http://thehumanjourney.net ------ Files attached to this email may be in ISO 26300 format (OASIS Open Document Format). If you have difficulty opening them, please visit http://iso26300.info for more information. From jlayton at samba.org Fri Jan 1 07:12:06 2010 From: jlayton at samba.org (Jeff Layton) Date: Fri, 1 Jan 2010 09:12:06 -0500 Subject: [Samba] nfs vs. cifs based on my usage profile In-Reply-To: <8ee061010912311150l638ec8ban9054138ab57c5a28@mail.gmail.com> References: <8ee061010912311150l638ec8ban9054138ab57c5a28@mail.gmail.com> Message-ID: <20100101091206.07a504fc@tlielax.poochiereds.net> On Thu, 31 Dec 2009 13:50:10 -0600 Terry wrote: > Hello, > > I have an interesting architecture consisting of a 3 RHEL 5.3 NFS > nodes that mounts about 30 TB worth of iscsi disk and presents them as > 6 different NFS shares. It is an active-active-active cluster with > each node presenting a couple of shares. It works pretty well. I am > doubting my decision to use NFS and am wondering if CIFS would be a > better route. Here are the NFS stats: > > getattr lookup access read write readdirplus > 20% 16% 7% 44% 9% 1% > > Each NFS node pushes about 65 MB/s so they are pretty busy. It is a > backup/recovery application so I would describe the I/O as lots of > small reads/writes. > > Any thoughts? > Why are you looking to switch? As always, the only way to really tell is to bench it out yourself. I can tell you though that the Linux CIFS client doesn't parallelize writes well at all and that will probably hobble your throughput somewhat. -- Jeff Layton From mueller at tropenklinik.de Fri Jan 1 08:10:51 2010 From: mueller at tropenklinik.de (=?iso-8859-1?Q?Daniel_M=FCller?=) Date: Fri, 1 Jan 2010 16:10:51 +0100 Subject: [Samba] How to access shares via HTTP (apache2) In-Reply-To: References: <73c93b460912310635j7fdfee56i5108ec307b5998d2@mail.gmail.com> Message-ID: <864C46F870AE49DABDEFA593276666BE@elkejuttaPC> Why do you need to access your shares via HTTP???!! THe only thing this might be usefull is from outside your lan over internet?! If you plan this, there ist the linux opensource solution OPENVPN!! With this mighty software you work with your shares and outlook from outside as if you were in your bureau. Take a look at it and give it a try! Daniel -----Urspr?ngliche Nachricht----- Von: "Robert LeBlanc" An: "Martin Balint" Cc: Gesendet: Donnerstag, 31. Dezember 2009 18:25 Betreff: Re: [Samba] How to access shares via HTTP (apache2) > On Thu, Dec 31, 2009 at 7:35 AM, Martin Balint > wrote: > >> Hello, >> I configured samba fileserver as a member of samba domain. PDC and >> fileserver are different machines. >> It works great using windows sharing. >> Now, I need to set up apache to serve my shares, but I am having >> problem with permissions. Apache runs as www-user, and doesn't see >> content in shares. >> So I would like to ask, what is the proper way to use apache (or >> another http server) to serve files on file server. >> Using Ubuntu 9.10 and Samba 3.4.0-3ubuntu5.1. >> >> Thanks for help, >> Martin >> >> Right now, my configuration is: >> smb.conf >> [global] >> workgroup = DOMAIN.EU >> netbios name = share2 >> server string = %h server (Samba, Ubuntu) >> log file = /var/log/samba/log.%m >> max log size = 1000 >> syslog = 0 >> panic action = /usr/share/samba/panic-action %d >> >> winbind separator = + >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> winbind enum users = yes >> winbind enum groups = yes >> >> security = domain >> password server = * >> >> [software] >> comment = Shared software >> path = /srv/fileserver/software >> force group = "DOMAIN.EU+domain users" >> create mask = 0660 >> directory mask = 0770 >> writable = yes >> >> /etc/nsswitch.conf: >> passwd: compat winbind >> group: compat winbind >> >> # ls -la /srv/fileserver/software/ >> total 20 >> drwxrwxrwx 5 root root 4096 2009-12-31 >> 12:12 >> . >> drwxr-xr-x 3 root root 4096 2009-12-31 >> 00:08 >> .. >> drwxrwx--- 2 DOMAIN.EU+martin DOMAIN.EU+domain users 4096 2009-12-31 >> 00:24 >> test2 >> drwxrwx--- 2 DOMAIN.EU+martin DOMAIN.EU+domain users 4096 2009-12-31 >> 12:11 >> test3 >> drwxrwx--- 2 DOMAIN.EU+martin DOMAIN.EU+domain users 4096 2009-12-31 >> 12:12 >> test4 >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > I guess you are trying to do this with wedav. I've looked and have not > found > a good Linux solution. To use Apache, you would have to write a listener > that forks an Apache process as the user. That is expensive and there is > no > pre-built solution out there. We finally gave up and used Windows 2008 > with > IIS 7 which can do this natively. We set-up a web site who's root is our > samba share (we only have one share and specify all permissions through > ACLs). This preserves permissions and owners so that quotas are not thrown > off. > > We initially did some nasty group member things to get it to work with > Apache, but the management overhead was a nightmare and went with the > Windows solution even though we wanted to go Linux. > > Robert LeBlanc > Life Sciences & Undergraduate Education Computer Support > Brigham Young University > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > From robert at leblancnet.us Fri Jan 1 09:02:01 2010 From: robert at leblancnet.us (Robert LeBlanc) Date: Fri, 1 Jan 2010 09:02:01 -0700 Subject: [Samba] How to access shares via HTTP (apache2) In-Reply-To: <864C46F870AE49DABDEFA593276666BE@elkejuttaPC> References: <73c93b460912310635j7fdfee56i5108ec307b5998d2@mail.gmail.com> <864C46F870AE49DABDEFA593276666BE@elkejuttaPC> Message-ID: On Fri, Jan 1, 2010 at 8:10 AM, Daniel M?ller wrote: > Why do you need to access your shares via HTTP???!! > THe only thing this might be usefull is from outside your lan over > internet?! > If you plan this, there ist the linux opensource solution OPENVPN!! With > this mighty software > you work with your shares and outlook from outside as if you were in your > bureau. > Take a look at it and give it a try! > Daniel > In our case, we already have a VPN solution (Cisco, definatly not our choice) in place. We wanted a solution that is cross-platform and didn't require anything to be intalled on the OS and would never be blocked by any firewall. WebDav fit the bill alhough it sucks prety bad on Windows, it is still there. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University From rippls at woodlandschools.org Fri Jan 1 09:50:13 2010 From: rippls at woodlandschools.org (Steve Rippl) Date: Fri, 01 Jan 2010 08:50:13 -0800 Subject: [Samba] How to access shares via HTTP (apache2) In-Reply-To: <864C46F870AE49DABDEFA593276666BE@elkejuttaPC> References: <73c93b460912310635j7fdfee56i5108ec307b5998d2@mail.gmail.com> <864C46F870AE49DABDEFA593276666BE@elkejuttaPC> Message-ID: <4B3E27C5.3040309@woodlandschools.org> Daniel M?ller wrote: > Why do you need to access your shares via HTTP???!! > THe only thing this might be usefull is from outside your lan over > internet?! > If you plan this, there ist the linux opensource solution OPENVPN!! > With this mighty software > you work with your shares and outlook from outside as if you were in > your bureau. > Take a look at it and give it a try! > Daniel With all due respect (really!), why do you ask a question like that? Different people have different requirements. In my case I have 2000 secondary school students that I give access to their home folders from home so that they don't have to do everything via usb sticks. Should I manage 2000 certificates for this and complicate things for the students, or should I use a simple web based solution that can run from any browser on any machine? OpenVPN is great, I use it for my access to the network from outside, but it isn't the answer to everything! -- Steve Rippl Technology Director Woodland Public Schools 360 225 9451 x326 From mueller at tropenklinik.de Sat Jan 2 03:40:01 2010 From: mueller at tropenklinik.de (=?iso-8859-1?Q?Daniel_M=FCller?=) Date: Sat, 2 Jan 2010 11:40:01 +0100 Subject: [Samba] How to access shares via HTTP (apache2) In-Reply-To: References: <73c93b460912310635j7fdfee56i5108ec307b5998d2@mail.gmail.com> <864C46F870AE49DABDEFA593276666BE@elkejuttaPC> Message-ID: <45700FFF7A0443B3A8B4B1F9581A4796@elkejuttaPC> Hello, as from windows vista on web dav support from microsoft ist no more than before. But if you do not miss the drag and drop thing and so on with your users. Try this (Linux): http://sourceforge.net/projects/davenport or: http://www.simple-groupware.de/cms/WebDAV or their special package (supports dfs!!!): http://www.simple-groupware.de/cms/WebDisk/IntegraTUMWebDisk But in all cases your firewall need to be configured Greetings Daniel -----Urspr?ngliche Nachricht----- Von: Robert LeBlanc An: Daniel M?ller Cc: samba at lists.samba.org Gesendet: Freitag, 1. Januar 2010 17:02 Betreff: Re: [Samba] How to access shares via HTTP (apache2) On Fri, Jan 1, 2010 at 8:10 AM, Daniel M?ller wrote: Why do you need to access your shares via HTTP???!! THe only thing this might be usefull is from outside your lan over internet?! If you plan this, there ist the linux opensource solution OPENVPN!! With this mighty software you work with your shares and outlook from outside as if you were in your bureau. Take a look at it and give it a try! Daniel In our case, we already have a VPN solution (Cisco, definatly not our choice) in place. We wanted a solution that is cross-platform and didn't require anything to be intalled on the OS and would never be blocked by any firewall. WebDav fit the bill alhough it sucks prety bad on Windows, it is still there. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University From peteolcott at gmail.com Sun Jan 3 08:15:29 2010 From: peteolcott at gmail.com (Peter Olcott) Date: Sun, 3 Jan 2010 09:15:29 -0600 Subject: [Samba] Can't get share to show up on windows Message-ID: <87e0d5201001030715p835b8b9v7e44905a1ae5f0e@mail.gmail.com> I have successfully set of two Samba servers under Red Hat Linux 6.0 and 9.0. I am having trouble getting Samba 3.0 Fedora Linux Samba to show up on the windows machine. I can't find the solution in either of the two books that I bought, or the online resources after spending several days working on this. I only need a relatively simple network, yet I also want it to be reasonably secure. With my first server I set up fixed IP addresses and edited the etc/hosts file. Somehow my second server can connect to my XP clients without changes to the etc/hosts file, and without fixed IP addresses set up on the windows XP side. I don't know how it does this. I probably want this new server to work this same way. I must have two Samba servers and three Windows XP boxes all connected. The Red Hat Linux 9.0 samba box is currently working correctly with the three XP boxes. Appreciate you help. From david at vizion2000.net Sun Jan 3 15:41:07 2010 From: david at vizion2000.net (David Southwell) Date: Sun, 3 Jan 2010 22:41:07 +0000 Subject: [Samba] Can't get share to show up on windows In-Reply-To: <87e0d5201001030715p835b8b9v7e44905a1ae5f0e@mail.gmail.com> References: <87e0d5201001030715p835b8b9v7e44905a1ae5f0e@mail.gmail.com> Message-ID: <201001032241.07797.david@vizion2000.net> > I have successfully set of two Samba servers under Red Hat Linux 6.0 and > 9.0. I am having trouble getting Samba 3.0 Fedora Linux Samba to show up on > the windows machine. I can't find the solution in either of the two books > that I bought, or the online resources after spending several days working > on this. > > I only need a relatively simple network, yet I also want it to be > reasonably secure. With my first server I set up fixed IP addresses and > edited the etc/hosts file. Somehow my second server can connect to my XP > clients without changes to the etc/hosts file, and without fixed IP > addresses set up on the windows XP side. I don't know how it does this. I > probably want this new server to work this same way. > > I must have two Samba servers and three Windows XP boxes all connected. The > Red Hat Linux 9.0 samba box is currently working correctly with the three > XP boxes. > > Appreciate you help. > Can you post your smb.conf and log.smb files (strip out your ip addies) david From kc8ldo at arrl.net Sun Jan 3 16:57:16 2010 From: kc8ldo at arrl.net (KC8LDO) Date: Sun, 3 Jan 2010 18:57:16 -0500 Subject: [Samba] Can't get share to show up on windows References: <87e0d5201001030715p835b8b9v7e44905a1ae5f0e@mail.gmail.com> Message-ID: Peter; You may find the following of interest. I had a problem where one box, Fedora 11, would not browse the local network for shares. I too have a very simple network, no DC's, no active directory etc, just one machine acting as a local browse master. Of the several Linux boxes I have the F11 box was the only one I had trouble with. I found the following info and that seemed to fix it for me. Turns out it really wasn't a samba problem. I did an awful lot of research using Google on the network file share browsing issue I had with Fedora 11 using Nautilus. The two things that stand out are something the ISP's are doing and also with the NetBIOS name resolution order done by Samba. It seems many ISP's are now using "DNS redirection" in place of simply returning an error message that the URL can't be found with the appropriate error code. Instead they redirect bad URL's to some advert site or offer to do a search for a similar URL. This redirection seems to really screw with Samba's NetBIOS name resolution method. Fortunately for me Comcast has a way through the user account preferences to turn this "feature" OFF. Various posts on the 'net claim this violates the documented way DNS look ups work. The suggestion is to either turn it off if you can, which may involve a phone call to your ISP, if not then LOUDLY complain about it screwing up you network. The second item is the NetBIOS name resolution order in Samba. I have the following line in my samba.conf file: name resolve order = lmhosts wins bcast host dhcp (or DNS for last entry) https://bugs.launchpad.net/hundredpapercuts/+bug/389909 Right now browsing for local shares using Samba through Nautilus's "Network" option seems to be working, for now. You may also want to check your firewall and make sure the ports are opened for file sharing as well. A few people have forgotten about it. Regards; Leland C. Scott KC8LDO ----- Original Message ----- From: "Peter Olcott" To: Sent: Sunday, January 03, 2010 10:15 AM Subject: [Samba] Can't get share to show up on windows >I have successfully set of two Samba servers under Red Hat Linux 6.0 and > 9.0. I am having trouble getting Samba 3.0 Fedora Linux Samba to show up > on > the windows machine. I can't find the solution in either of the two books > that I bought, or the online resources after spending several days working > on this. I spent about a week or two, several hours a day, looking before I found the above info! > > I only need a relatively simple network, yet I also want it to be > reasonably > secure. With my first server I set up fixed IP addresses and edited the > etc/hosts file. Somehow my second server can connect to my XP clients > without changes to the etc/hosts file, and without fixed IP addresses set > up > on the windows XP side. I don't know how it does this. I probably want > this > new server to work this same way. > > I must have two Samba servers and three Windows XP boxes all connected. > The > Red Hat Linux 9.0 samba box is currently working correctly with the three > XP > boxes. > > Appreciate you help. > > From vinnix.bsd at gmail.com Sun Jan 3 17:52:09 2010 From: vinnix.bsd at gmail.com (Vinicius Abrahao) Date: Sun, 3 Jan 2010 22:52:09 -0200 Subject: [Samba] Joining Windows XP client to Samba 3 domain: Access denied In-Reply-To: <4AF843F5.8080203@lohrmann.de> References: <4AF843F5.8080203@lohrmann.de> Message-ID: <1e31c7981001031652r68726d4ao117540ba64f1d43c@mail.gmail.com> On Mon, Nov 9, 2009 at 2:31 PM, Christian Geiger wrote: > Hi all! > > When I try to join a Windows XP client to a Samba 3 domain I get an access > denied error. Below's my configuration and a snippet from the log file. Has > someone an idea what I need to change / do in order to be able to join the > domain from Windows? > > Thx in advance for your help! > > Chris Hi Chris, how are you? Happy 2010, btw!! Sorry for importune you&&list with a topic about 2 months ago, but... I'm had this same problem with my samba. What Is your ambient? Mine is: FreeBSD 8-STABLE Samba 3.3.9 Openldap: 2.4.21 (I note that you are using LDAP-base too). Do you have best luck with this, since your report? I'll try to REinstall this service from scratch, in this week. Cause I'm pretty sure that service had work here (at 3.3.7 version /freebsd 7.1) but been honest I dont remember (it's a test lab, not a production). By the way, shares(smbd), are working very well(production too, authenticate on AD) and I can easily share files at my win/mac/nix network without any problems! With an web ldap administration (LAM) is great to delegate (or at least get a help ) the administration of these "little rain forests". Congrats community! Best wishes! Vin?cius A. Schmidt [vinnix at triariusBR] From c.geiger at lohrmann.de Mon Jan 4 01:49:29 2010 From: c.geiger at lohrmann.de (Christian Geiger) Date: Mon, 04 Jan 2010 09:49:29 +0100 Subject: [Samba] Joining Windows XP client to Samba 3 domain: Access denied In-Reply-To: <1e31c7981001031652r68726d4ao117540ba64f1d43c@mail.gmail.com> References: <4AF843F5.8080203@lohrmann.de> <1e31c7981001031652r68726d4ao117540ba64f1d43c@mail.gmail.com> Message-ID: <4B41AB99.3000206@lohrmann.de> Hi Vin?cius! Wish you a happy new year, too! Yes, I solved my issue in the meantime. I made a mistake and tried joining the domain with the user instead of the administrator account. As no machine account had been previously created for that machine, the join couldn't be performed. Doing it as the administrator solved this and created the machine account in the background. What does your smb.conf look like? Did you ensure a machine account exists? And which user did you supply for joining the domain? Best regards Chris PS: I'm running Samba 3.3.2 and OpenLDAP 2.4.15 on Ubuntu 9.04 Server. Am 04.01.2010 01:52, schrieb Vinicius Abrahao: > On Mon, Nov 9, 2009 at 2:31 PM, Christian Geiger wrote: >> Hi all! >> >> When I try to join a Windows XP client to a Samba 3 domain I get an access >> denied error. Below's my configuration and a snippet from the log file. Has >> someone an idea what I need to change / do in order to be able to join the >> domain from Windows? >> >> Thx in advance for your help! >> >> Chris > > Hi Chris, how are you? > > Happy 2010, btw!! Sorry for importune you&&list with a topic about 2 > months ago, but... > > I'm had this same problem with my samba. What Is your ambient? > Mine is: FreeBSD 8-STABLE > Samba 3.3.9 > Openldap: 2.4.21 (I note that you are using LDAP-base too). > > Do you have best luck with this, since your report? > > I'll try to REinstall this service from scratch, in this week. Cause I'm > pretty sure that service had work here (at 3.3.7 version /freebsd 7.1) but > been honest I dont remember (it's a test lab, not a production). > > By the way, shares(smbd), are working very well(production too, > authenticate on AD) and I can > easily share files at my win/mac/nix network without any problems! > With an web ldap > administration (LAM) is great to delegate (or at least get a help ) > the administration of these > "little rain forests". > > Congrats community! > > Best wishes! > Vin?cius A. Schmidt [vinnix at triariusBR] > > __________ Hinweis von ESET NOD32 Antivirus, Signaturdatenbank-Version 4740 (20100103) __________ > > E-Mail wurde gepr?ft mit ESET NOD32 Antivirus. > > http://www.eset.com > > > > From mail_of_sergey at mail.ru Mon Jan 4 03:16:37 2010 From: mail_of_sergey at mail.ru (=?koi8-r?Q?=F3=C5=D2=C7=C5=CA?=) Date: Mon, 04 Jan 2010 13:16:37 +0300 Subject: [Samba] PDC don't lists domain groups for workstations Message-ID: Hello, All! Everytime when I ask my PDC about list of domain groups from XP SP3 workstation, I got empty list. Log is fixed this error: api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO2 failed But "net groupmap list" shows group list: sudo net groupmap list 2-106 (S-1-5-21-3738234612-4042114426-1695072666-3013) -> 5-107 tst-users (S-1-5-21-3738234612-4042114426-1695072666-3193) -> tst-users ugs (S-1-5-21-3738234612-4042114426-1695072666-1175) -> ugs ?????? ??????? (S-1-5-21-3738234612-4042114426-1695072666-1093) -> print-best Domain Guests (S-1-5-21-3738234612-4042114426-1695072666-514) -> domain_guests magistr (S-1-5-21-3738234612-4042114426-1695072666-3145) -> magistr 2-109 (S-1-5-21-3738234612-4042114426-1695072666-1002) -> 2-109 ????????? ? ???????? (S-1-5-21-3738234612-4042114426-1695072666-1096) -> lab Print Operators (S-1-5-21-3738234612-4042114426-1695072666-550) -> printer_admins Domain Admins (S-1-5-21-3738234612-4042114426-1695072666-512) -> admin_nt_group ????????? (S-1-5-21-3738234612-4042114426-1695072666-1094) -> aspirants ????????????? (S-1-5-21-3738234612-4042114426-1695072666-1097) -> prep ????????? ?????????? (S-1-5-21-3738234612-4042114426-1695072666-3149) -> veteran ????????????? ? ????????? (S-1-5-21-3738234612-4042114426-1695072666-1177) -> prep_asp Nero (S-1-5-21-3738234612-4042114426-1695072666-3141) -> nero ??????? ??????? (S-1-5-21-3738234612-4042114426-1695072666-1092) -> print-usual Domain Users (S-1-5-21-3738234612-4042114426-1695072666-513) -> domain_users 2-107 (S-1-5-21-3738234612-4042114426-1695072666-1001) -> 2-210 Info about software: smbclient -V Version 3.3.9 uname -a FreeBSD acc.acc.tula.ru 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #4: Mon Dec 14 20:30:51 MSK 2009 root at acc.acc.tula.ru:/usr/src/sys/i386/compile/Z i386 My smb.conf is attached Happy New Year! Serg From mail_of_sergey at mail.ru Mon Jan 4 03:43:32 2010 From: mail_of_sergey at mail.ru (=?koi8-r?Q?=F3=C5=D2=C7=C5=CA?=) Date: Mon, 04 Jan 2010 13:43:32 +0300 Subject: [Samba] =?koi8-r?b?c21ic3RhdHVzIGdvdCBlcnJvcjogbWVzc2FnaW5nX3Rk?= =?koi8-r?b?Yl9pbml0IGZhaWxlZDogTlRfU1RBVFVTX0FDQ0VTU19ERU5JRUQ=?= Message-ID: Hello, All! When I run smbstatus as usual user I got error: smbstatus ERROR: Failed to initialise messages database: Permission denied messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED messaging_init failed ll /var/db/samba/messages.tdb -rw------- 1 root wheel 16384 4 ??? 12:58 /var/db/samba/messages.tdb Does this permissions correctly? smbclient -V Version 3.3.9 sudo tdbbackup -v /var/db/samba/messages.tdb /var/db/samba/messages.tdb : 0 records Happy New Year. Serg From Volker.Lendecke at SerNet.DE Mon Jan 4 03:53:17 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 4 Jan 2010 11:53:17 +0100 Subject: [Samba] smbstatus got error: messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED In-Reply-To: References: Message-ID: On Mon, Jan 04, 2010 at 01:43:32PM +0300, ?????? wrote: > When I run smbstatus as usual user I got error: > smbstatus > ERROR: Failed to initialise messages database: Permission denied > messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED > messaging_init failed > > ll /var/db/samba/messages.tdb > -rw------- 1 root wheel 16384 4 ??? 12:58 /var/db/samba/messages.tdb > > Does this permissions correctly? > > > smbclient -V > Version 3.3.9 > > sudo tdbbackup -v /var/db/samba/messages.tdb > /var/db/samba/messages.tdb : 0 records This has already been fixed for 3.4. The attached patch should apply to 3.3. Volker From Volker.Lendecke at SerNet.DE Mon Jan 4 03:57:45 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 4 Jan 2010 11:57:45 +0100 Subject: [Samba] smbstatus got error: messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED In-Reply-To: References: Message-ID: On Mon, Jan 04, 2010 at 11:53:17AM +0100, Volker Lendecke wrote: > This has already been fixed for 3.4. The attached patch > should apply to 3.3. Forgot that the list strips attachments. Volker From jakov.sosic at srce.hr Mon Jan 4 04:23:31 2010 From: jakov.sosic at srce.hr (Jakov Sosic) Date: Mon, 04 Jan 2010 12:23:31 +0100 Subject: [Samba] Downgrade TDB files? Message-ID: <1262604211.1646.39.camel@localhost> Hi. I've tried Samba 3.4.3 and it upgraded my passdb.tdb file. After testing I concluded that I'm not going to upgrade to 3.4.3 yet, because 'getent passwd' was broken in recent BlastWave Solaris packages: http://wiki.blastwave.org/forum/viewtopic.php?f=5&t=447&start=0 Now, after I downgraded the Samba back to 3.0.32, client connections started to malfunction. I saw these in my logs: [2010/01/04 10:54:08, 0] ../samba-3.0.32/source/passdb/pdb_tdb.c:(1049) tdbsam_getsampwnam: failed to open /etc/opt/csw/samba/private/passdb.tdb! [2010/01/04 11:06:13, 0] ../samba-3.0.32/source/passdb/pdb_tdb.c:(848) tdbsam_open: unknown version => 4 This causes winbind to coredump... Now, I've backed up passdb.tdb and restart samba, because this samba instance is just a domain member, and everything seems to work. But I wonder, is there a way to downgrade these files? Or is the backup/restore only solution? -- | Jakov Sosic | ICQ: 28410271 | PGP: 0x965CAE2D | ================================================================= | | From Volker.Lendecke at SerNet.DE Mon Jan 4 04:38:13 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 4 Jan 2010 12:38:13 +0100 Subject: [Samba] Downgrade TDB files? In-Reply-To: <1262604211.1646.39.camel@localhost> References: <1262604211.1646.39.camel@localhost> Message-ID: On Mon, Jan 04, 2010 at 12:23:31PM +0100, Jakov Sosic wrote: > I've tried Samba 3.4.3 and it upgraded my passdb.tdb file. After testing > I concluded that I'm not going to upgrade to 3.4.3 yet, because 'getent > passwd' was broken in recent BlastWave Solaris packages: > > http://wiki.blastwave.org/forum/viewtopic.php?f=5&t=447&start=0 > > > Now, after I downgraded the Samba back to 3.0.32, client connections > started to malfunction. I saw these in my logs: > > [2010/01/04 10:54:08, 0] ../samba-3.0.32/source/passdb/pdb_tdb.c:(1049) > tdbsam_getsampwnam: failed to > open /etc/opt/csw/samba/private/passdb.tdb! > [2010/01/04 11:06:13, 0] ../samba-3.0.32/source/passdb/pdb_tdb.c:(848) > tdbsam_open: unknown version => 4 > > This causes winbind to coredump... > > > Now, I've backed up passdb.tdb and restart samba, because this samba > instance is just a domain member, and everything seems to work. But I > wonder, is there a way to downgrade these files? Or is the > backup/restore only solution? Either that or another (bad) solution is to do pdbedit -i tdbsam -e smbpasswd with the 3.4 binary an then pdbedit -i smbpasswd -e tdbsam with the 3.0 one. You lose all the additional information like full name, the user's RID (in case it's allocated), but you get back the passwords. Depending on your setup, this might be enough though. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From "Moray Henderson (ICT)" at mail1.itdojo.org Mon Jan 4 04:33:40 2010 From: "Moray Henderson (ICT)" at mail1.itdojo.org ("Moray Henderson (ICT)" at mail1.itdojo.org) Date: Mon, 4 Jan 2010 11:33:40 +0000 Subject: [Samba] HI In-Reply-To: References: Message-ID: <005701ca8d32$327f3880$977da980$@Domain> sheron fernando wrote: >Dear Samba Admin > >my samba server working but windows client log to my samba server coming >error massages. i check my samba log file coming this error massage. >please >help to me. >* >[2009/12/29 09:01:48, 0] lib/util_sock.c:write_data(562) > write_data: write failure in writing to client 192.168.0.85. Error >Connection reset by peer >[2009/12/29 09:01:48, 0] lib/util_sock.c:send_smb(761) > Error writing 4 bytes to client. -1. (Connection reset by peer)* As long as you're not using Windows 7, you can make this go away with smb ports = 139 in your smb.conf, then restart Samba. Moray. "To err is human. To purr, feline" From aheinlein at gmx.com Mon Jan 4 05:40:24 2010 From: aheinlein at gmx.com (Andreas Heinlein) Date: Mon, 04 Jan 2010 13:40:24 +0100 Subject: [Samba] Samba as domain member to another samba PDC Message-ID: <4B41E1B8.4050600@gmx.com> Hello, we have a somewhat unusual setup: - currently, Windows 2000 workstations in a NT4-Style domain with a samba 3 server as PDC. User account data for both UNIX and Samba is kept in LDAP. - now, several workstations should be migrated to Ubuntu, using the same LDAP directory (and NFS homes) for User account data. Users need to be able to share files with windows workstations, using samba. I have managed to join samba on the Ubuntu test machines to the domain, and any manually created shares in smb.conf can be accessed by windows users as well as other users on other Ubuntu clients. I have set in smb.conf on the client: security = domain password server = * domain = MYDOM (passdb backend is not set) But I'd like to use system-config-samba from Ubuntu as a GUI to let the users create their own shares (somewhat risky, I know, but currently the best solution). system-config-samba relies on the output of "pdbedit -L" to let the user choose which users can access which share. In the above setup, the output of "pdbedit -L" is empty. I tried adding passdb backend = ldapsam:ldap://1.2.3.4 and the neccessary ldap options to smb.conf on the client and have set the LDAP admin password using "smbpasswd -W". Now, "pdbedit -L" complains "SID 1-2-3-4-5 does not belong to our domain", and system-config-samba shows the same line instead of the users name for every user in the database. So, essentially, the question is: how can a samba domain member get a list of users using "pdbedit -L"? As I understand it, the whole winbind/idmap stuff is neccessary only for mapping users on a windows PDC to (temporary) UNIX users, but we already have real permanent UNIX users, so I do not need winbind/idmap, right? Thanks, Andreas From aheinlein at gmx.com Mon Jan 4 06:56:31 2010 From: aheinlein at gmx.com (Andreas Heinlein) Date: Mon, 04 Jan 2010 14:56:31 +0100 Subject: [Samba] Samba as domain member to another samba PDC In-Reply-To: References: <4B41E1B8.4050600@gmx.com> Message-ID: <4B41F38F.2090108@gmx.com> Daniel M?ller schrieb: > Hello, > when i have read wright. You joined an ubuntu samba pc to your samba > domain! > testparm gives you: ROLE_DOMAIN_MEMBER? Correct. > First of all your domain member must have exactly the same users and > passwords as your pdc/ldap. > You can do that with installing ldapclient. Configure it with > ldapserver: your pdc/ldap. > Now getent passwd and getend group should show you all your > users/groups kept on you pdc/ldap. I did that using libpam-ldap/libnsswitch-ldap. getent group/passwd returns what you say, and user authentication on the UNIX side works well. > If you succed with this. You need in your smb.conf: > security=DOMAIN > password server=YOUR-PDC-LDAP I have password server = *, but explicitly setting the PDC changes nothing. > For me I had to copy my ladp config section from my smb.conf on my PDC > here: > ldap.... > idmap backend=ldap:ldap://YOUR-PDC-LDAP > idmap uid... > idmap gid.... > I do not currently have the idmap... things, since I thought I do not need them. I tried, and it changed nothing. "pdbedit -L" still returns "SID ... does not belong to our domain". What does it return on your machine? Bye, Andreas From jra at samba.org Mon Jan 4 09:37:40 2010 From: jra at samba.org (Jeremy Allison) Date: Mon, 4 Jan 2010 08:37:40 -0800 Subject: [Samba] Downgrade TDB files? In-Reply-To: <1262604211.1646.39.camel@localhost> References: <1262604211.1646.39.camel@localhost> Message-ID: <20100104163740.GA22293@jeremy-laptop> On Mon, Jan 04, 2010 at 12:23:31PM +0100, Jakov Sosic wrote: > > Now, I've backed up passdb.tdb and restart samba, because this samba > instance is just a domain member, and everything seems to work. But I > wonder, is there a way to downgrade these files? Or is the > backup/restore only solution? Backup/restore is the only *safe* solution. We don't guarentee format changes going forward can be rolled back (that would be a nightmarish amount of work) when backup/restore works just as well. Jeremy. From help at pdscc.com Mon Jan 4 10:04:26 2010 From: help at pdscc.com (Harondel J. Sibble) Date: Mon, 04 Jan 2010 09:04:26 -0800 Subject: [Samba] web based index of samba share contents Message-ID: <20100104170459.86C6412DD@sinclaire.sibble.net> Anyone know of a good opensource product to give google desktop like search functionality via web browser of a set of samba shares running on a Debian 5.x server. It needs to be able to fully index word, excel, openoffice and text files at a minimum. It should also have some form of ACL control so that only certain users can actually search the index for specific smb shares. In this particular instance, there is a general office share which everyone should be able to use and a partners/owners/managers share which should be restricted. Staff are running Linux, Mac OSX and Windows. So far googling's found me this IBM OmniFind Yahoo! Edition is a no-charge enterprise search software solution that enables rapid deployment of intranet and file system search for both employees and customers. http://omnifind.ibm.yahoo.net/productinfo.php However this product only officially supports RH and SUSE. Any other good suggestions -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice) From mail_of_sergey at mail.ru Mon Jan 4 10:38:00 2010 From: mail_of_sergey at mail.ru (=?koi8-r?Q?=F3=C5=D2=C7=C5=CA?=) Date: Mon, 04 Jan 2010 20:38:00 +0300 Subject: [Samba] =?koi8-r?b?c21ic3RhdHVzIGdvdCBlcnJvcjogbWVzc2FnaW5nX3Rk?= =?koi8-r?b?Yl9pbml0IGZhaWxlZDogTlRfU1RBVFVTX0FDQ0VTU19ERU5JRUQ=?= In-Reply-To: References: Message-ID: Hello, Volker! > This has already been fixed for 3.4. The attached patch > should apply to 3.3. > Thank you, now usual user can run smbstatus without problem. I will send PR to FreeBSD port. > > ATTACHMENT: text/x-diff (0001-s3-smbstatus-Fix-bug-6703-allow-smbstatus-as-non-r.patch) > I have got attachment. Happy New Year! Serg. From jra at samba.org Mon Jan 4 10:39:00 2010 From: jra at samba.org (Jeremy Allison) Date: Mon, 4 Jan 2010 09:39:00 -0800 Subject: [Samba] web based index of samba share contents In-Reply-To: <20100104170459.86C6412DD@sinclaire.sibble.net> References: <20100104170459.86C6412DD@sinclaire.sibble.net> Message-ID: <20100104173900.GA16599@samba1> On Mon, Jan 04, 2010 at 09:04:26AM -0800, Harondel J. Sibble wrote: > Anyone know of a good opensource product to give google desktop like search > functionality via web browser of a set of samba shares running on a Debian > 5.x server. It needs to be able to fully index word, excel, openoffice and > text files at a minimum. It should also have some form of ACL control so > that only certain users can actually search the index for specific smb > shares. > > In this particular instance, there is a general office share which everyone > should be able to use and a partners/owners/managers share which should be > restricted. > > Staff are running Linux, Mac OSX and Windows. > > So far googling's found me this > > IBM OmniFind Yahoo! Edition is a no-charge enterprise search software > solution that enables rapid deployment of intranet and file system search for > both employees and customers. > > http://omnifind.ibm.yahoo.net/productinfo.php > > However this product only officially supports RH and SUSE. > > Any other good suggestions It's a funny 'ole world :-). After leaving Whistle I trotted up and down Sand Hill Road in Silicon Valley with an ex-Whistle Exec (for credibility) trying to pitch such a device to any of the Venture Capitalists. I thought it would have made a great start-up company idea ! None of them wanted anything to do with it (sigh :-). At least you and I prove that great minds think alike :-). Jeremy. From larry at sinu.com Mon Jan 4 10:28:56 2010 From: larry at sinu.com (Larry Velez) Date: Mon, 4 Jan 2010 09:28:56 -0800 Subject: [Samba] web based index of samba share contents In-Reply-To: <20100104170459.86C6412DD@sinclaire.sibble.net> References: <20100104170459.86C6412DD@sinclaire.sibble.net> Message-ID: <39C9503BFE232845950C6B3BE7804B2F28BD849174@EXVMBX017-12.exch017.msoutlookonline.net> We built a test like this with CentOS, Samba, Fuse, Lucene and Apache that worked very much like Google Desktop search. It worked really well but at the end of the day we are not a software company and didn't pursue this further. Let me know if you want me to search for our old notes on this test. | Larry Velez | www.sinu.com | -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Harondel J. Sibble Sent: Monday, January 04, 2010 12:04 PM To: samba at lists.samba.org Subject: [Samba] web based index of samba share contents Anyone know of a good opensource product to give google desktop like search functionality via web browser of a set of samba shares running on a Debian 5.x server. It needs to be able to fully index word, excel, openoffice and text files at a minimum. It should also have some form of ACL control so that only certain users can actually search the index for specific smb shares. In this particular instance, there is a general office share which everyone should be able to use and a partners/owners/managers share which should be restricted. Staff are running Linux, Mac OSX and Windows. So far googling's found me this IBM OmniFind Yahoo! Edition is a no-charge enterprise search software solution that enables rapid deployment of intranet and file system search for both employees and customers. http://omnifind.ibm.yahoo.net/productinfo.php However this product only officially supports RH and SUSE. Any other good suggestions -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From cjohnson at custom-mfg-eng.com Mon Jan 4 15:23:18 2010 From: cjohnson at custom-mfg-eng.com (Charles Johnson) Date: Mon, 4 Jan 2010 17:23:18 -0500 (EST) Subject: [Samba] Winbind Expand Groups option not fully funtional In-Reply-To: <7429853.35561262643721614.JavaMail.root@mailhost4.custom-mfg-eng.com> Message-ID: <30625380.35581262643798499.JavaMail.root@mailhost4.custom-mfg-eng.com> I am trying to authenticate samba 3.3 running on Centos 5 to Windows 2003 R2 Active Directory. 95% of my setup is working. The only thing that doesn't work are expanded groups. Whenever a group is a member of another group the permissions in samba/nss/winbind are not communicated correctly to the windows client but seem to work on the linux end of things. Here's my scenario. (All hostnames are internal) AD Groups and Members ----------------- testgroup9 members: cjohnson,erodriguez,testuser11,testuser9 testgroup10 members: testgroup9 Getent group responds correctly populating the testgroup9 members into testgroup10 testgroup9:x:111265:cjohnson,erodriguez,testuser11,testuser9 testgroup10:x:111266:cjohnson,erodriguez,testuser11,testuser9 From jimmy at g-tec.co.at Mon Jan 4 15:29:30 2010 From: jimmy at g-tec.co.at (Andreas Gredler) Date: Mon, 4 Jan 2010 23:29:30 +0100 Subject: [Samba] Bug in Samba version in debian lenny (3.2.5) -> Users can not rename or delete files Message-ID: <20100104222930.GT7722@obelix.g-tec.co.at> Hello, Please see the debian bts for details: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563729 I thought that this bug might be interesting for many people so I decided to post it here. greets Jimmy -- Andreas "Jimmy" Gredler ,'"`. http://www.jimmy.co.at/ | jimmy at g-tec.co.at ( grml.org -? Linux Live-CD for texttool-users and sysadmins `._, http://www.grml.org/ | jimmy at grml.org From samba.kid at dietzel.no Mon Jan 4 16:21:32 2010 From: samba.kid at dietzel.no (Knut Ingvald Dietzel) Date: Tue, 5 Jan 2010 00:21:32 +0100 Subject: [Samba] Domain Trusts between 3.0.28 and 3.4.3 with '--enable-merged-build' Message-ID: <20100104232132.GA6835@arthur.dietzel.no> Hi, Is is possible to have inter domain trusts between Samba 3.0.28 and Samba 3.4.3, the latter compiled with the '--enable-merged-build' option? (I.e. similar to but with Samba 3.4.3 instead of Windows 2000.) -- Best regards, Knut Ingvald Dietzel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From jra at samba.org Mon Jan 4 16:32:54 2010 From: jra at samba.org (Jeremy Allison) Date: Mon, 4 Jan 2010 15:32:54 -0800 Subject: [Samba] data corruption in samba 3.4.3 ? In-Reply-To: <737BD0BF52F0744B96B74B61756AC06441638BBD12@hestia.ad.pa-ucl.com> References: <737BD0BF52F0744B96B74B61756AC06441638BBD12@hestia.ad.pa-ucl.com> Message-ID: <20100104233254.GE23285@samba1> On Thu, Dec 31, 2009 at 11:51:14AM -0600, Shane T. Drinkwater wrote: > Hello, > I am using Citrix XenServer for my VM environment. I found that If I am using samba 3.4.3 and dump a vm from a Citrix xen node the resulting image is not importable(ie corrupt) into xenCenter. If I am using samba-3.3.9 and perform the same operation everything works great. To dump the vm's from Xen I mount a samba share from the domU OS. I use the following xen commands to dump the vm > > mount -t cifs //172.27.1.100/xenBackups /mnt -o username=sdrinkwater,pass=somepass,dom=ad.pa-ucl.com > xe vm-snapshot vm=guest_name new-name-label=backup_vm > xe template-param-set is-a-template=false uuid=snapshotUUID > xe vm-export vm=snapshotUUID filename=exportfilename.xva > xe vm-uninstall uuid=snapshotUUID force=true > umount /mnt > > Has anyone else experienced this ?? My info is as follows > > XenServer mount.cifs version --> mount.cifs version: 1.10 > My two test samba servers where build from source with the following config > ./configure --with-winbind --with-pam --with-aio-support Can you log this in bugzilla so we can track it. Thanks ! Jeremy. From bino at indoakses-online.com Mon Jan 4 18:01:31 2010 From: bino at indoakses-online.com (Bino Oetomo) Date: Tue, 05 Jan 2010 08:01:31 +0700 Subject: [Samba] PDC directory permission fail Message-ID: <4B428F6B.5070207@indoakses-online.com> Dear All .. I use webmin to do the samba PDC configuration The authentication is work well. I've a problem with share permission, the condition is : 1. I've group named "warehouse" 2. I've user named "wh01", with home dir /home/wh01, and be a group member of "warehouse" Both created via webmin. 3. Next I created share, named "warehouse" [warehouse] comment = Files of warehouse writeable = yes path = /hdd2/samba/groupfiles/warehouse when I create that share via webmin i use option : a. mode : 775 b. Create user : Root c. Create Group : warehouse. 4. From my XP station , I login to that domain with user name "wh01", the results is : a. Successfull login b. wh01 can create a file in the home directory (/home/wh01) But, wh01 can not write file to share "warehouse" why wh01 didn't have enough permission to "warehouse" while : A. The share is created using group "warehouse", and B. wh01 IS the group member of "warehouse", and C. "warehouse" share is set to be available, and browseable. Kindly please give me any enlightment to fix the problem Sincerely -bino- From mail_of_sergey at mail.ru Tue Jan 5 00:11:57 2010 From: mail_of_sergey at mail.ru (=?koi8-r?Q?=F3=C5=D2=C7=C5=CA?=) Date: Tue, 05 Jan 2010 10:11:57 +0300 Subject: [Samba] =?koi8-r?b?UERDIGRpcmVjdG9yeSBwZXJtaXNzaW9uIGZhaWw=?= In-Reply-To: <4B428F6B.5070207@indoakses-online.com> References: <4B428F6B.5070207@indoakses-online.com> Message-ID: Hello, Bino! > I use webmin to do the samba PDC configuration IMHO, insuffisient > > [warehouse] > comment = Files of warehouse > writeable = yes > path = /hdd2/samba/groupfiles/warehouse > > when I create that share via webmin i use option : > a. mode : 775 > b. Create user : Root > c. Create Group : warehouse. > > 4. From my XP station , I login to that domain with user name "wh01", > the results is : > a. Successfull login > b. wh01 can create a file in the home directory (/home/wh01) > > But, wh01 can not write file to share "warehouse" Which permission to the new file? May be 644? :) IMHO, user have right to write directory, but have not right to write file. Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions Bye. Serg From bubulle at debian.org Mon Jan 4 22:48:07 2010 From: bubulle at debian.org (Christian PERRIER) Date: Tue, 5 Jan 2010 06:48:07 +0100 Subject: [Samba] Samba 3.5.0pre2 in Debian experimental Message-ID: <20100105054807.GA3181@mykerinos.kheops.frmug.org> Last year, sometime in December, I wrote: > Please notice that, contrary to what we generally did up to now, > Debian maintainers have not been able to build a package for pre1 > before pre2 went out... > > This is mostly because we apparently can't build with the packaged > talloc libraries (Debian currently has 2.0.0 while 3.5.0pre version > apprently need 2.0.1). I forgot announcing that Debian experimental now has Samba 3.5.0pre2 packages (and Debian unstable has talloc 2.0.1). So, the brave hearts can test that release by adding the following to their /etc/apt/sources.list file: deb ftp:///debian experimental main running "apt-get (or aptitude) update" Then: apt-get install -t experimental samba From hannu.tikka at rpkk.fi Tue Jan 5 01:25:19 2010 From: hannu.tikka at rpkk.fi (Hannu Tikka) Date: Tue, 5 Jan 2010 10:25:19 +0200 (EET) Subject: [Samba] samba4 master-branch compiling error Message-ID: <85b4805b1be5f0578f0b9133dbd91cac.squirrel@www.rpkk.fi> Get following errors compiling samba4 master-branch in vmware virtualmachine : ----------- /usr/bin/ld: i386:x86-64 architecture of input file `../client/umount.cifs.o' is incompatible with i386 output /usr/bin/ld: i386:x86-64 architecture of input file `../client/mtab.o' is incompatible with i386 output ----------- samba-4.0.0.alpha10 compiles ok From c.baegert-listes at lixium.fr Tue Jan 5 04:03:38 2010 From: c.baegert-listes at lixium.fr (Christophe Baegert) Date: Tue, 05 Jan 2010 12:03:38 +0100 Subject: [Samba] windows 7 and printer sharing Message-ID: <4B431C8A.70307@lixium.fr> Hi, On a linux server with CUPS, I installed Samba to share it with windows computers. I managed to share it with my Macbook on MacOS 10.4, with this address : | smb://login:password at name _of_server/name_of_printer| So I think my server is well configured. BUT I don't even see my network on a Windows 7 computer (I applied the Maybe it's because it thinks it's on a public network ? I use Linux for 10 years, but the last Windows computer I used was using NT4, it was in 2003, so I'm really lost with this Windows 7 !!! What can I do ? Even if the auto-detection doesn't work, is it possible to use a simple manual address like I do with my Macbook ? Thanks in advance ! ----------------------------------------------------------------- This is my smb.conf : # # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Some options that are often worth tuning have been included as # commented-out examples in this file. # - When such options are commented with ";", the proposed setting # differs from the default Samba behaviour # - When commented with "#", the proposed setting is the default # behaviour of Samba but the option is considered important # enough to be mentioned here # # NOTE: Whenever you modify this file you should run the command # "testparm" to check that you have not made any basic syntactic # errors. # A well-established practice is to name the original file # "smb.conf.master" and create the "real" config file with # testparm -s smb.conf.master >smb.conf # This minimizes the size of the really used smb.conf file # which, according to the Samba Team, impacts performance # However, use this with caution if your smb.conf file contains nested # "include" statements. See Debian bug #483187 for a case # where using a master file is not a good idea. # #======================= Global Settings ======================= [global] # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = XXXXXXXX # server string is the equivalent of the NT Description field server string = %h server # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no hosts allow = 192.168.1. #### Networking #### interfaces = eth0 #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 syslog = 1 panic action = /usr/share/samba/panic-action %d ####### Authentication ####### security = share encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes ########## Printing ########## load printers = yes printing = cups printcap name = cups [printers] comment = All Printers browseable = yes path = /var/spool/samba printable = yes guest ok = yes read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = yes --------------------------------------------------------------------------------- Regards, Chris From jj at isy.liu.se Tue Jan 5 05:03:25 2010 From: jj at isy.liu.se (Jean-Jacques Moulis) Date: Tue, 5 Jan 2010 13:03:25 +0100 Subject: [Samba] windows 7 and printer sharing In-Reply-To: <4B431C8A.70307@lixium.fr> References: <4B431C8A.70307@lixium.fr> Message-ID: On Tue, 05 Jan 2010 12:03:38 +0100 Christophe Baegert wrote: CB> Hi, CB> On a linux server with CUPS, I installed Samba to share it with windows CB> computers. CB> I managed to share it with my Macbook on MacOS 10.4, with this address : | CB> smb://login:password at name _of_server/name_of_printer| CB> So I think my server is well configured. CB> BUT I don't even see my network on a Windows 7 computer (I applied the In your case I wouldn't use smb for printing. both OSX and windows (at least recent ones) can print directly to a CUPS server. the main advantage of SMB printing is automatic installation of drivers. this is worth the trouble only if you have many clients. (and to my knowledge it doesn't work with 64bits OS) Use http://your.cups.server/printers/your_printername to connect to your cups server. -- Jean-Jacques Moulis Tel: (013) 281684 ISY Fax: (013) 139282 Link?ping University E-mail: jj at isy.liu.se 581 83 Link?ping From aheinlein at gmx.com Tue Jan 5 05:19:09 2010 From: aheinlein at gmx.com (Andreas Heinlein) Date: Tue, 05 Jan 2010 13:19:09 +0100 Subject: [Samba] Samba as domain member to another samba PDC In-Reply-To: References: <4B41E1B8.4050600@gmx.com> <4B41F38F.2090108@gmx.com> Message-ID: <4B432E3D.5040300@gmx.com> Daniel M?ller schrieb: > Hello, > with pdbedit -L on my MemberServer (Samba) I could not list the domain > users and groups! > With pdbedit -L it is only working on my PDC(Samba) I assume then this is - at least at the moment - "normal" behaviour of pdbedit. Perhaps someone else on this list can tell me if this is going to change or has already changed e.g. with Samba 4. > Try getent passwd and getent group instead. If there show up your > users and groups. > try example: touch test.txt and then chown > yourdomainuser:thisuserdomaingroup. > If this function you can test next: Make a share on your > SambaMemberServer. Give the rights to a user > only known in your SambaDomain (no local user!!!!) . Try to connect > the share as this user. > If this is working you got it. I already did that, and it works. That's not the point I'm asking for. As I wrote in my first post, I want to use a GUI for creating samba shares that relies on the output of pdbedit -L for listing users which are allowed/denied access. If pdbedit -L does not work, I will either have to write my own "pdbedit" which wil mimic the expected output by calling ldapsearch and formatting the output like pdbedit does. Or I will have to find another suitable GUI. Thank you for your help, Andreas From c.baegert-listes at lixium.fr Tue Jan 5 05:38:18 2010 From: c.baegert-listes at lixium.fr (Christophe Baegert) Date: Tue, 05 Jan 2010 13:38:18 +0100 Subject: [Samba] windows 7 and printer sharing In-Reply-To: References: <4B431C8A.70307@lixium.fr> Message-ID: <4B4332BA.1030008@lixium.fr> Hi, Le 05/01/2010 13:03, Jean-Jacques Moulis a ?crit : > In your case I wouldn't use smb for printing. > both OSX and windows (at least recent ones) can print directly to a CUPS > server. IPP never worked on my Macbook using OS X 10.4, which works well with Samba. But I didn't try it on the Windows 7 computer, I'll try that, if it works, indeed, Samba isn't necessary !!! Thank you for your help. Regards, Chris From patrik at hall.fi Tue Jan 5 08:06:21 2010 From: patrik at hall.fi (Patrik Hall) Date: Tue, 5 Jan 2010 17:06:21 +0200 Subject: [Samba] Samba share browseable to certain IP networks Message-ID: <473b1ae91001050706m7e02347aw7fd6947f2def54b5@mail.gmail.com> Hello. I have set up a shared samba server for two organisations. Using hosts allow I can permit access to a share from a certain IP network, however, the share is browseable still for everybody. How can I prevent that, is that possible? Regards, Patrik Hall From David.Grudek at anixter.com Tue Jan 5 08:29:27 2010 From: David.Grudek at anixter.com (David.Grudek at anixter.com) Date: Tue, 5 Jan 2010 09:29:27 -0600 Subject: [Samba] Samba with DNS Message-ID: When the Samba4 for gets released this year, how is DNS to be setup, is there any special requirements, will samba setup dns for you when using active directory? How does that whole part work? I have seen that kerberos will be built in. Also I have to say, I saw the Samba Team Blog 3 and I really like how they will rename the services to be more suited to thier task. It is great. Keep up with the great work. From lsorense at csclub.uwaterloo.ca Tue Jan 5 08:49:08 2010 From: lsorense at csclub.uwaterloo.ca (Lennart Sorensen) Date: Tue, 5 Jan 2010 10:49:08 -0500 Subject: [Samba] windows 7 and printer sharing In-Reply-To: <4B4332BA.1030008@lixium.fr> References: <4B431C8A.70307@lixium.fr> <4B4332BA.1030008@lixium.fr> Message-ID: <20100105154908.GQ8605@caffeine.csclub.uwaterloo.ca> On Tue, Jan 05, 2010 at 01:38:18PM +0100, Christophe Baegert wrote: > IPP never worked on my Macbook using OS X 10.4, which works well with Samba. Odd, given I remember Mac OS X 10.1 automatically detecting the IPP broadcasts by cups (which cups was set to share printers with the network, which it doesn't by default). Apple is even funding cups these days. As long as your print server with cups is configured to share with the local network, and not firewalling it away it should work. > But I didn't try it on the Windows 7 computer, I'll try that, if it > works, indeed, Samba isn't necessary !!! Thank you for your help. I have certainly used IPP printing with windows. use the url: http://printerserver:631/printers/print_queue_name And install the right driver of course. Of course cups should be configured to handle unknown job types as raw (which I think is normally the default these days as well). -- Len Sorensen From gaiseric.vandal at gmail.com Tue Jan 5 09:04:17 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Tue, 05 Jan 2010 11:04:17 -0500 Subject: [Samba] NTLMv2 in Sun's 'official' Samba 3.0.37? In-Reply-To: <1F71B146-65C2-48E0-847B-C5DF060A98AA@uq.edu.au> References: <1F71B146-65C2-48E0-847B-C5DF060A98AA@uq.edu.au> Message-ID: <4B436301.1020408@gmail.com> It didn't work for me on Sun with Samba 3.0.37 either. I was under the impression (quite possibly wrong) that for Win 7 support you would need Samba 3.3.x or 3.4.x anyway. I have been testing the sunfreeware.com version of samba 3.4.x (full zfs support seems to be missing) and compiling it from scratch (getting kerberos enabled is a problem.) And hoping that a Sun-provided build of 3.4.x comes out sometime in the next 6 months. 3.0.x line is hitting a dead end. (Dell has made our life easier in 2009 by still shipping us machines with XP.) I have an open ticket with Sun on separate issue with 3.0.37 so I am hoping this will let me find out what their plans are. On 12/27/09 19:29, Jake Carroll wrote: > Hi all. > > Just looking for some guidance as to what works, and what doesn't. > > Recently I've noticed that no matter what I do, I can't seem to get NTLMv2 to negotiate using Windows Vista, Windows 7 or Mac OS X 10.6.x against Solaris 10 Samba 3.0.37. > > If I 'tune' the client OS that it only negotiates with NTLMv1, all is well. In my global block, on the Solaris Samba server, I have: > > [global] > client lanman auth=no > client ntlmv2 auth=yes > ntlm auth = no > > Now, I'd have thought that this would be enough to make NTLMv2 work along it's merry way - but apparently not. Whenever I attempt to connect and negotiate using NTLMv2, the client OS is given a generic 'incorrect username or password' response. > > So - the question. Does 3.0.37 actually even support NTLMv2? Am I doing something wrong in trying to turn it 'on'? Sun aren't talking, but I'm sure somebody here would know the history behind this... > > Thanks all. > > JC > > > > > From soonerdew at gmail.com Tue Jan 5 09:15:22 2010 From: soonerdew at gmail.com (David Whitney) Date: Tue, 5 Jan 2010 10:15:22 -0600 Subject: [Samba] NTLMv2 in Sun's 'official' Samba 3.0.37? In-Reply-To: <4B436301.1020408@gmail.com> References: <1F71B146-65C2-48E0-847B-C5DF060A98AA@uq.edu.au> <4B436301.1020408@gmail.com> Message-ID: From subscription at kkeane.com Tue Jan 5 10:26:37 2010 From: subscription at kkeane.com (Kevin Keane) Date: Tue, 5 Jan 2010 09:26:37 -0800 Subject: [Samba] windows 7 and printer sharing In-Reply-To: <20100105154908.GQ8605@caffeine.csclub.uwaterloo.ca> References: <4B431C8A.70307@lixium.fr> <4B4332BA.1030008@lixium.fr> <20100105154908.GQ8605@caffeine.csclub.uwaterloo.ca> Message-ID: <724C3B2F1C5EB44D9108E471EC5E99335986235606@akechi-denki.ad.nctechcenter.com> You may also want to look into setting up avahi to advertise your CUPS printer. Avahi is the Linux implementation of the Bonjour advertising protocol; Bonjour is for Apple what UPnP is for Windows. > -----Original Message----- > From: samba-bounces at lists.samba.org [mailto:samba- > bounces at lists.samba.org] On Behalf Of Lennart Sorensen > Sent: Tuesday, January 05, 2010 7:49 AM > To: Christophe Baegert > Cc: samba at lists.samba.org > Subject: Re: [Samba] windows 7 and printer sharing > > On Tue, Jan 05, 2010 at 01:38:18PM +0100, Christophe Baegert wrote: > > IPP never worked on my Macbook using OS X 10.4, which works well with > Samba. > > Odd, given I remember Mac OS X 10.1 automatically detecting the IPP > broadcasts by cups (which cups was set to share printers with the > network, > which it doesn't by default). Apple is even funding cups these days. > As long as your print server with cups is configured to share with the > local network, and not firewalling it away it should work. > > > But I didn't try it on the Windows 7 computer, I'll try that, if it > > works, indeed, Samba isn't necessary !!! Thank you for your help. > > I have certainly used IPP printing with windows. > > use the url: > http://printerserver:631/printers/print_queue_name > > And install the right driver of course. > > Of course cups should be configured to handle unknown job types as raw > (which I think is normally the default these days as well). > > -- > Len Sorensen > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba From r.martel at csuohio.edu Tue Jan 5 10:38:30 2010 From: r.martel at csuohio.edu (Robert M. Martel - CSU) Date: Tue, 05 Jan 2010 12:38:30 -0500 Subject: [Samba] upgrade from 3.2.15 fails - winbind problems Message-ID: <4B437916.2050104@csuohio.edu> Greetings, I have been attempting an existing Samba domain member server that is running Samba 3.2.15 to 3.3.9 (or 3.4.3) but in either case my AD users end up being unknown to the server. I am using the idmap rid on the member server - no changes allowed to AD server, AD server not managed by my group. So far any attempt using 3.3.9 or 3.4.3 fails with AD users not being identified. I am sure I have a broken config file, but have been unable to correct it on my own, nor have I been able to find an up-to-date example of how the smb.conf file for someone using idmap rid *should* look in the current versions of samba. I would *love* to see a working smb.conf file from someone using idmap rid on a AD member server with the tbd backend on a currnet version of samba. -------- I have left and rejoined the domain. Testjoin says I joined okay. wbinfo -g returns a list of groups However, wbinfo -t tells me checking the trust secret via RPC calls failed Could not check secret and is see the following from wbinfo -a 1001362%password plaintext password authentication succeeded could not obtain winbind interface details! could not obtain winbind separator! could not obtain winbind interface details! could not obtain winbind domain name! challenge/response password authentication succeeded finally from my hacked-up smb.conf file. # idmap uid and idmap gid are aliases for # winbind uid and winbid gid, respectively # OLD IDMAP SETTINGS - did not work # idmap backend = idmap_rid:CSUNET=10000-20000 # idmap uid = 10000-20000 # idmap gid = 10000-20000 # 3.2.14 IDMAP settings # idmap domains = CSUNET # idmap config CSUNET: default = yes # idmap config CSUNET: backend = rid # idmap config CSUNET: base_rid = 0 # idmap config CSUNET: range = 10000-100000000 # 3.3.9 IDMAP settings - still not working. # winbind separator = \ winbind use default domain = yes template homedir = /home/%U template shell = /usr/bin/bash # idmap backend = tdb idmap uid = 10000-100000000 idmap gid = 10000-100000000 idmap config CSUNET: default = yes idmap config CSUNET: backend = rid idmap config CSUNET: range = 10000-100000000 Thanks! -Bob -- *********************************************************************** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 r.martel at csuohio.edu -Jeff Lynne *********************************************************************** From psarmstr at gmail.com Tue Jan 5 11:40:56 2010 From: psarmstr at gmail.com (Paul) Date: Tue, 5 Jan 2010 10:40:56 -0800 Subject: [Samba] NTLMv2 in Sun's 'official' Samba 3.0.37? In-Reply-To: <4B436301.1020408@gmail.com> References: <1F71B146-65C2-48E0-847B-C5DF060A98AA@uq.edu.au> <4B436301.1020408@gmail.com> Message-ID: <8bf406091001051040t17e2284cic48ee8d48560b758@mail.gmail.com> On Tue, Jan 5, 2010 at 08:04, Gaiseric Vandal wrote: > It didn't work for me on Sun with Samba 3.0.37 either. ? ?I was under the > impression (quite possibly wrong) ?that for Win 7 support you would need > Samba 3.3.x or 3.4.x anyway. ? ?I have been testing the sunfreeware.com > version of samba 3.4.x (full zfs support seems to be missing) and compiling > it from scratch (getting kerberos enabled is a problem.) ?And hoping that a > Sun-provided build of 3.4.x comes out sometime in the next 6 months. ?3.0.x > line is hitting a dead end. ? ?(Dell has made our life easier in 2009 by > still shipping us machines with XP.) ? ?I have an open ticket with Sun on > separate issue with 3.0.37 so I am hoping this will let me find out what > their plans are. Their plans are to push 3.4: http://opensolaris.org/jive/thread.jspa?threadID=120279&tstart=15 -- It's time to finish going metric. http://gometric.us From bino at indoakses-online.com Tue Jan 5 18:51:33 2010 From: bino at indoakses-online.com (Bino Oetomo) Date: Wed, 06 Jan 2010 08:51:33 +0700 Subject: [Samba] PDC directory permission fail In-Reply-To: References: <4B428F6B.5070207@indoakses-online.com> Message-ID: <4B43ECA5.1010801@indoakses-online.com> Dear Serg and All ?????? wrote: > Hello, Bino! > > >> I use webmin to do the samba PDC configuration >> > IMHO, insuffisient > Agree ... I did some direct edit to conf file >> [warehouse] >> comment = Files of warehouse >> writeable = yes >> path = /hdd2/samba/groupfiles/warehouse >> >> when I create that share via webmin i use option : >> a. mode : 775 >> b. Create user : Root >> c. Create Group : warehouse. >> >> 4. From my XP station , I login to that domain with user name "wh01", >> the results is : >> a. Successfull login >> b. wh01 can create a file in the home directory (/home/wh01) >> > > >> But, wh01 can not write file to share "warehouse" >> > Which permission to the new file? May be 644? :) > IMHO, user have right to write directory, but have not right to write file. > Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions > > Thankyou for your enlightment I read that documentation, but I don't want uuser to be able to execute things in directory So I chage the share to : [warehouse] create mode = 660 path = /hdd2/samba/groupfiles/warehouse directory mode = 660 force group = warehouse (and the dircory is auto created with user:group as root:warehouse) Still the user with group "warehouse" can not access (event just "open") the directory so I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 760 path = /hdd2/samba/groupfiles/warehouse directory mode = 760 force group = warehouse Still the user with group "warehouse" can not access (event just "open") the directory Again, I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 770 path = /hdd2/samba/groupfiles/warehouse directory mode = 770 force group = warehouse And ... voila ... the user can access (read-write) into the shares ... But it'll means that the user can also "execute" somethings inside directory ... right ? Why we need the "execute" bit in directory permission just to let the user to "read and write only" ? Just fyi, my system is based on : ++ Ubuntu Jaunty ++ Samba 3.32 Sincerely -bino- From bnelson at cis.ysu.edu Tue Jan 5 19:13:28 2010 From: bnelson at cis.ysu.edu (Brian H. Nelson) Date: Tue, 05 Jan 2010 21:13:28 -0500 Subject: [Samba] PDC directory permission fail In-Reply-To: <4B43ECA5.1010801@indoakses-online.com> References: <4B428F6B.5070207@indoakses-online.com> <4B43ECA5.1010801@indoakses-online.com> Message-ID: <4B43F1C8.6040605@cis.ysu.edu> Bino Oetomo wrote: > And ... voila ... the user can access (read-write) into the shares ... > But it'll means that the user can also "execute" somethings inside > directory ... right ? > > Why we need the "execute" bit in directory permission just to let the > user to "read and write only" ? > That is how UNIX filesystem permissions work. 'Execute' on a directory allows traversal of (ie access into) the directory. From Wikipedia (http://en.wikipedia.org/wiki/File_system_permissions): There are three specific permissions on Unix-like systems that apply to each class: * The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory (but not to find out any further information about them such as contents, file type, size, ownership, permissions, etc.) * The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files. * The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled c++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see files inside the directory (unless read is set). Search Google for "unix permissions" if you need more understanding. -Brian From bino at indoakses-online.com Tue Jan 5 21:00:14 2010 From: bino at indoakses-online.com (Bino Oetomo) Date: Wed, 06 Jan 2010 11:00:14 +0700 Subject: [Samba] PDC directory permission fail In-Reply-To: <4B43F1C8.6040605@cis.ysu.edu> References: <4B428F6B.5070207@indoakses-online.com> <4B43ECA5.1010801@indoakses-online.com> <4B43F1C8.6040605@cis.ysu.edu> Message-ID: <4B440ACE.9080702@indoakses-online.com> Dear Brian and all Thankyou for your fast enlightment Brian H. Nelson wrote: > Bino Oetomo wrote: >> And ... voila ... the user can access (read-write) into the shares ... >> But it'll means that the user can also "execute" somethings inside >> directory ... right ? >> >> Why we need the "execute" bit in directory permission just to let the >> user to "read and write only" ? >> > > That is how UNIX filesystem permissions work. 'Execute' on a directory > allows traversal of (ie access into) the directory. > Understood. I Knew that for every "execute" will need "read", thats why every allow-execute will consequently allow-read. But how if i need allo-write (consequently will allow-read) + deny-execute ? AFAIK it will "6" or "2" in permission bit, right ? Sincerely -bino- From Guillaume.Rousse at inria.fr Wed Jan 6 08:05:32 2010 From: Guillaume.Rousse at inria.fr (Guillaume Rousse) Date: Wed, 06 Jan 2010 16:05:32 +0100 Subject: [Samba] strange issue with xerox printer: unable to configure driver In-Reply-To: <4B325210.1070305@sheridanc.on.ca> References: <28411036.960761260452915189.JavaMail.nabble@isper.nabble.com> <4B325210.1070305@sheridanc.on.ca> Message-ID: <4B44A6BC.6030702@inria.fr> Le 23/12/2009 18:23, Ryan Suarez a ?crit : > Hi, > > Still working this out with the vendor. > > Could you guys try this driver with the Xerox 7xxx model and let me know > if it plays nicer with samba? > > http://www.support.xerox.com/go/getfile.asp?Xlang=fr_FR&XCntry=FRA&objid=55425&EULA=1&prodID=WC7228_WC7235_WC7245&Family=WorkCentre&ripId=&langs=English%20(US)&plats=Windows%20XP&Xtype=download&uType= > > > > Their thoughts is the device mode issue which we're all familiar with: > "Be aware that a valid device mode can only be initiated by a _printer > admin_ > > or root (the reason should be obvious). Device modes can be correctly > set only by executing the printer driver program itself. Since Samba > cannot execute this Win32 platform driver code, it sets this field > initially to NULL (which is not a valid setting for clients to use). > Fortunately, most drivers automatically generate the printer driver data > that is needed when they are uploaded to the/ [print$]/ share with the > help of the APW or rpcclient. " I just tried. I can assign any driver, and correctly set default printing properties (which I can't with current driver). However, I can't print. I guess this is because my specific printer model (7435) is not supported by this old driver version: it's not listed, and I tried all included models without success. So far, I've got the choice between a printing-but-not-configurable driver, and a non-printing-but-configurable one :) -- Guillaume Rousse Service des Moyens Informatiques INRIA Saclay - ?le-de-France Parc Orsay Universit?, 4 rue J. Monod 91893 Orsay Cedex France Tel: 01 69 35 69 62 From mick.mueck at mac.com Wed Jan 6 10:44:08 2010 From: mick.mueck at mac.com (Mick Mueck) Date: Wed, 06 Jan 2010 12:44:08 -0500 Subject: [Samba] Newbie Samba question from a (lowly) Mac user Message-ID: <161124028806553846125514157093622658206-Webmail@me.com> Hi, I'm a Mac user working in a company that is PC and Linux dominated. I have a Mac at work and I funnel everything through it. I mount my Linux box onto my Mac using Samba, and navigate it's filesystem through the Finder and run programs on it while displaying all the X-windows back to my Mac. It all works very well, except for several annoying issues pertaining to Samba e.g. mounts often lock up, I can't copy a file into my own Linux hierarchy because it says my Linux machine has no space left (which is not right). I'm guessing this is all the Mac's fault due to it's version or implementation of Samba. Apple is not very good at supporting/updating this kind of thing. On macupdate.com I note that samba 3.4.3 is available for the Mac, but: 1. Unlike pretty much every other platform, there is no prebuilt binary/installer for the Mac. 2. It seems to be a server only and I'm guessing I just need a client. Assuming my Samba issues are all on the Mac side, does anyone have a recommendation about upgrading my machine to something better in the Samba department - I'm running the latest 10.6 Snow Leopard operating system. Please bear in mind that I'm just a 'user' and a genuine fish out of water when it comes to manually building a software installation ('make' and library linking etc). Many thanks in advance for your reply. From dale at BriannasSaladDressing.com Wed Jan 6 11:54:14 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Wed, 06 Jan 2010 12:54:14 -0600 Subject: [Samba] PDC directory permission fail In-Reply-To: <4B440ACE.9080702@indoakses-online.com> References: <4B428F6B.5070207@indoakses-online.com> <4B43ECA5.1010801@indoakses-online.com> <4B43F1C8.6040605@cis.ysu.edu> <4B440ACE.9080702@indoakses-online.com> Message-ID: <4B44DC56.1070600@BriannasSaladDressing.com> On 01/05/2010 10:00 PM, Bino Oetomo wrote: > Dear Brian and all > > Thankyou for your fast enlightment > > Brian H. Nelson wrote: >> Bino Oetomo wrote: >>> And ... voila ... the user can access (read-write) into the shares ... >>> But it'll means that the user can also "execute" somethings inside >>> directory ... right ? >>> >>> Why we need the "execute" bit in directory permission just to let >>> the user to "read and write only" ? >>> >> That is how UNIX filesystem permissions work. 'Execute' on a >> directory allows traversal of (ie access into) the directory. > > Understood. > I Knew that for every "execute" will need "read", thats why every > allow-execute will consequently allow-read. > > But how if i need allo-write (consequently will allow-read) + > deny-execute ? > AFAIK it will "6" or "2" in permission bit, right ? From your previous email, it sounds like you want is ==> create mode = 660 directory mode = 770 For other control parameters, see the "force" parameters regarding create/directory/security. For Ubuntu: Having the swat and samba-doc packages installed provides an excellent way to see all the available parameters with a corresponding link to an explanation of what each does, and what its default value is. Dale > > > Sincerely > -bino- From mrmazda at earthlink.net Wed Jan 6 12:09:58 2010 From: mrmazda at earthlink.net (Felix Miata) Date: Wed, 06 Jan 2010 14:09:58 -0500 Subject: [Samba] Newbie Samba question from a (lowly) Mac user In-Reply-To: <161124028806553846125514157093622658206-Webmail@me.com> References: <161124028806553846125514157093622658206-Webmail@me.com> Message-ID: <4B44E006.5040004@earthlink.net> On 2010/01/06 12:44 (GMT-0500) Mick Mueck composed: > I'm a Mac user working in a company that is PC and Linux dominated. I have a Mac at work and I funnel everything through it. I mount my Linux box onto my Mac using Samba, and navigate it's filesystem through the Finder and run programs on it while displaying all the X-windows back to my Mac. It all works very well, except for several annoying issues pertaining to Samba e.g. mounts often lock up, I can't copy a file into my own Linux hierarchy because it says my Linux machine has no space left (which is not right). I'm guessing this is all the Mac's fault due to it's version or implementation of Samba. Apple is not very good at supporting/updating this kind of thing. > On macupdate.com I note that samba 3.4.3 is available for the Mac, but: > 1. Unlike pretty much every other platform, there is no prebuilt binary/installer for the Mac. > 2. It seems to be a server only and I'm guessing I just need a client. > Assuming my Samba issues are all on the Mac side, does anyone have a recommendation about upgrading my machine to something better in the Samba department - I'm running the latest 10.6 Snow Leopard operating system. Please bear in mind that I'm just a 'user' and a genuine fish out of water when it comes to manually building a software installation ('make' and library linking etc). Answer by OS/2 user: Actually, Samba is server only. Client for using Samba shares has been called CIFS (on Linux at least; previously SMB) for a couple of years or more. Have you looked for a precompiled and/or updated CIFS for Mac? http://en.wikipedia.org/wiki/Cifs -- "Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other." John Adams, 2nd US President Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ From gandhi_pranav at yahoo.com Wed Jan 6 13:20:39 2010 From: gandhi_pranav at yahoo.com (Pranav Gandhi) Date: Wed, 6 Jan 2010 12:20:39 -0800 (PST) Subject: [Samba] NTLMV2(VISTA Client) not working with Samba 3.0.35 Message-ID: <404588.37739.qm@web51703.mail.re2.yahoo.com> Hi, Using Solaris 9 and Samba 3.0.35 with below configuration. [global] workgroup = AMERICAS server string = XXXXXXXXXXXX security = SERVER password server = XXXXXX,XXXXXXxx username map = /apps/samba/users.map lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 10 log file = /var/samba/log/log.%u max log size = 50 name resolve order = host lmhosts wins bcast load printers = No printcap name = /dev/null disable spoolss = Yes show add printer wizard = No os level = 5 lm announce = No preferred master = No local master = No domain master = No dns proxy = No create mask = 0644 oplocks = No Problem: VISTA users are not able to logon as security policy set to "NTLMV2 responses only". Company's policy would not allow me to change it. Any help will be appreciated. Regards, Gandhi From JKosin at intcomgrp.com Wed Jan 6 12:29:37 2010 From: JKosin at intcomgrp.com (James Kosin) Date: Wed, 6 Jan 2010 14:29:37 -0500 Subject: [Samba] PDC directory permission fail (Bino Oetomo) In-Reply-To: References: Message-ID: <3DBBD805E3BA064A87F551C0E8BD36740289723D@MAILSRV.intcomgrp.com> Bino, The permissions should be 770 for directories. They need execute privileges for directories to be able to get access to the directories. You should be able to set the files for 660 though I don't believe it will keep windows from executing a file. With 'force' before 'create mask' or 'directory mask' allows you to set bits. You should have 'create mask 660' to force files (other than directories) to not allow setting of the execute bit. And directories should usually be 'force directory mask 770' with maybe a 'directory mask 770' before this to prevent anyone allowing a directory to be read/writeable by everyone. James -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of samba-request at lists.samba.org Sent: Wednesday, January 06, 2010 2:00 PM To: samba at lists.samba.org Subject: samba Digest, Vol 85, Issue 6 ---------------------------------------------------------------------- Message: 1 Date: Wed, 06 Jan 2010 08:51:33 +0700 From: Bino Oetomo To: ?????? Cc: samba at lists.samba.org Subject: Re: [Samba] PDC directory permission fail Message-ID: <4B43ECA5.1010801 at indoakses-online.com> Content-Type: text/plain; charset=KOI8-R; format=flowed Dear Serg and All ?????? wrote: > Hello, Bino! > > >> I use webmin to do the samba PDC configuration >> > IMHO, insuffisient > Agree ... I did some direct edit to conf file >> [warehouse] >> comment = Files of warehouse >> writeable = yes >> path = /hdd2/samba/groupfiles/warehouse >> >> when I create that share via webmin i use option : >> a. mode : 775 >> b. Create user : Root >> c. Create Group : warehouse. >> >> 4. From my XP station , I login to that domain with user name "wh01", >> the results is : >> a. Successfull login >> b. wh01 can create a file in the home directory (/home/wh01) >> > > >> But, wh01 can not write file to share "warehouse" >> > Which permission to the new file? May be 644? :) > IMHO, user have right to write directory, but have not right to write file. > Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permi ssions > > Thankyou for your enlightment I read that documentation, but I don't want uuser to be able to execute things in directory So I chage the share to : [warehouse] create mode = 660 path = /hdd2/samba/groupfiles/warehouse directory mode = 660 force group = warehouse (and the dircory is auto created with user:group as root:warehouse) Still the user with group "warehouse" can not access (event just "open") the directory so I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 760 path = /hdd2/samba/groupfiles/warehouse directory mode = 760 force group = warehouse Still the user with group "warehouse" can not access (event just "open") the directory Again, I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 770 path = /hdd2/samba/groupfiles/warehouse directory mode = 770 force group = warehouse And ... voila ... the user can access (read-write) into the shares ... But it'll means that the user can also "execute" somethings inside directory ... right ? Why we need the "execute" bit in directory permission just to let the user to "read and write only" ? Just fyi, my system is based on : ++ Ubuntu Jaunty ++ Samba 3.32 Sincerely -bino- From mick.mueck at mac.com Wed Jan 6 14:31:54 2010 From: mick.mueck at mac.com (Mick Mueck) Date: Wed, 06 Jan 2010 16:31:54 -0500 Subject: [Samba] Newbie Samba question from a (lowly) Mac user In-Reply-To: <4B44E006.5040004@earthlink.net> References: <161124028806553846125514157093622658206-Webmail@me.com> <4B44E006.5040004@earthlink.net> Message-ID: <45359388946099058189674991633962646587-Webmail@me.com> Thanks Felix - I'll try searching in the SMB/CIFS universe for the latest Mac OS X compatible version. On Wednesday, January 06, 2010, at 02:09PM, "Felix Miata" wrote: >On 2010/01/06 12:44 (GMT-0500) Mick Mueck composed: > >> I'm a Mac user working in a company that is PC and Linux dominated. I have a Mac at work and I funnel everything through it. I mount my Linux box onto my Mac using Samba, and navigate it's filesystem through the Finder and run programs on it while displaying all the X-windows back to my Mac. It all works very well, except for several annoying issues pertaining to Samba e.g. mounts often lock up, I can't copy a file into my own Linux hierarchy because it says my Linux machine has no space left (which is not right). I'm guessing this is all the Mac's fault due to it's version or implementation of Samba. Apple is not very good at supporting/updating this kind of thing. > >> On macupdate.com I note that samba 3.4.3 is available for the Mac, but: >> 1. Unlike pretty much every other platform, there is no prebuilt binary/installer for the Mac. >> 2. It seems to be a server only and I'm guessing I just need a client. > >> Assuming my Samba issues are all on the Mac side, does anyone have a recommendation about upgrading my machine to something better in the Samba department - I'm running the latest 10.6 Snow Leopard operating system. Please bear in mind that I'm just a 'user' and a genuine fish out of water when it comes to manually building a software installation ('make' and library linking etc). > >Answer by OS/2 user: > >Actually, Samba is server only. Client for using Samba shares has been called >CIFS (on Linux at least; previously SMB) for a couple of years or more. Have >you looked for a precompiled and/or updated CIFS for Mac? > >http://en.wikipedia.org/wiki/Cifs >-- >"Our Constitution was made only for a moral and religious >people. It is wholly inadequate to the government of any >other." John Adams, 2nd US President > > Team OS/2 ** Reg. Linux User #211409 > >Felix Miata *** http://fm.no-ip.com/ >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > From mrmazda at earthlink.net Wed Jan 6 14:44:40 2010 From: mrmazda at earthlink.net (Felix Miata) Date: Wed, 06 Jan 2010 16:44:40 -0500 Subject: [Samba] Newbie Samba question from a (lowly) Mac user In-Reply-To: <45359388946099058189674991633962646587-Webmail@me.com> References: <161124028806553846125514157093622658206-Webmail@me.com> <4B44E006.5040004@earthlink.net> <45359388946099058189674991633962646587-Webmail@me.com> Message-ID: <4B450448.10704@earthlink.net> On 2010/01/06 16:31 (GMT-0500) Mick Mueck composed: > Felix Miata wrote: >>Answer by OS/2 user: >>Actually, Samba is server only. Client for using Samba shares has been called >>CIFS (on Linux at least; previously SMB) for a couple of years or more. Have >>you looked for a precompiled and/or updated CIFS for Mac? >>http://en.wikipedia.org/wiki/Cifs > Thanks Felix - I'll try searching in the SMB/CIFS universe for the latest Mac OS X compatible version. There was a typo in what I wrote. The old Linux name is SMBFS. SMB is the generic acronym for all this Samba/CIFS/SMBFS networking stuff. Also, read the URL I provided. According to it, the name change from smbfs to cifs didn't happen on Mac. -- "Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other." John Adams, 2nd US President Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ From linux at kukkukk.com Wed Jan 6 15:40:24 2010 From: linux at kukkukk.com (=?iso-8859-1?q?G=FCnter_Kukkukk?=) Date: Wed, 6 Jan 2010 23:40:24 +0100 Subject: [Samba] Newbie Samba question from a (lowly) Mac user In-Reply-To: <4B450448.10704@earthlink.net> References: <161124028806553846125514157093622658206-Webmail@me.com> <45359388946099058189674991633962646587-Webmail@me.com> <4B450448.10704@earthlink.net> Message-ID: <201001062340.24500.linux@kukkukk.com> Am Mittwoch 06 Januar 2010 22:44:40 schrieb Felix Miata: > On 2010/01/06 16:31 (GMT-0500) Mick Mueck composed: > > Felix Miata wrote: > >>Answer by OS/2 user: > >> > >>Actually, Samba is server only. Client for using Samba shares has been > >> called CIFS (on Linux at least; previously SMB) for a couple of years or > >> more. Have you looked for a precompiled and/or updated CIFS for Mac? > >> > >>http://en.wikipedia.org/wiki/Cifs > > > > Thanks Felix - I'll try searching in the SMB/CIFS universe for the latest > > Mac OS X compatible version. > > There was a typo in what I wrote. The old Linux name is SMBFS. SMB is the > generic acronym for all this Samba/CIFS/SMBFS networking stuff. Also, read > the URL I provided. According to it, the name change from smbfs to cifs > didn't happen on Mac. > just some additional notes regarding some client smb/cifs kernel modules: Linux: - smbfs (deprecated, no further development) - cifs (actively developed) Apple - Mac OS X: - smbfs This module is _not_ related to the one developed for linux, it's a separate implementation. Afaik - the source can be found here: http://www.opensource.apple.com/source/smb/smb-348.7/ Cheers, G?nter From kacper at kacper.se Wed Jan 6 17:57:35 2010 From: kacper at kacper.se (Kacper) Date: Thu, 7 Jan 2010 01:57:35 +0100 Subject: [Samba] Read-only fs Message-ID: Hi, I have a read-only fs and samba fails to start with the error message: Failed to open /var/lib/samba/secrets.tdb The file exists there but is of course read-only. Does samba need to write to this secret file or why doesn't it want to open that file? From bino at indoakses-online.com Wed Jan 6 18:26:49 2010 From: bino at indoakses-online.com (Bino Oetomo) Date: Thu, 07 Jan 2010 08:26:49 +0700 Subject: [Samba] PDC directory permission fail (Bino Oetomo) In-Reply-To: <3DBBD805E3BA064A87F551C0E8BD36740289723D@MAILSRV.intcomgrp.com> References: <3DBBD805E3BA064A87F551C0E8BD36740289723D@MAILSRV.intcomgrp.com> Message-ID: <4B453859.1050701@indoakses-online.com> Dear James, Dale, and ALL Thankyou for your enlightment Now I set things as you sugested, directories with 770 and files with 660 Case solved Sincerely -bino- James Kosin wrote: > Bino, > > The permissions should be 770 for directories. They need execute > privileges for directories to be able to get access to the directories. > You should be able to set the files for 660 though I don't believe it > will keep windows from executing a file. > > Dale Schroeder wrote: > From your previous email, it sounds like you want is ==> > > create mode = 660 > directory mode = 770 > > > Dale From peteolcott at gmail.com Wed Jan 6 19:09:17 2010 From: peteolcott at gmail.com (Peter Olcott) Date: Wed, 6 Jan 2010 20:09:17 -0600 Subject: [Samba] Setting up Samba with broadcast based name resolution (not WINS)++++++++++++++++++++ Message-ID: <87e0d5201001061809u3cce47efy4181dfb3cea7711d@mail.gmail.com> I am still trying to get my Fedora 11 based Samba 3.4 share to show up on windows My Red Hat 9.0 Samba share must be using broadcast based name resolution because the hosts file is empty, and none of the windows clients has a fixed IP address. Also ping shows that both the sever and the clients can find each other based on their name. It looks like broadcast name resolution is the best for my needs. Can anyone point me me to documentation on how to do this for Fedora 11? From jra at samba.org Wed Jan 6 22:34:52 2010 From: jra at samba.org (Jeremy Allison) Date: Wed, 6 Jan 2010 21:34:52 -0800 Subject: [Samba] Read-only fs In-Reply-To: References: Message-ID: <20100107053451.GA3718@jeremy-desktop> On Thu, Jan 07, 2010 at 01:57:35AM +0100, Kacper wrote: > Hi, > > I have a read-only fs and samba fails to start with the error message: > > Failed to open /var/lib/samba/secrets.tdb > > The file exists there but is of course read-only. Does samba need to > write to this secret file or why doesn't it want to open that file? Samba needs to be able to write to its tdb files whilst running, it needs to have read-write access to its internal state data. Jeremy. From portsbsd at gmail.com Wed Jan 6 22:39:34 2010 From: portsbsd at gmail.com (Alberto Moreno) Date: Wed, 6 Jan 2010 21:39:34 -0800 Subject: [Samba] samba with ldap + windows AD can work together? Message-ID: <3ffefd921001062139v3fbf3892lbfb316ae4f5bf23a@mail.gmail.com> Hi people. I have 2 domains right now: WinNT4 + Windows 2k3. A lot of u will say, why don't u just move everything to win2k3?.. well I prefer to work with linux/Unix. My question is this, I test the migration from NT4 to linux with ldap, it works and is not to difficult, my problem is this: All my printers are in the server running windows 2k3 my AD server, the NT4 users can access the resources from the win2k3 server without any issue, if I make the migration from NT4 to Linux, will my users lost the connection of the win2k3(AD) resources? Centos 5.4. Thanks!!! -- LIving the dream... From kseeger at samba.org Thu Jan 7 04:04:43 2010 From: kseeger at samba.org (Karolin Seeger) Date: Thu, 7 Jan 2010 12:04:43 +0100 Subject: [Samba] [Announce] Samba 3.4.4 Available for Download Message-ID: ================================================================= "If there is no struggle, there is no progress." Frederick Douglass ================================================================= Release Announcements ===================== This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.4 include: o Fix interdomain trust relationships with Win2008R2 (bug #6697). o Fix Winbind crashes when queried from nss (bug #6889). o Fix Winbind crash when retrieving empty group members (bug #7014). o Fix "UID range full" error in Winbind (bug #6901). o Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910). ###################################################################### Changes ####### Changes since 3.4.3 ------------------- o Michael Adam * BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time. * BUG 6901: Fix "UID range full" error in Winbind. * BUG 6910: Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend". o Jeremy Allison * BUG 6828: Fix infinite timeout when byte lock held outside of samba. * BUG 6837: Fix "Too many open files" message when trying to access a large number of files with Windows 7. * BUG 6841: Fix "map acl inherit = yes". * BUG 6867: Fix listing of directories with a lot of files. * BUG 6875: Fix DOS attributes on OS/2 clients. * BUG 6880: Fix listing of workgroup servers in libsmbclient. * BUG 6898: Samba duplicates file content on appending. * BUG 6939: Fix long filenames with "mangling method = hash". * BUG 7005: Fix "mangle method = hash" truncates files with dot "." character. o Kai Blin * BUG 4832: Fix iconv checks. o G?nther Deschner * BUG 6697: Fix interdomain trust relationships with Win2008R2. * BUG 6868: Support building with Heimdal we well as with MIT. * BUG 6889: Fix Winbind crashes when queried from nss. * BUG 6929: Fix build with recent heimdal. * Fix the build of the winbind krb5 locator plugin. * Fix enumprinter key client and server. o Volker Lendecke * BUG 6338: Do not always display "none" in 'net rpc trustdom list'. * BUG 6850: Fix shadow copy display on Windows 7. * BUG 6981: Fix paged search with DirX LDAP server. * BUG 6982: Remove erroneous out of memory error path in lookup_sid. * BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids. o Jim McDonough * BUG 6967: Fix 'net ads join' with OU. * BUG 7014: Fix Winbind crash when retrieving empty group members. o Andrew Tridgell * BUG 6918: Fix krb5 build problem on Ubuntu karmic. ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.4.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team From kseeger at samba.org Thu Jan 7 04:09:02 2010 From: kseeger at samba.org (Karolin Seeger) Date: Thu, 7 Jan 2010 12:09:02 +0100 Subject: [Samba] [Announce] Samba 3.5.0rc1 Available for Download Message-ID: Release Announcements ===================== This is the first release candidate of Samba 3.5. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.5.0 include: General changes: o Add support for full Windows timestamp resolution Protocol changes: o Experimental implementation of SMB2 Printing Changes: o Add encryption support for connections to a CUPS server Winbind changes: o Major refactoring o Asynchronous General changes: ================ Support for full Windows timestamp resolution has been added. This effectively makes us use Windows' full 100ns timestamp resolution if supported by the kernel (2.6.22 and higher) and the glibc (2.6 and higher). Protocol changes ================ An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be enabled by setting "max protocol = smb2". SMB2 is a new implementation of the SMB protocol used by Windows Vista and higher. Printing Changes ================ A new parameter "cups encrypt" has been added to control whether connections to CUPS servers will be encrypted or not. The default is to use unencrypted connections. Winbind changes =============== The Winbind daemon has been refactored internally to be asynchronous. The new Winbind will not be blocked by running 'wbinfo -g' or 'wbinfo -u'. ###################################################################### Changes ####### smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------- create krb5 conf New yes ctdb timeout New 0 cups encrypt New no debug hires timestamp Changed Default yes ldap deref New auto ldap follow referral New auto New configure options --------------------- --enable-external-libtdb Enable external tdb --enable-netapi Turn on netapi support --enable-pthreadpool Enable pthreads pool helper support --with-cifsumount Include umount.cifs (Linux only) support --with-codepagedir=DIR Where to put codepages Commit Highlights ================= o Bj?rn Jacke * Add support for full Windows timestamp resolution. * Add encryption support for connections to a CUPS server. o Volker Lendecke * Major internal refactoring of the Winbind daemon. * Make Winbind asynchronous. o Stefan Metzmacher * Implement the new SMB2 protocol (experimental). Changes since 3.5.0pre2 ----------------------- o Jeremy Allison * BUG 6837: Fix "Too many open files" when trying to access large number of files with Windows 7. * BUG 6939: Fix long filenames when "mangling method" is set to "hash". * BUG 7020: Fix smbd using 2G memory. * Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. * Vector correctly through reply_openerror() (which uses the same logic). * Fix bugs with the full Windows ACL support. o Kai Blin * Add a few missing gettext calls to the 'net' command. * Fix up a share type translation and translate some more strings in 'net'. o G?nther Deschner * Allow to call "pdbedit -N description -u user" without specifiyng "-r". * Add spoolss_DriverInfo7. * Fix rpcclient after setprinter IDL fixes. * Use generated krb5.conf in 'net ads testjoin'. o Jonas Gorski * BUG 6992: make test for getgrouplist cacheable. o Andr? Hentschel * Add some German translations for the 'net' command. o Suresh Jayaraman * Update mount.cifs man page with nounix option. o Volker Lendecke * Fix _samr_GetAliasMembership for results with 0 rids. * Fix an error case in cli_negprot. * Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. * Restore correct timeouts for SMB requests. * Fix a 64-bit error in libsmb. * Replace IS_DOMAIN_OFFLINE by a function in Winbind. * Simplify/cleanup Winbind code. o Kamen Mazdrashki * Fix write behind memory block in libtalloc. * Fix result check for getaddrinfo(). o Jim McDonough * BUG 7014: Fix Winbind crash when retrieving empty group members. o Brian Lu * BUG 6991: Create symbol links to shared libraries. o Stefan Metzmacher * Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. * Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. * Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. * Fix standalone 'make installdocs'. o Peter Rosin * Output %p as unsigned in snprintf replacement. o Ronnie Sahlberg * New attempt at TDB transaction nesting allow/disallow. o Kirill Smelkov * Remove swig stuff from libtdb. * Reset tdb->fd to -1 in tdb_close() in libtdb. o Simo Sorce * Change the way mksysms work in libtalloc. o Jelmer Vernooij * Also build and install tdb manpages from standalone tdb. o Bo Yang * Fix infinite loop in NCACN_IP_TCP as there is no timeout. * Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. * List trusted domains from wcache when domain is offline. ###################################################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== From moshe010 at gmail.com Thu Jan 7 06:14:33 2010 From: moshe010 at gmail.com (moshe levi) Date: Thu, 7 Jan 2010 15:14:33 +0200 Subject: [Samba] client samba swichover when when Primary Domain controler is down. Message-ID: <7398fc721001070514q2b6b4065w5b7c720d8ba261af@mail.gmail.com> Hi everyone, I have a question regrading samba client. I am using samba version 3.3.9 on Linux RedHat server 5 OS. I also have installed 2 Domain Controllers on windows 2008 R2 and with Active Directory. One domain controller is primary and the other one is backup. I ran a test that bring down the primary Domain controller. I expected that samba would recognize that the primary Domain controller is down and it will try to connect to the backup Domain Controller. But this didn't happen samba tried to connect the primary Domain controller I just want to know if this supported in samba 3.3.9 on Linux RedHat server 5, or I have configuration problem. From swehrly at gdeb.com Thu Jan 7 09:21:55 2010 From: swehrly at gdeb.com (Stuart Wehrly) Date: Thu, 7 Jan 2010 11:21:55 -0500 Subject: [Samba] Building Source 4 from 3.5 rc1 In-Reply-To: <7398fc721001070514q2b6b4065w5b7c720d8ba261af@mail.gmail.com> Message-ID: Greetings, I'm trying test Samba 4's AD. I can build the source 3 directory, but I'm experiencing issues building the source 4 and source 3 with merge build. I'm running a customized version of fedora. Below is a snippet of the console output when trying to run make along with the configure options. I have gnu make 3.81 and gcc 4.4.2 installed. source 3 w/merge build --enable-debug --enable-developer --prefix=/usr/local --enable-fhs --enable-automatic-dependencies --enable-merged-build Compiling winbindd/idmap.c Compiling winbindd/idmap_util.c Compiling winbindd/idmap_ldap.c Compiling winbindd/idmap_tdb.c Compiling winbindd/idmap_passdb.c Compiling winbindd/idmap_nss.c Compiling winbindd/nss_info.c Compiling winbindd/nss_info_template.c Compiling lib/tdb_validate.c Linking bin/winbindd Compiling ../nsswitch/wbinfo.c Linking bin/wbinfo ../nsswitch/wbinfo.o: In function `wbinfo_ping_dc': /storage/LSP4/contrib/samba351/samba-3.5.0rc1/source3/../nsswitch/wbinfo.c:790: undefined reference to `wbcPingDc' collect2: ld returned 1 exit status make: *** [bin/wbinfo] Error 1 source 4 --enable-debug --enable-developer --prefix=/usr/local --enable-fhs --enable-automatic-dependencies Samba will be compiled with flags: CPP = gcc4 -E CPPFLAGS = -I./include -I. -I./lib -I./../lib/replace -I./../lib/talloc -I./.. -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H CC = gcc4 CFLAGS = -g -DDEBUG_PASSWORD -DDEVELOPER -Wall -Wshadow -Werror-implicit-function-declaration -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wmissing-format-attribute -Wformat=2 -Wdeclaration-after-statement -Wunused-macros -Wno-format-y2k -Wno-unused-parameter PICFLAG = -fPIC BNLD = gcc4 BNLD_FLAGS = -Wl,--export-dynamic STLD = /usr/local/bin/ar STLD_FLAGS = -rcs SHLD = gcc4 SHLD_FLAGS = -shared -Wl,-Bsymbolic MDLD = gcc4 MDLD_FLAGS = -shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined SHLIBEXT = so srcdir = . builddir = . pwd = /storage/LSP4/contrib/samba351/samba-3.5.0rc1/source4 Compiling ../lib/util/unix_privs.c ../lib/util/unix_privs.c: In function 'privileges_destructor': ../lib/util/unix_privs.c:54: error: implicit declaration of function 'uwrap_geteuid' ../lib/util/unix_privs.c:55: error: implicit declaration of function 'uwrap_seteuid' The following command failed: gcc4 -g -DDEBUG_PASSWORD -DDEVELOPER -Wall -Wshadow -Werror-implicit-function-declaration -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wmissing-format-attribute -Wformat=2 -Wdeclaration-after-statement -Wunused-macros -Wno-format-y2k -Wno-unused-parameter -I../lib/talloc -Ilib/replace -fPIC -I./include -I. -I./lib -I./../lib/replace -I./../lib/talloc -I./.. -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H -c ../lib/util/unix_privs.c -o ../lib/util/unix_privs.o make: *** [../lib/util/unix_privs.o] Error 1 Any help would be appreciated. Thanks! Stuart From ken at jots.org Thu Jan 7 09:37:37 2010 From: ken at jots.org (Ken D'Ambrosio) Date: Thu, 7 Jan 2010 11:37:37 -0500 (EST) Subject: [Samba] Production-environment AD rollout? Message-ID: Hey, all. I've used Samba a lot, but took a job about four years ago during which time I've only used it for one-off projects. Looks like I might take a new job, though, and I'll get to call the shots. I'd *love* to have Samba with AD running things, and just have Windows in-place as clients (possibly with Exchange... can't win 'em all). Is this feasible in this day and age? I know (or, at least, think I do) that Samba isn't currently in shape to share DC duties with Windows boxes (at least, in a production environment), but can it be a standalone AD DC, perhaps with other Samba DCs? Thanks! -Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ryan.suarez at sheridanc.on.ca Thu Jan 7 09:54:10 2010 From: ryan.suarez at sheridanc.on.ca (Ryan Suarez) Date: Thu, 07 Jan 2010 11:54:10 -0500 Subject: [Samba] windows 7 and printer sharing In-Reply-To: <4B431C8A.70307@lixium.fr> References: <4B431C8A.70307@lixium.fr> Message-ID: <4B4611B2.8070908@sheridanc.on.ca> > BUT I don't even see my network on a Windows 7 computer (I applied the What happens when you click 'start' and '\\name_of_samba_server' on search bar? What version of samba are you running? From ryan.suarez at sheridanc.on.ca Thu Jan 7 09:57:55 2010 From: ryan.suarez at sheridanc.on.ca (Ryan Suarez) Date: Thu, 07 Jan 2010 11:57:55 -0500 Subject: [Samba] windows 7 and printer sharing In-Reply-To: References: <4B431C8A.70307@lixium.fr> Message-ID: <4B461293.8040802@sheridanc.on.ca> > the main advantage of SMB printing is automatic installation of drivers. > this is worth the trouble only if you have many clients. > (and to my knowledge it doesn't work with 64bits OS) > We run 64bit vista and windows clients. They work fine with samba. You can either upload 64bit drivers to the server or take advantage of point and print behaviour: "if Point and Print does not find an appropriate driver on the print server, it will attempt to find and install a driver with the correct file name from the local driver cab or driver store. The ability to look in the local driver cab is new starting with Windows XP" http://www.microsoft.com/windowsserver2003/techinfo/overview/pointandprint.mspx So by uploading a driver from a windows 32bit clients local repository to the samba server, 64bit client will automatically use the same driver from their local store. This was the easiest route for us. From yashwanth599 at gmail.com Thu Jan 7 11:03:03 2010 From: yashwanth599 at gmail.com (yashwanth kondeti) Date: Thu, 7 Jan 2010 12:03:03 -0600 Subject: [Samba] Adding client to Active Directory Message-ID: <4446828b1001071003s2f6e5c2cmc38e7df40442abbb@mail.gmail.com> Hello, I have a Unix system and would like to add it to the Windows A From yashwanth599 at gmail.com Thu Jan 7 11:08:48 2010 From: yashwanth599 at gmail.com (yashwanth kondeti) Date: Thu, 7 Jan 2010 12:08:48 -0600 Subject: [Samba] Merging with Active Directory Message-ID: <4446828b1001071008j52b19a7bl6e49a42810c898b0@mail.gmail.com> Hello, I have a Unix machine and would like to join it to a Windows Active Directory server client list. I am trying to use the Samba server for it but could not find the exact information I am looking for in the samba.orgwebsite. I shall be grateful to you if you could send me the exact link for the case with any possible instructions for installing and configuring it. From squeezer99 at gmail.com Thu Jan 7 11:11:23 2010 From: squeezer99 at gmail.com (Adam) Date: Thu, 07 Jan 2010 12:11:23 -0600 Subject: [Samba] Merging with Active Directory In-Reply-To: <4446828b1001071008j52b19a7bl6e49a42810c898b0@mail.gmail.com> References: <4446828b1001071008j52b19a7bl6e49a42810c898b0@mail.gmail.com> Message-ID: <4B4623CB.7070405@gmail.com> It's all documented in Samba 3 by Example.pdf and the Official Samba HowTo and Reference Guide yashwanth kondeti wrote: > Hello, > > I have a Unix machine and would like to join it to a Windows Active > Directory server client list. I am trying to use the Samba server for it but > could not find the exact information I am looking for in the > samba.orgwebsite. I shall be grateful to you if you could send me the > exact link for > the case with any possible instructions for installing and configuring it. > From requate at univention.de Thu Jan 7 12:00:13 2010 From: requate at univention.de (Arvid Requate) Date: Thu, 7 Jan 2010 20:00:13 +0100 Subject: [Samba] LDAP_NO_SUCH_OBJECT upon new user creation in s4/OpenLDAP Message-ID: <201001072000.13734.requate@univention.de> Hello, on Mon, 07 Dec 2009 01:13:19 -0800 Eric Woltermann posted: > for some weeks now I am trying to set up Samba4 (alpha9) with an OpenLDAP 2.4.17 backend as an AD PDC for my XP/7 clients. It was working for some time with Samba's integrated LDAP facility, however I could not figure out how to use this database e.g. to authenticate my IMAP users against (bind-dn, port etc.). OpenLDAP was compiled from source using --enable-modules=yes and --enable-overlays=yes. Provisioning samba using the command line > > setup/provision --ldap-backend-type=openldap --slapd-path="/usr/sbin/slapd" --username=samba-admin --realm=localdomain --domain=Heimnetz --server-role='domain controller' --adminpass=somepass > > ran through, although there were errors about slapd (id2entry.bdb not found, NT_STATUS_UNEXPECTED_NETWORK_ERROR, slapd unable to start). Afterwards, slapd and samba start fine, I can join machines to the domain "Heimnetz" (DNS is also working properly), login using the "administrator" account and have a look at the AD via dsa.msc. Was is NOT working is the creation of new users. Doing that in dsa.msc failes with an error message about password policies, but this is probably not yet implemented, right? Going the howto-way, "/setup/newuser blah" prompts for a password, displays messages about skipping the loading of schema, naming context details and domain details, and then failes with the following error message: > > _ldb.LdbError: (32, 'objectclass: Cannot add CN=blah,CN=Users,DC=localdomain, parent does not exist!') Alpha10 showed the same problem. Looking into the code you can see that it accepts options to pass credentials. Providing the 'LDAP Admin User' name and password from the output of the provision command helps, although the AssertionError looks a bit discouaging at first sight: debiantest:~# newuser --username=samba-admin --password=$ldapadminpass demo1 New Password: Traceback (most recent call last): File "/usr/local/samba/sbin/newuser", line 69, in samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login_req=opts.must_change_at_next_login) File "/usr/local/samba/lib/python2.5/site-packages/samba/samdb.py", line 133, in newuser force_password_change_at_next_login_req) File "/usr/local/samba/lib/python2.5/site-packages/samba/samdb.py", line 172, in setpassword assert(len(res) == 1) AssertionError The user object has been created anyway, but it is still unactive: debiantest:~# smbclient //localhost/netlogon -Udemo1%S4password Connection to \\localhost\netlogon failed - NT_STATUS_LOGON_FAILURE Using windows dsa.msc to create the user, I got a NT_STATUS_ACCOUNT_DISABLED instead. You can enable the account by running setup/setpassword (or setup/enableaccount). Regards, Arvid -- Arvid Requate Open Source Software Engineer Univention GmbH Linux for your business Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-0 Fax : +49 421 22232-99 requate at univention.de http://www.univention.de Gesch?ftsf?hrer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876 From presgas at gmail.com Thu Jan 7 12:44:01 2010 From: presgas at gmail.com (Robert Freeman-Day) Date: Thu, 7 Jan 2010 14:44:01 -0500 (EST) Subject: [Samba] Merging with Active Directory In-Reply-To: <4B4623CB.7070405@gmail.com> References: <4446828b1001071008j52b19a7bl6e49a42810c898b0@mail.gmail.com> <4B4623CB.7070405@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To help you narrow it down a bit, you will want to look for the "Domain Member" sections in the documentation that Adam mentioned. Robert On Thu, 7 Jan 2010, Adam wrote: > Date: Thu, 07 Jan 2010 12:11:23 -0600 > From: Adam > To: yashwanth kondeti > Cc: samba at lists.samba.org > Subject: Re: [Samba] Merging with Active Directory > > It's all documented in Samba 3 by Example.pdf and the Official Samba HowTo > and Reference Guide > > yashwanth kondeti wrote: >> Hello, >> >> I have a Unix machine and would like to join it to a Windows >> Active >> Directory server client list. I am trying to use the Samba server for it >> but >> could not find the exact information I am looking for in the >> samba.orgwebsite. I shall be grateful to you if you could send me the >> exact link for >> the case with any possible instructions for installing and configuring it. >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > - ---Robert Freeman-Day - --------------- I would really like you to be on my side, but the side you show me isn't what I had in mind. - -Judybats GPG Public Key: http:keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktGOYIACgkQup357T5MfTZc5ACgwW+rckg31GEuZ/uVhsxvga36 SXkAoLhgUeMBQOOQ1Vy26WH0vZZwoIyX =B7IV -----END PGP SIGNATURE----- From gaiseric.vandal at gmail.com Thu Jan 7 13:29:16 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Thu, 07 Jan 2010 15:29:16 -0500 Subject: [Samba] Production-environment AD rollout? Message-ID: <4B46441C.5090804@gmail.com> On 01/07/10 11:37, Ken D'Ambrosio wrote: > Hey, all. I've used Samba a lot, but took a job about four years ago > during which time I've only used it for one-off projects. Looks like I > might take a new job, though, and I'll get to call the shots. I'd *love* > to have Samba with AD running things, and just have Windows in-place as > clients (possibly with Exchange... can't win 'em all). > > Is this feasible in this day and age? I know (or, at least, think I do) > that Samba isn't currently in shape to share DC duties with Windows boxes > (at least, in a production environment), but can it be a standalone AD DC, > perhaps with other Samba DCs? > > Thanks! > > -Ken > > > Samba 3 (to be best of my knowledge) can not be an AD DC. It can however be a "NT4-style" DC. You can have multiple DC's with Samba (PDC plus one or more BDC.) If you are running MS Exchange, you will need an AD DC. In my environment we a separate AD domain for MS Exchange, and have to duplicate some of the accounts. I think even if I had trusts set up between the two domains, MS Exchange would not let me create accounts for an "NT4" user. You could still make Samba 3.x a member server in the AD domain. From gaiseric.vandal at gmail.com Thu Jan 7 13:32:53 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Thu, 07 Jan 2010 15:32:53 -0500 Subject: [Samba] samba with ldap + windows AD can work together? In-Reply-To: <3ffefd921001062139v3fbf3892lbfb316ae4f5bf23a@mail.gmail.com> References: <3ffefd921001062139v3fbf3892lbfb316ae4f5bf23a@mail.gmail.com> Message-ID: <4B4644F5.8030800@gmail.com> On 01/07/10 00:39, Alberto Moreno wrote: > Hi people. > > I have 2 domains right now: > > WinNT4 + Windows 2k3. > > A lot of u will say, why don't u just move everything to win2k3?.. > well I prefer to work with linux/Unix. > > My question is this, I test the migration from NT4 to linux with > ldap, it works and is not to difficult, my problem is this: > > All my printers are in the server running windows 2k3 my AD server, > the NT4 users can access the resources from the win2k3 server without > any issue, if I make the migration from NT4 to Linux, will my users > lost the connection of the win2k3(AD) resources? > > Centos 5.4. > > Thanks!!! > > Do you have trusts setup between the two domains or are the printers shared for anon access? If you vampire the NT4 accounts to your new linux samba DC then in theory everything should stay the same. In practice I have found that Samba/Windows trusts are flaky so I would either (a) make sure you can access shared printers w/o trusts and (b) have a provision for sharing printers from the Samba machine or a Windows server in your "samba" domain. From requate at univention.de Thu Jan 7 14:00:02 2010 From: requate at univention.de (Arvid Requate) Date: Thu, 7 Jan 2010 22:00:02 +0100 Subject: [Samba] LDAP_NO_SUCH_OBJECT upon new user creation in s4/OpenLDAP Message-ID: <201001072200.02427.requate@univention.de> Hello, sorry for the misquoted post. This one might be easier to read. on Mon, 07 Dec 2009 01:13:19 -0800 Eric Woltermann posted: > for some weeks now I am trying to set up Samba4 (alpha9) with an OpenLDAP > 2.4.17 backend as an AD PDC for my XP/7 clients. > [...] > Was is NOT working is the creation of new users. > Doing that in dsa.msc failes with an error message about password policies, > but this is probably not yet implemented, right? Going the > howto-way, "/setup/newuser blah" prompts for a password, > displays messages about skipping the loading of schema, naming context > details and domain details, and then failes with the following error > message: > > _ldb.LdbError: (32, 'objectclass: Cannot add > CN=blah,CN=Users,DC=localdomain, parent does not exist!') Alpha10 showed the same problem. Looking into the code you can see that it accepts options to pass credentials. Providing the 'LDAP Admin User' name and password from the output of the provision command helps, although the AssertionError looks a bit discouaging at first sight: debiantest:~# newuser --username=samba-admin --password=$ldapadminpass demo1 New Password: Traceback (most recent call last): ? File "/usr/local/samba/sbin/newuser", line 69, in ? ? samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login_req=opts.must_change_at_next_login) ? File "/usr/local/samba/lib/python2.5/site-packages/samba/samdb.py", line 133, in newuser ? ? force_password_change_at_next_login_req) ? File "/usr/local/samba/lib/python2.5/site-packages/samba/samdb.py", line 172, in setpassword ? ? assert(len(res) == 1) AssertionError The user object has been created anyway, but it is still inactive: debiantest:~# smbclient //localhost/netlogon -Udemo1%S4password Connection to \\localhost\netlogon failed - NT_STATUS_LOGON_FAILURE Using windows dsa.msc to create the user, I got a NT_STATUS_ACCOUNT_DISABLED instead, trying to access netlogon. You can enable the account by running setup/setpassword (or setup/enableaccount). Regards, Arvid -- Arvid Requate Open Source Software Engineer Univention GmbH Linux for your business Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-0 Fax : +49 421 22232-99 requate at univention.de http://www.univention.de Gesch?ftsf?hrer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876 From learner.study at gmail.com Thu Jan 7 14:05:35 2010 From: learner.study at gmail.com (Learner Study) Date: Thu, 7 Jan 2010 16:05:35 -0500 Subject: [Samba] sendfile In-Reply-To: References: <7efa8a7d0912221819y51fba3f6xaa7e460bac88cead@mail.gmail.com> Message-ID: <7efa8a7d1001071305g1bbe659by3d5418820a4d1905@mail.gmail.com> Hi Volker: 1. sendfile() takes a input-fd and out-fd so why can't that be used for WRITE operation (i.e. reading from socket fd on network side and writing to file fd towards the disk). 2. Without sendfile() (in WRITE operation), data is read from socket in user space before being written back to the disk (kernel space). So, there are two copies (one during socket read and second during disk write). Is that correct understanding? Thanks a lot! On Wed, Dec 23, 2009 at 4:33 AM, Volker Lendecke wrote: > On Tue, Dec 22, 2009 at 06:19:52PM -0800, Learner Study wrote: >> I understand from the samba code (3.0.25) that we use sendfile during >> client's Read operation. Is there a reason for not using the same for >> write operation? Is it to do with header processing etc. > > Under Linux, I have not yet found a recvfile function. There > is splice, but at least until recently this was only usable > in multi-threaded applications which Samba is not. In > current Samba there is code to use recvfile when it is > available, and a not-used version of splice code. > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAksx49AACgkQbZMKAi3WUklmUQCeJrzs7yMd/Uc1OeLOR3CNsxlM > T+UAnjeK6AGTm2RSgVR4Ff9FHKiAsaFZ > =GyRP > -----END PGP SIGNATURE----- > > From learner.study at gmail.com Thu Jan 7 14:05:35 2010 From: learner.study at gmail.com (Learner Study) Date: Thu, 7 Jan 2010 16:05:35 -0500 Subject: [Samba] sendfile In-Reply-To: References: <7efa8a7d0912221819y51fba3f6xaa7e460bac88cead@mail.gmail.com> Message-ID: <7efa8a7d1001071305g1bbe659by3d5418820a4d1905@mail.gmail.com> Hi Volker: 1. sendfile() takes a input-fd and out-fd so why can't that be used for WRITE operation (i.e. reading from socket fd on network side and writing to file fd towards the disk). 2. Without sendfile() (in WRITE operation), data is read from socket in user space before being written back to the disk (kernel space). So, there are two copies (one during socket read and second during disk write). Is that correct understanding? Thanks a lot! On Wed, Dec 23, 2009 at 4:33 AM, Volker Lendecke wrote: > On Tue, Dec 22, 2009 at 06:19:52PM -0800, Learner Study wrote: >> I understand from the samba code (3.0.25) that we use sendfile during >> client's Read operation. Is there a reason for not using the same for >> write operation? Is it to do with header processing etc. > > Under Linux, I have not yet found a recvfile function. There > is splice, but at least until recently this was only usable > in multi-threaded applications which Samba is not. In > current Samba there is code to use recvfile when it is > available, and a not-used version of splice code. > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAksx49AACgkQbZMKAi3WUklmUQCeJrzs7yMd/Uc1OeLOR3CNsxlM > T+UAnjeK6AGTm2RSgVR4Ff9FHKiAsaFZ > =GyRP > -----END PGP SIGNATURE----- > > From david at vizion2000.net Thu Jan 7 15:34:31 2010 From: david at vizion2000.net (David Southwell) Date: Thu, 7 Jan 2010 22:34:31 +0000 Subject: [Samba] Panic tdb problem?? Message-ID: <201001072234.31106.david@vizion2000.net> Hi Can anyone please tell me what is happening here and how to cure it System: freebsd 7.2 p3 Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] lib/util.c:reinit_after_fork(1054) Jan 7 22:23:14 dns1 smbd[3227]: tdb_reopen_all failed. Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] smbd/server.c:open_sockets_smbd(773) Jan 7 22:23:14 dns1 smbd[3227]: reinit_after_fork() failed Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] lib/util.c:smb_panic(1673) Jan 7 22:23:14 dns1 smbd[3227]: PANIC (pid 3227): reinit_after_fork() failed Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] lib/util.c:log_stack_trace(1777) Jan 7 22:23:14 dns1 smbd[3227]: BACKTRACE: 0 stack frames: Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] lib/fault.c:dump_core(231) Jan 7 22:23:14 dns1 smbd[3227]: dumping core in /var/log/samba/cores/smbd Jan 7 22:23:14 dns1 smbd[3227]: Jan 7 22:24:04 dns1 sshd[3248]: error: PAM: authentication error for illegal user phoebe from 90.182.211.25 Jan 7 22:26:21 dns1 qpopper[3280]: [drac]: login by mailman from host dns1.vizion2000.net (62.49.197.50) [drac.c:51] Jan 7 22:26:21 dns1 qpopper[3280]: Stats: mailman 0 0 0 0 dns1.vizion2000.net 62.49.197.50 [pop_updt.c:301] Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] lib/util_tdb.c:tdb_log(682) Jan 7 22:26:41 dns1 smbd[3282]: tdb(/var/db/samba/gencache.tdb): tdb_reopen: open failed (No such file or directory) Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] lib/util.c:reinit_after_fork(1054) Jan 7 22:26:41 dns1 smbd[3282]: tdb_reopen_all failed. Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] smbd/server.c:open_sockets_smbd(773) Jan 7 22:26:41 dns1 smbd[3282]: reinit_after_fork() failed Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] lib/util.c:smb_panic(1673) Jan 7 22:26:41 dns1 smbd[3282]: PANIC (pid 3282): reinit_after_fork() failed Jan 7 22:26:41 dns1 kernel: pid 3282 (smbd), uid 0: exited on signal 6 Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] lib/util.c:log_stack_trace(1777) Jan 7 22:26:41 dns1 smbd[3282]: BACKTRACE: 0 stack frames: Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] lib/fault.c:dump_core(231) Jan 7 22:26:41 dns1 smbd[3282]: dumping core in /var/log/samba/cores/smbd Jan 7 22:26:41 dns1 smbd[3282]: Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] lib/util_tdb.c:tdb_log(682) Jan 7 22:26:41 dns1 smbd[3283]: tdb(/var/db/samba/gencache.tdb): tdb_reopen: open failed (No such file or directory) Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] lib/util.c:reinit_after_fork(1054) Jan 7 22:26:41 dns1 smbd[3283]: tdb_reopen_all failed. Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] smbd/server.c:open_sockets_smbd(773) Jan 7 22:26:41 dns1 smbd[3283]: reinit_after_fork() failed Jan 7 22:26:41 dns1 kernel: pid 3283 (smbd), uid 0: exited on signal 6 Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] lib/util.c:smb_panic(1673) Jan 7 22:26:41 dns1 smbd[3283]: PANIC (pid 3283): reinit_after_fork() failed Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] lib/util.c:log_stack_trace(1777) Jan 7 22:26:41 dns1 smbd[3283]: BACKTRACE: 0 stack frames: Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] lib/fault.c:dump_core(231) Jan 7 22:26:41 dns1 smbd[3283]: dumping core in /var/log/samba/cores/smbd Jan 7 22:26:41 dns1 smbd[3283]: Jan 7 22:26:41 dns1 kernel: pid 3284 (smbd), uid 0: exited on signal 6 Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] lib/util_tdb.c:tdb_log(682) Jan 7 22:26:41 dns1 smbd[3284]: tdb(/var/db/samba/gencache.tdb): tdb_reopen: open failed (No such file or directory) Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] lib/util.c:reinit_after_fork(1054) Jan 7 22:26:41 dns1 smbd[3284]: tdb_reopen_all failed. Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] smbd/server.c:open_sockets_smbd(773) Jan 7 22:26:41 dns1 smbd[3284]: reinit_after_fork() failed Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] lib/util.c:smb_panic(1673) Jan 7 22:26:41 dns1 smbd[3284]: PANIC (pid 3284): reinit_after_fork() failed Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] lib/util.c:log_stack_trace(1777) Jan 7 22:26:41 dns1 smbd[3284]: BACKTRACE: 0 stack frames: Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] lib/fault.c:dump_core(231) Jan 7 22:26:41 dns1 smbd[3284]: dumping core in /var/log/samba/cores/smbd Jan 7 22:26:41 dns1 smbd[3284]: From gaiseric.vandal at gmail.com Thu Jan 7 15:40:03 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Thu, 07 Jan 2010 17:40:03 -0500 Subject: [Samba] Panic tdb problem?? In-Reply-To: <201001072234.31106.david@vizion2000.net> References: <201001072234.31106.david@vizion2000.net> Message-ID: <4B4662C3.6060209@gmail.com> On 01/07/10 17:34, David Southwell wrote: > Hi > > Can anyone please tell me what is happening here and how to cure it > > System: freebsd 7.2 p3 > > Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] > lib/util.c:reinit_after_fork(1054) > Jan 7 22:23:14 dns1 smbd[3227]: tdb_reopen_all failed. > Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] > smbd/server.c:open_sockets_smbd(773) > Jan 7 22:23:14 dns1 smbd[3227]: reinit_after_fork() failed > Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] > lib/util.c:smb_panic(1673) > Jan 7 22:23:14 dns1 smbd[3227]: PANIC (pid 3227): reinit_after_fork() > failed > Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] > lib/util.c:log_stack_trace(1777) > Jan 7 22:23:14 dns1 smbd[3227]: BACKTRACE: 0 stack frames: > Jan 7 22:23:14 dns1 smbd[3227]: [2010/01/07 22:23:14, 0] > lib/fault.c:dump_core(231) > Jan 7 22:23:14 dns1 smbd[3227]: dumping core in /var/log/samba/cores/smbd > Jan 7 22:23:14 dns1 smbd[3227]: > Jan 7 22:24:04 dns1 sshd[3248]: error: PAM: authentication error for illegal > user phoebe from 90.182.211.25 > Jan 7 22:26:21 dns1 qpopper[3280]: [drac]: login by mailman from host > dns1.vizion2000.net (62.49.197.50) [drac.c:51] > Jan 7 22:26:21 dns1 qpopper[3280]: Stats: mailman 0 0 0 0 dns1.vizion2000.net > 62.49.197.50 [pop_updt.c:301] > Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] > lib/util_tdb.c:tdb_log(682) > Jan 7 22:26:41 dns1 smbd[3282]: tdb(/var/db/samba/gencache.tdb): > tdb_reopen: open failed (No such file or directory) > Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] > lib/util.c:reinit_after_fork(1054) > Jan 7 22:26:41 dns1 smbd[3282]: tdb_reopen_all failed. > Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] > smbd/server.c:open_sockets_smbd(773) > Jan 7 22:26:41 dns1 smbd[3282]: reinit_after_fork() failed > Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] > lib/util.c:smb_panic(1673) > Jan 7 22:26:41 dns1 smbd[3282]: PANIC (pid 3282): reinit_after_fork() > failed > Jan 7 22:26:41 dns1 kernel: pid 3282 (smbd), uid 0: exited on signal 6 > Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] > lib/util.c:log_stack_trace(1777) > Jan 7 22:26:41 dns1 smbd[3282]: BACKTRACE: 0 stack frames: > Jan 7 22:26:41 dns1 smbd[3282]: [2010/01/07 22:26:41, 0] > lib/fault.c:dump_core(231) > Jan 7 22:26:41 dns1 smbd[3282]: dumping core in /var/log/samba/cores/smbd > Jan 7 22:26:41 dns1 smbd[3282]: > Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] > lib/util_tdb.c:tdb_log(682) > Jan 7 22:26:41 dns1 smbd[3283]: tdb(/var/db/samba/gencache.tdb): > tdb_reopen: open failed (No such file or directory) > Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] > lib/util.c:reinit_after_fork(1054) > Jan 7 22:26:41 dns1 smbd[3283]: tdb_reopen_all failed. > Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] > smbd/server.c:open_sockets_smbd(773) > Jan 7 22:26:41 dns1 smbd[3283]: reinit_after_fork() failed > Jan 7 22:26:41 dns1 kernel: pid 3283 (smbd), uid 0: exited on signal 6 > Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] > lib/util.c:smb_panic(1673) > Jan 7 22:26:41 dns1 smbd[3283]: PANIC (pid 3283): reinit_after_fork() > failed > Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] > lib/util.c:log_stack_trace(1777) > Jan 7 22:26:41 dns1 smbd[3283]: BACKTRACE: 0 stack frames: > Jan 7 22:26:41 dns1 smbd[3283]: [2010/01/07 22:26:41, 0] > lib/fault.c:dump_core(231) > Jan 7 22:26:41 dns1 smbd[3283]: dumping core in /var/log/samba/cores/smbd > Jan 7 22:26:41 dns1 smbd[3283]: > Jan 7 22:26:41 dns1 kernel: pid 3284 (smbd), uid 0: exited on signal 6 > Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] > lib/util_tdb.c:tdb_log(682) > Jan 7 22:26:41 dns1 smbd[3284]: tdb(/var/db/samba/gencache.tdb): thepa > tdb_reopen: open failed (No such file or directory) > Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] > lib/util.c:reinit_after_fork(1054) > Jan 7 22:26:41 dns1 smbd[3284]: tdb_reopen_all failed. > Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] > smbd/server.c:open_sockets_smbd(773) > Jan 7 22:26:41 dns1 smbd[3284]: reinit_after_fork() failed > Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] > lib/util.c:smb_panic(1673) > Jan 7 22:26:41 dns1 smbd[3284]: PANIC (pid 3284): reinit_after_fork() > failed > Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] > lib/util.c:log_stack_trace(1777) > Jan 7 22:26:41 dns1 smbd[3284]: BACKTRACE: 0 stack frames: > Jan 7 22:26:41 dns1 smbd[3284]: [2010/01/07 22:26:41, 0] > lib/fault.c:dump_core(231) > Jan 7 22:26:41 dns1 smbd[3284]: dumping core in /var/log/samba/cores/smbd > Jan 7 22:26:41 dns1 smbd[3284]: > Do the tdb files mention in fact exist? Can you use tdbdump to verify that the files seem to contain datab? Did you update your smb.conf recently to change the location of the locks or private directory? From kevinkhill at gmail.com Thu Jan 7 21:14:44 2010 From: kevinkhill at gmail.com (Kevin Hill) Date: Thu, 07 Jan 2010 20:14:44 -0800 Subject: [Samba] Trouble with Samba on boot Message-ID: <4B46B134.7050101@gmail.com> When my server boots up, samba doesn't load itself at boot. I have to login Webmin and restart the Samba server, then everything works fine. Ubuntu Server edition 9.04 -> 9.10 (its upgrading right now) Thanks -Kevin From t-oota at dh.jp.nec.com Fri Jan 8 01:19:19 2010 From: t-oota at dh.jp.nec.com (ITPFS oota) Date: Fri, 8 Jan 2010 17:19:19 +0900 Subject: [Samba] Samba 3.4.4 document bug In-Reply-To: References: Message-ID: <20100108081919.GB24603@mail.linux.bs1.fc.nec.co.jp> in pdbedit.8.xml, I found bug. in version 3.4.4 ,add -K|--kickoff-time option, but, it not found in pdbedit -L -v -w -u username -f fullname -h homedir -D drive -S script -p profile <----here? -a -t, --password-from-stdin -m -r -x -- --- Oota Toshiya --- t-oota at dh.jp.nec.com NEC Systems Software Operations Unit Shiba,Minato,Tokyo IT Platform Solutions Division Japan,Earth,Solar system (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster) From peter.de.groot at det.wa.edu.au Fri Jan 8 02:26:19 2010 From: peter.de.groot at det.wa.edu.au (Peter de Groot) Date: Fri, 08 Jan 2010 17:26:19 +0800 Subject: [Samba] net join issues with 2 domains with a trust relationship Message-ID: <4B46FA3B.3010206@det.wa.edu.au> I am trying to join a machine to one domain using the credentials from another.. Yes .. I do have the privileges :-) kinit works. It used to work (3.0.28a) .... but with later revs I get this sort of error. Bit irritating, as I have to ask somebody with admin privs to do it for me ... root at curric4182-07:/home/peter# net ads join -U e2052982 at ADMIN4182.INTERNAL Enter e2052982 at ADMIN4182.INTERNAL's password: [2010/01/08 17:08:57, 0] libads/kerberos.c:332(ads_kinit_password) kerberos_kinit_password e2052982 at ADMIN4182.INTERNAL@CURRIC4182.INTERNAL failed: Malformed representation of principal Failed to join domain: failed to connect to AD: Malformed representation of principal From Volker.Lendecke at SerNet.DE Fri Jan 8 03:30:03 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Fri, 8 Jan 2010 11:30:03 +0100 Subject: [Samba] Panic tdb problem?? In-Reply-To: <201001072234.31106.david@vizion2000.net> References: <201001072234.31106.david@vizion2000.net> Message-ID: On Thu, Jan 07, 2010 at 10:34:31PM +0000, David Southwell wrote: > Can anyone please tell me what is happening here and how to cure it > > System: freebsd 7.2 p3 What samba version? There have been versions in between that showed this probelm. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From marco.barbero at gmail.com Fri Jan 8 05:13:34 2010 From: marco.barbero at gmail.com (Marco Barbero) Date: Fri, 8 Jan 2010 13:13:34 +0100 Subject: [Samba] purging wrong wins entry? Message-ID: Hi. This morning I had to change 'netbios name' on Samba PDC. After that I restarted samba. Now I have noticed I have two wins entries pointing to same IP address, one with old netbios name, other with new netbios name. Deleting wins.dat and restarting samba does not solve the issue. Deleting entries related to old netbios name from wins.dat and restarting samba does not solve the issue too. What am I missing? Thanks in advance From marco.barbero at gmail.com Fri Jan 8 07:34:44 2010 From: marco.barbero at gmail.com (Marco Barbero) Date: Fri, 8 Jan 2010 15:34:44 +0100 Subject: [Samba] purging wrong wins entry? In-Reply-To: References: Message-ID: > This morning I had to change 'netbios name' on Samba PDC. ?After that > I restarted samba. ? Now I have noticed I have two wins entries > pointing to same IP address, one with old netbios name, other with new > netbios name. ?Deleting wins.dat and restarting samba does not solve > the issue. ?Deleting entries related to old netbios name from wins.dat > and restarting samba does not solve the issue too. solved: /etc/init.d/samba stop rm -f gencache.tdb wins.tdb wins.dat /etc/init.d/samba start thanks From marcin.giedz at arise.pl Fri Jan 8 08:02:18 2010 From: marcin.giedz at arise.pl (Marcin Giedz) Date: Fri, 08 Jan 2010 16:02:18 +0100 Subject: [Samba] How SMB client recognizes when to use PDC or BDC Message-ID: <4B4748FA.9080608@arise.pl> Hi, Maybe this was asked many time (although can't find it on google). Let's assume 2 scenarios: 1) I've got local network where PDC and BDC are set up. PDC is working fine so the BDC is. When it's possible for any XP client to use BDC instead of PDC? I read in samba docs that if PDC is slow client can use BDC - but what does it mean slow for the client? How the client knows what "slow" is? Can Windows client measure "some kind of ping response" from PDC/BDC? 2) But if I have 2 offices: first one HQ has PDC installed and branch has BDC. How branches clients know to use BDC and not PDC? I tried and read Network Browsing on samba doc web but this issue isn't still clear to me. Can some please explain me how this works in Samba env? Thanks, Marcin From gaiseric.vandal at gmail.com Fri Jan 8 09:50:42 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Fri, 08 Jan 2010 11:50:42 -0500 Subject: [Samba] How SMB client recognizes when to use PDC or BDC In-Reply-To: <4B4748FA.9080608@arise.pl> References: <4B4748FA.9080608@arise.pl> Message-ID: <4B476262.4020402@gmail.com> It seems that the nature of the XP client is to use the BDC if available. You could try modifying the priority by adjusting the folloing announce version os level though to be honest I never got that to work for me. (I have a samba 3.0.x PDC and BDC and a samba 3.4.x BDC and I did NOT want the 3.4.x machine being the preferred one.) If you are not using WINS, the XP client should broadcast for a logon controller and only find local machines. I have not run samba DC's in multiple locations. I have with NT4 servers, which support WINS replication. I wish samba did as well. If you do use WINS, you would probably want to make sure that you don't have a XP client using a WINS server in another site. If both machines are WINS servers for the local clients you may have to edit an lmhosts file to tell each DC about other DC's on the WAN. Alternately you may want to make the BDC in the remote office a WINS client of the PDC in the main office. The other approach may be to have separate domains for each office and set up trusts. Each machine could be a WINS server if you used LMHOSTS files to tell each server about the other. On 01/08/10 10:02, Marcin Giedz wrote: > Hi, > > Maybe this was asked many time (although can't find it on google). Let's > assume 2 scenarios: > 1) I've got local network where PDC and BDC are set up. PDC is working > fine so the BDC is. When it's possible for any XP client to use BDC > instead of PDC? I read in samba docs that if PDC is slow client can use > BDC - but what does it mean slow for the client? How the client knows > what "slow" is? Can Windows client measure "some kind of ping response" > from PDC/BDC? > 2) But if I have 2 offices: first one HQ has PDC installed and branch > has BDC. How branches clients know to use BDC and not PDC? > > I tried and read Network Browsing on samba doc web but this issue isn't > still clear to me. Can some please explain me how this works in Samba > env? > > Thanks, > Marcin > > > From marcin.giedz at arise.pl Fri Jan 8 09:57:14 2010 From: marcin.giedz at arise.pl (Marcin Giedz) Date: Fri, 08 Jan 2010 17:57:14 +0100 Subject: [Samba] How SMB client recognizes when to use PDC or BDC In-Reply-To: <4B476262.4020402@gmail.com> References: <4B4748FA.9080608@arise.pl> <4B476262.4020402@gmail.com> Message-ID: <4B4763EA.4060009@arise.pl> Gaiseric Vandal pisze: Thanks for the hint ! ... and to be clear I also read that only PDC should be WINS server. BTW. PDC and BDC have LDAP master and slave installed accordingly. Thanks, M. > It seems that the nature of the XP client is to use the BDC if > available. You could try modifying the priority by adjusting the folloing > > announce version > os level > > though to be honest I never got that to work for me. (I have a samba > 3.0.x PDC and BDC and a samba 3.4.x BDC and I did NOT want the 3.4.x > machine being the preferred one.) > > If you are not using WINS, the XP client should broadcast for a logon > controller and only find local machines. I have not run samba DC's in > multiple locations. I have with NT4 servers, which support WINS > replication. I wish samba did as well. If you do use WINS, you would > probably want to make sure that you don't have a XP client using a > WINS server in another site. If both machines are WINS servers for the > local clients you may have to edit an lmhosts file to tell each DC > about other DC's on the WAN. Alternately you may want to make the BDC > in the remote office a WINS client of the PDC in the main office. > > > > The other approach may be to have separate domains for each office and > set up trusts. Each machine could be a WINS server if you used LMHOSTS > files to tell each server about the other. > > > > > > On 01/08/10 10:02, Marcin Giedz wrote: >> Hi, >> >> Maybe this was asked many time (although can't find it on google). Let's >> assume 2 scenarios: >> 1) I've got local network where PDC and BDC are set up. PDC is working >> fine so the BDC is. When it's possible for any XP client to use BDC >> instead of PDC? I read in samba docs that if PDC is slow client can use >> BDC - but what does it mean slow for the client? How the client knows >> what "slow" is? Can Windows client measure "some kind of ping response" >> from PDC/BDC? >> 2) But if I have 2 offices: first one HQ has PDC installed and branch >> has BDC. How branches clients know to use BDC and not PDC? >> >> I tried and read Network Browsing on samba doc web but this issue isn't >> still clear to me. Can some please explain me how this works in Samba >> env? >> >> Thanks, >> Marcin >> >> >> > -- Pozdrawiam Marcin Giedz Wiceprezes Zarz?du ARISE Sp. z o.o. mob. +48 502 537 157 mail: marcin.giedz at arise.pl ul. Walic?w 11 00-851 Warszawa tel./fax +48 (22) 583 93 40 http: www.arise.pl ARISE Sp. z o.o. z siedzib? w Warszawie, ul. Walic?w 11, 00-851 Warszawa, zarejestrowana przez S?d Rejonowy dla m. st. Warszawy w Warszawie XII Wydzia? Gospodarczy Krajowego Rejestru S?dowego pod nr KRS 0000316860; REGON 141595449; NIP 527-259-06-10; z pokrytym w ca?o?ci kapita?em zak?adowym wynosz?cym 50,000.00 z?. From npappin at latahfcu.org Fri Jan 8 10:14:17 2010 From: npappin at latahfcu.org (Nick Pappin) Date: Fri, 8 Jan 2010 09:14:17 -0800 Subject: [Samba] Redirected Folders and Mapped drives Message-ID: <65ac41001080914le2d6049gce1fa1c4e831a00d@mail.gmail.com> Hi Everyone, I keep on seeing a weird behavior. I have had a PDC set up for over a year now and it has been handing out profiles since we put it in. We are using a login drive to mount a share as a local drive letter. Additionally some users have mapped drive letters to other servers on the network. Last week I set up folder redirection because we are getting new windows 7 computers for one of our offices. Now when the user first logs in and tries to connect to a drive letter other than the login drive the are asked to re-authenticate. I have hit the save credentials box multiple times and it makes no different it wont save across reboots. Has anyone run into this behavior before or have any ideas? Thank you for your time, Nick Pappin From michaeldjoy at gmail.com Fri Jan 8 12:16:20 2010 From: michaeldjoy at gmail.com (Michael Joy) Date: Fri, 8 Jan 2010 13:16:20 -0600 Subject: [Samba] Samba4 A11 Provision Fails on 389-DS - Fedora 12 In-Reply-To: References: Message-ID: Following the instructions here ( http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS_1.2.3), I got to the DS provisioning step and encountered an error trying to provision the 389-DS (v1.2.3 B2009.280.1622). The source was checked out around 12/30/2009 ~16:00 GMT following the instructions provided in the 'howto'. I have made sure that system.domain-test.local is listed in the hosts file for 127.0.0.1 so it responds if you try to ping system.domain-test.local. This is on a completely fresh install of Fedora 12 x86_64 (latest updates installed) with just the software development group installed, nothing else besides what's listed in the howto. I didn't notice any failures in the compile, only WARNS. Any ideas as to what failed here and how to fix it? I'm setting up a local test bed in a cluster of ESXi 4u1 servers with a private network for performance testing. The DS is indeed running after this is run as you get a: "File "bin/python/samba/provisionbackend.py", line 183, in init raise ProvisioningError("Warning: Another slapd Instance seems already running on this host, listening to " + self.ldapi_uri + ". Please shut it down before you continue. ") " If you attempt to run the script again. If you stop the DS and try again, the same error occurs as listed below: [root at System source4]# setup/provision --host-name=System --root=root --domain=DOMAIN-TEST --realm=DOMAIN-TEST.LOCAL --server-role="domain controller" --ldap-backend-type=fedora-ds --slapd-path=/usr/sbin/ns-slapd --setup-ds-path=/usr/sbin/setup-ds.pl Administrator password will be set randomly! Converted 58 records with 0 failures Warning: using root as the server user id. You are strongly encouraged to use a non-root user. Your new DS instance 'samba4' was successfully created. Exiting . . . Log file is '/tmp/setupP3h9pd.log' importing data ... [30/Dec/2009:15:12:43 -0600] - Information: Non-Secure Port Disabled [30/Dec/2009:15:12:43 -0600] - Backend Instance: sambaData [30/Dec/2009:15:12:43 -0600] - dblayer_instance_start: pagesize: 4096, pages: 2049500, procpages: 47759 [30/Dec/2009:15:12:43 -0600] - cache autosizing: import cache: 204800k [30/Dec/2009:15:12:43 -0600] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [30/Dec/2009:15:12:43 -0600] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [30/Dec/2009:15:12:43 -0600] - dblayer_instance_start: pagesize: 4096, pages: 2049500, procpages: 47759 [30/Dec/2009:15:12:43 -0600] - cache autosizing: import cache: 204800k [30/Dec/2009:15:12:43 -0600] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [30/Dec/2009:15:12:43 -0600] - import sambaData: Beginning import job... [30/Dec/2009:15:12:43 -0600] - import sambaData: Index buffering enabled with bucket size 100 [30/Dec/2009:15:12:43 -0600] - import sambaData: Processing file "/usr/local/samba/private/ldap/fedorads-samba.ldif" [30/Dec/2009:15:12:43 -0600] - import sambaData: Finished scanning file "/usr/local/samba/private/ldap/fedorads-samba.ldif" (4 entries) [30/Dec/2009:15:12:44 -0600] - import sambaData: Workers finished; cleaning up... [30/Dec/2009:15:12:44 -0600] - import sambaData: Workers cleaned up. [30/Dec/2009:15:12:44 -0600] - import sambaData: Cleaning up producer thread... [30/Dec/2009:15:12:44 -0600] - import sambaData: Indexing complete. Post-processing... [30/Dec/2009:15:12:44 -0600] - import sambaData: Flushing caches... [30/Dec/2009:15:12:44 -0600] - import sambaData: Closing files... [30/Dec/2009:15:12:44 -0600] - All database threads now stopped [30/Dec/2009:15:12:44 -0600] - import sambaData: Import complete. Processed 4 entries in 1 seconds. (4.00 entries/sec) Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi' [30/Dec/2009:15:12:44 -0600] - Information: Non-Secure Port Disabled [30/Dec/2009:15:12:44 -0600] - 389-Directory/1.2.3 B2009.280.1622 starting up [30/Dec/2009:15:12:44 -0600] - I'm resizing my cache now...cache was 209715200 and is now 8000000 Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi' [30/Dec/2009:15:12:45 -0600] - Listening on /usr/local/samba/private/ldap/ldapi for LDAPI requests Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=domain-test,DC=local pdc_fsmo_init: no domain object present: (skip loading of domain details) Traceback (most recent call last): File "setup/provision", line 222, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File "bin/python/samba/provision.py", line 1235, in provision dom_for_fun_level=dom_for_fun_level) File "bin/python/samba/provision.py", line 929, in setup_samdb "SAMBA_VERSION_STRING": version File "bin/python/samba/provision.py", line 265, in setup_modify_ldif ldb.modify_ldif(data) File "bin/python/samba/__init__.py", line 259, in modify_ldif self.modify(msg, controls) _ldb.LdbError: (1, 'LDAP client internal error: NT_STATUS_INTERNAL_ERROR') A transaction is still active in ldb context [0x3057ee0] on /usr/local/samba/private/secrets.ldb ----- I would really like to find out what's blocking this so I can get a bit further down the road on this test lab. Any ideas? I'm all ears. Thanks in advanced to the kind soul who lends their input. From support at plecavalier.com Fri Jan 8 12:57:26 2010 From: support at plecavalier.com (Philippe LeCavalier) Date: Fri, 08 Jan 2010 14:57:26 -0500 Subject: [Samba] Redirected Folders and Mapped drives In-Reply-To: <65ac41001080914le2d6049gce1fa1c4e831a00d@mail.gmail.com> References: <65ac41001080914le2d6049gce1fa1c4e831a00d@mail.gmail.com> Message-ID: <1262980646.20796.3.camel@localhost> On Fri, 2010-01-08 at 09:14 -0800, Nick Pappin wrote: > Hi Everyone, > [...]Now when the user first logs in and tries > to connect to a drive letter other than the login drive the are asked to > re-authenticate. I have hit the save credentials box multiple times and it > makes no different it wont save across reboots. Has anyone run into this > behavior before or have any ideas? > > Thank you for your time, > Nick Pappin Same thing here. Windows 7 Pro with Samba 3.4 Cheers, Phil From shirishpargaonkar at gmail.com Fri Jan 8 14:47:18 2010 From: shirishpargaonkar at gmail.com (Shirish Pargaonkar) Date: Fri, 8 Jan 2010 15:47:18 -0600 Subject: [Samba] sid to uid/gid mapping, winbind Message-ID: <4a4634331001081347l4fae415am14e729644f6bcf2b@mail.gmail.com> I am interested in finding out user name / group name for a given SID. Can winbind provide that information assuming the cifs server which exports a share is either not in the same doamin as specified in the smb.conf on the linux SMB/CIFS client machine or is a stand alone machine, if presented with an SID and tcp host? Once a user name or group name for an SID is obtained, I would like winbind to map it to a uid or gid respectively as per smb.conf and store the mapping in the backend specified in smb.conf. Can the host be any kind of CIFS/SMB server (Samba, Windows etc.)? Otherwise, I may have to do DCERPC calls over named pipes like lsa and samr to resolve sids to user/group names. Thanks. Regards, Shirish From shirishpargaonkar at gmail.com Fri Jan 8 14:47:18 2010 From: shirishpargaonkar at gmail.com (Shirish Pargaonkar) Date: Fri, 8 Jan 2010 15:47:18 -0600 Subject: [Samba] sid to uid/gid mapping, winbind Message-ID: <4a4634331001081347l4fae415am14e729644f6bcf2b@mail.gmail.com> I am interested in finding out user name / group name for a given SID. Can winbind provide that information assuming the cifs server which exports a share is either not in the same doamin as specified in the smb.conf on the linux SMB/CIFS client machine or is a stand alone machine, if presented with an SID and tcp host? Once a user name or group name for an SID is obtained, I would like winbind to map it to a uid or gid respectively as per smb.conf and store the mapping in the backend specified in smb.conf. Can the host be any kind of CIFS/SMB server (Samba, Windows etc.)? Otherwise, I may have to do DCERPC calls over named pipes like lsa and samr to resolve sids to user/group names. Thanks. Regards, Shirish From malz at jetlan.com Fri Jan 8 17:08:26 2010 From: malz at jetlan.com (malz) Date: Sat, 9 Jan 2010 10:38:26 +1030 Subject: [Samba] Access Samba member server from Non-Domain member workstation Message-ID: Hello, I am wondering if anyone has seen this: Windows 2008 R2 Domain controller (Domain Function is Window 2003 mode) with a Suse 11.0 member server and a number of XP clients. Access of SMB shares/resources from the windows XP clients (XP machines which are Domain members) is ok but when I try to access the same shares from a non-Domain member XP workstation, I get an message box returned after (\\10.1.2.3 ) "No process is on the other end of the pipe". The system log: Jan 9 10:29:13 fp01 winbindd[3908]: [2010/01/09 10:29:13, 0] rpc_client/cli_pipe.c:rpc_api_pipe(789) Jan 9 10:29:13 fp01 winbindd[3908]: rpc_api_pipe: Remote machine AX01.internal.domain.com. pipe \NETLOGON fnum 0x4004 returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED Smbstatus: fp01:/ # smbstatus Samba version 3.2.7-11.6-2057-SUSE-CODE11 PID Username Group Machine ------------------------------------------------------------------- 8342 DOMAIN\router DOMAIN\data-administrative-root 10.8.1.162 (10.8.1.162) Service pid machine Connected at ------------------------------------------------------- admin-secure 8342 10.8.1.162 Fri Jan 8 11:17:40 2010 No locked files Thanks, Malcolm From himmat.baldaniya at hotmail.com Sat Jan 9 03:46:32 2010 From: himmat.baldaniya at hotmail.com (himmat baldaniya) Date: Sat, 9 Jan 2010 16:16:32 +0530 Subject: [Samba] its urgent:: how to set permission for subfolders in samba Message-ID: hello sir I got struct in serious problem regarding samba subfolders permission.. my query is-- I have three users in samba file user1 user2 user3 and I have one share as "share1" and its subfolder "subshare1" the thing i have to do is that, i have 2 assign user1 and user2 access to share1 that meansuser1 and user2 can only access share1 through password and user3 can access only its subfolder "subshare1" but not "share1" i have done this upto first level permission of share1 not able to do for its subfolder plz help ...its urgent thankyou _________________________________________________________________ New Windows 7: Simplify what you do everyday. Find the right PC for you. http://windows.microsoft.com/shop From eero.volotinen at iki.fi Sat Jan 9 03:57:16 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Sat, 09 Jan 2010 12:57:16 +0200 Subject: [Samba] its urgent:: how to set permission for subfolders in samba In-Reply-To: References: Message-ID: <4B48610C.4040908@iki.fi> > I got struct in serious problem regarding samba subfolders permission.. > my query is-- > I have three users in samba file user1 user2 user3 > and I have one share as "share1" and its subfolder "subshare1" > the thing i have to do is that, > i have 2 assign user1 and user2 access to share1 that meansuser1 and user2 can only access share1 through password > and user3 can access only its subfolder "subshare1" but not "share1" > i have done this upto first level permission of share1 not able to do for its subfolder using acls on filesystem. see setfacl and getfacl -- Eero From support at plecavalier.com Sat Jan 9 07:21:07 2010 From: support at plecavalier.com (Philippe LeCavalier) Date: Sat, 09 Jan 2010 09:21:07 -0500 Subject: [Samba] Redirected Folders and Mapped drives In-Reply-To: <1262980646.20796.3.camel@localhost> References: <65ac41001080914le2d6049gce1fa1c4e831a00d@mail.gmail.com> <1262980646.20796.3.camel@localhost> Message-ID: <1263046867.2978.11.camel@localhost> On Fri, 2010-01-08 at 14:57 -0500, Philippe LeCavalier wrote: > Same thing here. Windows 7 Pro with Samba 3.4 > > Cheers, > Phil Actually it's 3.2.5-4lenny6 not 3.4 as previously mentioned. Cheers, Phil From david at vizion2000.net Sat Jan 9 15:23:53 2010 From: david at vizion2000.net (David Southwell) Date: Sat, 9 Jan 2010 22:23:53 +0000 Subject: [Samba] winbindd error: Message-ID: <201001092223.53838.david@vizion2000.net> Can anyone tell me what might be going on here? Thanks in advance David : Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module tdb already registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:smb_register_idmap(149) Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module passdb already registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:smb_register_idmap(149) Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module nss already registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:idmap_alloc_init(589) Jan 9 22:02:15 dns1 winbindd[19219]: ERROR: Initialization failed for alloc backend, deferred! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module ldap already registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module tdb already registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:smb_register_idmap(149) Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module passdb already registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:smb_register_idmap(149) Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module nss already registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] winbindd/idmap.c:idmap_alloc_init(589) Jan 9 22:02:15 dns1 winbindd[19219]: ERROR: Initialization failed for alloc backend, deferred! From presgas at gmail.com Sat Jan 9 17:17:57 2010 From: presgas at gmail.com (Robert Freeman-Day) Date: Sat, 9 Jan 2010 19:17:57 -0500 (EST) Subject: [Samba] winbindd error: In-Reply-To: <201001092223.53838.david@vizion2000.net> References: <201001092223.53838.david@vizion2000.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 9 Jan 2010, David Southwell wrote: > Date: Sat, 9 Jan 2010 22:23:53 +0000 > From: David Southwell > To: samba at lists.samba.org > Subject: [Samba] winbindd error: > > > Can anyone tell me what might be going on here? > > Thanks in advance > David > : > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:smb_register_idmap_alloc(201) > Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module tdb already > registered! > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:smb_register_idmap(149) > Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module passdb already > registered! > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:smb_register_idmap(149) > Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module nss already registered! > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:idmap_alloc_init(589) > Jan 9 22:02:15 dns1 winbindd[19219]: ERROR: Initialization failed for alloc > backend, deferred! > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:smb_register_idmap_alloc(201) > Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module ldap already > registered! > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:smb_register_idmap_alloc(201) > Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module tdb already > registered! > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:smb_register_idmap(149) > Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module passdb already > registered! > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:smb_register_idmap(149) > Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module nss already registered! > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > winbindd/idmap.c:idmap_alloc_init(589) > Jan 9 22:02:15 dns1 winbindd[19219]: ERROR: Initialization failed for alloc > backend, deferred! > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > David, Can you give us your smb.conf file to browse? Additionally, give us some more info on your system. RHEL, Debin? Is your samba installed from source or package (can both be on your system??) and what version? Did you make any changes recently? - ---Robert Freeman-Day - --------------- I would really like you to be on my side, but the side you show me isn't what I had in mind. - -Judybats GPG Public Key: http:keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktJHLUACgkQup357T5MfTbfDgCfbQMpNzQ5BwSiEoHeqAzPdnPs l+AAnjSGNrfe8gOKHsfHMU0eVJHndYhZ =iL2Y -----END PGP SIGNATURE----- From james at enrogen.com Fri Jan 1 03:44:40 2010 From: james at enrogen.com (James A R Brown) Date: Fri, 01 Jan 2010 10:44:40 +0000 Subject: [Samba] Recycle VFS + Gnome Trash Message-ID: <1262342680.6249.49.camel@jblaptop.enrogen.org> Hi, We have hard mounted samba shares (via pam_mount) at login including the user home dir. We have tried setting up the recycle VFS module which works fine when we delete a file from the share on the command line. But when we delete a file in gnome via the gui, it puts it in the users ~/.local/share/Trash folder and samba does not see this happening on the share.... maybe as its a move file technically from one share to another? So our problem is that we have two trash locations happening dependant on what the user does and what app they are using. Is there anyway to work around and at least say have a common point for the trash... or at the very least get samba to save a copy via recycle vfs? Thanks for any help. James From terrytesting at yahoo.co.uk Fri Jan 1 13:51:39 2010 From: terrytesting at yahoo.co.uk (Terry) Date: Fri, 01 Jan 2010 20:51:39 +0000 Subject: [Samba] How to access shares via HTTP (apache2) In-Reply-To: <4B3E27C5.3040309@woodlandschools.org> References: <73c93b460912310635j7fdfee56i5108ec307b5998d2@mail.gmail.com> <864C46F870AE49DABDEFA593276666BE@elkejuttaPC> <4B3E27C5.3040309@woodlandschools.org> Message-ID: <4B3E605B.2000302@yahoo.co.uk> On 19:59, Steve Rippl wrote: > Daniel M?ller wrote: >> Why do you need to access your shares via HTTP???!! >> THe only thing this might be usefull is from outside your lan over >> internet?! >> If you plan this, there ist the linux opensource solution OPENVPN!! >> With this mighty software >> you work with your shares and outlook from outside as if you were in >> your bureau. >> Take a look at it and give it a try! >> Daniel > > With all due respect (really!), why do you ask a question like that? > Different people have different requirements. In my case I have 2000 > secondary school students that I give access to their home folders > from home so that they don't have to do everything via usb sticks. > Should I manage 2000 certificates for this and complicate things for > the students, or should I use a simple web based solution that can run > from any browser on any machine? > > OpenVPN is great, I use it for my access to the network from outside, > but it isn't the answer to everything! > > What about some sort of php groupware pretty sure you could find a file browser plugin for one them http://www.phpgroupware.org/ Web content and document management and sharing Maybe some thing like that would be a solution Terry From staatspromo08 at yahoo.de Sat Jan 2 03:53:55 2010 From: staatspromo08 at yahoo.de (STAATSLOTERIJ EMAIL PROMOTION.NL) Date: Sat, 2 Jan 2010 11:53:55 +0100 (CET) Subject: [Samba] Claim Your Prize!!! Message-ID: <4341.212.187.55.239.1262429635.squirrel@www.cybernet.ac.cy> Claim Your Prize!!! This email is to notify you that your Email Address attached to a Ticket Number: 64/3721/62/18 has won an Award Sum of 1,000,000.00(One Million Euro) In an Email Sweepstakes program held on the 1st of January 2010 in the Netherlands. draw was done electronically with several email addresses provided to this office by web mail providers to enhance the utilization of the internet Please contact the claim officer through the below given contact information. STAATS LOTTERIJ CLAIM DEPARTMENT OFFICER. Mr. Peter Hans. Tel: 0031-619-863-365, Please Reply To These Two Email Below. staatspromotion at aol.nl staats_claim at aol.nl Your Names: Phone number: Nationality: You Full Email Address: Ticket Number: 85/9432/11/42 Ref Number: HEL21/628439/94 Batch Number: 72431528/MYW Please forward the above stated winning information to your Staatslotterij Claim department officer. N:B: You are advised to keep your winning strictly confidential until your winning is processed and received by you this is to avoid double claiming which could lead to disqualification. Congratulations!!! Yours Sincerely, Mrs.Marissa Joyce, (Public Relation Officer) From ieee802n at 163.com Sat Jan 2 20:50:53 2010 From: ieee802n at 163.com (ieee802n) Date: Sun, 3 Jan 2010 11:50:53 +0800 (CST) Subject: [Samba] [samba] smbclient chown and chmod problem Message-ID: <29659134.85641262490653017.JavaMail.coremail@app185.163.com> Dear! samba team when I use SMBCLINET login to a host, under smb> status, use chmod or chown command. it refer a error message. the following error message: Pushing string of 'unlimited' length into non-SMB buffer! I don't know what happen my Samba Server. at the same time, in order to deal with the question,visting www.google.cn or www.baidu.com . but no my need, I hope to your help. best wish to you ! mofee.tom From tobias.schliebitz at googlemail.com Mon Jan 4 15:39:35 2010 From: tobias.schliebitz at googlemail.com (Tobias Schliebitz) Date: Mon, 04 Jan 2010 23:39:35 +0100 Subject: [Samba] HOW-TO on Samba4 Installation with dnsmasq Message-ID: <4B426E27.2020300@googlemail.com> Dear all, I'm currently trying out Samba4.0.0-alpha10. Because I'm unfamiliar with the Berkeley Internet Name Demon (bind), I've so far been using dnsmasq on my home network. I just want to inform eveybody who cares that it's possible to set up Samba4 and dnsmasq so as to allow domain logons from a Windows 7 workstation. Generally, I followed the how-to on the samba-wiki (http://wiki.samba.org/index.php/Samba4/HOWTO). But I skipped Step 8 (Configure Server-side DNS) and put most of the entries in what is called YOUR.ZONE.conf into my /etc/hosts, which is in turn read by dnsmasq and propagated to the network clients. Here is what it looks like: --- 127.0.0.1 localhost localhost 192.168.100.1 yoda.heimatnetz.priv yoda [... description of my network clients ...] 192.168.100.1 gc._msdcs.heimatnetz.priv gc._msdcs 192.168.100.1 _gc._tcp.heimatnetz.priv _gc._tcp 192.168.100.1 _gc._tcp.Default-First-Site-Name._sites.heimatnetz.priv _gc._tcp.Default-First-Site-Name._sites 192.168.100.1 _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.heimatnetz.priv _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs 192.168.100.1 _gc._tcp.gc._msdcs.heimatnetz.priv _gc._tcp.gc._msdcs 192.168.100.1 _ldap._tcp.gc._msdcs.heimatnetz.priv _ldap._tcp.gc._msdcs 192.168.100.1 _ldap._tcp.heimatnetz.priv _ldap._tcp 192.168.100.1 _ldap._tcp.dc._msdcs.heimatnetz.priv _ldap._tcp.dc._msdcs --- Of course, you must be very careful with any MS-specific entry containig an underscore ( _ ). Then the /etc/dnsmasq.conf file: --- interface=eth0 domain-needed bogus-priv filterwin2k dhcp-authoritative domain=heimatnetz.priv dhcp-range=192.168.100.200,192.168.100.250,12h dhcp-option=1,255.255.255.0 # Subnet Mask dhcp-option=3,192.168.100.3 # Router/Gateway dhcp-option=6,192.168.100.1 # Domain Server (DNS) dhcp-option=44,192.168.100.1 # Netbios Name Server (WINS) dhcp-option=4,192.168.100.1 # Time Server --- Naturally, the lines concerning DNS and WINS are especially important. No special entries in the smb.conf file besides those created by provisioning are necessary, but the entries there ought to match your network configuration. Mine are: --- [globals] netbios name = YODA server string = Samba 4 auf yoda.heimatnetz.priv workgroup = HEIMATNETZ realm = HEIMATNETZ.PRIV server role = domain controller unix charset = ISO8859-1 dos charset = UTF8 log level = 0 time server = yes [netlogon] path = /usr/local/samba/var/locks/sysvol/heimatnetz.priv/scripts read only = no [sysvol] path = /usr/local/samba/var/locks/sysvol read only = no --- I hope this helps someone save some time, as it cost me many hours to find this way. Cheers, Tobias From mario.rodas at altamira.com.gt Wed Jan 6 05:14:49 2010 From: mario.rodas at altamira.com.gt (Mario Jose Rodas) Date: Wed, 06 Jan 2010 06:14:49 -0600 Subject: [Samba] SAMBA UPDATE FOR F8 AND WIN7PRO In-Reply-To: <20100105200348.GB20016@samba1> References: <4B43825D.3080602@altamira.com.gt> <20100105200348.GB20016@samba1> Message-ID: <4B447EB9.9050303@altamira.com.gt> Hello, I need you help with the question or case explaine below. Thanks in advance for your time. Regards, Mario Jos? Rodas Administrador de Redes y DBA Grupo Corporativo Altamira Guatemala, C. A. Tels.: (502) 2415-7000 e-mail: mario.rodas at altamira.com.gt Jeremy Allison escribi?, El 05/01/2010 02:03 p.m.: > On Tue, Jan 05, 2010 at 12:18:05PM -0600, Mario Jose Rodas wrote: >> Hello! >> >> I am starting to work with Win 7 PRO in a laptop and I want to connect >> it to our server that has Fedora 8 with Samba version 3.0.33-0.fc8. >> >> I was reading in your site that I should upgrade it to Samba 3.4. >> >> I will like to know the correct procedure to update it since I have >> about 150 users configured that use this server as a PDC and mail >> server(postfix 2.5.5) and I don?t want to loose all this ton of work. >> >> Thanks in advance for your help, I will wait for your response. > > Please post questions like this on the samba at samba.org mailing list. > > Thanks, > > Jeremy. > > > __________ Informaci?n de ESET NOD32 Antivirus, versi?n de la base de firmas de virus 4747 (20100106) __________ > > ESET NOD32 Antivirus ha comprobado este mensaje. > > http://www.eset.com > > > > __________ Informaci?n de ESET NOD32 Antivirus, versi?n de la base de firmas de virus 4747 (20100106) __________ ESET NOD32 Antivirus ha comprobado este mensaje. http://www.eset.com From owen_squires at scs.k12.nc.us Wed Jan 6 12:36:31 2010 From: owen_squires at scs.k12.nc.us (Owen Squires) Date: Wed, 06 Jan 2010 14:36:31 -0500 Subject: [Samba] Suggestions for file-locking on Samba shares... Message-ID: <4B449FEF020000CF00022558@mail.stanlycountyschools.org> Hi All, New at trying to run networkable Windows apps from Samba but seem to be running into file lock issues. Environment is SLES11 (Samba 3.2.7-11.8.2 rpm says). I have users home spaces on the server and they are fine. The main problem is a Windows application (ACS Technologies finance/membership app) that gives a error accessing the *.acsdat and *.acsidx files on the server. Won't install the workstation client from the server... Thoughts? Thanks! Owen All email correspondence to and from this address is subject to North Carolina Public Records Law which may result in monitoring and disclosure to third parties, including law enforcement. From meshellwm5 at yahoo.com Wed Jan 6 21:01:30 2010 From: meshellwm5 at yahoo.com (William Meshell) Date: Wed, 6 Jan 2010 20:01:30 -0800 (PST) Subject: [Samba] set samba to receive broadcast WinPopUp messages Message-ID: <15952.30732.qm@web63004.mail.re1.yahoo.com> Hey, Happy New Year. I've searched the web for a while and can't get an answer to a question: I can send a message (using WinPopUp, net send, or smbclient -NM) to Windows and Linux PC's. But, when I send a message to the whole workgroup "net send /domain Hello" Only the Windows PC's respond to it (with the Windows message service). Samba does not see it. My question is, how do I get samba to catch the workgroup wide messages? Also, appart from sending to each user in a list, can Samba be used to send to all users in the workgroup? Thanks in advance, kind regards, William PS: I have managed to figure a lot of stuff out and recorded it at: http://home.earthlink.net/~meshellwg/w/www/html/LinSMB.html From jimmy at jetheis.com Wed Jan 6 22:57:02 2010 From: jimmy at jetheis.com (Jimmy Theis) Date: Thu, 07 Jan 2010 00:57:02 -0500 Subject: [Samba] Log File Format Changes Message-ID: <4B4577AE.1000304@jetheis.com> Hi all, I'm considering writing a Python module for parsing file access entries from Samba logs. I plan on using regular expressions to do most of this, and I'm curious as to whether or not the log format is consistent across all versions of Samba. If it isn't, can you please direct me to the documentation on any older or alternative formats? I'm currently using Samba 3.0.33 (RedHat), which outputs entries like this: ===================================================================== [2010/01/05 17:38:52, 2] smbd/open.c:open_file(391) admin opened file welcome.txt read=Yes write=No (numopen=4) [2010/01/05 17:38:52, 2] smbd/close.c:close_normal_file(406) admin closed file welcome.txt (numopen=3) NT_STATUS_OK ===================================================================== Regards, Jimmy Theis From hoover at salina.k-state.edu Thu Jan 7 08:09:40 2010 From: hoover at salina.k-state.edu (Hoover, Tony) Date: Thu, 07 Jan 2010 09:09:40 -0600 Subject: [Samba] samba with ldap + windows AD can work together? In-Reply-To: <3ffefd921001062139v3fbf3892lbfb316ae4f5bf23a@mail.gmail.com> References: <3ffefd921001062139v3fbf3892lbfb316ae4f5bf23a@mail.gmail.com> Message-ID: <1262876980.17510.78.camel@hoover-jackalope> A couple years ago when I migrated my NT4 domain to Samba, I had to re-establish the trust relationships with the other domains after the migration. Other than that, the migration was rather uneventful. On Wed, 2010-01-06 at 23:39 -0600, Alberto Moreno wrote: > Hi people. > > I have 2 domains right now: > > WinNT4 + Windows 2k3. > > A lot of u will say, why don't u just move everything to win2k3?.. > well I prefer to work with linux/Unix. > > My question is this, I test the migration from NT4 to linux with > ldap, it works and is not to difficult, my problem is this: > > All my printers are in the server running windows 2k3 my AD server, > the NT4 users can access the resources from the win2k3 server without > any issue, if I make the migration from NT4 to Linux, will my users > lost the connection of the win2k3(AD) resources? > > Centos 5.4. > > Thanks!!! > > -- > LIving the dream... > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > From rob.shinn at gmail.com Thu Jan 7 14:55:14 2010 From: rob.shinn at gmail.com (Rob Shinn) Date: Thu, 07 Jan 2010 16:55:14 -0500 Subject: [Samba] Read-only fs In-Reply-To: References: Message-ID: <4B465842.2020908@gmail.com> Kacper wrote: > The file exists there but is of course read-only. Does samba need to > write to this secret file or why doesn't it want to open that file? > If you want your root filesystem read-only (like, say, to boot your server from a CD-ROM or embedded device) then you can just copy this file to a RAM disk and either point to it in your smb.conf via the 'private dir =' directive, or else mount /etc/samba on your ramdisk and copy the files that go in there on startup. The latter exactly what my Linksys NAS200 running Samba 3.0.22 does. (I'm running the jac4 custom firmware) From marcin.giedz at arise.pl Fri Jan 8 05:54:28 2010 From: marcin.giedz at arise.pl (Marcin Giedz) Date: Fri, 08 Jan 2010 13:54:28 +0100 Subject: [Samba] How SMB client recognizes when to use PDC or BDC Message-ID: <4B472B04.4090005@arise.pl> Hi, Maybe this was asked many time (although can't find it on google). Let's assume 2 scenarios: 1) I've got local network where PDC and BDC are set up. PDC is working fine so the BDC is. When it's possible for any XP client to use BDC instead of PDC? I read in samba docs that if PDC is slow client can use BDC - but what does it mean slow for the client? How the client knows what "slow" is? Can Windows client measure "some kind of ping response" from PDC/BDC? 2) But if I have 2 offices: first one HQ has PDC installed and branch has BDC. How branches clients know to use BDC and not PDC? I tried and read Network Browsing on samba doc web but this issue isn't still clear to me. Can some please explain me how this works in Samba env? Thanks, Marcin From psycodue at tiscali.it Fri Jan 8 13:51:14 2010 From: psycodue at tiscali.it (psycodue at tiscali.it) Date: Fri, 8 Jan 2010 21:51:14 +0100 (CET) Subject: [Samba] ads_connect: Server not found in Kerberos database Message-ID: <31746694.330081262983874491.JavaMail.defaultUser@defaultHost> I'm having troubles in connecting an ubuntu server 6.06 LTS running samba 3.0.22 to a Windows 2008 Server AD domain, The same setting used for testing the join to a Windows 2003 Server AD domain works fine. When I try to join with net ads join -U Administrator I obtain the following error: [2010/01/08 10:18:01, 0] utils/net_ads.c:ads_startup (191) ads_connect: Server not found in Kerberos database I suppose that the problem is the samba version but unfortunately I cannot find a newer version for this distro. Is there a way to bypass the problem? Are there binary packages for ubuntu 6.06 compiled by someone? Any suggestion would be appreciated! Thanks in advance. Rubriche e Agende 2010. Tutte con la copertina personalizzabile con le tue foto. http://photo.tiscali.it From psycodue at tiscali.it Fri Jan 8 13:53:59 2010 From: psycodue at tiscali.it (psycodue at tiscali.it) Date: Fri, 8 Jan 2010 21:53:59 +0100 (CET) Subject: [Samba] ads_connect: Server not found in Kerberos database Message-ID: <9740334.330341262984039848.JavaMail.defaultUser@defaultHost> I'm having troubles in connecting an ubuntu server 6.06 LTS running samba 3.0.22 to a Windows 2008 Server AD domain, The same setting used for testing the join to a Windows 2003 Server AD domain works fine. When I try to join with net ads join -U Administrator I obtain the following error: [2010/01/08 10:18:01, 0] utils/net_ads.c:ads_startup (191) ads_connect: Server not found in Kerberos database I suppose that the problem is the samba version but unfortunately I cannot find a newer version for this distro. Is there a way to bypass the problem? Are there binary packages for ubuntu 6.06 compiled by someone? Any suggestion would be appreciated! Thanks in advance. Rubriche e Agende 2010. Tutte con la copertina personalizzabile con le tue foto. http://photo.tiscali.it From help at pdscc.com Sat Jan 9 23:39:53 2010 From: help at pdscc.com (Harondel J. Sibble) Date: Sat, 09 Jan 2010 22:39:53 -0800 Subject: [Samba] web based index of samba share contents In-Reply-To: <20100104173900.GA16599@samba1> References: <20100104170459.86C6412DD@sinclaire.sibble.net>, <20100104173900.GA16599@samba1> Message-ID: <20100110064000.18B8B1DB501@sinclaire.sibble.net> On 4 Jan 2010 at 9:39, Jeremy Allison wrote: > It's a funny 'ole world :-). After leaving Whistle I trotted up and > down Sand Hill Road in Silicon Valley with an ex-Whistle Exec (for > credibility) trying to pitch such a device to any of the Venture > Capitalists. I thought it would have made a great start-up company idea > ! Given the crazy amounts of data people and companies generate and have to keep around for compliance and other reasons, AND given the high cost for Google's search appliance solutions, you'd think there would be a lot of companies vying to develop solutions like this. > None of them wanted anything to do with it (sigh :-). At least > you and I prove that great minds think alike :-). ;-) How decidedly odd, well, just like another oddity given the whole "green" climate. in Europe (England in particular), it's easy to get powerbars with a per socket on/off switch, in North America that's pretty much unheard of, when I spoke with one of the local (BC, Canada) electrical shops, they told me all such devices had long ago been discontinued. , both this and the index/searching look like excellent business opportunities. Now germane to the indexing of Samba shares, the IBM OmniFind Yahoo edition works EXCEPTIONALLY well, except, as far as I can tell, no ssl/https support, nor ability to have login accounts that restrict what index repositories one can search. Indexing a 141gb share took about 20 hours or so to complete, the index file is about 60gb in size. I'll be chatting with IBM sales to see what it'll cost to resolve the 2 problems above using the commercial version of OmniFind. For folks who don't have issues with the lack of abilities above, I'd highly recommend it. This link explains how to install on Debian http://john.parnefjord.se/node/1 Of note, the -console switch works fine with Debian 5, so the -silent switch is not required. Also of note, using an admin password that punctuation in it seems to be accepted fine on first connect to admin page, but after that, no joy, so use just alphanumerics. -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice) From himmat.baldaniya at hotmail.com Sun Jan 10 00:31:12 2010 From: himmat.baldaniya at hotmail.com (himmat baldaniya) Date: Sun, 10 Jan 2010 13:01:12 +0530 Subject: [Samba] permission to subfolder in samba Message-ID: hello sir I got struct in serious problem regarding samba subfolders permission.. my query is-- I have three users in samba file user1 user2 user3 and I have one share as "share1" and its subfolder "subshare1" the thing i have to do is that, i have 2 assign user1 and user2 access to share1 that means user1 and user2 can only access share1 through password and user3 can access only its subfolder "subshare1" but not "share1" i have done this upto first level permission of share1 not able to do for its subfolder plzz note :: samba subfolder should not be view on main page :they should be viewed as subfolders plz help ...its urgent thankyou _________________________________________________________________ New Windows 7: Simplify what you do everyday. Find the right PC for you. http://windows.microsoft.com/shop From david at vizion2000.net Sun Jan 10 04:21:47 2010 From: david at vizion2000.net (David Southwell) Date: Sun, 10 Jan 2010 11:21:47 +0000 Subject: [Samba] winbindd error: In-Reply-To: References: <201001092223.53838.david@vizion2000.net> Message-ID: <201001101121.47899.david@vizion2000.net> > On Sat, 9 Jan 2010, David Southwell wrote: > > Date: Sat, 9 Jan 2010 22:23:53 +0000 > > From: David Southwell > > To: samba at lists.samba.org > > Subject: [Samba] winbindd error: > > > > > > Can anyone tell me what might be going on here? > > > > Thanks in advance > > David > > > > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > > winbindd/idmap.c:smb_register_idmap_alloc(201) > > Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module tdb already > > registered! > > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > > winbindd/idmap.c:smb_register_idmap(149) > > Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module passdb already > > registered! > > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > > winbindd/idmap.c:smb_register_idmap(149) > > Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module nss already > > registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, > > 0] > > winbindd/idmap.c:idmap_alloc_init(589) > > Jan 9 22:02:15 dns1 winbindd[19219]: ERROR: Initialization failed for > > alloc backend, deferred! > > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > > winbindd/idmap.c:smb_register_idmap_alloc(201) > > Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module ldap already > > registered! > > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > > winbindd/idmap.c:smb_register_idmap_alloc(201) > > Jan 9 22:02:15 dns1 winbindd[19219]: idmap_alloc module tdb already > > registered! > > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > > winbindd/idmap.c:smb_register_idmap(149) > > Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module passdb already > > registered! > > Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, 0] > > winbindd/idmap.c:smb_register_idmap(149) > > Jan 9 22:02:15 dns1 winbindd[19219]: Idmap module nss already > > registered! Jan 9 22:02:15 dns1 winbindd[19219]: [2010/01/09 22:02:15, > > 0] > > winbindd/idmap.c:idmap_alloc_init(589) > > Jan 9 22:02:15 dns1 winbindd[19219]: ERROR: Initialization failed for > > alloc backend, deferred! > > David, > > Can you give us your smb.conf file to browse? > > Additionally, give us some more info on your system. RHEL, Debin? Is > your samba installed from source or package (can both be on your > system??) and what version? > > Did you make any changes recently? > > ---Robert Freeman-Day I found the cause it was a duplicated entry of a share in smb.conf. I do not know how this happened. I had made some manual alterations to smb.conf and subsequently made some further changes using SWAT. During this process I must have duplicated an entry but have no record as to how it occured. Thanks for trying to help David From Volker.Lendecke at SerNet.DE Sun Jan 10 03:47:34 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Sun, 10 Jan 2010 11:47:34 +0100 Subject: [Samba] Log File Format Changes In-Reply-To: <4B4577AE.1000304@jetheis.com> References: <4B4577AE.1000304@jetheis.com> Message-ID: On Thu, Jan 07, 2010 at 12:57:02AM -0500, Jimmy Theis wrote: > I'm considering writing a Python module for parsing file access entries > from Samba logs. I plan on using regular expressions to do most of this, > and I'm curious as to whether or not the log format is consistent across > all versions of Samba. If it isn't, can you please direct me to the > documentation on any older or alternative formats? > > I'm currently using Samba 3.0.33 (RedHat), which outputs entries like this: > > ===================================================================== > [2010/01/05 17:38:52, 2] smbd/open.c:open_file(391) > admin opened file welcome.txt read=Yes write=No (numopen=4) > [2010/01/05 17:38:52, 2] smbd/close.c:close_normal_file(406) > admin closed file welcome.txt (numopen=3) NT_STATUS_OK > ===================================================================== You might want to look at the full_audit VFS module. The format there can be defined by smb.conf settings. The debug output is not standardized in any way. Volker From mueller at tropenklinik.de Sun Jan 10 07:22:19 2010 From: mueller at tropenklinik.de (=?iso-8859-1?Q?Daniel_M=FCller?=) Date: Sun, 10 Jan 2010 15:22:19 +0100 Subject: [Samba] WG: Claim Your Prize!!! Message-ID: <022F0734E091459891FF9CBAB8C20EF0@elkejuttaPC> Hello to all, What have this unserious people to do with SAMBA??Please prevent this people from taken action on the samba list. Ban them right now. This is abuse of the list. Greetings Daniel -----Urspr?ngliche Nachricht----- Von: "STAATSLOTERIJ EMAIL PROMOTION.NL" An: "undisclosed-recipients:" Gesendet: Samstag, 2. Januar 2010 11:53 Betreff: [Samba] Claim Your Prize!!! > Claim Your Prize!!! > > This email is to notify you that your Email Address attached to a Ticket > Number: 64/3721/62/18 has won an Award Sum of 1,000,000.00(One Million > Euro) In an Email Sweepstakes program held on the 1st of January 2010 in > the Netherlands. draw was done electronically with several email addresses > provided to this office by web mail providers to enhance the utilization > of the internet Please contact the claim officer through the below given > contact information. > > STAATS LOTTERIJ CLAIM DEPARTMENT OFFICER. > > Mr. Peter Hans. > Tel: 0031-619-863-365, > > Please Reply To These Two Email Below. > staatspromotion at aol.nl > staats_claim at aol.nl > > Your Names: > Phone number: > Nationality: > You Full Email Address: > Ticket Number: 85/9432/11/42 > Ref Number: HEL21/628439/94 > Batch Number: 72431528/MYW > > Please forward the above stated winning information to your Staatslotterij > Claim department officer. > > N:B: You are advised to keep your winning strictly confidential until your > winning is processed and received by you this is to avoid double claiming > which could lead to disqualification. > > Congratulations!!! > Yours Sincerely, > Mrs.Marissa Joyce, > (Public Relation Officer) > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > From presgas at gmail.com Sun Jan 10 10:43:19 2010 From: presgas at gmail.com (Robert Freeman-Day) Date: Sun, 10 Jan 2010 12:43:19 -0500 (EST) Subject: [Samba] ads_connect: Server not found in Kerberos database In-Reply-To: <9740334.330341262984039848.JavaMail.defaultUser@defaultHost> References: <9740334.330341262984039848.JavaMail.defaultUser@defaultHost> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 8 Jan 2010, psycodue at tiscali.it wrote: > Date: Fri, 8 Jan 2010 21:53:59 +0100 (CET) > From: "psycodue at tiscali.it" > To: samba at lists.samba.org > Subject: [Samba] ads_connect: Server not found in Kerberos database > > I'm having troubles in connecting an ubuntu server 6.06 LTS running > samba 3.0.22 to a Windows 2008 Server AD domain, > > The same setting used > for testing the join to a Windows 2003 Server AD domain works fine. > > > When I try to join with net ads join -U Administrator I obtain the > following error: > > [2010/01/08 10:18:01, 0] utils/net_ads.c:ads_startup > (191) > ads_connect: Server not found in Kerberos database > > > I suppose > that the problem is the samba version but unfortunately I cannot find a > newer version for this distro. > > Is there a way to bypass the problem? > Are there binary packages for ubuntu 6.06 compiled by someone? > > Any > suggestion would be appreciated! > > Thanks in advance. > The version of samba you have installed has many difficulties joining to 2008 domains. The version that fixes this is here: http://www.samba.org/samba/history/samba-3.0.28a.html However, the latest version for the 3.0 base is 3.0.36. Additionally, 3.0.x is discontinued: http://wiki.samba.org/index.php/Samba3_Release_Planning No matter what, you will likely have to install an updated version from source. While you are at it, you may want to look into using at least 3.2.x. Good Luck! - ---Robert Freeman-Day - --------------- I would really like you to be on my side, but the side you show me isn't what I had in mind. - -Judybats GPG Public Key: http:keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktKEbcACgkQup357T5MfTb0uQCgzN5uv/IQpPZ66fbkxkt2viKz eusAoL0qAwgpsjiUOxAoYufHX+SCReln =njkP -----END PGP SIGNATURE----- From joris at familiedobbelsteen.nl Sun Jan 10 13:32:33 2010 From: joris at familiedobbelsteen.nl (Joris Dobbelsteen) Date: Sun, 10 Jan 2010 21:32:33 +0100 Subject: [Samba] Computer Account to access share Message-ID: <4B4A3961.30102@familiedobbelsteen.nl> Hello, I've currently been trying to get a computer account to access a share on an active directory connected Samba server. Unfortunately it yields "access denied" ever, unless I enable guess access, in which case I can access it. Since I like to use samba for automatic software deployment, this requires distributing administrative credentials to all the workstation (hard to do, especially even somewhat securely) or use the computer account (preferred). I run Debian Lenny with Samba 3.4.3. I've been looking around for this issue a long time, but unable to find anyone with a solution. I do get WinBind to make uids for the computer accounts (by executing the 'id' command). That changes the error message to access denied. storage:~# id joris2k\\nehemiah$ uid=10023(JORIS2K\nehemiah$) gid=10009(JORIS2K\domain computers) groups=10009(JORIS2K\domain computers),10028(JORIS2K\certsvc_dcom_access) Does anyone have any pointer how I can solve this problem? Thanks and best wishes for the new year, - Joris From portsbsd at gmail.com Mon Jan 11 01:42:39 2010 From: portsbsd at gmail.com (Alberto Moreno) Date: Mon, 11 Jan 2010 00:42:39 -0800 Subject: [Samba] samba+ldap two domains db sync? Message-ID: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> Hi people. I have 2 domains running samba with ldap(Centos 5.x), I would like to know this. I would like to have the same DB in both sites, if I change the users just would like to do it 1 time. Is possible to sync both ldap servers every time I change something in ldap? or a better way to do it? Thanks!!! -- LIving the dream... From ant.starikov at gmail.com Mon Jan 11 02:33:26 2010 From: ant.starikov at gmail.com (Anton Starikov) Date: Mon, 11 Jan 2010 10:33:26 +0100 Subject: [Samba] join samba server to openldap/kerberos directory Message-ID: <01AA573E-6F54-43DE-9CC4-21D8DD48D797@gmail.com> I googled a lot but didn't find any answer. My problem is next: I have Openldap/kerberos directory. I have samba (samba-A), which acts as NT PDC and use ldap/kerberos as backend. I have another samba server (samba-B) which I want to authenticate users in my directory. Of course I can join it to my samba NT PDC, it works, but by this a loose ability to authenticate via kerberos tickets. Is it possible for samba-B to see my directory as AD? In order to be able "net ads join" and have full set of possible authentications for samba-B? What kind of records should I add to my Openldap/Kerberos directory in order to be able to perform "net join ADS"? Obviously I can't have full AD functionality here, but I don't need one. I just want it to simulate AD enough that second samba server can "join" to use it for authentication. AFAIK, if my KDC is based on MIT there is other workaround in case of security=user, but there are some extra reasons why I would be in ADS mode. Anton. From mail_of_sergey at mail.ru Mon Jan 11 04:30:56 2010 From: mail_of_sergey at mail.ru (=?koi8-r?Q?=F3=C5=D2=C7=C5=CA?=) Date: Mon, 11 Jan 2010 14:30:56 +0300 Subject: [Samba] [samba] User managing via USRMGR.EXE is impossble Message-ID: Hello, All! I have domain network. But user managing via USRMGR.EXE is impossble. When I run USRMGR.EXE I get a window: The tag is invalid. Do you want to select another domain to administer? At this time at Samba's log: [2010/01/11 14:12:07, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/01/11 14:12:07, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. How to find source of error? Samba Version 3.3.9, Microsoft Windows XP [?????? 5.1.2600] SP3 Bye. Serg. From brajeshkumar_shrivas at symantec.com Mon Jan 11 04:48:06 2010 From: brajeshkumar_shrivas at symantec.com (Brajesh Shrivastava) Date: Mon, 11 Jan 2010 17:18:06 +0530 Subject: [Samba] Samba Group Mapping Message-ID: <4B4B0FF6.2090100@symantec.com> Hi All I have Samba 3.2.11 installed on Suse (sles 10) machine. I am playing around the group mapping functionality. When I map a linux group to nt group. I can see that groups is visible on windows client. But, if I restart the smbd daemon (while changing the scurity mode for ads to user or vice versa), I can no more see the mapped group to the the Windows client. Though, I was able to see the mapping in the output of 'net groupmap list' command. I will request you to please let me know the answer of following questions: 1. Is there any way to see the mapped group to the windows client even after changing the security mode or restarting the samba server? 2. Does samba store the group mapping in group_mapping.ldb file. Will it be enough to copy this file to other node to get cluster wise solution for group mapping or do I need to follow any other steps. 3. Can I map built-in domain group like "Domain Admins", "Domain Users" etc to the Unix group? If yes, should I need to keep SID fixed by specifying rid value? 4. If I want to do the manual mapping, do I need to specify parameter 'add group script' in smb.conf? When is this option called? Thanks a lot in advance. From morgan at tuxedo.darktech.org Mon Jan 11 07:31:16 2010 From: morgan at tuxedo.darktech.org (Rob Shinn) Date: Mon, 11 Jan 2010 09:31:16 -0500 Subject: [Samba] samba+ldap two domains db sync? In-Reply-To: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> References: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> Message-ID: <4B4B3634.9030807@tuxedo.darktech.org> Alberto Moreno wrote: > Is possible to sync both ldap servers every time I change something > in ldap? or a better way to do it?Alberto Moreno wrote: You could probably do this with OpenLDAP's syncrepl replication facility. You may also wish to consider combining everything into one LDAP database, containing two different Samba domains, with a common OU for user accounts. You could keep the LDAP servers as they are, just set up one as a secondary LDAP server using syncrepl. That would have the advantage of centralizing everything and ease user administration, since users created in one domain would automatically be included in both. Without knowing the specifics, however, it's hard to say to which way would be best. From gaiseric.vandal at gmail.com Mon Jan 11 07:43:42 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Mon, 11 Jan 2010 09:43:42 -0500 Subject: [Samba] samba+ldap two domains db sync? In-Reply-To: <4B4B3634.9030807@tuxedo.darktech.org> References: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> <4B4B3634.9030807@tuxedo.darktech.org> Message-ID: <4B4B391E.6040300@gmail.com> On 01/11/10 09:31, Rob Shinn wrote: > Alberto Moreno wrote: >> Is possible to sync both ldap servers every time I change something >> in ldap? or a better way to do it?Alberto Moreno wrote: > You could probably do this with OpenLDAP's syncrepl replication > facility. You may also wish to consider combining everything into one > LDAP database, containing two different Samba domains, with a common > OU for user accounts. You could keep the LDAP servers as they are, > just set up one as a secondary LDAP server using syncrepl. That would > have the advantage of centralizing everything and ease user > administration, since users created in one domain would automatically > be included in both. > > Without knowing the specifics, however, it's hard to say to which way > would be best. > I don't think one user in LDAP could be in two different domains- each user has to have a distinct SambaSID entry. I use Sun's Directory Server for my LDAP backend- it was already in place for another project which is why I went with it rather than with OpenLDAP. It supports replication between ldap servers and has a GUI for setting up the replication parameters. Although, too be fair, there is a bit of a learning curve with this product. From morgan at tuxedo.darktech.org Mon Jan 11 07:49:20 2010 From: morgan at tuxedo.darktech.org (Rob Shinn) Date: Mon, 11 Jan 2010 09:49:20 -0500 Subject: [Samba] samba+ldap two domains db sync? In-Reply-To: <4B4B391E.6040300@gmail.com> References: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> <4B4B3634.9030807@tuxedo.darktech.org> <4B4B391E.6040300@gmail.com> Message-ID: <4B4B3A70.7050703@tuxedo.darktech.org> Gaiseric Vandal wrote: > > I don't think one user in LDAP could be in two different domains- > each user has to have a distinct SambaSID entry. > Ooomph! *slaps forehead*. You're right. That's what I get for posting before I've had my coffeee. I stand by my original statement that OpenLDAP's syncrepl would work, though. From gaiseric.vandal at gmail.com Mon Jan 11 07:59:22 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Mon, 11 Jan 2010 09:59:22 -0500 Subject: [Samba] Samba Group Mapping In-Reply-To: <4B4B0FF6.2090100@symantec.com> References: <4B4B0FF6.2090100@symantec.com> Message-ID: <4B4B3CCA.6000807@gmail.com> On 01/11/10 06:48, Brajesh Shrivastava wrote: > Hi All > > I have Samba 3.2.11 installed on Suse (sles 10) machine. I am playing > around the group mapping functionality. When I map a linux group to nt > group. I can see that groups is visible on windows client. But, if I > restart the smbd daemon (while changing the scurity mode for ads to > user or vice versa), I can no more see the mapped group to the the > Windows client. Though, I was able to see the mapping in the output of > 'net groupmap list' command. I will request you to please let me know > the answer of following questions: > > 1. Is there any way to see the mapped group to the windows client even > after changing the security mode or restarting the samba server? > > 2. Does samba store the group mapping in group_mapping.ldb file. Will > it be enough to copy this file to other node to get cluster wise > solution for group mapping or do I need to follow any other steps. > > 3. Can I map built-in domain group like "Domain Admins", "Domain > Users" etc to the Unix group? If yes, should I need to keep SID fixed > by specifying rid value? > > 4. If I want to do the manual mapping, do I need to specify parameter > 'add group script' in smb.conf? When is this option called? > > > Thanks a lot in advance. Group mappings should be persistent in either the local TDB file or the LDAP backend, depending on how you are configuring your machine. There are some group mappings that you must have. I have found that I can copy a TBD file for group mapping between machines BUT your group mapping requirements may be a little different for a domain controller vs a member server. It is probably safer to reenter the commands on the other machines. The member server may need the local "Administrators" and "Users" groups defined (see below) that I don't think you need on the domain controllers. The rid values for these well known groups is defined by Microsoft and available in the Samba docn. e.g net groupmap add ntgroup="Domain Admins" unixgroup=10512 rid=512 net groupmap add ntgroup="Domain Users" unixgroup=10513 rid=513 net groupmap add ntgroup="Domain Guests" unixgroup=10514 rid=514 net groupmap add ntgroup="Domain Controllers" unixgroup=10516 rid=516 net groupmap add ntgroup="Domain Computers" unixgroup=10515 rid=515 net groupmap add ntgroup="Administrators" unixgroup=10544 rid=544 type=local net groupmap add ntgroup="Users" unixgroup=10545 rid=545 type=local net groupmap add ntgroup="Guests" unixgroup=nobody rid=546 type=local From brajeshkumar_shrivas at symantec.com Mon Jan 11 08:13:53 2010 From: brajeshkumar_shrivas at symantec.com (Brajesh Shrivastava) Date: Mon, 11 Jan 2010 20:43:53 +0530 Subject: [Samba] Samba Group Mapping In-Reply-To: <4B4B3CCA.6000807@gmail.com> References: <4B4B0FF6.2090100@symantec.com> <4B4B3CCA.6000807@gmail.com> Message-ID: <4B4B4031.1010706@symantec.com> Gaiseric Vandal wrote: > On 01/11/10 06:48, Brajesh Shrivastava wrote: >> Hi All >> >> I have Samba 3.2.11 installed on Suse (sles 10) machine. I am playing >> around the group mapping functionality. When I map a linux group to >> nt group. I can see that groups is visible on windows client. But, if >> I restart the smbd daemon (while changing the scurity mode for ads to >> user or vice versa), I can no more see the mapped group to the the >> Windows client. Though, I was able to see the mapping in the output >> of 'net groupmap list' command. I will request you to please let me >> know the answer of following questions: >> >> 1. Is there any way to see the mapped group to the windows client >> even after changing the security mode or restarting the samba server? >> >> 2. Does samba store the group mapping in group_mapping.ldb file. >> Will it be enough to copy this file to other node to get cluster wise >> solution for group mapping or do I need to follow any other steps. >> >> 3. Can I map built-in domain group like "Domain Admins", "Domain >> Users" etc to the Unix group? If yes, should I need to keep SID fixed >> by specifying rid value? >> >> 4. If I want to do the manual mapping, do I need to specify parameter >> 'add group script' in smb.conf? When is this option called? >> >> >> Thanks a lot in advance. > > Group mappings should be persistent in either the local TDB file or > the LDAP backend, depending on how you are configuring your > machine. There are some group mappings that you must have. > > I have found that I can copy a TBD file for group mapping between > machines BUT your group mapping requirements may be a little different > for a domain controller vs a member server. It is probably safer to > reenter the commands on the other machines. > > > The member server may need the local "Administrators" and "Users" > groups defined (see below) that I don't think you need on the domain > controllers. The rid values for these well known groups is defined > by Microsoft and available in the Samba docn. > > e.g > > net groupmap add ntgroup="Domain Admins" unixgroup=10512 rid=512 > > net groupmap add ntgroup="Domain Users" unixgroup=10513 rid=513 > > net groupmap add ntgroup="Domain Guests" unixgroup=10514 rid=514 > > net groupmap add ntgroup="Domain Controllers" unixgroup=10516 rid=516 > > net groupmap add ntgroup="Domain Computers" unixgroup=10515 rid=515 > > > net groupmap add ntgroup="Administrators" unixgroup=10544 rid=544 > type=local > > net groupmap add ntgroup="Users" unixgroup=10545 rid=545 type=local > > net groupmap add ntgroup="Guests" unixgroup=nobody rid=546 type=local > > > > Hi Gaiseric Thanks a lot for your prompt reply. Still there are some confusion: Do I need to specify the uid of the Unix user? I think name should also work. Let "Domain Admins" SID 512 is mapped with unix group gid 10234. If, I change group permission on a file to "Domain Admins", what gid value will be assigned to that file? Will it be 10512 or 10234? From brajeshkumar_shrivas at symantec.com Mon Jan 11 08:45:23 2010 From: brajeshkumar_shrivas at symantec.com (Brajesh Shrivastava) Date: Mon, 11 Jan 2010 21:15:23 +0530 Subject: [Samba] Group mapping is not showing correct value Message-ID: <4B4B4793.3080506@symantec.com> Hi All I have created a group 'test' which has the following users: brajesh_01:/var/log/samba # getent group |grep test test:!:13159:brajesh,yatish,usr1 brajesh_01:/var/log/samba # I mapped this user to ntgroup user, 'Web Master': brajesh_01:/var/log/samba # net groupmap add ntgroup="We Master" unixgroup=test No rid or sid specified, choosing a RID Got RID 27319 Successfully added group We Master to the mapping db as a domain group brajesh_01:/var/log/samba # Output of 'net groupmap list' command shows the correct output: brajesh_01:/var/log/samba # net groupmap list We Master (S-1-5-21-3348154469-3767538395-1505805052-27319) -> test brajesh_01:/var/log/samba # But when I try to see the output of 'net rpc group members' command, it is giving an error message. Please see here: brajesh_01:/var/log/samba # net rpc group members "Web Master" -U administrator -d 1 Enter administrator's password: Couldn't find group Web Master [2010/01/11 10:35:33, 1] utils/net_rpc.c:run_rpc_command(181) rpc command function failed! (NT_STATUS_NONE_MAPPED) brajesh_01:/var/log/samba # I am new for group mapping feature. Please let me know where I am doing wrong. Thanks in advance!!! From gaiseric.vandal at gmail.com Mon Jan 11 08:54:28 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Mon, 11 Jan 2010 10:54:28 -0500 Subject: [Samba] Samba Group Mapping In-Reply-To: <4B4B4031.1010706@symantec.com> References: <4B4B0FF6.2090100@symantec.com> <4B4B3CCA.6000807@gmail.com> <4B4B4031.1010706@symantec.com> Message-ID: <4B4B49B4.1050402@gmail.com> On 01/11/10 10:13, Brajesh Shrivastava wrote: > Gaiseric Vandal wrote: >> On 01/11/10 06:48, Brajesh Shrivastava wrote: >>> Hi All >>> >>> I have Samba 3.2.11 installed on Suse (sles 10) machine. I am >>> playing around the group mapping functionality. When I map a linux >>> group to nt group. I can see that groups is visible on windows >>> client. But, if I restart the smbd daemon (while changing the >>> scurity mode for ads to user or vice versa), I can no more see the >>> mapped group to the the Windows client. Though, I was able to see >>> the mapping in the output of 'net groupmap list' command. I will >>> request you to please let me know the answer of following questions: >>> >>> 1. Is there any way to see the mapped group to the windows client >>> even after changing the security mode or restarting the samba server? >>> >>> 2. Does samba store the group mapping in group_mapping.ldb file. >>> Will it be enough to copy this file to other node to get cluster >>> wise solution for group mapping or do I need to follow any other steps. >>> >>> 3. Can I map built-in domain group like "Domain Admins", "Domain >>> Users" etc to the Unix group? If yes, should I need to keep SID >>> fixed by specifying rid value? >>> >>> 4. If I want to do the manual mapping, do I need to specify >>> parameter 'add group script' in smb.conf? When is this option called? >>> >>> >>> Thanks a lot in advance. >> >> Group mappings should be persistent in either the local TDB file or >> the LDAP backend, depending on how you are configuring your >> machine. There are some group mappings that you must have. >> >> I have found that I can copy a TBD file for group mapping between >> machines BUT your group mapping requirements may be a little >> different for a domain controller vs a member server. It is >> probably safer to reenter the commands on the other machines. >> >> >> The member server may need the local "Administrators" and "Users" >> groups defined (see below) that I don't think you need on the domain >> controllers. The rid values for these well known groups is defined >> by Microsoft and available in the Samba docn. >> >> e.g >> >> net groupmap add ntgroup="Domain Admins" unixgroup=10512 rid=512 >> >> net groupmap add ntgroup="Domain Users" unixgroup=10513 rid=513 >> >> net groupmap add ntgroup="Domain Guests" unixgroup=10514 rid=514 >> >> net groupmap add ntgroup="Domain Controllers" unixgroup=10516 rid=516 >> >> net groupmap add ntgroup="Domain Computers" unixgroup=10515 rid=515 >> >> >> net groupmap add ntgroup="Administrators" unixgroup=10544 rid=544 >> type=local >> >> net groupmap add ntgroup="Users" unixgroup=10545 rid=545 type=local >> >> net groupmap add ntgroup="Guests" unixgroup=nobody rid=546 type=local >> >> >> >> > Hi Gaiseric > > Thanks a lot for your prompt reply. Still there are some confusion: > > Do I need to specify the uid of the Unix user? I think name should > also work. Let "Domain Admins" SID 512 is mapped with unix group gid > 10234. If, I change group permission on a file to "Domain Admins", > what gid value will be assigned to that file? Will it be 10512 or 10234? > Yes, you should be able to specify the unix group name rather than the unix group GID. (no user names or uid's are involved.) You must use the predefined RID (e.g. 512) - your local unix GID can be whatever. (10512, 9223, smb_dom_admins, FunGroup1 etc.) I think you will make fewer errors it the unix GID is either the same as the RID (e.g. if RID's are 512 and 513 the GID's are 512 and 513) or at lease there is some obvious pattern (e.g. RID's 512 and 513 map to GID's 10512 and 10513, if you already the the 500 block of Unix GID's used for something else) On the unix level, the group perms shown will be that of the GID not the RID. So if RID 512 maps to GID 10234, the unix level will show 10234. I have an LDAP backend for everything. That seems OK with using "Domain Admins" as a unix group, despite the space in the names. I don't know if you can do this if you are using NIS or /etc/passwd for the unix accounts. I found that with samba 3.4.x it was easier if the unix group names were the same as the windows group names. From drankinatty at suddenlinkmail.com Mon Jan 11 13:12:28 2010 From: drankinatty at suddenlinkmail.com (David C. Rankin) Date: Mon, 11 Jan 2010 14:12:28 -0600 Subject: [Samba] matchname messages filling logs - howto stop? Message-ID: <4B4B862C.2080602@suddenlinkmail.com> Listmates, I have had a few boxes where the 'matchname' message is filling my syslog with one new message ever ~40 seconds or so. No performance problems, just the log annoyance. An example of the messages are: Jan 11 13:43:03 nemesis smbd[2246]: [2010/01/11 13:43:03, 0] lib/util_sock.c:1685(get_peer_name) Jan 11 13:43:03 nemesis smbd[2246]: Matchname failed on Adrienne-PC.rbpllc.com ::ffff:192.168.7.127 Jan 11 13:43:45 nemesis smbd[2247]: [2010/01/11 13:43:45, 0] lib/util_sock.c:1564(matchname) Jan 11 13:43:45 nemesis smbd[2247]: matchname: host name/address mismatch: ::ffff:192.168.7.127 != Adrienne-PC.rbpllc.com Jan 11 13:43:45 nemesis smbd[2247]: [2010/01/11 13:43:45, 0] lib/util_sock.c:1685(get_peer_name) Jan 11 13:43:45 nemesis smbd[2247]: Matchname failed on Adrienne-PC.rbpllc.com ::ffff:192.168.7.127 Jan 11 13:52:22 nemesis smbd[2270]: [2010/01/11 13:52:22, 0] lib/util_sock.c:1564(matchname) Jan 11 13:52:22 nemesis smbd[2270]: matchname: host name/address mismatch: ::ffff:192.168.7.127 != Adrienne-PC.rbpllc.com Jan 11 13:52:22 nemesis smbd[2270]: [2010/01/11 13:52:22, 0] lib/util_sock.c:1685(get_peer_name) Jan 11 13:52:22 nemesis smbd[2270]: Matchname failed on Adrienne-PC.rbpllc.com ::ffff:192.168.7.127 Jan 11 13:53:04 nemesis smbd[2271]: [2010/01/11 13:53:04, 0] lib/util_sock.c:1564(matchname) Jan 11 13:53:04 nemesis smbd[2271]: matchname: host name/address mismatch: ::ffff:192.168.7.127 != Adrienne-PC.rbpllc.com Jan 11 13:53:04 nemesis smbd[2271]: [2010/01/11 13:53:04, 0] lib/util_sock.c:1685(get_peer_name) Jan 11 13:53:04 nemesis smbd[2271]: Matchname failed on Adrienne-PC.rbpllc.com ::ffff:192.168.7.127 Jan 11 13:53:46 nemesis smbd[2272]: [2010/01/11 13:53:46, 0] lib/util_sock.c:1564(matchname) Jan 11 13:53:46 nemesis smbd[2272]: matchname: host name/address mismatch: ::ffff:192.168.7.127 != Adrienne-PC.rbpllc.com Jan 11 13:53:46 nemesis smbd[2272]: [2010/01/11 13:53:46, 0] lib/util_sock.c:1685(get_peer_name) Jan 11 13:53:46 nemesis smbd[2272]: Matchname failed on Adrienne-PC.rbpllc.com ::ffff:192.168.7.127 The message is generated between an XP box and the samba server which is setup in standalone mode. The basic configuration is: [global] workgroup = RB_LAW server string = Samba %v map to guest = Bad User log file = /var/log/samba/log.%m max log size = 100 smb ports = 139 name resolve order = wins lmhosts bcast time server = Yes printcap name = cups disable spoolss = Yes show add printer wizard = No os level = 58 dns proxy = No wins server = 192.168.7.15 admin users = david hosts allow = 192.168.7., 192.168.6., 192.168.8., 192.168.5., 127. [homes] comment = Home Directories read only = No browseable = No browsable = No [samba] comment = Nemesis Law path = /home/samba valid users = @office, anna force group = office read only = No inherit permissions = Yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes use client driver = Yes browseable = No browsable = No [print$] path = /var/lib/samba/drivers write list = @adm, root inherit permissions = Yes guest ok = Yes I have had this same problem on several boxes and I haven't been able to chase down the cause. I get that samba is saying that there is a mismatch between the hostname and the address for the IPV6 address ::ffff:192.168.7.127 != Adrienne-PC.rbpllc.com. The problem is I don't know where samba is caching this information or how to prevent samba from considering this box and address to be mismatched. I apologize if this has been asked and answered before, but I haven't had the time to monitor the list on a daily basis as I have had in the past. Could somebody shed some light on how I can solve this problem. I would rather not simply drop the log level to hide the error, I would prefer to fix it. Thanks. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com From portsbsd at gmail.com Mon Jan 11 14:28:08 2010 From: portsbsd at gmail.com (Alberto Moreno) Date: Mon, 11 Jan 2010 13:28:08 -0800 Subject: [Samba] samba+ldap two domains db sync? In-Reply-To: <4B4B3A70.7050703@tuxedo.darktech.org> References: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> <4B4B3634.9030807@tuxedo.darktech.org> <4B4B391E.6040300@gmail.com> <4B4B3A70.7050703@tuxedo.darktech.org> Message-ID: <3ffefd921001111328n7884d1fbg8124d47b59aea76f@mail.gmail.com> Thanks people. I will read about synrepl and see how it works, thanks all of u for your tips!!! See u!!! On Mon, Jan 11, 2010 at 6:49 AM, Rob Shinn wrote: > Gaiseric Vandal wrote: >> >> I don't think one user in LDAP could be in two different domains- ?each >> user has to have a distinct SambaSID entry. >> > > Ooomph! *slaps forehead*. ?You're right. ?That's what I get for posting > before I've had my coffeee. > > I stand by my original statement that OpenLDAP's syncrepl would work, > though. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: ?https://lists.samba.org/mailman/options/samba > -- LIving the dream... From vinnix.bsd at gmail.com Mon Jan 11 15:04:47 2010 From: vinnix.bsd at gmail.com (Vinicius Abrahao) Date: Mon, 11 Jan 2010 20:04:47 -0200 Subject: [Samba] Joining Windows XP client to Samba 3 domain: Access denied In-Reply-To: <4B41AB99.3000206@lohrmann.de> References: <4AF843F5.8080203@lohrmann.de> <1e31c7981001031652r68726d4ao117540ba64f1d43c@mail.gmail.com> <4B41AB99.3000206@lohrmann.de> Message-ID: <1e31c7981001111404r3e2bcdd3u62b8848ae4151150@mail.gmail.com> On Mon, Jan 4, 2010 at 6:49 AM, Christian Geiger wrote: > Hi Vin?cius! > > Wish you a happy new year, too! > > Yes, I solved my issue in the meantime. I made a mistake and tried joining > the domain with the user instead of the administrator account. As no machine > account had been previously created for that machine, the join couldn't be > performed. Doing it as the administrator solved this and created the machine > account in the background. > > What does your smb.conf look like? Did you ensure a machine account exists? > And which user did you supply for joining the domain? > > Best regards > Chris > > PS: I'm running Samba 3.3.2 and OpenLDAP 2.4.15 on Ubuntu 9.04 Server. Hi Chris, and all List! Thanks for helping me. I solve the problem in a "strange way". I get the smb.conf of another machine that had samba working fine as PDC and replace my actual conf (but without modify my ldap data), and the clients joint normally. So I think... I'll restore the original smb.conf and verify line by line what is the difference between their. But... when I restore the original file, I could joint at my domain normally too. So... I resolve the problem, but I don't know "how" yet. I'll reinstall from scratch when I have more time, and then create a solid doc, about samba-ldap integration (how to delivery it, not the internals aspects). thanks again for help, best regards, Vinnix From himmat.baldaniya at hotmail.com Mon Jan 11 23:02:04 2010 From: himmat.baldaniya at hotmail.com (himmat baldaniya) Date: Tue, 12 Jan 2010 11:32:04 +0530 Subject: [Samba] setfacl:operation not supported Message-ID: Hi all from last few days i got struct in problem.when i try to use setfacl command "setfacl -m u:himmat:r-- /ide2/asd" i get the error setfacl : /ide2/asd : operation not supported i also has mounted acl using -: "mount -f -o remount,acl / " Note: -f option is for force i am using red hat kernel 2.4.20-8 and acl-2.2.3-1 One more thing i have to ask whether acl utility supports Samba version-2.2.7a plz help .. I want to know ur valuable suggestions thankyou _________________________________________________________________ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop From eero.volotinen at iki.fi Mon Jan 11 23:28:54 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Tue, 12 Jan 2010 08:28:54 +0200 Subject: [Samba] setfacl:operation not supported In-Reply-To: References: Message-ID: <4B4C16A6.4030707@iki.fi> On 1/12/10 8:02 AM, himmat baldaniya wrote: > > > Hi all > from last few days i got struct in problem.when i try to use setfacl command > "setfacl -m u:himmat:r-- /ide2/asd" > i get the error setfacl : /ide2/asd : operation not supported > i also has mounted acl using -: > "mount -f -o remount,acl / " Note: -f option is for force > i am using red hat kernel 2.4.20-8 and acl-2.2.3-1 > One more thing i have to ask whether acl utility supports Samba version-2.2.7a > plz help .. I want to know ur valuable suggestions > thankyou maybe it's time to upgrade os .. -- Eero From himmat.baldaniya at hotmail.com Mon Jan 11 23:36:02 2010 From: himmat.baldaniya at hotmail.com (himmat baldaniya) Date: Tue, 12 Jan 2010 12:06:02 +0530 Subject: [Samba] FW: setfacl:operation not supported Message-ID: Hello, I am using red hat 2.4.20-8 with samba 2.2.7a. i have to enable acl with samba.whether acl is enabled bydefault in samba if not,then how we have to do ???? thankyou _________________________________________________________________ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop From eero.volotinen at iki.fi Mon Jan 11 23:43:23 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Tue, 12 Jan 2010 08:43:23 +0200 Subject: [Samba] FW: setfacl:operation not supported In-Reply-To: References: Message-ID: <4B4C1A0B.6030504@iki.fi> On 1/12/10 8:36 AM, himmat baldaniya wrote: > > Hello, > I am using red hat 2.4.20-8 with samba 2.2.7a. i have to enable acl with samba.whether acl is enabled bydefault in samba if not,then how we have to do ???? > You are using antique system of redhat? Nowdays systems runs 2.6.x series kernel. Maybe your system is not supporting acl? What is redhat release version of os you are running (cat /etc/redhat-release) -- Eero From jens-smb at gmx.net Tue Jan 12 02:32:25 2010 From: jens-smb at gmx.net (Jens Nissen) Date: Tue, 12 Jan 2010 10:32:25 +0100 Subject: [Samba] setfacl:operation not supported In-Reply-To: References: Message-ID: <4B4C41A9.7070209@gmx.net> Kernel 2.4 can support ACLs, it's more a question of the FS you are using (ext2 is ok if acl is properly installed). Did you remount with root? Otherwise use sudo. Perhaps you could post your mount-output. By the way: use some other partition then "/" for testing, otherwise you could end up in a mess!!! Next question: /ide2 sounds like a mountpoint itself - check and remount with acl-enabled. Perhaps you could post "ls -al /" Kind regards, Jens himmat baldaniya schrieb: > Hi all > from last few days i got struct in problem.when i try to use setfacl command > "setfacl -m u:himmat:r-- /ide2/asd" > i get the error setfacl : /ide2/asd : operation not supported > i also has mounted acl using -: > "mount -f -o remount,acl / " Note: -f option is for force > i am using red hat kernel 2.4.20-8 and acl-2.2.3-1 > One more thing i have to ask whether acl utility supports Samba version-2.2.7a > plz help .. I want to know ur valuable suggestions > thankyou > > > _________________________________________________________________ > New Windows 7: Find the right PC for you. Learn more. > http://windows.microsoft.com/shop > From brajeshkumar_shrivas at symantec.com Tue Jan 12 03:05:26 2010 From: brajeshkumar_shrivas at symantec.com (Brajesh Shrivastava) Date: Tue, 12 Jan 2010 15:35:26 +0530 Subject: [Samba] Group mapping is not showing correct value In-Reply-To: <4B4B4793.3080506@symantec.com> References: <4B4B4793.3080506@symantec.com> Message-ID: <4B4C4966.9080209@symantec.com> Brajesh Shrivastava wrote: > Hi All > > I have created a group 'test' which has the following users: > > brajesh_01:/var/log/samba # getent group |grep test > test:!:13159:brajesh,yatish,usr1 > brajesh_01:/var/log/samba # > > > I mapped this user to ntgroup user, 'Web Master': > > brajesh_01:/var/log/samba # net groupmap add ntgroup="We Master" > unixgroup=test > No rid or sid specified, choosing a RID > Got RID 27319 > Successfully added group We Master to the mapping db as a domain group > brajesh_01:/var/log/samba # > > Output of 'net groupmap list' command shows the correct output: > > brajesh_01:/var/log/samba # net groupmap list > We Master (S-1-5-21-3348154469-3767538395-1505805052-27319) -> test > brajesh_01:/var/log/samba # > > But when I try to see the output of 'net rpc group members' command, > it is giving an error message. Please see here: > > brajesh_01:/var/log/samba # net rpc group members "Web Master" -U > administrator -d 1 > Enter administrator's password: > Couldn't find group Web Master > [2010/01/11 10:35:33, 1] utils/net_rpc.c:run_rpc_command(181) > rpc command function failed! (NT_STATUS_NONE_MAPPED) > brajesh_01:/var/log/samba # > > I am new for group mapping feature. Please let me know where I am > doing wrong. > > Thanks in advance!!! > Please help me in resolving the above problem, in case if you know the solution. From walk2sun at arcor.de Tue Jan 12 03:23:13 2010 From: walk2sun at arcor.de (Harry Jede) Date: Tue, 12 Jan 2010 11:23:13 +0100 Subject: [Samba] Group mapping is not showing correct value In-Reply-To: <4B4C4966.9080209@symantec.com> References: <4B4B4793.3080506@symantec.com> <4B4C4966.9080209@symantec.com> Message-ID: <201001121123.14627.walk2sun@arcor.de> On Dienstag, 12. Januar 2010 wrote Brajesh Shrivastava: > Brajesh Shrivastava wrote: > > Hi All > > > > I have created a group 'test' which has the following users: > > > > brajesh_01:/var/log/samba # getent group |grep test > > test:!:13159:brajesh,yatish,usr1 > > brajesh_01:/var/log/samba # > > > > > > I mapped this user to ntgroup user, 'Web Master': > > > > brajesh_01:/var/log/samba # net groupmap add ntgroup="We Master" > > unixgroup=test > > No rid or sid specified, choosing a RID > > Got RID 27319 > > Successfully added group We Master to the mapping db as a domain > > group brajesh_01:/var/log/samba # > > > > Output of 'net groupmap list' command shows the correct output: > > > > brajesh_01:/var/log/samba # net groupmap list > > We Master (S-1-5-21-3348154469-3767538395-1505805052-27319) -> test > > brajesh_01:/var/log/samba # > > > > But when I try to see the output of 'net rpc group members' > > command, it is giving an error message. Please see here: > > > > brajesh_01:/var/log/samba # net rpc group members "Web Master" -U > > administrator -d 1 > > Enter administrator's password: > > Couldn't find group Web Master > > [2010/01/11 10:35:33, 1] utils/net_rpc.c:run_rpc_command(181) > > rpc command function failed! (NT_STATUS_NONE_MAPPED) > > brajesh_01:/var/log/samba # > > > > I am new for group mapping feature. Please let me know where I am > > doing wrong. > > > > Thanks in advance!!! > > Please help me in resolving the above problem, in case if you know > the solution. use the same "group name" :-) "Web Master" and "We Master" are totally different ;-) -- Gruss Harry Jede From brajeshshri at gmail.com Tue Jan 12 03:31:46 2010 From: brajeshshri at gmail.com (Brajesh Shrivastava) Date: Tue, 12 Jan 2010 16:01:46 +0530 Subject: [Samba] Unable to map the group Message-ID: <874062de1001120231w68ba3d3dn8a55bcbb0b8f77ae@mail.gmail.com> Hi All, I am using Samba 3.2.11 on sles 10. I have create a Unix group 'grp1' and mapped it to a ntgroup "Group One". Unix group 'grp1' has one user i.e 'usr1'. 'net groupmap' command show the mapping with correct SID and gid value. Please, have a look here. # cat /etc/group | grep grp1 grp1:!:12613:usr1,raj1,raj2 # # net groupmap list Group One (S-1-5-21-2117825020-3123844951-2554100798-26227) -> grp1 # # net groupmap list verbose ntgroup="Group One" Group One SID : S-1-5-21-2117825020-3123844951-2554100798-26227 Unix gid : 12613 Unix group: grp1 Group type: Domain Group Comment : Domain Unix group # I have one filesystem 'fs2' exported as share 'share1' to the windows user. Initially, filesystem doesn't have any file/folder created inside it. # ls -l /vx/fs2/ total 0 # If user 'usr1' mounts a share1 on windows machine and create a folder 'try' inside it, then effective group permission goes to the unix group 'nogroup'. # ls -l /vx/fs2/ total 0 drwxrwxr-x+ 2 usr1 nogroup 96 2010-01-12 05:18 try # Here, I am expecting that if I assign group permission as 'Group One' from Windows client machine. It should be assigned to the 'grp1' group on linux side. Because, ntgroup 'Group One' is mapped to the unix group 'grp1'. I think, I am missing something. Can you please help me resolving this issue. Any help will be deeply appreciated. From brajeshkumar_shrivas at symantec.com Tue Jan 12 03:36:41 2010 From: brajeshkumar_shrivas at symantec.com (Brajesh Shrivastava) Date: Tue, 12 Jan 2010 16:06:41 +0530 Subject: [Samba] Group mapping is not showing correct value In-Reply-To: <201001121123.14627.walk2sun@arcor.de> References: <4B4B4793.3080506@symantec.com> <4B4C4966.9080209@symantec.com> <201001121123.14627.walk2sun@arcor.de> Message-ID: <4B4C50B9.6000107@symantec.com> Harry Jede wrote: > On Dienstag, 12. Januar 2010 wrote Brajesh Shrivastava: > >> Brajesh Shrivastava wrote: >> >>> Hi All >>> >>> I have created a group 'test' which has the following users: >>> >>> brajesh_01:/var/log/samba # getent group |grep test >>> test:!:13159:brajesh,yatish,usr1 >>> brajesh_01:/var/log/samba # >>> >>> >>> I mapped this user to ntgroup user, 'Web Master': >>> >>> brajesh_01:/var/log/samba # net groupmap add ntgroup="We Master" >>> unixgroup=test >>> No rid or sid specified, choosing a RID >>> Got RID 27319 >>> Successfully added group We Master to the mapping db as a domain >>> group brajesh_01:/var/log/samba # >>> >>> Output of 'net groupmap list' command shows the correct output: >>> >>> brajesh_01:/var/log/samba # net groupmap list >>> We Master (S-1-5-21-3348154469-3767538395-1505805052-27319) -> test >>> brajesh_01:/var/log/samba # >>> >>> But when I try to see the output of 'net rpc group members' >>> command, it is giving an error message. Please see here: >>> >>> brajesh_01:/var/log/samba # net rpc group members "Web Master" -U >>> administrator -d 1 >>> Enter administrator's password: >>> Couldn't find group Web Master >>> [2010/01/11 10:35:33, 1] utils/net_rpc.c:run_rpc_command(181) >>> rpc command function failed! (NT_STATUS_NONE_MAPPED) >>> brajesh_01:/var/log/samba # >>> >>> I am new for group mapping feature. Please let me know where I am >>> doing wrong. >>> >>> Thanks in advance!!! >>> >> Please help me in resolving the above problem, in case if you know >> the solution. >> > use the same "group name" :-) > > "Web Master" and "We Master" > > are totally different ;-) > > > > Thanks for your comment Harry. By mistake I wrote 'Web Master' instead of 'We Master'. Even I tried with 'We Master', I am getting the same error. Do I need to follow any other steps. I mapped several unix group to nt group, but still not able to see the correct output for at least one group in 'net rpc group memebrs' command. May be I am missing something. From dgcoventry at gmail.com Tue Jan 12 06:18:03 2010 From: dgcoventry at gmail.com (Dave Coventry) Date: Tue, 12 Jan 2010 15:18:03 +0200 Subject: [Samba] Documents in home folder 'Read Only' Message-ID: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> My user is logged in to the Samba Server. smb.conf has the following: [homes] comment = Home Directories read only = No create mask = 0775 directory mask = 0775 browseable = No writeable = Yes The files in the user's home directory are set to chmod 777. What do I need to do to enable the user to write to her Directory? From juan at itos.uga.edu Tue Jan 12 06:53:21 2010 From: juan at itos.uga.edu (Juan Machado) Date: Tue, 12 Jan 2010 08:53:21 -0500 Subject: [Samba] Strange SAMBA Winbind behavior - WBC_ERR_AUTH_ERROR - NT_STATUS_WRONG_PASSWORD Message-ID: <1C28E42139C61D4BB4F418A19EAA2E355FCA07@MAIL.itos.uga.edu> Hello All, I am having a weird behavior and after 2 days of trying to fix it, I just decided to ask the experts in this group! I have a RHEL5 box running SAMBA 3.4.3-41.el5. Users authenticate via Winbind to a Windows 2008R2 Domain controller. Authentication is fine, users can log in but ... 1. When user type their login/username, it takes 3 seconds to get the password prompt. 2. After the user provides the right password, the system let them log in but a "WRONG PASSWORD" message is displayed. When I check the logs I can see that BEFORE the user enters the password, there is a bcLogonUser failed: WBC_ERR_AUTH_ERROR message in the logs. Jan 12 08:37:10 myrhelserver sshd[13822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=wve-systems-10.mydomain.com user=juan Jan 12 08:37:10 myrhelserver sshd[13822]: pam_winbind(sshd:auth): getting password (0x00000010) Jan 12 08:37:10 myrhelserver sshd[13822]: pam_winbind(sshd:auth): pam_get_item returned a password Jan 12 08:37:10 myrhelserver sshd[13822]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password Jan 12 08:37:10 myrhelserver sshd[13822]: pam_winbind(sshd:auth): user 'juan' denied access (incorrect password or invalid membership) Jan 12 08:37:17 myrhelserver sshd[13822]: pam_winbind(sshd:auth): getting password (0x00000010) Jan 12 08:37:17 myrhelserver sshd[13822]: pam_winbind(sshd:auth): pam_get_item returned a password Jan 12 08:37:17 myrhelserver sshd[13822]: pam_winbind(sshd:auth): user 'juan' granted access Jan 12 08:37:17 myrhelserver sshd[13822]: pam_winbind(sshd:account): user 'juan' granted access Jan 12 08:37:17 myrhelserver sshd[13822]: Accepted password for juan from 172.16.248.174 port 57858 ssh2 Jan 12 08:37:17 myrhelserver sshd[13822]: pam_unix(sshd:session): session opened for user juan by (uid=0) WBC_ERR_AUTH_ERRORJan 12 08:37:35 myrhelserver sshd[13874]: Connection closed by 172.16.1.62 ---------------- This is my /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so skel=/etc/skel umask=0022 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so This is my /etc/samba/smb.conf: #======================= Global Settings ===================================== [global] workgroup = mydomain winbind separator = + server string = Samba Server security = ads load printers = yes winbind enum users = yes winbind enum groups = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 local master = no dns proxy = no password server = ad1.mydomain.com ad2.mydomain.com realm = MYDOMAIN.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = true [homes] comment = Home Directories browseable = no writable = yes So,does anybody have an idea of WHY am I getting the "WRONG PASSWORD" message when I successfully authenticate? Thanks. Juan Machado From andreas.moroder at sb-brixen.it Tue Jan 12 08:33:40 2010 From: andreas.moroder at sb-brixen.it (Andreas Moroder) Date: Tue, 12 Jan 2010 16:33:40 +0100 Subject: [Samba] concurrent ms access usage does not work with 3.4.3 Message-ID: Since we upgraded samba to 3.4.3 ( from 3.0.26a ) on our fileserver only one user at a time can use a ms access ( .mdb ) program we wrote. The second user that tries to start this application gets a message that the mdb is lockeb by another user. The strange thing is that I as administrator can connect as second uset to the mdb without problems. Is this a known probleme and is there a solution ? Thanks Andreas From bashirwz at googlemail.com Tue Jan 12 08:58:00 2010 From: bashirwz at googlemail.com (Wasim Bashir) Date: Tue, 12 Jan 2010 15:58:00 +0000 Subject: [Samba] idmap positive caching Message-ID: <91aedba31001120758q5e8d76afh2c26e5cfab301b0d@mail.gmail.com> Hi, Is there a way of changing the default idmap caching ? I believe it is current set to 1 week. I am using samba 3.3.9. Also any ideas why when this cache expires it does not renew which means I have to do a net cache flush to clear the cache ? Thanks in advance. Wasim From gaiseric.vandal at gmail.com Tue Jan 12 09:08:22 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Tue, 12 Jan 2010 11:08:22 -0500 Subject: [Samba] idmap positive caching In-Reply-To: <91aedba31001120758q5e8d76afh2c26e5cfab301b0d@mail.gmail.com> References: <91aedba31001120758q5e8d76afh2c26e5cfab301b0d@mail.gmail.com> Message-ID: <4B4C9E76.2000206@gmail.com> On 01/12/10 10:58, Wasim Bashir wrote: > Hi, > > Is there a way of changing the default idmap caching ? I believe it is > current set to 1 week. I am using samba 3.3.9. > > Also any ideas why when this cache expires it does not renew which means I > have to do a net cache flush to clear the cache ? > > Thanks in advance. > > > Wasim > If should be the "idmap cache time" parameter in smb.conf. But I have the same problem with Samba 3.0.x on Solaris 10. From my testing it looks like samba 3.4.x behaves better. I was not aware oif the "net cache flush" command- so I may add that as a cron job to my samba 3.0.x systems. From jason at redbarncomputers.com Tue Jan 12 09:57:48 2010 From: jason at redbarncomputers.com (Jason Somers) Date: Tue, 12 Jan 2010 11:57:48 -0500 Subject: [Samba] Renaming a computer on a Samba domain Message-ID: <4B4CAA0C.20904@redbarncomputers.com> We shift computers around a lot, and therefore need to rename several whenever we get new batches of systems in. Tried simply renaming a system while on the domain, but got an "access denied" error. I WAS able to disjoin the domain, remove the LDAP entry for the computer, log in as a local administrator, rename the computer, and rejoin the domain a different computer name. However, this is a HUGE pain. The number of reboots alone is a genuine time-killer. Doing it one several systems can waste an entire day. Does anyone have any suggestions? Thanks! Jason -- ================================================= Jason Somers Network Administrator Red Barn Technology Group, Inc. 1235 Front Street - Suite 3 Binghamton, NY 13905 (607) 772-1888 x222 From drescherjm at gmail.com Tue Jan 12 10:01:12 2010 From: drescherjm at gmail.com (John Drescher) Date: Tue, 12 Jan 2010 12:01:12 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <4B4CAA0C.20904@redbarncomputers.com> References: <4B4CAA0C.20904@redbarncomputers.com> Message-ID: <387ee2021001120901i4bb2d43fjf47a018f9c19710@mail.gmail.com> On Tue, Jan 12, 2010 at 11:57 AM, Jason Somers wrote: > We shift computers around a lot, and therefore need to rename several > whenever we get new batches of systems in. > > Tried simply renaming a system while on the domain, but got an "access > denied" error. I WAS able to disjoin the domain, remove the LDAP entry for > the computer, log in as a local administrator, rename the computer, and > rejoin the domain a different computer name. > > However, this is a HUGE pain. The number of reboots alone is a genuine > time-killer. Doing it one several systems can waste an entire day. Does > anyone have any suggestions? > Do all of these steps with only rebooting at the end even though windows tells you to reboot after every step. John From garydale at rogers.com Tue Jan 12 11:02:52 2010 From: garydale at rogers.com (Gary Dale) Date: Tue, 12 Jan 2010 13:02:52 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <4B4CAA0C.20904@redbarncomputers.com> References: <4B4CAA0C.20904@redbarncomputers.com> Message-ID: <4B4CB94C.4020708@rogers.com> Jason Somers wrote: > We shift computers around a lot, and therefore need to rename several > whenever we get new batches of systems in. > > Tried simply renaming a system while on the domain, but got an "access > denied" error. I WAS able to disjoin the domain, remove the LDAP entry > for the computer, log in as a local administrator, rename the > computer, and rejoin the domain a different computer name. > > However, this is a HUGE pain. The number of reboots alone is a genuine > time-killer. Doing it one several systems can waste an entire day. > Does anyone have any suggestions? > > Thanks! > Jason > Can you be more specific about what you are doing and why? I surmise that you are renaming existing Windows boxes when you get in new computers, but are the Windows boxes servers or desktops? And why do you need to rename in the first place? What happens to the old boxes? The reason I ask is that there are possibly better solutions than renaming computers. This is especially true if you are doing this frequently. From garydale at rogers.com Tue Jan 12 11:06:19 2010 From: garydale at rogers.com (Gary Dale) Date: Tue, 12 Jan 2010 13:06:19 -0500 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> Message-ID: <4B4CBA1B.9010705@rogers.com> Dave Coventry wrote: > My user is logged in to the Samba Server. > > smb.conf has the following: > > > [homes] > comment = Home Directories > read only = No > create mask = 0775 > directory mask = 0775 > browseable = No > writeable = Yes > > The files in the user's home directory are set to chmod 777. > > What do I need to do to enable the user to write to her Directory? > Who owns the files in the user's home directory? What group do they belong to? Is the user a member of that group? Has the user account been enabled? What happens when you do pdbedit -v on the Samba server? From michele.petrazzo at unipex.it Tue Jan 12 10:58:02 2010 From: michele.petrazzo at unipex.it (Michele Petrazzo - Unipex) Date: Tue, 12 Jan 2010 18:58:02 +0100 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> Message-ID: <4B4CB82A.1050606@unipex.it> Dave Coventry wrote: > My user is logged in to the Samba Server. > > smb.conf has the following: > > > [homes] > comment = Home Directories > read only = No > create mask = 0775 > directory mask = 0775 > browseable = No > writeable = Yes > > The files in the user's home directory are set to chmod 777. > > What do I need to do to enable the user to write to her Directory? So strange. For me try: - look at the log files and see with which "unix user" your user log in. - on server, login as root, "su - unix_user" and try to open/modify a file in the user home directory. For me you can't, so it's a permission problem since the configuration are ok. Michele From jason at redbarncomputers.com Tue Jan 12 12:24:25 2010 From: jason at redbarncomputers.com (Jason Somers) Date: Tue, 12 Jan 2010 14:24:25 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <4B4CB94C.4020708@rogers.com> References: <4B4CAA0C.20904@redbarncomputers.com> <4B4CB94C.4020708@rogers.com> Message-ID: <4B4CCC69.2050509@redbarncomputers.com> Clients are NFP, and have about 100 workstations. Once or twice a year, they get grants for upwards of 10 new systems. These systems get distributed to those with the most need, and in turn, their systems get passed to whomever has computers less powerful than those. System names reflect different departments and subdepartments, so if you move a computer anywhere, its name must change. Make sense? -Jason ================================================= Jason Somers Network Administrator Red Barn Technology Group, Inc. 1235 Front Street - Suite 3 Binghamton, NY 13905 (607) 772-1888 x222 Gary Dale wrote: > Jason Somers wrote: >> We shift computers around a lot, and therefore need to rename several >> whenever we get new batches of systems in. >> >> Tried simply renaming a system while on the domain, but got an >> "access denied" error. I WAS able to disjoin the domain, remove the >> LDAP entry for the computer, log in as a local administrator, rename >> the computer, and rejoin the domain a different computer name. >> >> However, this is a HUGE pain. The number of reboots alone is a >> genuine time-killer. Doing it one several systems can waste an entire >> day. Does anyone have any suggestions? >> >> Thanks! >> Jason >> > Can you be more specific about what you are doing and why? > > I surmise that you are renaming existing Windows boxes when you get in > new computers, but are the Windows boxes servers or desktops? And why > do you need to rename in the first place? What happens to the old boxes? > > The reason I ask is that there are possibly better solutions than > renaming computers. This is especially true if you are doing this > frequently. From bashirwz at googlemail.com Tue Jan 12 13:02:47 2010 From: bashirwz at googlemail.com (Wasim Bashir) Date: Tue, 12 Jan 2010 20:02:47 +0000 Subject: [Samba] idmap positive caching In-Reply-To: <4B4C9E76.2000206@gmail.com> References: <91aedba31001120758q5e8d76afh2c26e5cfab301b0d@mail.gmail.com> <4B4C9E76.2000206@gmail.com> Message-ID: <91aedba31001121202q4885be9dl2eb5343ef4a020dc@mail.gmail.com> Hi, Thanks for that however i don't think that is the parameter which i am after, basically i want to increase the timeout which looks like this when you run a net cache list : Key: IDMAP/SID2UID/S-1-5-21-1587460048-1370446368-1630864436-16176 Timeout : Wed Jan 13 15:29:11 2010 Value: 423047 the above key is almost a week old and once it expires the only way to fix it is to flush the cache, however the cache is not regenerated correctly (incorrect gids) and the only way i can fix this is to rename the idmap config inside smb.conf, flush the cache again, run a getent passwd to populate the cache, then rename idmap config back and restart smb and winbind.. then its ok for a week... 2010/1/12 Gaiseric Vandal > On 01/12/10 10:58, Wasim Bashir wrote: > >> Hi, >> >> Is there a way of changing the default idmap caching ? I believe it is >> current set to 1 week. I am using samba 3.3.9. >> >> Also any ideas why when this cache expires it does not renew which means I >> have to do a net cache flush to clear the cache ? >> >> Thanks in advance. >> >> >> Wasim >> >> > If should be the "idmap cache time" parameter in smb.conf. But I have > the same problem with Samba 3.0.x on Solaris 10. From my testing it looks > like samba 3.4.x behaves better. > > > I was not aware oif the "net cache flush" command- so I may add that as a > cron job to my samba 3.0.x systems. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > From paulg at cse.yorku.ca Tue Jan 12 12:27:04 2010 From: paulg at cse.yorku.ca (Paul Griffith) Date: Tue, 12 Jan 2010 14:27:04 -0500 Subject: [Samba] When do you End of Life older Samba versions ? Message-ID: <1263324424.18621.30.camel@plj2keg.cs.yorku.ca> Greetings, I was wondering if the Samba team has a End of Life statement on the web for the different versions of Samba out there. I know that the 3.0.x series is pretty much EOL, but what about 3.2.x and 3.3.x series ? I just want to know when I need to get the lead out and upgrade! ;) Cheers, Paul From dale at BriannasSaladDressing.com Tue Jan 12 13:09:52 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Tue, 12 Jan 2010 14:09:52 -0600 Subject: [Samba] Unable to map the group In-Reply-To: <874062de1001120231w68ba3d3dn8a55bcbb0b8f77ae@mail.gmail.com> References: <874062de1001120231w68ba3d3dn8a55bcbb0b8f77ae@mail.gmail.com> Message-ID: <4B4CD710.8030601@BriannasSaladDressing.com> On 01/12/2010 4:31 AM, Brajesh Shrivastava wrote: > Hi All, > > I am using Samba 3.2.11 on sles 10. I have create a Unix group 'grp1' and > mapped it to a ntgroup "Group One". Unix group 'grp1' has one user i.e > 'usr1'. 'net groupmap' command show the mapping with correct SID and gid > value. Please, have a look here. > > # cat /etc/group | grep grp1 > grp1:!:12613:usr1,raj1,raj2 > # > > # net groupmap list > Group One (S-1-5-21-2117825020-3123844951-2554100798-26227) -> grp1 > # > # net groupmap list verbose ntgroup="Group One" > Group One > SID : S-1-5-21-2117825020-3123844951-2554100798-26227 > Unix gid : 12613 > Unix group: grp1 > Group type: Domain Group > Comment : Domain Unix group > # > > > I have one filesystem 'fs2' exported as share 'share1' to the windows user. > What parameters do you have in [share1] ? > Initially, filesystem doesn't have any file/folder created inside it. > # ls -l /vx/fs2/ > What are the permissions and ownership of /vx/fs2 ? > total 0 > # > > If user 'usr1' mounts a share1 on windows machine and create a folder 'try' > inside it, then effective group permission goes to the unix group 'nogroup'. > # ls -l /vx/fs2/ > total 0 > drwxrwxr-x+ 2 usr1 nogroup 96 2010-01-12 05:18 try > What is the output of getfacl /vx/fs2/try ? Dale > # > > Here, I am expecting that if I assign group permission as 'Group One' from > Windows client machine. It should be assigned to the 'grp1' group on linux > side. Because, ntgroup 'Group One' is mapped to the unix group 'grp1'. I > think, I am missing something. Can you please help me resolving this issue. > > > Any help will be deeply appreciated. > From mail_of_sergey at mail.ru Tue Jan 12 13:21:18 2010 From: mail_of_sergey at mail.ru (=?koi8-r?Q?=F3=C5=D2=C7=C5=CA?=) Date: Tue, 12 Jan 2010 23:21:18 +0300 Subject: [Samba] =?koi8-r?b?RG9lcyB0ZGIgY2FuIHN0b3JlIGluY29ycmVjdCBlbmNv?= =?koi8-r?b?ZGluZyBzeW1ib2xzPw==?= Message-ID: Hello, All! I found that Samba checks description fields encoding at various tdb files to late. Case 1. FreeBSD with UTF-8 support. At some cases FreeBSD's adduser script can save incorrect UTF-8 sequence to GECOS /etc/passwd field. (Here is example http://www.acc.tula.ru/~acc107_3/samba/miscoding/gecos.txt) When user is added to Samba, Samba reads GECOS field "as is" without check in. Later it will lead to "Conversion error: Illegal multibyte sequence". At this part of log http://www.acc.tula.ru/~acc107_3/samba/miscoding/case%201.txt user 'skvorco' have problem description. Workaround: pdbedit -u user_name -f "Correct full name" Case 2. A many years ago I had used Samba with one-byte encoding - the KOI-8R - for presenting russian letters. At that time I created first groups, which haved the russian descriptions. Later I move to new version of Samba (and OS so) which supports multi-byte encoding. Today samba's logs analysis show me that the description of those first groups is still one-byte encoding!!! At this part of log http://www.acc.tula.ru/~acc107_3/samba/miscoding/case%202.txt a group 'tst-users' have one-byte encoded description. 'ugs' group haves multi-byte encoding (UTF-8) description. Because of one-byte encoded description I get error: lib/charcnv.c:convert_string_internal(263) convert_string_internal: Conversion error: Illegal multibyte sequence(???????????) librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO2 failed. and empty domain group list. Fragment of smb.conf dos charset = 866 unix charset = utf-8 preserve case = yes short preserve case = yes default case = lower case sensitive = auto So, I have two questions: 1. How to select one-byte encoded descriptions? 2. How to convert it to multi-byte encoding? Bye.Serg. From garnold at unrealsolutions.com Tue Jan 12 13:25:27 2010 From: garnold at unrealsolutions.com (Glenn T. Arnold) Date: Tue, 12 Jan 2010 15:25:27 -0500 (EST) Subject: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do In-Reply-To: <25885636.1613.1263327780051.JavaMail.root@mail> Message-ID: <12805854.1616.1263327927490.JavaMail.root@mail> I finally fixed my problem by removing samba completely removing samba and reinstalling it. What I discovered is it appears to be an issue with rights. When I reinstalled samba the /var/lib/samba had rights like this. drwxrwxr-x+ 5 root root 4096 2010-01-11 23:27 samba On my original install where the 5 is it was a 6. After the reinstall the rights the rights on /var/lib/samba was reset to 5 and I made Domain Admins have read write execute rights on the folder with setfacl. Now everything is working. -Glenn ----- Original Message ----- From: "Glenn T. Arnold" To: "Samba" Sent: Thursday, July 16, 2009 4:16:48 PM Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do Dale, Yes, I have the right assigned to my Domain Admins group and I just added it to my account just encase there is a group rights problem. Here is my user id rights. net rpc rights list "Domain\myaccount" Enter root's password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Thanks for the suggestion! -Glenn ----- Original Message ----- From: "Dale Schroeder" To: "Glenn T. Arnold" Cc: "Samba" Sent: Thursday, July 16, 2009 3:58:08 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do Glenn, Have you granted your user Print Operator privileges? net rpc rights grant SePrintOperatorPrivilege -U root http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2601337 Dale Glenn T. Arnold wrote: Initially when I posted my access problems to print$ I was using the new registry based smb.conf I had my whole configuration in the registry. Now I move my printers and print$ back to the text based smb.conf and I copied the standard ubuntu debian [printers] and [print$] out of the original ubuntu package smb.conf and the only modification that I made was under the [print$] I change read only to no instead of yes. I can not write to the share. Simply renaming print$ section to print I can access the share and write to it with no problems. Any more suggestions? I need to get this resolved. Here is my smb.conf now: [global] # configbackend = registry include = registry [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = no guest ok = no Thanks -Glenn ----- Original Message ----- From: "Glenn T. Arnold" To: samba at lists.samba.org Sent: Wednesday, July 8, 2009 1:17:21 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) I did the suggested updates to app armor and this did not solve the problem. -Glenn ----- Original Message ----- From: "Glenn T. Arnold" To: "Harry Jede" Cc: samba at lists.samba.org Sent: Monday, July 6, 2009 10:05:14 AM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) Well, I did read the fine documentation and the documentation for this current situation it was no help. The reason I am using the registry for the smb.conf is memory savings, instance changes of smb.conf going into effect, and maybe future clustering. Also, I will state if using the samba registry method is not the proper way of doing things then why would the Samba developers add this feature into Samba? ;-) The reason I set the share with the current rights, is to troubleshoot the problem and prove that my file rights were correct. When I setup the print$ share "the proper way" it is still read-only even though I had writelist in effect. I currently have 1200 pc connect to a samba-ldap servers with the proper setup with no problems. I will investigate the app armor settings Thanks -Glenn ----- Original Message ----- From: "Harry Jede" To: samba at lists.samba.org Sent: Friday, July 3, 2009 3:22:19 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) On Thursday, 2. Juli 2009 wrote Glenn T. Arnold: I just made my print$ share settings to match my print drivers share which should work same This is what you believe. and I still cannot create folders or files on the print$ share, but I can all day on the print drivers share. Would someone explain why this is happening? Here is my share settings. [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$] "path"="/var/lib/samba/printers" "comment"="Printer Drivers" "read only"="no" [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printer drivers] "path"="/var/lib/samba/printers" "read only"="no" Why are you doing this? I think you should reread the excellent Samba docu again. Thanks -Glenn ----- Original Message ----- From: "Glenn T. Arnold" To: "samba" Sent: Thursday, July 2, 2009 3:29:29 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-) Harry, You did give me an idea though. For grins I just set rights to 0777 even on the extended acls and I still get access denied when trying to upload print drivers. Here is the updated rights on /var/lib/samba/printers. You make your own changes. That's really fine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From garydale at rogers.com Tue Jan 12 13:41:02 2010 From: garydale at rogers.com (Gary Dale) Date: Tue, 12 Jan 2010 15:41:02 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <4B4CCC69.2050509@redbarncomputers.com> References: <4B4CAA0C.20904@redbarncomputers.com> <4B4CB94C.4020708@rogers.com> <4B4CCC69.2050509@redbarncomputers.com> Message-ID: <4B4CDE5E.5010008@rogers.com> No it doesn't. :) Most companies simply keep record of who has what equipment. Assign an inventory number to the asset then record the current holder of that asset. This allows you to keep track of the full life cycle of the asset. Changing the identifier every time the asset gets reassigned prevents this. This is asset/inventory control 101. However, I'm also guess that you don't want any old files left on the computers when they change departments. You should be re-imaging the drives each time they move. So use LDAP transactions to remove the old computer names from the domain. Re-image the drives and join them to the domain with their new names. Apart from the LDAP transaction, this is the same as not changing the name. If you're not re-imaging then I have to ask why not? However, I don't believe you need to leave the domain to change a name. Have you tried logging on with a local account then joining the domain with the new name? Removing the old name from the LDAP database should be sufficient. Jason Somers wrote: > Clients are NFP, and have about 100 workstations. Once or twice a > year, they get grants for upwards of 10 new systems. These systems get > distributed to those with the most need, and in turn, their systems > get passed to whomever has computers less powerful than those. System > names reflect different departments and subdepartments, so if you move > a computer anywhere, its name must change. > > Make sense? > > -Jason > > ================================================= > Jason Somers > Network Administrator > Red Barn Technology Group, Inc. > 1235 Front Street - Suite 3 > Binghamton, NY 13905 > (607) 772-1888 x222 > > > > Gary Dale wrote: >> Jason Somers wrote: >>> We shift computers around a lot, and therefore need to rename >>> several whenever we get new batches of systems in. >>> >>> Tried simply renaming a system while on the domain, but got an >>> "access denied" error. I WAS able to disjoin the domain, remove the >>> LDAP entry for the computer, log in as a local administrator, rename >>> the computer, and rejoin the domain a different computer name. >>> >>> However, this is a HUGE pain. The number of reboots alone is a >>> genuine time-killer. Doing it one several systems can waste an >>> entire day. Does anyone have any suggestions? >>> >>> Thanks! >>> Jason >>> >> Can you be more specific about what you are doing and why? >> >> I surmise that you are renaming existing Windows boxes when you get >> in new computers, but are the Windows boxes servers or desktops? And >> why do you need to rename in the first place? What happens to the old >> boxes? >> >> The reason I ask is that there are possibly better solutions than >> renaming computers. This is especially true if you are doing this >> frequently. From garydale at rogers.com Tue Jan 12 13:45:27 2010 From: garydale at rogers.com (Gary Dale) Date: Tue, 12 Jan 2010 15:45:27 -0500 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001121111y3842860fvf7541961823670b9@mail.gmail.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> <4B4CBA1B.9010705@rogers.com> <4cba5adc1001121111y3842860fvf7541961823670b9@mail.gmail.com> Message-ID: <4B4CDF67.4060303@rogers.com> Dave Coventry wrote: > Hi Gary, thanks for taking the time... > > 2010/1/12 Gary Dale : > >> Who owns the files in the user's home directory? What group do they belong >> to? Is the user a member of that group? Has the user account been enabled? >> > > > She does: (her name is Patience) > > chown patirnce:patience -R /hom/patience > I hope you've got some typos in the above line and it's not what you actually typed. :) > >> What happens when you do pdbedit -v on the Samba server? >> > > server:~# pdbedit -v patience > Unix username: patience > NT username: > Account Flags: [U ] > User SID: S-1-5-21-1378684879-2305813817-1546644450-3010 > Primary Group SID: S-1-5-21-1378684879-2305813817-1546644450-513 > Full Name: Kebonye Patience Vry,,, > Home Directory: \\server\patience > HomeDir Drive: > Logon Script: > Profile Path: \\server\patience\profile > Domain: SERVER > Account desc: > Workstations: > Munged dial: > Logon time: 0 > Logoff time: never > Kickoff time: never > Password last set: Mon, 14 Dec 2009 08:17:20 SAST > Password can change: Mon, 14 Dec 2009 08:17:20 SAST > Password must change: never > Last bad password : 0 > Bad password count : 0 > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Have you checked the id mapping and group mapping for her SIDs? From retlaw.rentuam at gmail.com Tue Jan 12 13:54:57 2010 From: retlaw.rentuam at gmail.com (Walter Mautner) Date: Tue, 12 Jan 2010 21:54:57 +0100 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <4B4CCC69.2050509@redbarncomputers.com> References: <4B4CAA0C.20904@redbarncomputers.com> <4B4CB94C.4020708@rogers.com> <4B4CCC69.2050509@redbarncomputers.com> Message-ID: <201001122154.57491.retlaw.rentuam@gmail.com> Am Dienstag, 12. Januar 2010 20:24:25 schrieb Jason Somers: > Clients are NFP, and have about 100 workstations. Once or twice a year, > they get grants for upwards of 10 new systems. These systems get > distributed to those with the most need, and in turn, their systems get > passed to whomever has computers less powerful than those. System names > reflect different departments and subdepartments, so if you move a > computer anywhere, its name must change. > > Make sense? > Changing policy makes even more sense. Like here, our main office is getting crowded while one or the other branch office dies due to financial cuts. That makes for a lot of internal moves. While we had our client computers named that way as well, a while ago, we soon faced the nightmare (it's not only the samba/ldap, but other servers like the av management server, policy-driven services and whatever) of having to change a lot of data and database entries on every move. Now, we just number the boxen (try to change to numbers representing the SAP- generated 6-digit asset ids) and keep the location and similar info in a single database asset database. From garnold at unrealsolutions.com Tue Jan 12 14:17:47 2010 From: garnold at unrealsolutions.com (Glenn T. Arnold) Date: Tue, 12 Jan 2010 16:17:47 -0500 (EST) Subject: [Samba] printcap cache time using registry config on Ubuntu 9.04 samba 3.3.2 In-Reply-To: <4661712.1664.1263331062865.JavaMail.root@mail> Message-ID: <5463098.1667.1263331067795.JavaMail.root@mail> I have been reading the man page on printcap cache time setting and have some questions. How much load does this put on a server if you have the setting less then 60? The reason I have this setting less than 60 is when I use an all registry samba configuration the printers do not show up if you browse the server or when you goto the Windows XP pc with the printer already connect shows printer status opening, but if you wait the default time period that samba sets for the printcap cache time the printer will eventually show up under the server. When I used the smb.conf file I did not observer this behavior. The reason I am using the all registry conf is to save some memory on the server. I have observed this behavior on another customers server with the same version ubuntu. The printcap cache time setting less than 60 seems to fix the issue or mask the issue enough to be liveable, but I want to make sure that I am not missing anything in configuring samba. Here is my config. [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\global] "server string"="" "dos charset"="850" "unix charset"="ISO8859-1" "workgroup"="MYDOMAIN" "interfaces"="bond0, lo" "passdb backend"="ldapsam:ldap://myserver01.mthcs.net" "passwd program"="/usr/sbin//smbldap-passwd %u" "username map"="/etc/samba/smbusers" "syslog"="0" "time server"="Yes" "socket options"="IPTOS_THROUGHPUT TCP_NODELAY" "add user script"="/usr/sbin//smbldap-useradd -m \"%u\"" "delete user script"="/usr/sbin//smbldap-userdel \"%u\"" "add group script"="/usr/sbin//smbldap-groupadd -p \"%g\"" "delete group script"="/usr/sbin//smbldap-groupdel \"%g\"" "add user to group script"="/usr/sbin//smbldap-groupmod -m \"%u\" \"%g\"" "delete user from group script"="/usr/sbin//smbldap-groupmod -x \"%u\" \"%g\"" "set primary group script"="/usr/sbin//smbldap-usermod -g \"%g\" \"%u\"" "add machine script"="/usr/sbin//smbldap-useradd -w \"%u\"" "logon script"="wkix32.exe logon.kix" "logon path"="" "logon drive"="h:" "logon home"="" "domain logons"="Yes" "os level"="60" "preferred master"="Yes" "domain master"="No" "wins server"="10.100.0.10" "lanman auth"="yes" "ldap admin dn"="cn=admin,dc=mthcs,dc=net" "ldap delete dn"="Yes" "ldap group suffix"="ou=Groups" "ldap idmap suffix"="ou=Users" "ldap machine suffix"="ou=Computers" "ldap passwd sync"="Yes" "ldap suffix"="dc=mthcs,dc=net" "ldap user suffix"="ou=Users" "ldap ssl"="no" "add share command"="/usr/bin/modify_samba_config.pl" "change share command"="/usr/bin/modify_samba_config.pl" "delete share command"="/usr/bin/modify_samba_config.pl" "utmp"="Yes" "idmap uid"="10000-20000" "idmap gid"="10000-20000" "printing"="cups" "printcap name"="cups" "force printername"="Yes" "default devmode"="no" "wins support"="no" "smb ports"="139" "usershare max shares"="0" "log level"="0" "printcap cache time"="30" [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$] "comment"="Printer Drivers" "path"="/var/lib/samba/printers" "write list"="\"@Domain Admins\", root" [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printers] "comment"="All Printers" "path"="/var/spool/samba" "guest ok"="Yes" "printable"="Yes" "browseable"="No" Thanks -Glenn From Volker.Lendecke at SerNet.DE Tue Jan 12 14:21:47 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue, 12 Jan 2010 22:21:47 +0100 Subject: [Samba] When do you End of Life older Samba versions ? In-Reply-To: <1263324424.18621.30.camel@plj2keg.cs.yorku.ca> References: <1263324424.18621.30.camel@plj2keg.cs.yorku.ca> Message-ID: On Tue, Jan 12, 2010 at 02:27:04PM -0500, Paul Griffith wrote: > I was wondering if the Samba team has a End of Life statement on the web > for the different versions of Samba out there. I know that the 3.0.x > series is pretty much EOL, but what about 3.2.x and 3.3.x series ? > > I just want to know when I need to get the lead out and upgrade! ;) http://wiki.samba.org/index.php/Samba3_Release_Planning should explain a piece of it. In theory, we will EOL a 3.x series 12 months after 3.x.0 was released. In practice, we will not fix any bugs anymore and we don't commit to doing security updates after those 12 months. But depending on our work load and user demand, those security updates still happen a lot longer. You just can't count on them anymore :-) Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From Volker.Lendecke at SerNet.DE Tue Jan 12 14:14:10 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue, 12 Jan 2010 22:14:10 +0100 Subject: [Samba] Does tdb can store incorrect encoding symbols? In-Reply-To: References: Message-ID: On Tue, Jan 12, 2010 at 11:21:18PM +0300, ?????? wrote: > Case 2. > A many years ago I had used Samba with one-byte encoding - the KOI-8R - for presenting russian letters. At that time I created first groups, which haved the russian descriptions. > Later I move to new version of Samba (and OS so) which supports multi-byte encoding. Today samba's logs analysis show me that the description of those first groups is still one-byte encoding!!! > At this part of log http://www.acc.tula.ru/~acc107_3/samba/miscoding/case%202.txt a group 'tst-users' have one-byte encoded description. 'ugs' group haves multi-byte encoding (UTF-8) description. > Because of one-byte encoded description I get error: > lib/charcnv.c:convert_string_internal(263) > convert_string_internal: Conversion error: Illegal multibyte sequence(???????????) > librpc/ndr/ndr.c:ndr_push_error(493) > ndr_push_error(5): Bad char conversion > rpc_server/srv_pipe.c:api_rpcTNP(2381) > api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO2 failed. > > and empty domain group list. > > Fragment of smb.conf > dos charset = 866 > unix charset = utf-8 > preserve case = yes > short preserve case = yes > default case = lower > case sensitive = auto > > So, I have two questions: > 1. How to select one-byte encoded descriptions? Does "unix charset = KOI-8R" help? > 2. How to convert it to multi-byte encoding? Within a tdb? Probably just with pdbedit or "net groupmap" commands. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From mail_of_sergey at mail.ru Tue Jan 12 14:32:43 2010 From: mail_of_sergey at mail.ru (=?koi8-r?Q?=F3=C5=D2=C7=C5=CA?=) Date: Wed, 13 Jan 2010 00:32:43 +0300 Subject: [Samba] =?koi8-r?b?RG9lcyB0ZGIgY2FuIHN0b3JlIGluY29ycmVjdCBlbmNv?= =?koi8-r?b?ZGluZyBzeW1ib2xzPw==?= In-Reply-To: References: Message-ID: Hello, Volker > > So, I have two questions: > > 1. How to select one-byte encoded descriptions? > > Does "unix charset = KOI-8R" help? No because of my filesystem is UTF-8 now. The root of problem is - tdb file stores multi-byte encoding text and one-byte encoded text. > > > 2. How to convert it to multi-byte encoding? > > Within a tdb? Probably just with pdbedit or "net groupmap" > commands. Clear, thank you. My wish is samba tool for checking encoding of tdb files. What part of samba sources I should looking attentively for my wish sakes? Thank you. Serg From Volker.Lendecke at SerNet.DE Tue Jan 12 14:40:46 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue, 12 Jan 2010 22:40:46 +0100 Subject: [Samba] Does tdb can store incorrect encoding symbols? In-Reply-To: References: Message-ID: On Wed, Jan 13, 2010 at 12:32:43AM +0300, ?????? wrote: > Hello, Volker > > > > So, I have two questions: > > > 1. How to select one-byte encoded descriptions? > > > > Does "unix charset = KOI-8R" help? > No because of my filesystem is UTF-8 now. The file system might be, but for the purpose of fixing your databases a separate smb.conf just used by pdbedit might help you. > The root of problem is - tdb file stores multi-byte > encoding text and one-byte encoded text. How shall we protect ourselves against this? > > > 2. How to convert it to multi-byte encoding? > > > > Within a tdb? Probably just with pdbedit or "net groupmap" > > commands. > Clear, thank you. > > My wish is samba tool for checking encoding of tdb files. > What part of samba sources I should looking attentively for my wish sakes? That's not an easy one, many tdb files store binary data. You need to do this on a per-tdb basis. And then -- how do you want to check the validity of an encoding. Something that looks like a correct one-byte encoding might as well be in reality UTF-8. How do you want to tell one from the other automatically? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From gaiseric.vandal at gmail.com Tue Jan 12 16:03:59 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Tue, 12 Jan 2010 18:03:59 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <201001122154.57491.retlaw.rentuam@gmail.com> References: <4B4CAA0C.20904@redbarncomputers.com> <4B4CB94C.4020708@rogers.com> <4B4CCC69.2050509@redbarncomputers.com> <201001122154.57491.retlaw.rentuam@gmail.com> Message-ID: <4B4CFFDF.70106@gmail.com> On 01/12/10 15:54, Walter Mautner wrote: > Am Dienstag, 12. Januar 2010 20:24:25 schrieb Jason Somers: > >> Clients are NFP, and have about 100 workstations. Once or twice a year, >> they get grants for upwards of 10 new systems. These systems get >> distributed to those with the most need, and in turn, their systems get >> passed to whomever has computers less powerful than those. System names >> reflect different departments and subdepartments, so if you move a >> computer anywhere, its name must change. >> >> Make sense? >> >> > Changing policy makes even more sense. Like here, our main office is getting > crowded while one or the other branch office dies due to financial cuts. > That makes for a lot of internal moves. > While we had our client computers named that way as well, a while ago, > we soon faced the nightmare (it's not only the samba/ldap, but other servers > like the av management server, policy-driven services and whatever) of having > to change a lot of data and database entries on every move. > Now, we just number the boxen (try to change to numbers representing the SAP- > generated 6-digit asset ids) and keep the location and similar info in a > single database asset database. > We use LDAP for a backend. At some point when we switched from TDB to LDAP not all the machine info imported properly. But I was able to use "smbpasswd -w" to dump out sambaSID's to copy and paste into LDAP. So if your backend was ldap you could probably change the machine name in LDAP as well as on the machine. Or possibly create a new LDAP entry and cut and paste the LDAP sambaSID. This would probably be a huge pain with a TDB backend. Once place I worked we used only dells, which had nice short service tags, which doubled as their machine names. From feldmrob at attglobal.net Tue Jan 12 15:12:28 2010 From: feldmrob at attglobal.net (Rob Feldman) Date: Tue, 12 Jan 2010 17:12:28 -0500 Subject: [Samba] Can only log on to domain, not local machine Message-ID: <000001ca93d4$54979310$fdc6b930$@net> Used Administrator login on XP client to grant domain users rights to log on to client machine (such as when offline). All attempts to log on to local machine fail authentication (error "System could not log you on. Check user name and domain..."). Everything else works fine, including logon to domain and synchronization of offline folders. Frustrating having all data available offline but inaccessible because I can't log in! Don't know what I'm doing wrong, seems like my setup is wrong preventing XP from getting password info properly for later use away from domain. Sorry if this is a dopey question, but I've pored over all howtos & other resources and am still stumped. Plenty of help available for fixing XP clients not logging into smb domain, but none I can find if XP can't log into itself. Here's the configuration: XP Pro SP3 client, all updates Ubuntu 9.10 (karmic) server, all current Samba 3.4.0 PDC Smb.conf: [global] workgroup = MYGROUP server string = %h interfaces = 10.10.10.0/24, eth0 map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . username map = /etc/samba/smbusers unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 139 name resolve order = lmhosts hosts wins bcast add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/addgroup --force-badname %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -g machines -s /bin/false -d /var/lib/nobody %u logon script = logon.cmd logon drive = H: domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d admin users = feldmadmin, @admin hide unreadable = Yes hide files = /Desktop.ini/ From jason at redbarncomputers.com Tue Jan 12 17:35:49 2010 From: jason at redbarncomputers.com (Jason Somers) Date: Tue, 12 Jan 2010 19:35:49 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <4B4CFFDF.70106@gmail.com> References: <4B4CAA0C.20904@redbarncomputers.com> <4B4CB94C.4020708@rogers.com> <4B4CCC69.2050509@redbarncomputers.com> <201001122154.57491.retlaw.rentuam@gmail.com> <4B4CFFDF.70106@gmail.com> Message-ID: <4B4D1565.1070401@redbarncomputers.com> I guess I am just missing the point here. I am not in the position to change policy. I must work with what I have inside of standard operating procedures. Why is it such a big deal to change the computer name while connected to the domain? This seems like such a simple thing (that you can do on ALL Windows domains), and yet it does not seem like it can be done on Samba... -Jason Gaiseric Vandal wrote: > On 01/12/10 15:54, Walter Mautner wrote: >> Am Dienstag, 12. Januar 2010 20:24:25 schrieb Jason Somers: >> >>> Clients are NFP, and have about 100 workstations. Once or twice a year, >>> they get grants for upwards of 10 new systems. These systems get >>> distributed to those with the most need, and in turn, their systems get >>> passed to whomever has computers less powerful than those. System >>> names >>> reflect different departments and subdepartments, so if you move a >>> computer anywhere, its name must change. >>> >>> Make sense? >>> >>> >> Changing policy makes even more sense. Like here, our main office is >> getting >> crowded while one or the other branch office dies due to financial cuts. >> That makes for a lot of internal moves. >> While we had our client computers named that way as well, a while ago, >> we soon faced the nightmare (it's not only the samba/ldap, but other >> servers >> like the av management server, policy-driven services and whatever) >> of having >> to change a lot of data and database entries on every move. >> Now, we just number the boxen (try to change to numbers representing >> the SAP- >> generated 6-digit asset ids) and keep the location and similar info in a >> single database asset database. >> > > > We use LDAP for a backend. At some point when we switched from TDB > to LDAP not all the machine info imported properly. But I was able > to use "smbpasswd -w" to dump out sambaSID's to copy and paste into LDAP. > > So if your backend was ldap you could probably change the machine name > in LDAP as well as on the machine. Or possibly create a new LDAP > entry and cut and paste the LDAP sambaSID. This would probably be a > huge pain with a TDB backend. > > Once place I worked we used only dells, which had nice short service > tags, which doubled as their machine names. > > From drescherjm at gmail.com Tue Jan 12 18:12:15 2010 From: drescherjm at gmail.com (John Drescher) Date: Tue, 12 Jan 2010 20:12:15 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <4B4D1565.1070401@redbarncomputers.com> References: <4B4CAA0C.20904@redbarncomputers.com> <4B4CB94C.4020708@rogers.com> <4B4CCC69.2050509@redbarncomputers.com> <201001122154.57491.retlaw.rentuam@gmail.com> <4B4CFFDF.70106@gmail.com> <4B4D1565.1070401@redbarncomputers.com> Message-ID: <387ee2021001121712p33b1f420n78b3abf51707f79@mail.gmail.com> On Tue, Jan 12, 2010 at 7:35 PM, Jason Somers wrote: > I guess I am just missing the point here. I am not in the position to change > policy. I must work with what I have inside of standard operating > procedures. > > Why is it such a big deal to change the computer name while connected to the > domain? This seems like such a simple thing (that you can do on ALL Windows > domains), and yet it does not seem like it can be done on Samba... > I am sorry. I misread your first post. I believe what I have done was 1. create a new machine account in ldap (this is needed because I have nscd running) 2. Move the machine out of the domain to workgroup in windows. Do not reboot even though it asks. 3. Rename the machine in windows. In this step you may have to reboot. 4. Readd the machine to the domain. John From samba at piven.org Tue Jan 12 18:38:02 2010 From: samba at piven.org (samba at piven.org) Date: Tue, 12 Jan 2010 19:38:02 -0600 Subject: [Samba] Can only log on to domain, not local machine In-Reply-To: <000001ca93d4$54979310$fdc6b930$@net> References: <000001ca93d4$54979310$fdc6b930$@net> Message-ID: <4B4D23FA.1020403@piven.org> Rob Feldman wrote: > Used Administrator login on XP client to grant domain users rights to log on > to client machine (such as when offline). All attempts to log on to local > machine fail authentication (error "System could not log you on. Check user > name and domain..."). Everything else works fine, including logon to domain > and synchronization of offline folders. Frustrating having all data > available offline but inaccessible because I can't log in! > > Don't know what I'm doing wrong, seems like my setup is wrong preventing XP > from getting password info properly for later use away from domain. Sorry if > this is a dopey question, but I've pored over all howtos & other resources > and am still stumped. Plenty of help available for fixing XP clients not > logging into smb domain, but none I can find if XP can't log into itself. > Have you tried just logging in with the domain login and password? XP Pro caches login credentials, so the next time a user logs in, the cached credentials can be used if for some reason the machine can't contact a domain controller. For example, I have an XP Pro machine on my desk, joined to a domain managed by a Samba server. I pulled the network cable out of that machine, then logged into it using my plain old unprivileged domain logon. Works fine, except that I can't get to my home directory out on the Samba server :-) Microsoft already did the grunt work to let your users logon to an off-network machine. Don From garydale at rogers.com Tue Jan 12 19:44:20 2010 From: garydale at rogers.com (Gary Dale) Date: Tue, 12 Jan 2010 21:44:20 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <4B4D1565.1070401@redbarncomputers.com> References: <4B4CAA0C.20904@redbarncomputers.com> <4B4CB94C.4020708@rogers.com> <4B4CCC69.2050509@redbarncomputers.com> <201001122154.57491.retlaw.rentuam@gmail.com> <4B4CFFDF.70106@gmail.com> <4B4D1565.1070401@redbarncomputers.com> Message-ID: <4B4D3384.9070508@rogers.com> It's not a Samba issue. It's a Windows issue. Windows associates the account name with a particular SID, whether it's a machine or a user account. You can't just change the name like you can in Unix. Now I admit I haven't worked on Windows Servers newer than W2K but the NT domain stuff hasn't changed. The only way to change an account name for a SID is to remove it first then re-add it under the new name. With Samba and machine accounts this can be done by dropping the machine account from the database then changing the machine name on the local machine while adding it back into the Domain. Again however, if you are re-assigning machines without re-imaging them, you've got a security problem to deal with. I'm not saying you have to do a DoD-type erase, but at least don't leave files around that can be easily undeleted. Re-imaging has been around for more than a decade. It's not that hard to do. And it takes care of your issues with changing the name - just give the re-imaged machine its new name. The only down side is (the last time I checked anyway) is you need a commercial package like Ghost to give each image a unique SID. Jason Somers wrote: > I guess I am just missing the point here. I am not in the position to > change policy. I must work with what I have inside of standard > operating procedures. > > Why is it such a big deal to change the computer name while connected > to the domain? This seems like such a simple thing (that you can do on > ALL Windows domains), and yet it does not seem like it can be done on > Samba... > > -Jason > > > Gaiseric Vandal wrote: >> On 01/12/10 15:54, Walter Mautner wrote: >>> Am Dienstag, 12. Januar 2010 20:24:25 schrieb Jason Somers: >>> >>>> Clients are NFP, and have about 100 workstations. Once or twice a >>>> year, >>>> they get grants for upwards of 10 new systems. These systems get >>>> distributed to those with the most need, and in turn, their systems >>>> get >>>> passed to whomever has computers less powerful than those. System >>>> names >>>> reflect different departments and subdepartments, so if you move a >>>> computer anywhere, its name must change. >>>> >>>> Make sense? >>>> >>>> >>> Changing policy makes even more sense. Like here, our main office is >>> getting >>> crowded while one or the other branch office dies due to financial >>> cuts. >>> That makes for a lot of internal moves. >>> While we had our client computers named that way as well, a while ago, >>> we soon faced the nightmare (it's not only the samba/ldap, but other >>> servers >>> like the av management server, policy-driven services and whatever) >>> of having >>> to change a lot of data and database entries on every move. >>> Now, we just number the boxen (try to change to numbers representing >>> the SAP- >>> generated 6-digit asset ids) and keep the location and similar info >>> in a >>> single database asset database. >>> >> >> >> We use LDAP for a backend. At some point when we switched from TDB >> to LDAP not all the machine info imported properly. But I was able >> to use "smbpasswd -w" to dump out sambaSID's to copy and paste into >> LDAP. >> >> So if your backend was ldap you could probably change the machine >> name in LDAP as well as on the machine. Or possibly create a new >> LDAP entry and cut and paste the LDAP sambaSID. This would probably >> be a huge pain with a TDB backend. >> >> Once place I worked we used only dells, which had nice short service >> tags, which doubled as their machine names. >> >> > From feldmrob at attglobal.net Tue Jan 12 19:14:14 2010 From: feldmrob at attglobal.net (Rob Feldman) Date: Tue, 12 Jan 2010 21:14:14 -0500 Subject: [Samba] Can only log on to domain, not local machine In-Reply-To: <4B4D23FA.1020403@piven.org> References: <000001ca93d4$54979310$fdc6b930$@net> <4B4D23FA.1020403@piven.org> Message-ID: <000901ca93f6$1af14da0$50d3e8e0$@net> Hi Don, Yeah, the behavior you describe is what I expected but not what I'm getting. All domain UID/Password pairs authenticate fine when connected, none do when disconnected. The login credentials are not being cached, but I can't figure out why. I checked the XP group policy and the default setting to keep the last 10 logins is intact. My setup is the same as yours, XP clients of domain with a Samba PDC. I maintain another similar system at work which works fine. I really appreciate the effort -- any other ideas? Thanks, Rob -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of samba at piven.org Sent: Tuesday, January 12, 2010 8:38 PM To: samba at lists.samba.org Subject: Re: [Samba] Can only log on to domain, not local machine Rob Feldman wrote: > Used Administrator login on XP client to grant domain users rights to log on > to client machine (such as when offline). All attempts to log on to local > machine fail authentication (error "System could not log you on. Check user > name and domain..."). Everything else works fine, including logon to domain > and synchronization of offline folders. Frustrating having all data > available offline but inaccessible because I can't log in! > > Don't know what I'm doing wrong, seems like my setup is wrong preventing XP > from getting password info properly for later use away from domain. Sorry if > this is a dopey question, but I've pored over all howtos & other resources > and am still stumped. Plenty of help available for fixing XP clients not > logging into smb domain, but none I can find if XP can't log into itself. > Have you tried just logging in with the domain login and password? XP Pro caches login credentials, so the next time a user logs in, the cached credentials can be used if for some reason the machine can't contact a domain controller. For example, I have an XP Pro machine on my desk, joined to a domain managed by a Samba server. I pulled the network cable out of that machine, then logged into it using my plain old unprivileged domain logon. Works fine, except that I can't get to my home directory out on the Samba server :-) Microsoft already did the grunt work to let your users logon to an off-network machine. Don -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From dgcoventry at gmail.com Wed Jan 13 00:11:23 2010 From: dgcoventry at gmail.com (Dave Coventry) Date: Wed, 13 Jan 2010 09:11:23 +0200 Subject: [Samba] Fwd: Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001122304o419615a1y14348da80799957c@mail.gmail.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> <4B4CBA1B.9010705@rogers.com> <4cba5adc1001121111y3842860fvf7541961823670b9@mail.gmail.com> <4B4CDF67.4060303@rogers.com> <4cba5adc1001122304o419615a1y14348da80799957c@mail.gmail.com> Message-ID: <4cba5adc1001122311ieef9e8era98dc542f34ad364@mail.gmail.com> Sorry, I fell into the trap of using the 'Reply' gmail button instead of 'Reply All'. :( ---------- Forwarded message ---------- From: Dave Coventry Date: 2010/1/13 Subject: Re: [Samba] Documents in home folder 'Read Only' To: Gary Dale Hi Gary. 2010/1/12 Gary Dale : >> chown patirnce:patience -R /hom/patience >> > > I hope you've got some typos in the above line and it's not what you > actually typed. ?:) Yep. Small laptop keyboard; big fingers. > Have you checked the id mapping and group mapping for her SIDs? How do I get a list of Samba users and mappings? I am now getting the following errors: tail /var/log/samba/log.reception [2010/01/13 08:34:46, ?0] auth/pampass.c:smb_pam_accountcheck(791) ?smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! [2010/01/13 08:59:07, ?0] auth/pampass.c:smb_pam_account(583) ?smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: patience [2010/01/13 08:59:07, ?0] auth/pampass.c:smb_pam_accountcheck(791) ?smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! [2010/01/13 08:59:32, ?0] auth/pampass.c:smb_pam_account(583) ?smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: patience [2010/01/13 08:59:32, ?0] auth/pampass.c:smb_pam_accountcheck(791) ?smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! From t-oota at dh.jp.nec.com Wed Jan 13 01:01:03 2010 From: t-oota at dh.jp.nec.com (ITPFS oota) Date: Wed, 13 Jan 2010 17:01:03 +0900 Subject: [Samba] TOSHARG-CUPS-Printing.xml, AdvancedNetworkAdmin.xml, Integrating-with -Windows.xml finished and some bug Message-ID: <20100113080103.GG9923@mail.linux.bs1.fc.nec.co.jp> Now, TOSHARG-CUPS-Printing.xml,TOSHARG-AdvancedNetworkAdmin.xml,TOSHARG-Integrating-with-Windows.xml translate to Japanese finished(3.4.0 base). And some bug found. ------------------------------------------------------------------------------- TOSHARG-CUPS-Printing.xml The setdriver command will fail if in Samba's mind the queue is not already there. A successful installation displys the promising message that the: ------- displays Printer Driver ABC successfully installed. ------------------------------------------------------------------------------- TOSHARG-AdvancedNetworkAdmin.xml ThinLinc an be used both in the LAN environment to implement a Thin Client strategy for an organization, and as --can secure remote access solution for people working from remote locations, even over smallband connections. ThinLinc is free to use for a single concurrent user. ------------------------------------------------------------------------------- TOSHARG-Integrating-with-Windows.xml ------------------------------------------ no future All MS Windows machines employ an in-memory buffer in which is stored the NetBIOS names and IP addresses for all external machines that machine has communicated with over the past 10 to 15 minutes. It is more efficient to obtain an IP address for a machine from the local cache than it is to go through all the configured name resolution mechanisms. -- --- Oota Toshiya --- t-oota at dh.jp.nec.com NEC Systems Software Operations Unit Shiba,Minato,Tokyo IT Platform Solutions Division Japan,Earth,Solar system (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster) From dgcoventry at gmail.com Wed Jan 13 01:58:54 2010 From: dgcoventry at gmail.com (Dave Coventry) Date: Wed, 13 Jan 2010 10:58:54 +0200 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001122311ieef9e8era98dc542f34ad364@mail.gmail.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> <4B4CBA1B.9010705@rogers.com> <4cba5adc1001121111y3842860fvf7541961823670b9@mail.gmail.com> <4B4CDF67.4060303@rogers.com> <4cba5adc1001122304o419615a1y14348da80799957c@mail.gmail.com> <4cba5adc1001122311ieef9e8era98dc542f34ad364@mail.gmail.com> Message-ID: <4cba5adc1001130058l7c72f38aqce764c669b07b6c6@mail.gmail.com> Got it working. The users on the Windows systems all have have their names Capitalised. I had used Swat earlier in an attempt to iron out some Authentication issues and it had removed the line 'username level 2' from my /etc/samba/smb.conf file. 2010/1/13 Dave Coventry : > Sorry, I fell into the trap of using the 'Reply' gmail button instead > of 'Reply All'. :( > > > ---------- Forwarded message ---------- > From: Dave Coventry > Date: 2010/1/13 > Subject: Re: [Samba] Documents in home folder 'Read Only' > To: Gary Dale > > > Hi Gary. > > 2010/1/12 Gary Dale : >>> chown patirnce:patience -R /hom/patience >>> >> >> I hope you've got some typos in the above line and it's not what you >> actually typed. ?:) > > Yep. Small laptop keyboard; big fingers. > >> Have you checked the id mapping and group mapping for her SIDs? > > How do I get a list of Samba users and mappings? > > I am now getting the following errors: > > tail /var/log/samba/log.reception > [2010/01/13 08:34:46, ?0] auth/pampass.c:smb_pam_accountcheck(791) > ?smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting > User patience! > [2010/01/13 08:59:07, ?0] auth/pampass.c:smb_pam_account(583) > ?smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account > Management for User: patience > [2010/01/13 08:59:07, ?0] auth/pampass.c:smb_pam_accountcheck(791) > ?smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting > User patience! > [2010/01/13 08:59:32, ?0] auth/pampass.c:smb_pam_account(583) > ?smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account > Management for User: patience > [2010/01/13 08:59:32, ?0] auth/pampass.c:smb_pam_accountcheck(791) > ?smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting > User patience! > From garnold at unrealsolutions.com Wed Jan 13 06:10:41 2010 From: garnold at unrealsolutions.com (Glenn T. Arnold) Date: Wed, 13 Jan 2010 08:10:41 -0500 (EST) Subject: [Samba] printcap cache time using registry config on Ubuntu 9.04 samba 3.3.2 In-Reply-To: <5463098.1667.1263331067795.JavaMail.root@mail> Message-ID: <10915642.1720.1263388241289.JavaMail.root@mail> I went back to smb.conf file instead of registry, because the printers were delayed showing when you browsed for the server on the network or if the printer is already connected it would take a while tell the printer would say ready instead of opening. when using the registry config. Has anybody seen this before? Thanks -Glenn ----- Original Message ----- From: "Glenn T. Arnold" To: "Samba" Sent: Tuesday, January 12, 2010 4:17:47 PM Subject: [Samba] printcap cache time using registry config on Ubuntu 9.04 samba 3.3.2 I have been reading the man page on printcap cache time setting and have some questions. How much load does this put on a server if you have the setting less then 60? The reason I have this setting less than 60 is when I use an all registry samba configuration the printers do not show up if you browse the server or when you goto the Windows XP pc with the printer already connect shows printer status opening, but if you wait the default time period that samba sets for the printcap cache time the printer will eventually show up under the server. When I used the smb.conf file I did not observer this behavior. The reason I am using the all registry conf is to save some memory on the server. I have observed this behavior on another customers server with the same version ubuntu. The printcap cache time setting less than 60 seems to fix the issue or mask the issue enough to be liveable, but I want to make sure that I am not missing anything in configuring samba. Here is my config. [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\global] "server string"="" "dos charset"="850" "unix charset"="ISO8859-1" "workgroup"="MYDOMAIN" "interfaces"="bond0, lo" "passdb backend"="ldapsam:ldap://myserver01.mthcs.net" "passwd program"="/usr/sbin//smbldap-passwd %u" "username map"="/etc/samba/smbusers" "syslog"="0" "time server"="Yes" "socket options"="IPTOS_THROUGHPUT TCP_NODELAY" "add user script"="/usr/sbin//smbldap-useradd -m \"%u\"" "delete user script"="/usr/sbin//smbldap-userdel \"%u\"" "add group script"="/usr/sbin//smbldap-groupadd -p \"%g\"" "delete group script"="/usr/sbin//smbldap-groupdel \"%g\"" "add user to group script"="/usr/sbin//smbldap-groupmod -m \"%u\" \"%g\"" "delete user from group script"="/usr/sbin//smbldap-groupmod -x \"%u\" \"%g\"" "set primary group script"="/usr/sbin//smbldap-usermod -g \"%g\" \"%u\"" "add machine script"="/usr/sbin//smbldap-useradd -w \"%u\"" "logon script"="wkix32.exe logon.kix" "logon path"="" "logon drive"="h:" "logon home"="" "domain logons"="Yes" "os level"="60" "preferred master"="Yes" "domain master"="No" "wins server"="10.100.0.10" "lanman auth"="yes" "ldap admin dn"="cn=admin,dc=mthcs,dc=net" "ldap delete dn"="Yes" "ldap group suffix"="ou=Groups" "ldap idmap suffix"="ou=Users" "ldap machine suffix"="ou=Computers" "ldap passwd sync"="Yes" "ldap suffix"="dc=mthcs,dc=net" "ldap user suffix"="ou=Users" "ldap ssl"="no" "add share command"="/usr/bin/modify_samba_config.pl" "change share command"="/usr/bin/modify_samba_config.pl" "delete share command"="/usr/bin/modify_samba_config.pl" "utmp"="Yes" "idmap uid"="10000-20000" "idmap gid"="10000-20000" "printing"="cups" "printcap name"="cups" "force printername"="Yes" "default devmode"="no" "wins support"="no" "smb ports"="139" "usershare max shares"="0" "log level"="0" "printcap cache time"="30" [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$] "comment"="Printer Drivers" "path"="/var/lib/samba/printers" "write list"="\"@Domain Admins\", root" [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printers] "comment"="All Printers" "path"="/var/spool/samba" "guest ok"="Yes" "printable"="Yes" "browseable"="No" Thanks -Glenn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From garydale at rogers.com Wed Jan 13 06:49:04 2010 From: garydale at rogers.com (Gary Dale) Date: Wed, 13 Jan 2010 08:49:04 -0500 Subject: [Samba] Renaming a computer on a Samba domain In-Reply-To: <5a8aa6681001130122ycb2f15aib1c6a3371b8215c2@mail.gmail.com> References: <4B4CAA0C.20904@redbarncomputers.com> <4B4CB94C.4020708@rogers.com> <4B4CCC69.2050509@redbarncomputers.com> <201001122154.57491.retlaw.rentuam@gmail.com> <4B4CFFDF.70106@gmail.com> <4B4D1565.1070401@redbarncomputers.com> <4B4D3384.9070508@rogers.com> <5a8aa6681001130122ycb2f15aib1c6a3371b8215c2@mail.gmail.com> Message-ID: <4B4DCF50.4090202@rogers.com> Michael Wood wrote: > 2010/1/13 Gary Dale : > [...] > >> The only down side is (the last >> time I checked anyway) is you need a commercial package like Ghost to give >> each image a unique SID. >> > > >From http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx > > Note: NewSID has been retired and is no longer available for download. > Please see Mark Russinovich?s blog post: NewSID Retirement and the > Machine SID Duplication Myth[1] > > [1] http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx > > Thanks Micheal. So DD + M$ SysPrep will do the trick. Good to know. From mlueck at lueckdatasystems.com Wed Jan 13 07:05:08 2010 From: mlueck at lueckdatasystems.com (Michael Lueck) Date: Wed, 13 Jan 2010 09:05:08 -0500 Subject: [Samba] Syntax to mount.cifs the $Home share? Message-ID: The man page for mount.cifs does not appear to indicate the correct syntax to use in order to mound the $Home share to a directory on the local Linux workstation. I would like to mount it to somewhere besides /home/userid, so perhaps following the standards I set, /mnt/servername/userid Suggestions appreciated. Thanks! -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ From dgcoventry at gmail.com Wed Jan 13 07:23:24 2010 From: dgcoventry at gmail.com (Dave Coventry) Date: Wed, 13 Jan 2010 16:23:24 +0200 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001130058l7c72f38aqce764c669b07b6c6@mail.gmail.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> <4B4CBA1B.9010705@rogers.com> <4cba5adc1001121111y3842860fvf7541961823670b9@mail.gmail.com> <4B4CDF67.4060303@rogers.com> <4cba5adc1001122304o419615a1y14348da80799957c@mail.gmail.com> <4cba5adc1001122311ieef9e8era98dc542f34ad364@mail.gmail.com> <4cba5adc1001130058l7c72f38aqce764c669b07b6c6@mail.gmail.com> Message-ID: <4cba5adc1001130623g6b0edc7bycb69521d8ce6d324@mail.gmail.com> Sorry: the user told me she was in, but she is using someone else's password. (her supervisor's) It's no longer that she can't write to her home directory: she can't log in at all now. tail /var/log/samba/log.reception [2010/01/13 16:07:33, 0] auth/pampass.c:smb_pam_accountcheck(791) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! [2010/01/13 16:07:50, 0] auth/pampass.c:smb_pam_account(583) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: patience [2010/01/13 16:07:50, 0] auth/pampass.c:smb_pam_accountcheck(791) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! [2010/01/13 16:08:32, 0] auth/pampass.c:smb_pam_account(583) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: patience [2010/01/13 16:08:32, 0] auth/pampass.c:smb_pam_accountcheck(791) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! I have tried to reset her password using 'smbpasswd -a patience' to reset the password, but it doesn't work; she cannot access the server. From gaiseric.vandal at gmail.com Wed Jan 13 07:30:21 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Wed, 13 Jan 2010 09:30:21 -0500 Subject: [Samba] Can only log on to domain, not local machine In-Reply-To: <000901ca93f6$1af14da0$50d3e8e0$@net> References: <000001ca93d4$54979310$fdc6b930$@net> <4B4D23FA.1020403@piven.org> <000901ca93f6$1af14da0$50d3e8e0$@net> Message-ID: <4B4DD8FD.2080903@gmail.com> On 01/12/10 21:14, Rob Feldman wrote: > Hi Don, > > Yeah, the behavior you describe is what I expected but not what I'm getting. > All domain UID/Password pairs authenticate fine when connected, none do when > disconnected. The login credentials are not being cached, but I can't figure > out why. I checked the XP group policy and the default setting to keep the > last 10 logins is intact. > > My setup is the same as yours, XP clients of domain with a Samba PDC. I > maintain another similar system at work which works fine. > > I really appreciate the effort -- any other ideas? > > Thanks, > Rob > > -----Original Message----- > From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] > On Behalf Of samba at piven.org > Sent: Tuesday, January 12, 2010 8:38 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Can only log on to domain, not local machine > > Rob Feldman wrote: > >> Used Administrator login on XP client to grant domain users rights to log >> > on > >> to client machine (such as when offline). All attempts to log on to local >> machine fail authentication (error "System could not log you on. Check >> > user > >> name and domain..."). Everything else works fine, including logon to >> > domain > >> and synchronization of offline folders. Frustrating having all data >> available offline but inaccessible because I can't log in! >> >> Don't know what I'm doing wrong, seems like my setup is wrong preventing >> > XP > >> from getting password info properly for later use away from domain. Sorry >> > if > >> this is a dopey question, but I've pored over all howtos& other resources >> and am still stumped. Plenty of help available for fixing XP clients not >> logging into smb domain, but none I can find if XP can't log into itself. >> >> > Have you tried just logging in with the domain login and password? > > XP Pro caches login credentials, so the next time a user logs in, the > cached credentials can be used if for some reason the machine can't > contact a domain controller. For example, I have an XP Pro machine on > my desk, joined to a domain managed by a Samba server. I pulled the > network cable out of that machine, then logged into it using my plain > old unprivileged domain logon. Works fine, except that I can't get to > my home directory out on the Samba server :-) > > Microsoft already did the grunt work to let your users logon to an > off-network machine. > > Don > Can you clarify- when you logon disconnected are you setting the "logon to" parameter to the DomainName or the LocalPCName. It should be the DomainName. By default, Domain Users should be a member of local users, and should already be able to logon offline (assuming they have logged in on line at least once.) If you login on online as the network admin, are you able to create local users or do other "administrative" stuff? I ran into one issue with group mapping where the local PC was not recognizing my all my groups. So even though I was a Domain Administrator, the XP machine didn't realize I was a member of Domain Admins and thus I didn't get the privledges of the local Administrators groups. And on the same lines, domain users did properly get the privileges assigned to the local users group. From gaiseric.vandal at gmail.com Wed Jan 13 08:36:00 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Wed, 13 Jan 2010 10:36:00 -0500 Subject: [Samba] concurrent ms access usage does not work with 3.4.3 In-Reply-To: References: Message-ID: <4B4DE860.10605@gmail.com> On 01/12/10 10:33, Andreas Moroder wrote: > Since we upgraded samba to 3.4.3 ( from 3.0.26a ) on our fileserver > only one user at a time can use a ms access ( .mdb ) program we wrote. > The second user that tries to start this application gets a message > that the mdb is lockeb by another user. The strange thing is that I as > administrator can connect as second uset to the mdb without problems. > > Is this a known probleme and is there a solution ? > > Thanks > Andreas > It sounds like the users no longer have the appropriate permissions to create/modify the appropriate temporary files. My guess is that when you upgraded to 3.4.3 you enabled more fine-grained ACL support. What OS and file system? Do you have ACL support? I can't speak for MS Access, but I did find that MS Word, Excel, PowerPoint and will often explicitly modify file permissions in a way that could result in the user loosing access. This was on solaris, when we changed migrated from UFS to ZFS file system. For example, if a file was set to be 660 in unix, the "user and group can read and write but everyone else is not allowed" in unix would be treated as "everyone is denied even the user and group" in Windows. If you check the permissions under windows you would see that a deny entry was overriding the allow entries. From rob.shinn at gmail.com Mon Jan 11 07:32:32 2010 From: rob.shinn at gmail.com (Rob Shinn) Date: Mon, 11 Jan 2010 09:32:32 -0500 Subject: [Samba] samba+ldap two domains db sync? In-Reply-To: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> References: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> Message-ID: <4B4B3680.1020905@gmail.com> Alberto Moreno wrote: > Is possible to sync both ldap servers every time I change something > in ldap? or a better way to do it?Alberto Moreno wrote: You could probably do this with OpenLDAP's syncrepl replication facility. You may also wish to consider combining everything into one LDAP database, containing two different Samba domains, with a common OU for user accounts. You could keep the LDAP servers as they are, just set up one as a secondary LDAP server using syncrepl. That would have the advantage of centralizing everything and ease user administration, since users created in one domain would automatically be included in both. Without knowing the specifics, however, it's hard to say to which way would be best. From psycodue at tiscali.it Mon Jan 11 09:58:57 2010 From: psycodue at tiscali.it (psycodue at tiscali.it) Date: Mon, 11 Jan 2010 17:58:57 +0100 (CET) Subject: [Samba] Help with domain sid change in Samba 3.0.22 Message-ID: <32975757.88951263229137919.JavaMail.defaultUser@defaultHost> I'm using Samba and LikewiseOpen 5.3 on my Ubuntu Server 6.06 LTS to join a Windows 2008 Active Directory Domain. In the LikewiseOpen guide for integration with samba they say to set the Domain SID with the net setdomainsid command but I suppose that the net command bundled in the version 3.0.22 of samba does not have this feature. How can I change the Domain SID? Is there a way to do this also manually? Where the Domain SID is stored in samba? Any suggestion would be appreciated! Thanks. PS: I can't change the samba version of the server. Rubriche e Agende 2010. Tutte con la copertina personalizzabile con le tue foto. http://photo.tiscali.it From heals1ic at hotmail.com Tue Jan 12 20:38:46 2010 From: heals1ic at hotmail.com (heals1ic) Date: Tue, 12 Jan 2010 19:38:46 -0800 (PST) Subject: [Samba] Samba PDC workgroup = domain.com support Message-ID: <27139137.post@talk.nabble.com> I have recently upgraded my Vista machine attached to samba domain to Win7 but in the process lost my trust relationship. Subsequently did some research and found that I needed a newer version of samba and some reg hack to have win7 join domain. Upgraded to samba-3.4.2 from 3.2 and resolved all dependencies as well as applying win7 reg changes. My previous domain name was in the form DOMAIN.COM but now when I attempt join to domain windows will only recognise the domain DOMAIN not DOMAIN.COM Has the support for workgroup = DOMAIN.COM rather than workgroup = DOMAIN in smb.conf become deprecated? -- View this message in context: http://old.nabble.com/Samba-PDC-workgroup-%3D-domain.com-support-tp27139137p27139137.html Sent from the Samba - General mailing list archive at Nabble.com. From larry at sinu.com Wed Jan 13 08:51:37 2010 From: larry at sinu.com (Larry Velez) Date: Wed, 13 Jan 2010 07:51:37 -0800 Subject: [Samba] samba+ldap two domains db sync? In-Reply-To: <4B4B3680.1020905@gmail.com> References: <3ffefd921001110042q71441f6ar9f929d12f8e83879@mail.gmail.com> <4B4B3680.1020905@gmail.com> Message-ID: <39C9503BFE232845950C6B3BE7804B2F28BD9F54A0@EXVMBX017-12.exch017.msoutlookonline.net> Rob, I am curious if you think an extension of this idea might work to centrally control and manage many domains? Mothership LDAP [Hosted Highly Redundant setup] - Domain 1 (SyncRepl only portion of LDAP) - Domain 2 (SyncRepl only portion of LDAP) ... - Domain 26 (SyncRepl only portion of LDAP) Ideally each local subnet might also be VPNed up to the mothership so that local machines could still authenticate (slowly) if the local PDC were unavailable. Long term each domain would be Samba4 based and fully AD ready. Would love to discuss this idea with someone familiar with multi-domain setups like this. thanks, Larry -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rob Shinn Sent: Monday, January 11, 2010 9:33 AM To: Alberto Moreno Cc: samba at lists.samba.org Subject: Re: [Samba] samba+ldap two domains db sync? Alberto Moreno wrote: > Is possible to sync both ldap servers every time I change something > in ldap? or a better way to do it?Alberto Moreno wrote: You could probably do this with OpenLDAP's syncrepl replication facility. You may also wish to consider combining everything into one LDAP database, containing two different Samba domains, with a common OU for user accounts. You could keep the LDAP servers as they are, just set up one as a secondary LDAP server using syncrepl. That would have the advantage of centralizing everything and ease user administration, since users created in one domain would automatically be included in both. Without knowing the specifics, however, it's hard to say to which way would be best. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From garydale at rogers.com Wed Jan 13 09:33:14 2010 From: garydale at rogers.com (Gary Dale) Date: Wed, 13 Jan 2010 11:33:14 -0500 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001130623g6b0edc7bycb69521d8ce6d324@mail.gmail.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> <4B4CBA1B.9010705@rogers.com> <4cba5adc1001121111y3842860fvf7541961823670b9@mail.gmail.com> <4B4CDF67.4060303@rogers.com> <4cba5adc1001122304o419615a1y14348da80799957c@mail.gmail.com> <4cba5adc1001122311ieef9e8era98dc542f34ad364@mail.gmail.com> <4cba5adc1001130058l7c72f38aqce764c669b07b6c6@mail.gmail.com> <4cba5adc1001130623g6b0edc7bycb69521d8ce6d324@mail.gmail.com> Message-ID: <4B4DF5CA.6060600@rogers.com> Dave Coventry wrote: > Sorry: the user told me she was in, but she is using someone else's > password. (her supervisor's) > > It's no longer that she can't write to her home directory: she can't > log in at all now. > > tail /var/log/samba/log.reception > [2010/01/13 16:07:33, 0] auth/pampass.c:smb_pam_accountcheck(791) > smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting > User patience! > [2010/01/13 16:07:50, 0] auth/pampass.c:smb_pam_account(583) > smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account > Management for User: patience > [2010/01/13 16:07:50, 0] auth/pampass.c:smb_pam_accountcheck(791) > smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting > User patience! > [2010/01/13 16:08:32, 0] auth/pampass.c:smb_pam_account(583) > smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account > Management for User: patience > [2010/01/13 16:08:32, 0] auth/pampass.c:smb_pam_accountcheck(791) > smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting > User patience! > > I have tried to reset her password using 'smbpasswd -a patience' to > reset the password, but it doesn't work; she cannot access the server. > Based on your earlier comment about capitalized names, I suggest you remove the account and rebuild it. It's possible that you've got it messed up beyond easy repair. From dgcoventry at gmail.com Wed Jan 13 10:09:49 2010 From: dgcoventry at gmail.com (Dave Coventry) Date: Wed, 13 Jan 2010 19:09:49 +0200 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4B4DF5CA.6060600@rogers.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> <4B4CBA1B.9010705@rogers.com> <4cba5adc1001121111y3842860fvf7541961823670b9@mail.gmail.com> <4B4CDF67.4060303@rogers.com> <4cba5adc1001122304o419615a1y14348da80799957c@mail.gmail.com> <4cba5adc1001122311ieef9e8era98dc542f34ad364@mail.gmail.com> <4cba5adc1001130058l7c72f38aqce764c669b07b6c6@mail.gmail.com> <4cba5adc1001130623g6b0edc7bycb69521d8ce6d324@mail.gmail.com> <4B4DF5CA.6060600@rogers.com> Message-ID: <4cba5adc1001130909s1a96ace7gceee7761d1afbf6d@mail.gmail.com> Hi Gary. 2010/1/13 Gary Dale : > Based on your earlier comment about capitalized names, I suggest you remove > the account and rebuild it. It's possible that you've got it messed up > beyond easy repair. Every chance of that. OK, so it's obviously not a common problem with a set of easy steps to remedy. (The lack of google hits suggests it's not). ~ Dave From fabio at bonilha.eti.br Wed Jan 13 06:05:53 2010 From: fabio at bonilha.eti.br (Fabio Bonilha) Date: Wed, 13 Jan 2010 11:05:53 -0200 Subject: [Samba] Full_Audit preventing file writing Message-ID: When VFS full_audit is activated the server doesn't allow users to write changes in any file. The log vfs:10 shows: Jan 12 22:22:00 loginserver smbd_audit: aaaa.bbbb|192.168.23.10|get_real_filename|fail (Operation not supported)|/Novo Documento de Texto.txt->(null) Jan 12 22:22:00 loginserver smbd_audit: aaaa.bbbb|192.168.23.10|fchmod_acl|fail (No data available)|Novo Documento de Texto.txt|100764 From Volker.Lendecke at SerNet.DE Wed Jan 13 10:41:51 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Wed, 13 Jan 2010 18:41:51 +0100 Subject: [Samba] Full_Audit preventing file writing In-Reply-To: References: Message-ID: On Wed, Jan 13, 2010 at 11:05:53AM -0200, Fabio Bonilha wrote: > When VFS full_audit is activated the server doesn't allow users to write > changes in any file. > > The log vfs:10 shows: > > Jan 12 22:22:00 loginserver smbd_audit: > aaaa.bbbb|192.168.23.10|get_real_filename|fail (Operation not > supported)|/Novo > Documento de Texto.txt->(null) > Jan 12 22:22:00 loginserver smbd_audit: > aaaa.bbbb|192.168.23.10|fchmod_acl|fail > (No data available)|Novo Documento de Texto.txt|100764 There have been several reports about this now, but although I've tried I have not been able to reproduce this so far. Can you please send me (if necessary in private mail) your smb.conf and a full debug level 10 log of smbd? Thanks, Volker From fabio at bonilha.eti.br Wed Jan 13 11:27:27 2010 From: fabio at bonilha.eti.br (Fabio Bonilha) Date: Wed, 13 Jan 2010 16:27:27 -0200 Subject: [Samba] Full_Audit preventing file writing In-Reply-To: References: Message-ID: The smb.conf is the following: [global] workgroup = XXXX netbios name = PDC-XXXX server string = CentOS smb ports = 139 security = user encrypt passwords = yes guest account = nobody log file = /var/log/samba/%m.log max log size = 500 os level = 100 local master = yes domain master = yes preferred master = yes domain logons = yes admin users = administrador root logon script = logon.bat logon path = \\%L\profiles\%U wins support = yes dns proxy = no ldap ssl = off ldap passwd sync = yes ldap delete dn = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=user,dc=company,dc=com,dc=br ldap suffix = dc=company,dc=com,dc=br ldap user suffix = ou=People ldap group suffix = ou=Group ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1 idmap uid = 10000-15000 idmap gid = 10000-15000 template shell = /bin/false winbind use default domain = no passwd program=/usr/bin/passwd %u passwd chat = *New*password* %n *Retype*new*password* %n ;#*passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/smbldap-useradd -w %u #ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" dos charset = UTF-8 unix charset = UTF-8 enable privileges = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 log level = 0 vfs:10 ###### Audit (If the comments are removed from the following lines the problem happens, even if the only first one) #vfs objects = full_audit #full_audit:prefix = %u|%I|%S #full_audit:success = open, write, unlink, rename, mkdir, rmdir, chmod,chown #full_audit:failure = none #full_audit:facility = LOCAL6 #full_audit:priority = NOTICE ######## END AUDITORIA [homes] comment = Home browseable = no writable = yes create mask = 0700 directory mask = 0700 force user = %U [netlogon] path = /home/sys/netlogon write list = user1, user2 [profiles] path = /home/sys/profiles browseable = no writeable = yes create mode = 0600 directory mode = 0700 nt acl support = yes profile acls = yes read only = no [raiz] path = / browseable = no writeable = yes force user = %U valid users = user1,user2 [printers] comment = Impressoras path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [comum] writeable = yes valid users = +"Domain Users" path = /home/comum write list = +"Domain Users" force group = "Domain Users" read only = no browseable = yes create mode = 0775 directory mode = 0775 [Atendimento] writeable = yes valid users = +Atendimento path = /home/dados/arquivos/atendimento write list = +Atendimento force group = Atendimento read only = no browseable = yes create mode = 0775 directory mode = 0775 [Juridico] valid users = +Juridico writeable = yes write list = +Juridico path = /home/dados/arquivos/juridico force group = Juridico read only = no browseable = yes create mode = 0775 directory mode = 0775 [Telemark] valid users = +Telemarketing writeable = yes write list = +Telemarketing path = /home/dados/arquivos/telemarketing force group = Telemarketing read only = no browseable = yes create mode = 0775 directory mode = 0775 [Administ] valid users = +Administrativo writeable = yes write list = +Administrativo path = /home/dados/arquivos/administrativo force group = Administrativo read only = no browseable = yes create mode = 0775 directory mode = 0775 [Finance] valid users = +Financeiro writeable = yes write list = +Financeiro path = /home/dados/arquivos/financeiro force group = Financeiro read only = no browseable = yes create mode = 0775 directory mode = 0775 [Fin_read] valid users = +Fin-Leitura writeable = no path = /home/dados/arquivos/financeiro force group = Financeiro read only = yes browseable = yes [Info] valid users = +Informatica writeable = yes write list = +Informatica path = /home/dados/arquivos/informatica force group = Informatica read only = no browseable = yes create mode = 0775 directory mode = 0775 [Planeja] valid users = +Planejamento writeable = yes write list = +Planejamento path = /home/dados/arquivos/planejamento force group = Planejamento read only = no browseable = yes create mode = 0775 directory mode = 0775 [Dados] browseable = yes writeable = yes write list = @"Domain Users" path = /home/dados force group = "Domain Users" valid users = @"Domain Users" create mode = 0775 directory mode = 0775 ----------------------------------------- The level 10 debug is more like a monster, maybe it's easier if you tell what I should look for. Regards. Volker Lendecke escreveu: > On Wed, Jan 13, 2010 at 11:05:53AM -0200, Fabio Bonilha wrote: >> When VFS full_audit is activated the server doesn't allow users to write >> changes in any file. >> >> The log vfs:10 shows: >> >> Jan 12 22:22:00 loginserver smbd_audit: >> aaaa.bbbb|192.168.23.10|get_real_filename|fail (Operation not >> supported)|/Novo >> Documento de Texto.txt->(null) >> Jan 12 22:22:00 loginserver smbd_audit: >> aaaa.bbbb|192.168.23.10|fchmod_acl|fail >> (No data available)|Novo Documento de Texto.txt|100764 > > There have been several reports about this now, but although > I've tried I have not been able to reproduce this so far. > Can you please send me (if necessary in private mail) your > smb.conf and a full debug level 10 log of smbd? > > Thanks, > > Volker From vagabond_king at yahoo.com Wed Jan 13 12:08:57 2010 From: vagabond_king at yahoo.com (Matthew J. Salerno) Date: Wed, 13 Jan 2010 11:08:57 -0800 (PST) Subject: [Samba] AD DNS scavenging and winbind: Message-ID: <723127.17265.qm@web34503.mail.mud.yahoo.com> Red Hat Enterprise Linux Server release 5.4 (Tikanga) Samba 3.0.33-3.15.el5_4.1 I have run into an issue where the DNS records added by a net ads join seem to be being scavenged. From what I understand, Windows servers/workstations check in (update their host record) on the AD DNS server on a regular basis. So the question is, how can I have samba/winbind do the same? I could just setup a cron job that executes: net ads dns register -P But that's kind of ugly. I know I can't be the first person to see this behavior. Is there a more elegant solution? Thanks From drankinatty at suddenlinkmail.com Wed Jan 13 12:27:35 2010 From: drankinatty at suddenlinkmail.com (David C. Rankin) Date: Wed, 13 Jan 2010 13:27:35 -0600 Subject: [Samba] matchname messages filling logs - howto stop? In-Reply-To: References: <4B4B862C.2080602@suddenlinkmail.com> Message-ID: <4B4E1EA7.3010802@suddenlinkmail.com> On 01/11/2010 03:34 PM, ?????? wrote: > Hello, David > >> Jan 11 13:43:45 nemesis smbd[2247]: matchname: host name/address mismatch: >> ::ffff:192.168.7.127 != Adrienne-PC.rbpllc.com > Here is reason by plain English. > Which IP-adress have Adrienne-PC.rbpllc.com? > > Bye. Serg > ?????? Thank you for the response. I know there is an IP mismatch. That, I get. What I need your help on is how I tell samba to forget about the old IP address of 192.168.7.127 and learn the correct address for Adrienne-PC? Where is this cached and how do I get rid of it? Samba isn't seeing something correctly. For example, here is the same problem with a machine named reception (in the reception area): Jan 13 12:43:19 nemesis smbd[7449]: Matchname failed on RECEPTION.rbpllc.com ::ffff:192.168.7.150 Jan 13 12:50:46 nemesis smbd[7474]: [2010/01/13 12:50:46, 0] lib/util_sock.c:1564(matchname) Jan 13 12:50:46 nemesis smbd[7474]: matchname: host name/address mismatch: ::ffff:192.168.7.150 != RECEPTION.rbpllc.com Jan 13 12:50:46 nemesis smbd[7474]: [2010/01/13 12:50:46, 0] lib/util_sock.c:1685(get_peer_name) Jan 13 12:50:46 nemesis smbd[7474]: Matchname failed on RECEPTION.rbpllc.com ::ffff:192.168.7.150 Samba is saying there is a mismatch between reception and the IP of 192.168.7.150 -- but that is WRONG! 13:19 nemesis:~> ping reception PING reception.rbpllc.com (192.168.7.150) 56(84) bytes of data. 64 bytes from RECEPTION.rbpllc.com (192.168.7.150): icmp_seq=1 ttl=128 time=3.16 ms 64 bytes from RECEPTION.rbpllc.com (192.168.7.150): icmp_seq=2 ttl=128 time=0.311 ms 64 bytes from RECEPTION.rbpllc.com (192.168.7.150): icmp_seq=3 ttl=128 time=0.309 ms ^C --- reception.rbpllc.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.309/1.262/3.166/1.346 ms Here is the dns entry: [13:23 nemesis:/home/david] # sdns $ORIGIN . $TTL 172800 ; 2 days rbpllc.com IN SOA bonza.rbpllc.com. root.bonza.rbpllc.com. ( 2009122700 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS bonza.rbpllc.com. NS nemesis.rbpllc.com. MX 0 bonza.rbpllc.com. $ORIGIN rbpllc.com. rankin-p35a A 192.168.7.101 $TTL 14400 ; 4 hours RECEPTION A 192.168.7.150 TXT "31070f4d9f3c8435ddf3a0641b740d7fdd" and the reverse: [13:23 nemesis:/home/david] # cat /var/lib/named/dyn/192.168.7.zone $ORIGIN . $TTL 172800 ; 2 days 7.168.192.in-addr.arpa IN SOA bonza.rbpllc.com. root.bonza.rbpllc.com. ( 2009122700 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS bonza.rbpllc.com. NS nemesis.rbpllc.com. $ORIGIN 7.168.192.in-addr.arpa. 101 PTR rankin-p35a.rbpllc.com. $TTL 14400 ; 4 hours 150 PTR RECEPTION.rbpllc.com. So why is there a mismatch error filling my logs? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com From r.martel at csuohio.edu Wed Jan 13 14:03:56 2010 From: r.martel at csuohio.edu (Robert M. Martel - CSU) Date: Wed, 13 Jan 2010 16:03:56 -0500 Subject: [Samba] Winbind problem on Solaris 9 - samba 3.4.4 Message-ID: <4B4E353C.8000606@csuohio.edu> Greetings Samba 3.4.4 built on Solaris 9 with gcc version 3.4.6 This is an Active Directory member server which was working with Samba 3.2.15 installed. I was able to build 3.4.4 without errors as well as access shares as an active directory user from a client PC without any issues so far. When I try to su to an active directory user in a terminal session I get the following error: ld.so.1: su: fatal: relocation error: file /usr/lib/security/pam_winbind.so.1: symbol libintl_bindtextdomain: referenced symbol not found I have SMClintl from SunFreeware installed to support some other packages, there also exists a libintl.so.1 in /usr/lib which is much smaller than the one in /usr/local/lib. I tried changing crle to put /usr/local/lib before /usr/lib but it did not make a difference. Any suggestions on how to resolve this issue? Thanks! Bob -- *********************************************************************** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 r.martel at csuohio.edu -Jeff Lynne *********************************************************************** From marcin.giedz at arise.pl Wed Jan 13 14:21:52 2010 From: marcin.giedz at arise.pl (Marcin Giedz) Date: Wed, 13 Jan 2010 22:21:52 +0100 Subject: [Samba] Upgrading from samba-3.0.34 to 3.4.4 - result: domain controller unavailable Message-ID: <4B4E3970.3030304@arise.pl> Hi. Today I upgraded samba from 3.0.34 to 3.4.4 without changing anything in smb.conf but with changing local and domain sid: old samba 1) net getdomainsid and getlocalsid new samba 2) net setdomainsid and setlocalsid to ones (both the same) from 1) after restarting samba I can't log into domain: XP says : domain controller unavailable ... I tried to rejoin domain - and I can ;) however again login fails with such message. Switching back to 3.0.34 results in proper log in What can be wrong? Have I forgotten abut something? Thanks, Marcin From rob at steinmetznet.com Wed Jan 13 14:39:17 2010 From: rob at steinmetznet.com (Robert Steinmetz) Date: Wed, 13 Jan 2010 16:39:17 -0500 Subject: [Samba] User and GRoup mapping Message-ID: <4B4E3D85.3050701@steinmetznet.com> I have two servers running Samba, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10 and running smbd, nmbd and winbindd using the tdb back end. I am having a problem understanding ID mapping. The mapping is not the same on both machines. On the Domain Controller > root at thelma:/etc/init.d# wbinfo -i 'ATLANTA\rob' > rob:*:1000:2003:Robert Steinmetz,,,:/home/ATLANTA/rob:/bin/false > root at thelma:/etc/init.d# wbinfo -i 'ATLANTA\trish' > trish:*:1033:2003::/home/ATLANTA/trish:/bin/false On the Member Server > root at louise:/etc/samba# wbinfo -i 'ATLANTA\rob' > ATLANTA\rob:*:10020:10001:Robert Steinmetz,,,:/home/ATLANTA/rob:/bin/bash > root at louise:/etc/samba# wbinfo -i 'ATLANTA\trish' > ATLANTA\trish:*:10037:10001::/home/ATLANTA/trish:/bin/bash Note the different UID and GID -- Robert Steinmetz, AIA Principal Steinmetz & Associates From gaiseric.vandal at gmail.com Wed Jan 13 15:14:10 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Wed, 13 Jan 2010 17:14:10 -0500 Subject: [Samba] User and GRoup mapping In-Reply-To: <4B4E3D85.3050701@steinmetznet.com> References: <4B4E3D85.3050701@steinmetznet.com> Message-ID: <4B4E45B2.9010109@gmail.com> On the PDC, both the unix and samba account info is on that machine. The samba user info includes which is the local unix user. On the member server, the samba account info is pulled from the PDC. Which means that even both unix machines have identical unix accounts (e.g. the same /etc/passwd and /etc/group file, or use NIS, NIS+ or LDAP) winbind ignores this. Your member machine probably has an idmap range - so that samba can assign unix uid and gid's for the "foreign" samba accounts. (Even though you would think this isn't necessary.) I found this wasn't so much a problem if most of the permission management was handle on the unix level- but the moment you started setting perms in windows the "rob 1000" and "rob 10020" became a problem. This bugged me for years. My first work around was to use LDAP for the IDMAP backend and then manually edit the uid and gid fields in the idmap entries to match the unix ones. In the end, I changed everything to an ldap backend and changed the member server to a BDC. On 01/13/10 16:39, Robert Steinmetz wrote: > I have two servers running Samba, one as a Domain Controller one as a > Member Server. Both are running Ubuntu 8.10 and running smbd, nmbd and > winbindd using the tdb back end. > > I am having a problem understanding ID mapping. The mapping is not the > same on both machines. > > On the Domain Controller > >> root at thelma:/etc/init.d# wbinfo -i 'ATLANTA\rob' >> rob:*:1000:2003:Robert Steinmetz,,,:/home/ATLANTA/rob:/bin/false >> root at thelma:/etc/init.d# wbinfo -i 'ATLANTA\trish' >> trish:*:1033:2003::/home/ATLANTA/trish:/bin/false > On the Member Server >> root at louise:/etc/samba# wbinfo -i 'ATLANTA\rob' >> ATLANTA\rob:*:10020:10001:Robert >> Steinmetz,,,:/home/ATLANTA/rob:/bin/bash > >> root at louise:/etc/samba# wbinfo -i 'ATLANTA\trish' >> ATLANTA\trish:*:10037:10001::/home/ATLANTA/trish:/bin/bash > Note the different UID and GID > From samba at tlinx.org Wed Jan 13 18:33:23 2010 From: samba at tlinx.org (Linda Walsh) Date: Wed, 13 Jan 2010 17:33:23 -0800 Subject: [Samba] 0 length domain name & SCHANNEL can't be used to fetch trust account password? Message-ID: <4B4E7463.4070104@tlinx.org> I have a few errors I'm trying to chase down in an effort to get a Win7 client in my domain. WinXP works -- tested unjoining and rejoining today, and it can still join. I have the registry adds for DNSNameResolutionRequired=0 under LanmanServer&Client/Params (put it in both places in attempt to get things working), as well as a DomainCompatibilityMode=1 I've tried moving to winbind for some flexibility, and it led me down an interesting path with some log messages on startup: initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2010/01/13 15:46:06, 2] winbindd/winbindd_util.c:235(add_trusted_domain) Added domain BUILTIN S-1-5-32 [2010/01/13 15:46:06, 2] winbindd/winbindd_util.c:235(add_trusted_domain) Added domain BLISS S-1-5-21-33333-77777-33333 [2010/01/13 15:46:08, 0] libsmb/namequery.c:75(saf_store) saf_store: refusing to store 0 length domain or servername! [2010/01/13 15:46:08, 1] rpc_client/cli_pipe.c:948(cli_pipe_validate_current_pd u) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR receiv ed from host ISHTAR! Anyone seen an error about 0 length names before? The OP_RNG error led me to try some ops with net rpc on ishtar. I tried a "net rpc samdump" and got: get_schannel_session_key: could not fetch trust account password for domain 'BLISS' cli_rpc_pipe_open_schannel: failed to get schannel session key from server 127.0.0.1 for domain BLISS. Could not initialise schannel netlogon pipe. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO ---- I presume this isn't just a 'noise level' problem? How can I re-initialize the schannel session key for Bliss? I even tried changing the trustpassword to see if that would reset the the schannel key. It failed due to an inability to get the schannel session key. Also, maybe it's unimportant, but with winbind running, I tried to fetch the DC name for my domain with "wbinfo --getdcname 'Bliss'", but it returned "Could not get dc name for Bliss". Should this work with samba 3.4.3 ? The Windows client goes from getting 'Domain name can't be found" to "Access Denied" depending on combinations of the Sign/Seal level of security and NTLM/LM/NTLMv2 params (trying various combinations. Note: I've tried the identical settings of the XP client without success). Anyone solved these problems or seen them before? Thanks, Linda From mlueck at lueckdatasystems.com Wed Jan 13 20:28:53 2010 From: mlueck at lueckdatasystems.com (Michael Lueck) Date: Wed, 13 Jan 2010 22:28:53 -0500 Subject: [Samba] Syntax to mount.cifs the $Home share? In-Reply-To: References: Message-ID: Michael Lueck wrote: > The man page for mount.cifs does not appear to indicate the correct > syntax to use in order to mound the $Home share to a directory on the > local Linux workstation. > > I would like to mount it to somewhere besides /home/userid, so perhaps > following the standards I set, /mnt/servername/userid > > Suggestions appreciated. Thanks! Solved this question myself. Answer is, the share name is the same as the UID in question. No trailing $ on the UID eihter. So for an ID of FOO, simply mount.cifs to //server/foo and that works as desired. Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ From feldmrob at attglobal.net Wed Jan 13 21:46:47 2010 From: feldmrob at attglobal.net (Rob Feldman) Date: Wed, 13 Jan 2010 23:46:47 -0500 Subject: [Samba] Can only log on to domain, not local machine In-Reply-To: <4B4DD8FD.2080903@gmail.com> References: <000001ca93d4$54979310$fdc6b930$@net> <4B4D23FA.1020403@piven.org> <000901ca93f6$1af14da0$50d3e8e0$@net> <4B4DD8FD.2080903@gmail.com> Message-ID: <000001ca94d4$980bd3d0$c8237b70$@net> Don, thanks for hanging in there with me on this. When offline, domain users cannot log on using either "logon to" option, DomainName ("domain not available") or PCName ("check your user id & password"). I can log on as domain administrator and add/delete local users, but these users can't log on. I can also log on as local Administrator at all times. Is it significant that the only username in the local users group is "Administrator?" -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Gaiseric Vandal Sent: Wednesday, January 13, 2010 9:30 AM To: samba at lists.samba.org Subject: Re: [Samba] Can only log on to domain, not local machine On 01/12/10 21:14, Rob Feldman wrote: > Hi Don, > > Yeah, the behavior you describe is what I expected but not what I'm getting. > All domain UID/Password pairs authenticate fine when connected, none do when > disconnected. The login credentials are not being cached, but I can't figure > out why. I checked the XP group policy and the default setting to keep the > last 10 logins is intact. > > My setup is the same as yours, XP clients of domain with a Samba PDC. I > maintain another similar system at work which works fine. > > I really appreciate the effort -- any other ideas? > > Thanks, > Rob > > -----Original Message----- > From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] > On Behalf Of samba at piven.org > Sent: Tuesday, January 12, 2010 8:38 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Can only log on to domain, not local machine > > Rob Feldman wrote: > >> Used Administrator login on XP client to grant domain users rights to log >> > on > >> to client machine (such as when offline). All attempts to log on to local >> machine fail authentication (error "System could not log you on. Check >> > user > >> name and domain..."). Everything else works fine, including logon to >> > domain > >> and synchronization of offline folders. Frustrating having all data >> available offline but inaccessible because I can't log in! >> >> Don't know what I'm doing wrong, seems like my setup is wrong preventing >> > XP > >> from getting password info properly for later use away from domain. Sorry >> > if > >> this is a dopey question, but I've pored over all howtos& other resources >> and am still stumped. Plenty of help available for fixing XP clients not >> logging into smb domain, but none I can find if XP can't log into itself. >> >> > Have you tried just logging in with the domain login and password? > > XP Pro caches login credentials, so the next time a user logs in, the > cached credentials can be used if for some reason the machine can't > contact a domain controller. For example, I have an XP Pro machine on > my desk, joined to a domain managed by a Samba server. I pulled the > network cable out of that machine, then logged into it using my plain > old unprivileged domain logon. Works fine, except that I can't get to > my home directory out on the Samba server :-) > > Microsoft already did the grunt work to let your users logon to an > off-network machine. > > Don > Can you clarify- when you logon disconnected are you setting the "logon to" parameter to the DomainName or the LocalPCName. It should be the DomainName. By default, Domain Users should be a member of local users, and should already be able to logon offline (assuming they have logged in on line at least once.) If you login on online as the network admin, are you able to create local users or do other "administrative" stuff? I ran into one issue with group mapping where the local PC was not recognizing my all my groups. So even though I was a Domain Administrator, the XP machine didn't realize I was a member of Domain Admins and thus I didn't get the privledges of the local Administrators groups. And on the same lines, domain users did properly get the privileges assigned to the local users group. From Volker.Lendecke at SerNet.DE Thu Jan 14 00:01:09 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Thu, 14 Jan 2010 08:01:09 +0100 Subject: [Samba] Full_Audit preventing file writing In-Reply-To: References: Message-ID: On Wed, Jan 13, 2010 at 04:27:27PM -0200, Fabio Bonilha wrote: > The level 10 debug is more like a monster, maybe it's easier if you tell > what I should look for. It should shrink a lot with bzip2 -9. Feel free to send it in private mail. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From albrecht.dress at lios-tech.com Thu Jan 14 00:28:24 2010 From: albrecht.dress at lios-tech.com (Albrecht =?utf-8?q?Dre=C3=9F?=) Date: Thu, 14 Jan 2010 08:28:24 +0100 Subject: [Samba] Strange OpenLDAP errors w/ samba 3.4.3 Message-ID: <201001140828.24820.albrecht.dress@lios-tech.com> Hi all, after an upgrade of my Ubuntu 8.04 64-bit box to a self-compiled samba 3.4.3 (Lenny backport dpkg), I see strange error messages in my OpenLDAP log: slapd[3388]: do_search: invalid dn (sambaDomainName=,sambaDomainName=,cn=<...>,dc=<...>,dc=<...>) Samba seems to work, though, but this message makes me somewhat nervous. Any ideas? Thanks, Albrecht. From pascal.valois at devinci.fr Thu Jan 14 01:16:19 2010 From: pascal.valois at devinci.fr (VALOIS, Pascal) Date: Thu, 14 Jan 2010 09:16:19 +0100 Subject: [Samba] Explanation of ACL inherit in Samba 3.x Message-ID: <4B4ED2D3.50601@devinci.fr> Hi, i installed a samba server 3.0.28a, with acls support. when settings acl with setfacl, the mechanism of default acl for parent are put to new directories/files by the linux kernel. so far so good. when creating a new file directory with a windows client on the samba serveur, the new item get the default acl set. the matter is that when we try to change acl on windows, it automatically put back the acls by defaut the parent directory tells to uses for new items. so we can't remove an acl that the parent enforce. is that normal ? is there a way to set samba or windows not to do this ? can't we just rely on the posix acl to handle inheritance of the rights ? Thanks. -- Pascal Valois Service Informatique P?le Universitaire Leonard de Vinci From basch at MIT.EDU Thu Jan 14 02:27:08 2010 From: basch at MIT.EDU (Richard Basch) Date: Thu, 14 Jan 2010 04:27:08 -0500 Subject: [Samba] Help - Cannot join Windows 7 client to Samba PDC Message-ID: <1D8B2718BBE44A9B81018FB13BF37DD8@IBMRBASCH> I have been going through all the Wikis and various Google searches to try to solve my problem, all to no avail. I can mount a Samba share, but whenever I try to login using a domain account, I receive an error about "The trust relationship between this workstation and the primary domain failed." What I have done so far, all to no avail. - Upgraded from Samba 3.4.2 to Samba 3.4.4 (under OpenSUSE 11.2) - Edited the registry settings on my Windows 7 client HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 (I also tried reducing the security requirements for signing & encryption, but have read this is not required with current versions of Samba.) (And, I am running Windows 7 Professional on my client.) "testparm -v" indicates my smb.conf is valid, and I am able to mount shares, which is a positive indication the OpenLDAP integration is working. I am running OpenLDAP 2.4.15 or higher on all my LDAP servers (I think they are all 2.4.19 - 2.4.21). DNS is static, with none of the normal ADS entries. Only the DHCP server is allowed to modify DNS (and only the forward map allows updates, since DHCP updates of the reverse in-addr.arpa maps were problematic). To assist with finding the domain controller, I added the following to C:\Windows\System32\Drivers\etc\lmhosts: 192.168.15.2 tardis #PRE #DOM:N2HA (Thus my attempts to join the domain appear successful, with the documented warnings about the domain suffix. Unfortunately, appearances are deceiving when I actually try to login using a domain account.) Attached are entries from my smbd.log and C:\Windows\debug\NetSetup.log and smb.conf. Any assistance or guidance would be greatly appreciated. log.smbd ======== [2010/01/14 03:31:38, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BAST machine account BAST$ [2010/01/14 03:31:38, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BAST machine account BAST$ [2010/01/14 03:31:48, 0] lib/util_sock.c:539(read_fd_with_timeout) [2010/01/14 03:31:48, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2010/01/14 03:33:17, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BAST machine account BAST$ [2010/01/14 03:33:17, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BAST machine account BAST$ [2010/01/14 03:33:30, 0] lib/util_sock.c:539(read_fd_with_timeout) [2010/01/14 03:33:30, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2010/01/14 03:34:18, 0] lib/util_sock.c:539(read_fd_with_timeout) [2010/01/14 03:34:18, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. C:\Windows\debug\NetSetup.log ============================= 01/13/2010 23:36:18:337 NetpJoinDomain: status of connecting to dc '\\TARDIS': 0x0 01/13/2010 23:36:18:337 NetpProvisionComputerAccount: 01/13/2010 23:36:18:337 lpDomain: N2HA 01/13/2010 23:36:18:337 lpMachineName: BAST 01/13/2010 23:36:18:337 lpMachineAccountOU: (NULL) 01/13/2010 23:36:18:337 lpDcName: TARDIS 01/13/2010 23:36:18:337 lpDnsHostName: (NULL) 01/13/2010 23:36:18:337 lpMachinePassword: (null) 01/13/2010 23:36:18:337 lpAccount: N2HA\ntadmin 01/13/2010 23:36:18:337 lpPassword: (non-null) 01/13/2010 23:36:18:337 dwJoinOptions: 0x25 01/13/2010 23:36:18:337 dwOptions: 0x40000003 01/13/2010 23:36:18:352 NetpLdapBind: ldap_bind failed on TARDIS: 49: Invalid Credentials 01/13/2010 23:36:18:426 NetpGetLsaPrimaryDomain: DNS Domain policy not supported, falling back to Primary Domain 01/13/2010 23:36:18:430 NetpGetLsaPrimaryDomain: status: 0x0 01/13/2010 23:36:18:432 NetpCreateComputerObjectInDs: DC passed '\\TARDIS' doesn't have writable DS 0x101 01/13/2010 23:36:18:432 NetpProvisionComputerAccount: LDAP creation failed: 0x32 01/13/2010 23:36:18:432 NetpJoinDomainOnDs: Function exits with status of: 0x32 01/13/2010 23:36:18:434 NetpJoinDomainOnDs: status of disconnecting from '\\TARDIS': 0x0 01/13/2010 23:36:18:434 NetpDoDomainJoin: status: 0x32 01/13/2010 23:36:18:450 ----------------------------------------------------------------- 01/13/2010 23:36:18:450 NetpDoDomainJoin 01/13/2010 23:36:18:450 NetpMachineValidToJoin: 'BAST' 01/13/2010 23:36:18:450 OS Version: 6.1 01/13/2010 23:36:18:450 Build number: 7600 (7600.win7_rtm.090713-1255) 01/13/2010 23:36:18:451 SKU: Windows 7 Professional 01/13/2010 23:36:18:451 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 01/13/2010 23:36:18:452 NetpGetLsaPrimaryDomain: status: 0x0 01/13/2010 23:36:18:453 NetpMachineValidToJoin: status: 0x0 01/13/2010 23:36:18:453 NetpJoinDomain 01/13/2010 23:36:18:453 Machine: BAST 01/13/2010 23:36:18:453 Domain: N2HA 01/13/2010 23:36:18:453 MachineAccountOU: (NULL) 01/13/2010 23:36:18:453 Account: N2HA\ntadmin 01/13/2010 23:36:18:453 Options: 0x27 01/13/2010 23:36:18:453 NetpLoadParameters: loading registry parameters... 01/13/2010 23:36:18:453 NetpLoadParameters: status: DNSNameResolutionRequired set to '0' 01/13/2010 23:36:18:453 NetpLoadParameters: status: DomainCompatibilityMode set to '1' 01/13/2010 23:36:18:453 NetpLoadParameters: status: 0x0 01/13/2010 23:36:18:453 NetpValidateName: checking to see if 'N2HA' is valid as type 3 name 01/13/2010 23:36:18:554 NetpCheckDomainNameIsValid [ Exists ] for 'N2HA' returned 0x0 01/13/2010 23:36:18:554 NetpValidateName: name 'N2HA' is valid for type 3 01/13/2010 23:36:18:554 NetpDsGetDcName: trying to find DC in domain 'N2HA', flags: 0x1020 01/13/2010 23:36:18:755 NetpLoadParameters: loading registry parameters... 01/13/2010 23:36:18:755 NetpLoadParameters: status: DNSNameResolutionRequired set to '0' 01/13/2010 23:36:18:755 NetpLoadParameters: status: DomainCompatibilityMode set to '1' 01/13/2010 23:36:18:755 NetpLoadParameters: status: 0x0 01/13/2010 23:36:18:755 NetpDsGetDcName: found DC '\\TARDIS' in the specified domain 01/13/2010 23:36:18:755 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 01/13/2010 23:36:18:756 NetpJoinDomain: status of connecting to dc '\\TARDIS': 0x0 01/13/2010 23:36:18:756 NetpProvisionComputerAccount: 01/13/2010 23:36:18:756 lpDomain: N2HA 01/13/2010 23:36:18:756 lpMachineName: BAST 01/13/2010 23:36:18:756 lpMachineAccountOU: (NULL) 01/13/2010 23:36:18:756 lpDcName: TARDIS 01/13/2010 23:36:18:756 lpDnsHostName: (NULL) 01/13/2010 23:36:18:756 lpMachinePassword: (null) 01/13/2010 23:36:18:756 lpAccount: N2HA\ntadmin 01/13/2010 23:36:18:756 lpPassword: (non-null) 01/13/2010 23:36:18:756 dwJoinOptions: 0x27 01/13/2010 23:36:18:756 dwOptions: 0x40000003 01/13/2010 23:36:18:764 NetpLdapBind: ldap_bind failed on TARDIS: 49: Invalid Credentials 01/13/2010 23:36:18:773 NetpGetLsaPrimaryDomain: DNS Domain policy not supported, falling back to Primary Domain 01/13/2010 23:36:18:776 NetpGetLsaPrimaryDomain: status: 0x0 01/13/2010 23:36:18:779 NetpCreateComputerObjectInDs: DC passed '\\TARDIS' doesn't have writable DS 0x101 01/13/2010 23:36:18:779 NetpProvisionComputerAccount: LDAP creation failed: 0x32 01/13/2010 23:36:18:779 NetpProvisionComputerAccount: Retrying downlevel per options 01/13/2010 23:36:18:881 NetpManageMachineAccountWithSid: NetUserAdd on 'TARDIS' for 'BAST$' failed: 0x8b0 01/13/2010 23:36:19:287 NetpManageMachineAccountWithSid: status of attempting to set password on 'TARDIS' for 'BAST$': 0x0 01/13/2010 23:36:19:287 NetpProvisionComputerAccount: retry status of creating account: 0x0 01/13/2010 23:36:19:287 NetpEncodeProvisioningBlob: Encoding provisioning data 01/13/2010 23:36:19:287 NetpInitBlobWin7: Constructing blob... 01/13/2010 23:36:19:287 Blob version: 1 smb.conf ======== [global] workgroup = N2HA realm = INTERNAL.BRIGHT-PROSPECTS.COM security = user map to guest = Bad User usershare allow guests = Yes server string = %h (Samba %v) hosts allow = 192.168.0.0/16 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 139 ;os level = 65 local master = yes domain master = yes preferred master = yes domain logons = yes winbind use default domain = yes printing = cups printcap name = cups printcap cache time = 750 cups options = raw name resolve order = wins lmhosts bcast wins support = yes dns proxy = no ea support = yes enable asu support = yes time server = yes deadtime = 10 max log size = 4096 hide unreadable = yes hide dot files = no template shell = /bin/false veto oplock files = /*.pst/*.nsf/*.doc/*.xls/*.mdb/ client lanman auth = no client ntlmv2 auth = yes client plaintext auth = no encrypt passwords = yes lanman auth = no ntlm auth = yes null passwords = yes server signing = auto server schannel = auto passdb backend = ldapsam:ldaps://ldap.internal.bright-prospects.com/ obey pam restrictions = no ldap ssl = no ldap admin dn = "uid=ntadmin,ou=System,ou=User,dc=bright-prospects,dc=co m" ldap suffix = dc=bright-prospects,dc=com ldap machine suffix = sambaDomainName=N2HA,ou=Network ldap user suffix = ou=People,ou=User ldap group suffix = ou=Group ldap idmap suffix = ou=IdMap,ou=Network ldap passwd sync = yes ldap delete dn = no add user script = /home/admin/bin/smbldap-useradd -m %u delete user script = /home/admin/bin/smbldap-userdel %u add machine script = /home/admin/bin/smbldap-useradd -w %u add group script = /home/admin/bin/smbldap-groupadd -p %g #delete group script = /home/admin/bin/smbldap-groupdel %g add user to group script = /home/admin/bin/smbldap-groupmod -m %u %g delete user from group script = /home/admin/bin/smbldap-groupmod -x %u % g set primary group script = /home/admin/bin/smbldap-usermod -g %g %u passwd program = /home/admin/bin/smbldap-passwd %u vfs objects = extd_audit recycle recycle: directory_mode = 0770 recycle: keeptree = 1 recycle: touch = 1 recycle: minsize = 1 recycle: maxsize = 5000000 recycle: exclude = *.tmp *.temp ~$* *.obj *.~?? recycle: exclude_dir = /RealTimeBackup ;vscan-clamav: config-file = /etc/samba/vscan-clamav.conf [homes] comment = Home Directories ;valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes ; locking = no hide files = /.*/desktop.ini/thumbs.db/*.bitmap/NTUSER.*/ hide special files = yes path = /home/%S [profiles] comment = Network Profiles Service ;path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 ; hide files = /desktop.ini/thumbs.db/*.bitmap/ guest ok = yes path = /home/profiles [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 From nf-vale at critical-links.com Thu Jan 14 04:03:22 2010 From: nf-vale at critical-links.com (nf-vale) Date: Thu, 14 Jan 2010 11:03:22 +0000 Subject: [Samba] Help - Cannot join Windows 7 client to Samba PDC In-Reply-To: <1D8B2718BBE44A9B81018FB13BF37DD8@IBMRBASCH> References: <1D8B2718BBE44A9B81018FB13BF37DD8@IBMRBASCH> Message-ID: <201001141103.22734.nf-vale@critical-links.com> Make sure that this settings are as follows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] ?RequireSignOrSeal?=dword:00000001 ?RequireStrongKey?=dword:00000001 It helped solve a problem like the one you're having. On Thursday 14 January 2010 09:27:08 Richard Basch wrote: > I have been going through all the Wikis and various Google searches to try > to solve my problem, all to no avail. > > I can mount a Samba share, but whenever I try to login using a domain > account, I receive an error about "The trust relationship between this > workstation and the primary domain failed." > > What I have done so far, all to no avail. > - Upgraded from Samba 3.4.2 to Samba 3.4.4 (under OpenSUSE 11.2) > - Edited the registry settings on my Windows 7 client > HKLM\System\CCS\Services\LanmanWorkstation\Parameters > DWORD DomainCompatibilityMode = 1 > DWORD DNSNameResolutionRequired = 0 > (I also tried reducing the security requirements for signing & encryption, > but have read this is not required with current versions of Samba.) > > (And, I am running Windows 7 Professional on my client.) > > "testparm -v" indicates my smb.conf is valid, and I am able to mount > shares, which is a positive indication the OpenLDAP integration is > working. I am running OpenLDAP 2.4.15 or higher on all my LDAP servers (I > think they are all 2.4.19 - 2.4.21). > > DNS is static, with none of the normal ADS entries. Only the DHCP server > is allowed to modify DNS (and only the forward map allows updates, since > DHCP updates of the reverse in-addr.arpa maps were problematic). To > assist with finding the domain controller, I added the following to > C:\Windows\System32\Drivers\etc\lmhosts: > 192.168.15.2 tardis #PRE #DOM:N2HA > (Thus my attempts to join the domain appear successful, with the documented > warnings about the domain suffix. Unfortunately, appearances are deceiving > when I actually try to login using a domain account.) > > Attached are entries from my smbd.log and C:\Windows\debug\NetSetup.log and > smb.conf. > > Any assistance or guidance would be greatly appreciated. > > log.smbd > ======== > [2010/01/14 03:31:38, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client BAST machine account BAST$ > [2010/01/14 03:31:38, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client BAST machine account BAST$ > [2010/01/14 03:31:48, 0] lib/util_sock.c:539(read_fd_with_timeout) > [2010/01/14 03:31:48, 0] lib/util_sock.c:1491(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > peer. > [2010/01/14 03:33:17, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client BAST machine account BAST$ > [2010/01/14 03:33:17, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client BAST machine account BAST$ > [2010/01/14 03:33:30, 0] lib/util_sock.c:539(read_fd_with_timeout) > [2010/01/14 03:33:30, 0] lib/util_sock.c:1491(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > peer. > [2010/01/14 03:34:18, 0] lib/util_sock.c:539(read_fd_with_timeout) > [2010/01/14 03:34:18, 0] lib/util_sock.c:1491(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > peer. > > > C:\Windows\debug\NetSetup.log > ============================= > 01/13/2010 23:36:18:337 NetpJoinDomain: status of connecting to dc > '\\TARDIS': 0x0 > 01/13/2010 23:36:18:337 NetpProvisionComputerAccount: > 01/13/2010 23:36:18:337 lpDomain: N2HA > 01/13/2010 23:36:18:337 lpMachineName: BAST > 01/13/2010 23:36:18:337 lpMachineAccountOU: (NULL) > 01/13/2010 23:36:18:337 lpDcName: TARDIS > 01/13/2010 23:36:18:337 lpDnsHostName: (NULL) > 01/13/2010 23:36:18:337 lpMachinePassword: (null) > 01/13/2010 23:36:18:337 lpAccount: N2HA\ntadmin > 01/13/2010 23:36:18:337 lpPassword: (non-null) > 01/13/2010 23:36:18:337 dwJoinOptions: 0x25 > 01/13/2010 23:36:18:337 dwOptions: 0x40000003 > 01/13/2010 23:36:18:352 NetpLdapBind: ldap_bind failed on TARDIS: 49: > Invalid Credentials > 01/13/2010 23:36:18:426 NetpGetLsaPrimaryDomain: DNS Domain policy not > supported, falling back to Primary Domain > 01/13/2010 23:36:18:430 NetpGetLsaPrimaryDomain: status: 0x0 > 01/13/2010 23:36:18:432 NetpCreateComputerObjectInDs: DC passed '\\TARDIS' > doesn't have writable DS 0x101 > 01/13/2010 23:36:18:432 NetpProvisionComputerAccount: LDAP creation failed: > 0x32 > 01/13/2010 23:36:18:432 NetpJoinDomainOnDs: Function exits with status of: > 0x32 > 01/13/2010 23:36:18:434 NetpJoinDomainOnDs: status of disconnecting from > '\\TARDIS': 0x0 > 01/13/2010 23:36:18:434 NetpDoDomainJoin: status: 0x32 > 01/13/2010 23:36:18:450 > ----------------------------------------------------------------- > 01/13/2010 23:36:18:450 NetpDoDomainJoin > 01/13/2010 23:36:18:450 NetpMachineValidToJoin: 'BAST' > 01/13/2010 23:36:18:450 OS Version: 6.1 > 01/13/2010 23:36:18:450 Build number: 7600 > (7600.win7_rtm.090713-1255) > 01/13/2010 23:36:18:451 SKU: Windows 7 Professional > 01/13/2010 23:36:18:451 NetpDomainJoinLicensingCheck: ulLicenseValue=1, > Status: 0x0 > 01/13/2010 23:36:18:452 NetpGetLsaPrimaryDomain: status: 0x0 > 01/13/2010 23:36:18:453 NetpMachineValidToJoin: status: 0x0 > 01/13/2010 23:36:18:453 NetpJoinDomain > 01/13/2010 23:36:18:453 Machine: BAST > 01/13/2010 23:36:18:453 Domain: N2HA > 01/13/2010 23:36:18:453 MachineAccountOU: (NULL) > 01/13/2010 23:36:18:453 Account: N2HA\ntadmin > 01/13/2010 23:36:18:453 Options: 0x27 > 01/13/2010 23:36:18:453 NetpLoadParameters: loading registry parameters... > 01/13/2010 23:36:18:453 NetpLoadParameters: status: > DNSNameResolutionRequired set to '0' > 01/13/2010 23:36:18:453 NetpLoadParameters: status: DomainCompatibilityMode > set to '1' > 01/13/2010 23:36:18:453 NetpLoadParameters: status: 0x0 > 01/13/2010 23:36:18:453 NetpValidateName: checking to see if 'N2HA' is > valid as type 3 name > 01/13/2010 23:36:18:554 NetpCheckDomainNameIsValid [ Exists ] for 'N2HA' > returned 0x0 > 01/13/2010 23:36:18:554 NetpValidateName: name 'N2HA' is valid for type 3 > 01/13/2010 23:36:18:554 NetpDsGetDcName: trying to find DC in domain > 'N2HA', flags: 0x1020 > 01/13/2010 23:36:18:755 NetpLoadParameters: loading registry parameters... > 01/13/2010 23:36:18:755 NetpLoadParameters: status: > DNSNameResolutionRequired set to '0' > 01/13/2010 23:36:18:755 NetpLoadParameters: status: DomainCompatibilityMode > set to '1' > 01/13/2010 23:36:18:755 NetpLoadParameters: status: 0x0 > 01/13/2010 23:36:18:755 NetpDsGetDcName: found DC '\\TARDIS' in the > specified domain > 01/13/2010 23:36:18:755 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 > 01/13/2010 23:36:18:756 NetpJoinDomain: status of connecting to dc > '\\TARDIS': 0x0 > 01/13/2010 23:36:18:756 NetpProvisionComputerAccount: > 01/13/2010 23:36:18:756 lpDomain: N2HA > 01/13/2010 23:36:18:756 lpMachineName: BAST > 01/13/2010 23:36:18:756 lpMachineAccountOU: (NULL) > 01/13/2010 23:36:18:756 lpDcName: TARDIS > 01/13/2010 23:36:18:756 lpDnsHostName: (NULL) > 01/13/2010 23:36:18:756 lpMachinePassword: (null) > 01/13/2010 23:36:18:756 lpAccount: N2HA\ntadmin > 01/13/2010 23:36:18:756 lpPassword: (non-null) > 01/13/2010 23:36:18:756 dwJoinOptions: 0x27 > 01/13/2010 23:36:18:756 dwOptions: 0x40000003 > 01/13/2010 23:36:18:764 NetpLdapBind: ldap_bind failed on TARDIS: 49: > Invalid Credentials > 01/13/2010 23:36:18:773 NetpGetLsaPrimaryDomain: DNS Domain policy not > supported, falling back to Primary Domain > 01/13/2010 23:36:18:776 NetpGetLsaPrimaryDomain: status: 0x0 > 01/13/2010 23:36:18:779 NetpCreateComputerObjectInDs: DC passed '\\TARDIS' > doesn't have writable DS 0x101 > 01/13/2010 23:36:18:779 NetpProvisionComputerAccount: LDAP creation failed: > 0x32 > 01/13/2010 23:36:18:779 NetpProvisionComputerAccount: Retrying downlevel > per options > 01/13/2010 23:36:18:881 NetpManageMachineAccountWithSid: NetUserAdd on > 'TARDIS' for 'BAST$' failed: 0x8b0 > 01/13/2010 23:36:19:287 NetpManageMachineAccountWithSid: status of > attempting to set password on 'TARDIS' for 'BAST$': 0x0 > 01/13/2010 23:36:19:287 NetpProvisionComputerAccount: retry status of > creating account: 0x0 > 01/13/2010 23:36:19:287 NetpEncodeProvisioningBlob: Encoding provisioning > data > 01/13/2010 23:36:19:287 NetpInitBlobWin7: Constructing blob... > 01/13/2010 23:36:19:287 Blob version: 1 > > smb.conf > ======== > [global] > workgroup = N2HA > realm = INTERNAL.BRIGHT-PROSPECTS.COM > security = user > map to guest = Bad User > usershare allow guests = Yes > > server string = %h (Samba %v) > hosts allow = 192.168.0.0/16 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > smb ports = 445 139 > ;os level = 65 > local master = yes > domain master = yes > preferred master = yes > domain logons = yes > winbind use default domain = yes > > printing = cups > printcap name = cups > printcap cache time = 750 > cups options = raw > > name resolve order = wins lmhosts bcast > wins support = yes > dns proxy = no > ea support = yes > enable asu support = yes > time server = yes > deadtime = 10 > max log size = 4096 > hide unreadable = yes > hide dot files = no > template shell = /bin/false > veto oplock files = /*.pst/*.nsf/*.doc/*.xls/*.mdb/ > > client lanman auth = no > client ntlmv2 auth = yes > client plaintext auth = no > encrypt passwords = yes > lanman auth = no > ntlm auth = yes > null passwords = yes > server signing = auto > server schannel = auto > > passdb backend = > ldapsam:ldaps://ldap.internal.bright-prospects.com/ obey pam restrictions > = no > ldap ssl = no > ldap admin dn = > "uid=ntadmin,ou=System,ou=User,dc=bright-prospects,dc=co > m" > ldap suffix = dc=bright-prospects,dc=com > ldap machine suffix = sambaDomainName=N2HA,ou=Network > ldap user suffix = ou=People,ou=User > ldap group suffix = ou=Group > ldap idmap suffix = ou=IdMap,ou=Network > ldap passwd sync = yes > ldap delete dn = no > > add user script = /home/admin/bin/smbldap-useradd -m %u > delete user script = /home/admin/bin/smbldap-userdel %u > add machine script = /home/admin/bin/smbldap-useradd -w %u > add group script = /home/admin/bin/smbldap-groupadd -p %g > #delete group script = /home/admin/bin/smbldap-groupdel %g > add user to group script = /home/admin/bin/smbldap-groupmod -m %u > %g delete user from group script = /home/admin/bin/smbldap-groupmod -x %u > % > g > set primary group script = /home/admin/bin/smbldap-usermod -g %g %u > passwd program = /home/admin/bin/smbldap-passwd %u > > vfs objects = extd_audit recycle > recycle: directory_mode = 0770 > recycle: keeptree = 1 > recycle: touch = 1 > recycle: minsize = 1 > recycle: maxsize = 5000000 > recycle: exclude = *.tmp *.temp ~$* *.obj *.~?? > recycle: exclude_dir = /RealTimeBackup > ;vscan-clamav: config-file = /etc/samba/vscan-clamav.conf > > [homes] > comment = Home Directories > ;valid users = %S, %D%w%S > browseable = No > read only = No > inherit acls = Yes > ; > locking = no > hide files = /.*/desktop.ini/thumbs.db/*.bitmap/NTUSER.*/ > hide special files = yes > path = /home/%S > [profiles] > comment = Network Profiles Service > ;path = %H > read only = No > store dos attributes = Yes > create mask = 0600 > directory mask = 0700 > ; > hide files = /desktop.ini/thumbs.db/*.bitmap/ > guest ok = yes > path = /home/profiles > [users] > comment = All users > path = /home > read only = No > inherit acls = Yes > veto files = /aquota.user/groups/shares/ > [groups] > comment = All groups > path = /home/groups > read only = No > inherit acls = Yes > [printers] > comment = All Printers > path = /var/tmp > printable = Yes > create mask = 0600 > browseable = No > [print$] > comment = Printer Drivers > path = /var/lib/samba/drivers > write list = @ntadmin root > force group = ntadmin > create mask = 0664 > directory mask = 0775 > From andreas.moroder at sb-brixen.it Thu Jan 14 04:40:44 2010 From: andreas.moroder at sb-brixen.it (Andreas Moroder) Date: Thu, 14 Jan 2010 12:40:44 +0100 Subject: [Samba] concurrent ms access usage does not work with 3.4.3 In-Reply-To: <4B4DE860.10605@gmail.com> References: <4B4DE860.10605@gmail.com> Message-ID: > It sounds like the users no longer have the appropriate permissions to > create/modify the appropriate temporary files. > My guess is that when you upgraded to 3.4.3 you enabled more > fine-grained ACL support. > > > What OS and file system? Do you have ACL support? I can't speak for > MS Access, but I did find that MS Word, Excel, PowerPoint and will often > explicitly modify file permissions in a way that could result in the > user loosing access. This was on solaris, when we changed migrated > from UFS to ZFS file system. For example, if a file was set to be 660 > in unix, the "user and group can read and write but everyone else is not > allowed" in unix would be treated as "everyone is denied even the user > and group" in Windows. If you check the permissions under windows you > would see that a deny entry was overriding the allow entries. > > Hello Gaiseric, we use SUSE LINUX Enterprise Server 9 (i586) Kernel 2.6.5-7.252-smp with ACL enabled. The point is, that they can all use the program as long as they don't use it togheter. Thanks Andreas From dgcoventry at gmail.com Thu Jan 14 05:28:19 2010 From: dgcoventry at gmail.com (Dave Coventry) Date: Thu, 14 Jan 2010 14:28:19 +0200 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001130909s1a96ace7gceee7761d1afbf6d@mail.gmail.com> References: <4cba5adc1001120518o3600d128s64c96e89f39e1047@mail.gmail.com> <4B4CBA1B.9010705@rogers.com> <4cba5adc1001121111y3842860fvf7541961823670b9@mail.gmail.com> <4B4CDF67.4060303@rogers.com> <4cba5adc1001122304o419615a1y14348da80799957c@mail.gmail.com> <4cba5adc1001122311ieef9e8era98dc542f34ad364@mail.gmail.com> <4cba5adc1001130058l7c72f38aqce764c669b07b6c6@mail.gmail.com> <4cba5adc1001130623g6b0edc7bycb69521d8ce6d324@mail.gmail.com> <4B4DF5CA.6060600@rogers.com> <4cba5adc1001130909s1a96ace7gceee7761d1afbf6d@mail.gmail.com> Message-ID: <4cba5adc1001140428l39a07ff3p188dda09032496ab@mail.gmail.com> The user seems to be logging on okay (I can't check that she's using her own login because I'm off-site). However, I'm still getting this in the /var/log/samba/log.reception server:~# tail /var/log/samba/log.reception [2010/01/14 14:23:40, 0] param/loadparm.c:process_usershare_file(8287) process_usershare_file: stat of /var/lib/samba/usershares/patienc failed. Permission denied [2010/01/14 14:23:40, 0] param/loadparm.c:process_usershare_file(8287) process_usershare_file: stat of /var/lib/samba/usershares/patienc failed. No such file or directory [2010/01/14 14:23:40, 0] smbd/service.c:make_connection(1370) reception (::ffff:192.168.1.7) couldn't find service patienc [2010/01/14 14:23:40, 0] param/loadparm.c:process_usershare_file(8287) process_usershare_file: stat of /var/lib/samba/usershares/patienc failed. No such file or directory [2010/01/14 14:23:40, 0] smbd/service.c:make_connection(1370) reception (::ffff:192.168.1.7) couldn't find service patienc Should I be worried? From marcin.giedz at arise.pl Thu Jan 14 05:28:34 2010 From: marcin.giedz at arise.pl (Marcin Giedz) Date: Thu, 14 Jan 2010 13:28:34 +0100 Subject: [Samba] Upgrading from samba-3.0.34 to 3.4.4 - result: domain controller unavailable In-Reply-To: <4B4E3970.3030304@arise.pl> References: <4B4E3970.3030304@arise.pl> Message-ID: <4B4F0DF2.7000308@arise.pl> Marcin Giedz pisze: nobody ;) ok further investigation... [2010/01/13 21:21:16, 2] lib/interface.c:340(add_interface) added interface eth0 ip=192.168.89.3 bcast=192.168.89.255 netmask=255.255.255.0 [2010/01/13 21:21:16, 2] lib/interface.c:463(interpret_interface) interpret_interface: using netmask value 24 from config file on interface eth0.90 [2010/01/13 21:21:16, 2] lib/interface.c:340(add_interface) added interface eth0.90 ip=192.168.90.3 bcast=192.168.90.255 netmask=255.255.255.0 [2010/01/13 21:21:16, 2] lib/smbldap_util.c:277(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=XXX))] [2010/01/13 21:21:16, 2] lib/smbldap.c:856(smbldap_open_connection) smbldap_open_connection: connection opened [2010/01/13 21:21:17, 2] lib/util_sock.c:938(open_socket_in) bind failed on port 445 socket_addr = 0.0.0.0. Error = Address already in use [2010/01/13 21:21:17, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/01/13 21:21:17, 2] lib/util_sock.c:938(open_socket_in) bind failed on port 139 socket_addr = 0.0.0.0. Error = Address already in use [2010/01/13 21:21:17, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/01/13 21:21:17, 2] smbd/server.c:676(smbd_parent_loop) waiting for connections Could this be the problem of "domain unavailable"? I have only ONE smbd and nmbd deamon starting in my /etc/init.d/samba script : /opt/samba-3.4.4/sbin/smbd -D; /opt/samba-3.4.4/sbin/nmbd -D; doing netstat -an gives me some tcp6 samba related items... I can't find such things running 3.0.34 ON the same machine. My smb.conf file only defines interfaces = 192.168.89.0/24 192.168.90.0/24. But then again: 3.0.34 works perfect, 3.4.4 doesn't ....... I also found this problem in host related log file in samba whenever I try to login into domain: [2010/01/13 21:22:24, 2] lib/smbldap.c:856(smbldap_open_connection) smbldap_open_connection: connection opened [2010/01/13 21:22:24, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER Thanks, Marcin > Hi. > > Today I upgraded samba from 3.0.34 to 3.4.4 without changing anything > in smb.conf but with changing local and domain sid: > old samba 1) net getdomainsid and getlocalsid > new samba 2) net setdomainsid and setlocalsid to ones (both the same) > from 1) > > after restarting samba I can't log into domain: XP says : domain > controller unavailable ... I tried to rejoin domain - and I can ;) > however again login fails with such message. > > Switching back to 3.0.34 results in proper log in > > What can be wrong? Have I forgotten abut something? > > Thanks, > Marcin > > From brajeshkumar_shrivas at symantec.com Thu Jan 14 05:31:09 2010 From: brajeshkumar_shrivas at symantec.com (Brajesh Shrivastava) Date: Thu, 14 Jan 2010 18:01:09 +0530 Subject: [Samba] username map is not working properly Message-ID: <4B4F0E8D.8070705@symantec.com> I have specified path for 'username map' in smb.conf. I have a single entry in smb.conf: brajesh_01:~ # cat $mapfile root = SFSDEV\administrator brajesh_01:~ # I have a share 'share1' on file system fs1 which is exported to the Windows users. When I create a folder 'check1' inside the share share1, then user and group permission is properly assigned to the mapped user 'root' as expected. Please see here: brajesh_01:~ # ls -l /vx/fs2/ total 0 drwxrwxr-x+ 2 root root 96 2010-01-14 06:55 check1 brajesh_01:~ # If I delete the mapping and create another folder 'check2' then permission is still being assigned to the earlier mapped user 'root' even after reloading the smb.conf. brajesh_01:~ # cat $mapfile <--No entry in the map file now brajesh_01:~ # /etc/init.d/smb reload Reloading Samba SMB daemon done brajesh_01:~ # brajesh_01:~ # ls -l /vx/fs2/ total 0 drwxrwxr-x+ 2 root root 96 2010-01-14 06:55 check1 drwxrwxr-x+ 2 root root 96 2010-01-14 06:56 check2 brajesh_01:~ # I know, if I restart the Samba then everything will work fine. But, I don't want to restart the samba, because it may terminate the IO on another share. Is there any workaround to come out with this problem without restarting the samba daemon. I am using Samba 3.2.11 on Suse linux. Please, help me to resolve this issue. Thanks From eero.volotinen at iki.fi Thu Jan 14 05:34:11 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Thu, 14 Jan 2010 14:34:11 +0200 Subject: [Samba] username map is not working properly In-Reply-To: <4B4F0E8D.8070705@symantec.com> References: <4B4F0E8D.8070705@symantec.com> Message-ID: <20100114143411.wfbayaikg0o0g8og@webmail.welho.com> > I know, if I restart the Samba then everything will work fine. But, I > don't want to restart the samba, because it may terminate the IO on > another share. Is there any workaround to come out with this problem > without restarting the samba daemon. I am using Samba 3.2.11 on Suse > linux. Please, help me to resolve this issue. from url: http://www.samba.org/samba/docs/man/manpages-3/smbd.8.html "The configuration file, and any files that it includes, are automatically reloaded every minute, if they change. You can force a reload by sending a SIGHUP to the server. Reloading the configuration file will not affect connections to any service that is already established. Either the user will have to disconnect from the service, or smbd killed and restarted." -- Eero From kseeger at samba.org Thu Jan 14 05:44:07 2010 From: kseeger at samba.org (Karolin Seeger) Date: Thu, 14 Jan 2010 13:44:07 +0100 Subject: [Samba] Samba 3.3.10 Available for Download Message-ID: =================================================================== "If you?re ridin? ahead of the herd, take a look back every now and then to make sure it?s still there with ya." Cowboy Proverb =================================================================== Release Announcements ===================== This is the latest bugfix release of the Samba 3.3 series. Major enhancements in Samba 3.3.10 include: o Fix changing of ACLs on writable file with "dos filemode=yes" (bug #5202). o Fix smbd crashes in dns_register_smbd_reply (bug #6696). o Fix Winbind crashes when queried from nss (bug #6889). o Fix Winbind crash when retrieving empty group members (bug #7014). o Fix interdomain trusts with Win2008R2 (bug #6697). ###################################################################### Changes ####### Changes since 3.3.9 ------------------- o Michael Adam * BUG 6910: Fix "idmap backend" with multiple LDAP servers specified. o Jeremy Allison * BUG 5202: Fix changing of ACLs on writable file with "dos filemode=yes". * BUG 6696: Fix smbd crashes (signal 11) in dns_register_smbd_reply. * BUG 6828: Fix infinite timeout when byte lock held outside of Samba. * BUG 6829: Fix special characters in smbclient output. * BUG 6867: trans2findnext returns reply_nterror(req, ntstatus) in a directory with a lot of files. * BUG 6875: Fix operations on OS/2 clients. * BUG 6880: Fix listing of workgroup servers. * BUG 6939: Fix long filenames when "mangling method = hash" is set. * BUG 7005: "mangling method = hash" truncates files with dot '. ' character. o Olaf Flebbe * BUG 6805: Correctly handle aio_error() and errno. o G?nther Deschner * BUG 6697: Fix interdomain trusts with Win2008R2. * BUG 6868: Support building of cifs.upcall with Heimdal as well with MIT. * BUG 6889: Fix Winbind crashes when queried from nss. * BUG 6929: Fix build with recent Heimdal. * Fix the build of the winbind krb5 locator plugin. * Fix compile of winbind_krb5_locator with recent Heimdal versions. * Fix the build on Mac OS X 10.6.2. o Jeff Layton * BUG 6810: Backport support for finding alternate credcaches. * Use pid value from kernel to determine KRB5CCNAME to use in cifs.upcall. o Volker Lendecke * BUG 6338: 'net rpc trustdom list' always displays "none". * BUG 6793: Fix segfault in winbindd_pam_auth. * BUG 6850: Fix shadow copy display on Windows 7. * BUG 6973: Fix a segfault in 'net'. * Fix the build of cifs.upcall. o Jim McDonough * BUG 7014: Fix Winbind crash when retrieving empty group members. o Stefan Metzmacher * BUG 6157: Restore Samba 3.0.x behavior and use the first "uid" value. * BUG 6642: Fix opening the quota magic file. * BUG 6856: Fix the build of the GPFS VFS module with headers only. * BUG 6919: Fix remote quota management. o Timothy Miller * BUG 6696: Fix smbd crashes when using mdns (not avahi) support. o Andrew Tridgell * BUG 6918: Fix krb5 build problem on Ubuntu Karmic. o Jelmer Vernooij * 6918: Fix the build with krb5-client-1.7-6.1. o Bo Yang * BUG 6811: pam_winbind references freed memory. * BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. * BUG 6840: Fix crash in pam_winbind. ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.10.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From joshua.peacock at Fiserv.com Thu Jan 14 06:26:55 2010 From: joshua.peacock at Fiserv.com (Peacock, Joshua) Date: Thu, 14 Jan 2010 07:26:55 -0600 Subject: [Samba] AIX and DFS Message-ID: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> Hello all I am running into a problem and hoping you can provide a little guidance. I am currently running 3.3.7 downloaded and installed from pware Config file has the following [global] # Workgroup section workgroup = DOMAIN server string = installs-aix Samba Server local master = no # Logging section log file = /usr/local/samba/var/log.%m log level = 10 syslog = 5 vfs object = extd_audit # Security section security = ADS realm = REALM.COM use spnego = yes winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes winbind separator = + idmap uid = 6000-20000 idmap gid = 6000-20000 encrypt passwords = yes host msdfs = yes load printers = no browsable = no socket options = TCP_NODELAY deadtime = 10 [dfs] comment = main location for all shares path = /usr/local/dfsroot browseable = yes msdfs root = yes Log File shows this [2010/01/13 23:12:44, 0] smbd/msdfs.c:is_msdfs_link_internal(447) is_msdfs_link_read_target: Error reading msdfs link ./test: Result too large [2010/01/13 23:12:44, 5] smbd/trans2.c:get_lanman2_dir_entry(1400) get_lanman2_dir_entry:Couldn't stat [./test] (No such file or directory) dfsroot dir has the following in it ls -la /usr/local/dfsroot/ total 0 drwxr-xr-x 2 root system 256 Jan 13 23:11 . drwxr-xr-x 7 root system 256 Jan 13 21:09 .. lrwxrwxrwx 1 root system 18 Jan 13 23:11 test -> msdfs:convert\conv I get the same error if attempting the connection from linux smbclient or windows xp This seems to be very similar to the following post http://lists.samba.org/archive/samba-technical/2009-May/064512.html Thanks for Your Help Josh This message is intended only for the persons or entities to which it is addressed. The information transmitted herein may contain proprietary or confidential material. Review, reproduction, retransmission, distribution, disclosure or other use, and any consequent action taken by persons or entities other than intended recipients, are prohibited and may be unlawful. If you are not the intended recipient, please delete this information from your system and contact the sender. The information contained herein is subject to change without notice. Although reasonable precautions have been taken to ensure that no viruses are present, the sender makes no warranty or guaranty with respect thereto, and is not responsible for any loss or damage arising from the receipt or use of this e-mail or attachments hereto. From andreas.moroder at sb-brixen.it Thu Jan 14 07:07:30 2010 From: andreas.moroder at sb-brixen.it (Andreas Moroder) Date: Thu, 14 Jan 2010 15:07:30 +0100 Subject: [Samba] Feedback to getting to samba 4 blog Message-ID: Hello, I did not find a way tu put my opinion to the blog so I answer here. I hope this is ok. We ( a public hospital ) are one of the few that have no AD, because I wanted to wait that samba has this functionality. Every solution that give us the stability of samba and also AD is ok for us, but please this year, otherwise I will be force to start with MS AD. Thanks Andreas From Volker.Lendecke at SerNet.DE Thu Jan 14 07:22:26 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Thu, 14 Jan 2010 15:22:26 +0100 Subject: [Samba] AIX and DFS In-Reply-To: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> Message-ID: On Thu, Jan 14, 2010 at 07:26:55AM -0600, Peacock, Joshua wrote: > This seems to be very similar to the following post > http://lists.samba.org/archive/samba-technical/2009-May/064512.html Reading that thread Miguel promised to recompile after changing the hint I gave him in http://lists.samba.org/archive/samba-technical/2009-May/064520.html We did not hear back from him, so I would guess this has fixed it for him. You might also want to try this. Please give feedback for it if it works, we might want to add a configure check for it and put it into the normal Samba distro. Thanks, Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From gaiseric.vandal at gmail.com Thu Jan 14 08:03:33 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Thu, 14 Jan 2010 10:03:33 -0500 Subject: [Samba] User and GRoup mapping In-Reply-To: <4B4E73BD.9020600@steinmetznet.com> References: <4B4E3D85.3050701@steinmetznet.com> <4B4E45B2.9010109@gmail.com> <4B4E73BD.9020600@steinmetznet.com> Message-ID: <4B4F3245.80001@gmail.com> The PDC may also have an idmap range but I think, unless you ldap as a backend, they will not necessary be the same. If I set the permissions for a file under unix to be accessible to unix rob, and rob from windows tries to read the file- I think what happens is it will try to map "DOMAIN\rob" to the local unix rob and still allow access. If you tail the various samba logs you should see it trying to map the windows user to the unix user. I think I had to set the samba share as public and then rely on the file system ACL's to restrict files. This is because, for verifying access to the shares, the user mapping wasn't working properly. Typically, in my environment, the main bulk of the files for both samba and nfs access was on one machine, which was also the PDC. The other samba machines were typically machines used primarily by unix users who needed to share some data with windows users. This was a workaround that met the limited requirements of our situation. This is with Samba 3.0.x. I am hoping when I move to Samba 3.4.x a lot of this stuff will work better. On 01/13/10 20:30, Robert Steinmetz wrote: > You are correct that the member machine has an idmap range, but so > does the PDC. Are you suggesting that in a simple setup (two nearly > identical servers) where users and groups are manually coordinated > that isn't necessary? > > Gaiseric Vandal wrote: >> On the PDC, both the unix and samba account info is on that >> machine. The samba user info includes which is the local unix user. >> On the member server, the samba account info is pulled from the >> PDC. Which means that even both unix machines have identical >> unix accounts (e.g. the same /etc/passwd and /etc/group file, or use >> NIS, NIS+ or LDAP) winbind ignores this. Your member machine >> probably has an idmap range - so that samba can assign unix uid and >> gid's for the "foreign" samba accounts. (Even though you would >> think this isn't necessary.) >> >> >> I found this wasn't so much a problem if most of the permission >> management was handle on the unix level- but the moment you started >> setting perms in windows the "rob 1000" and "rob 10020" became a >> problem. This bugged me for years. >> >> My first work around was to use LDAP for the IDMAP backend and then >> manually edit the uid and gid fields in the idmap entries to match >> the unix ones. In the end, I changed everything to an ldap backend >> and changed the member server to a BDC. > -- > Robert Steinmetz, AIA > Principal > Steinmetz & Associates From obnox at samba.org Thu Jan 14 08:04:36 2010 From: obnox at samba.org (Michael Adam) Date: Thu, 14 Jan 2010 16:04:36 +0100 Subject: [Samba] Samba 3.4.4 document bug In-Reply-To: <20100108081919.GB24603@mail.linux.bs1.fc.nec.co.jp> References: <20100108081919.GB24603@mail.linux.bs1.fc.nec.co.jp> Message-ID: Hi, ITPFS oota wrote: > in pdbedit.8.xml, I found bug. > > in version 3.4.4 ,add -K|--kickoff-time option, > > but, it not found in > > pdbedit > -L > -v > -w > -u username > -f fullname > -h homedir > -D drive > -S script > -p profile > <----here? > -a > -t, --password-from-stdin > -m > -r > -x thanks for noting this! I filed a bug report for this: https://bugzilla.samba.org/show_bug.cgi?id=7041 Patches for 3.4 and 3.5(pre) are attached to the bug. It is fixed in master. Cheers - Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 206 bytes Desc: not available URL: From joshua.peacock at Fiserv.com Thu Jan 14 08:05:27 2010 From: joshua.peacock at Fiserv.com (Peacock, Joshua) Date: Thu, 14 Jan 2010 09:05:27 -0600 Subject: [Samba] AIX and DFS In-Reply-To: References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> Message-ID: <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> https://bugzilla.samba.org/show_bug.cgi?id=6330 Miguel sent me the following bug report which states its fixed in 3.3.5 Does this mean it needs to be compiled with an option to define HAVE_BROKEN_READLINK? Thanks Josh -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Sent: Thursday, January 14, 2010 8:22 AM To: Peacock, Joshua Cc: samba at lists.samba.org Subject: Re: [Samba] AIX and DFS On Thu, Jan 14, 2010 at 07:26:55AM -0600, Peacock, Joshua wrote: > This seems to be very similar to the following post > http://lists.samba.org/archive/samba-technical/2009-May/064512.html Reading that thread Miguel promised to recompile after changing the hint I gave him in http://lists.samba.org/archive/samba-technical/2009-May/064520.html We did not hear back from him, so I would guess this has fixed it for him. You might also want to try this. Please give feedback for it if it works, we might want to add a configure check for it and put it into the normal Samba distro. Thanks, Volker This message is intended only for the persons or entities to which it is addressed. The information transmitted herein may contain proprietary or confidential material. Review, reproduction, retransmission, distribution, disclosure or other use, and any consequent action taken by persons or entities other than intended recipients, are prohibited and may be unlawful. If you are not the intended recipient, please delete this information from your system and contact the sender. The information contained herein is subject to change without notice. Although reasonable precautions have been taken to ensure that no viruses are present, the sender makes no warranty or guaranty with respect thereto, and is not responsible for any loss or damage arising from the receipt or use of this e-mail or attachments hereto. From Volker.Lendecke at SerNet.DE Thu Jan 14 08:48:21 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Thu, 14 Jan 2010 16:48:21 +0100 Subject: [Samba] AIX and DFS In-Reply-To: <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> Message-ID: On Thu, Jan 14, 2010 at 09:05:27AM -0600, Peacock, Joshua wrote: > https://bugzilla.samba.org/show_bug.cgi?id=6330 Heh, too much going on for my aging brain... > Miguel sent me the following bug report which states its fixed in 3.3.5 > > Does this mean it needs to be compiled with an option to define > HAVE_BROKEN_READLINK? It should have figured that out itself if it is indeed fixed in 3.3.5. Can you post your config.log file somewhere? Thanks, Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From soonerdew at gmail.com Thu Jan 14 09:10:55 2010 From: soonerdew at gmail.com (David Whitney) Date: Thu, 14 Jan 2010 10:10:55 -0600 Subject: [Samba] Help - Cannot join Windows 7 client to Samba PDC In-Reply-To: <201001141103.22734.nf-vale@critical-links.com> References: <1D8B2718BBE44A9B81018FB13BF37DD8@IBMRBASCH> <201001141103.22734.nf-vale@critical-links.com> Message-ID: For what its worth, I've encountered this trust failing issue a couple of times. These two solutions allowed me to solve it without rejoining the domain: * Set RequireStrongKey to 0 This solved a problem with a Win7 box immediately in one instance. Won't promise that's the *prescribed* setting, just know it solved a problem for me. * Resync the time source of the client computer with the same source used by the DC. This has worked for me more than once. Again, won't promise to fully understand why, except to speculate something getting out of sync with regard to machine password validity date ranges, but all I can say is that I had this domain trust failure with a box, and after the time resync, the problem went away. On Thu, Jan 14, 2010 at 5:03 AM, nf-vale wrote: > Make sure that this settings are as follows: > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] > ?RequireSignOrSeal?=dword:00000001 > ?RequireStrongKey?=dword:00000001 > > It helped solve a problem like the one you're having. > > On Thursday 14 January 2010 09:27:08 Richard Basch wrote: > > I have been going through all the Wikis and various Google searches to > try > > to solve my problem, all to no avail. > > > > I can mount a Samba share, but whenever I try to login using a domain > > account, I receive an error about "The trust relationship between this > > workstation and the primary domain failed." > > > > What I have done so far, all to no avail. > > - Upgraded from Samba 3.4.2 to Samba 3.4.4 (under OpenSUSE 11.2) > > - Edited the registry settings on my Windows 7 client > > HKLM\System\CCS\Services\LanmanWorkstation\Parameters > > DWORD DomainCompatibilityMode = 1 > > DWORD DNSNameResolutionRequired = 0 > > (I also tried reducing the security requirements for signing & > encryption, > > but have read this is not required with current versions of Samba.) > > > > (And, I am running Windows 7 Professional on my client.) > > > > "testparm -v" indicates my smb.conf is valid, and I am able to mount > > shares, which is a positive indication the OpenLDAP integration is > > working. I am running OpenLDAP 2.4.15 or higher on all my LDAP servers > (I > > think they are all 2.4.19 - 2.4.21). > > > > DNS is static, with none of the normal ADS entries. Only the DHCP server > > is allowed to modify DNS (and only the forward map allows updates, since > > DHCP updates of the reverse in-addr.arpa maps were problematic). To > > assist with finding the domain controller, I added the following to > > C:\Windows\System32\Drivers\etc\lmhosts: > > 192.168.15.2 tardis #PRE #DOM:N2HA > > (Thus my attempts to join the domain appear successful, with the > documented > > warnings about the domain suffix. Unfortunately, appearances are > deceiving > > when I actually try to login using a domain account.) > > > > Attached are entries from my smbd.log and C:\Windows\debug\NetSetup.log > and > > smb.conf. > > > > Any assistance or guidance would be greatly appreciated. > > > > log.smbd > > ======== > > [2010/01/14 03:31:38, 0] > > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. > Rejecting > > auth request from client BAST machine account BAST$ > > [2010/01/14 03:31:38, 0] > > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. > Rejecting > > auth request from client BAST machine account BAST$ > > [2010/01/14 03:31:48, 0] lib/util_sock.c:539(read_fd_with_timeout) > > [2010/01/14 03:31:48, 0] lib/util_sock.c:1491(get_peer_addr_internal) > > getpeername failed. Error was Transport endpoint is not connected > > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > > peer. > > [2010/01/14 03:33:17, 0] > > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. > Rejecting > > auth request from client BAST machine account BAST$ > > [2010/01/14 03:33:17, 0] > > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. > Rejecting > > auth request from client BAST machine account BAST$ > > [2010/01/14 03:33:30, 0] lib/util_sock.c:539(read_fd_with_timeout) > > [2010/01/14 03:33:30, 0] lib/util_sock.c:1491(get_peer_addr_internal) > > getpeername failed. Error was Transport endpoint is not connected > > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > > peer. > > [2010/01/14 03:34:18, 0] lib/util_sock.c:539(read_fd_with_timeout) > > [2010/01/14 03:34:18, 0] lib/util_sock.c:1491(get_peer_addr_internal) > > getpeername failed. Error was Transport endpoint is not connected > > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > > peer. > > > > > > C:\Windows\debug\NetSetup.log > > ============================= > > 01/13/2010 23:36:18:337 NetpJoinDomain: status of connecting to dc > > '\\TARDIS': 0x0 > > 01/13/2010 23:36:18:337 NetpProvisionComputerAccount: > > 01/13/2010 23:36:18:337 lpDomain: N2HA > > 01/13/2010 23:36:18:337 lpMachineName: BAST > > 01/13/2010 23:36:18:337 lpMachineAccountOU: (NULL) > > 01/13/2010 23:36:18:337 lpDcName: TARDIS > > 01/13/2010 23:36:18:337 lpDnsHostName: (NULL) > > 01/13/2010 23:36:18:337 lpMachinePassword: (null) > > 01/13/2010 23:36:18:337 lpAccount: N2HA\ntadmin > > 01/13/2010 23:36:18:337 lpPassword: (non-null) > > 01/13/2010 23:36:18:337 dwJoinOptions: 0x25 > > 01/13/2010 23:36:18:337 dwOptions: 0x40000003 > > 01/13/2010 23:36:18:352 NetpLdapBind: ldap_bind failed on TARDIS: 49: > > Invalid Credentials > > 01/13/2010 23:36:18:426 NetpGetLsaPrimaryDomain: DNS Domain policy not > > supported, falling back to Primary Domain > > 01/13/2010 23:36:18:430 NetpGetLsaPrimaryDomain: status: 0x0 > > 01/13/2010 23:36:18:432 NetpCreateComputerObjectInDs: DC passed > '\\TARDIS' > > doesn't have writable DS 0x101 > > 01/13/2010 23:36:18:432 NetpProvisionComputerAccount: LDAP creation > failed: > > 0x32 > > 01/13/2010 23:36:18:432 NetpJoinDomainOnDs: Function exits with status > of: > > 0x32 > > 01/13/2010 23:36:18:434 NetpJoinDomainOnDs: status of disconnecting from > > '\\TARDIS': 0x0 > > 01/13/2010 23:36:18:434 NetpDoDomainJoin: status: 0x32 > > 01/13/2010 23:36:18:450 > > ----------------------------------------------------------------- > > 01/13/2010 23:36:18:450 NetpDoDomainJoin > > 01/13/2010 23:36:18:450 NetpMachineValidToJoin: 'BAST' > > 01/13/2010 23:36:18:450 OS Version: 6.1 > > 01/13/2010 23:36:18:450 Build number: 7600 > > (7600.win7_rtm.090713-1255) > > 01/13/2010 23:36:18:451 SKU: Windows 7 Professional > > 01/13/2010 23:36:18:451 NetpDomainJoinLicensingCheck: ulLicenseValue=1, > > Status: 0x0 > > 01/13/2010 23:36:18:452 NetpGetLsaPrimaryDomain: status: 0x0 > > 01/13/2010 23:36:18:453 NetpMachineValidToJoin: status: 0x0 > > 01/13/2010 23:36:18:453 NetpJoinDomain > > 01/13/2010 23:36:18:453 Machine: BAST > > 01/13/2010 23:36:18:453 Domain: N2HA > > 01/13/2010 23:36:18:453 MachineAccountOU: (NULL) > > 01/13/2010 23:36:18:453 Account: N2HA\ntadmin > > 01/13/2010 23:36:18:453 Options: 0x27 > > 01/13/2010 23:36:18:453 NetpLoadParameters: loading registry > parameters... > > 01/13/2010 23:36:18:453 NetpLoadParameters: status: > > DNSNameResolutionRequired set to '0' > > 01/13/2010 23:36:18:453 NetpLoadParameters: status: > DomainCompatibilityMode > > set to '1' > > 01/13/2010 23:36:18:453 NetpLoadParameters: status: 0x0 > > 01/13/2010 23:36:18:453 NetpValidateName: checking to see if 'N2HA' is > > valid as type 3 name > > 01/13/2010 23:36:18:554 NetpCheckDomainNameIsValid [ Exists ] for 'N2HA' > > returned 0x0 > > 01/13/2010 23:36:18:554 NetpValidateName: name 'N2HA' is valid for type 3 > > 01/13/2010 23:36:18:554 NetpDsGetDcName: trying to find DC in domain > > 'N2HA', flags: 0x1020 > > 01/13/2010 23:36:18:755 NetpLoadParameters: loading registry > parameters... > > 01/13/2010 23:36:18:755 NetpLoadParameters: status: > > DNSNameResolutionRequired set to '0' > > 01/13/2010 23:36:18:755 NetpLoadParameters: status: > DomainCompatibilityMode > > set to '1' > > 01/13/2010 23:36:18:755 NetpLoadParameters: status: 0x0 > > 01/13/2010 23:36:18:755 NetpDsGetDcName: found DC '\\TARDIS' in the > > specified domain > > 01/13/2010 23:36:18:755 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 > > 01/13/2010 23:36:18:756 NetpJoinDomain: status of connecting to dc > > '\\TARDIS': 0x0 > > 01/13/2010 23:36:18:756 NetpProvisionComputerAccount: > > 01/13/2010 23:36:18:756 lpDomain: N2HA > > 01/13/2010 23:36:18:756 lpMachineName: BAST > > 01/13/2010 23:36:18:756 lpMachineAccountOU: (NULL) > > 01/13/2010 23:36:18:756 lpDcName: TARDIS > > 01/13/2010 23:36:18:756 lpDnsHostName: (NULL) > > 01/13/2010 23:36:18:756 lpMachinePassword: (null) > > 01/13/2010 23:36:18:756 lpAccount: N2HA\ntadmin > > 01/13/2010 23:36:18:756 lpPassword: (non-null) > > 01/13/2010 23:36:18:756 dwJoinOptions: 0x27 > > 01/13/2010 23:36:18:756 dwOptions: 0x40000003 > > 01/13/2010 23:36:18:764 NetpLdapBind: ldap_bind failed on TARDIS: 49: > > Invalid Credentials > > 01/13/2010 23:36:18:773 NetpGetLsaPrimaryDomain: DNS Domain policy not > > supported, falling back to Primary Domain > > 01/13/2010 23:36:18:776 NetpGetLsaPrimaryDomain: status: 0x0 > > 01/13/2010 23:36:18:779 NetpCreateComputerObjectInDs: DC passed > '\\TARDIS' > > doesn't have writable DS 0x101 > > 01/13/2010 23:36:18:779 NetpProvisionComputerAccount: LDAP creation > failed: > > 0x32 > > 01/13/2010 23:36:18:779 NetpProvisionComputerAccount: Retrying downlevel > > per options > > 01/13/2010 23:36:18:881 NetpManageMachineAccountWithSid: NetUserAdd on > > 'TARDIS' for 'BAST$' failed: 0x8b0 > > 01/13/2010 23:36:19:287 NetpManageMachineAccountWithSid: status of > > attempting to set password on 'TARDIS' for 'BAST$': 0x0 > > 01/13/2010 23:36:19:287 NetpProvisionComputerAccount: retry status of > > creating account: 0x0 > > 01/13/2010 23:36:19:287 NetpEncodeProvisioningBlob: Encoding provisioning > > data > > 01/13/2010 23:36:19:287 NetpInitBlobWin7: Constructing blob... > > 01/13/2010 23:36:19:287 Blob version: 1 > > > > smb.conf > > ======== > > [global] > > workgroup = N2HA > > realm = INTERNAL.BRIGHT-PROSPECTS.COM > > security = user > > map to guest = Bad User > > usershare allow guests = Yes > > > > server string = %h (Samba %v) > > hosts allow = 192.168.0.0/16 > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > smb ports = 445 139 > > ;os level = 65 > > local master = yes > > domain master = yes > > preferred master = yes > > domain logons = yes > > winbind use default domain = yes > > > > printing = cups > > printcap name = cups > > printcap cache time = 750 > > cups options = raw > > > > name resolve order = wins lmhosts bcast > > wins support = yes > > dns proxy = no > > ea support = yes > > enable asu support = yes > > time server = yes > > deadtime = 10 > > max log size = 4096 > > hide unreadable = yes > > hide dot files = no > > template shell = /bin/false > > veto oplock files = /*.pst/*.nsf/*.doc/*.xls/*.mdb/ > > > > client lanman auth = no > > client ntlmv2 auth = yes > > client plaintext auth = no > > encrypt passwords = yes > > lanman auth = no > > ntlm auth = yes > > null passwords = yes > > server signing = auto > > server schannel = auto > > > > passdb backend = > > ldapsam:ldaps://ldap.internal.bright-prospects.com/ obey pam > restrictions > > = no > > ldap ssl = no > > ldap admin dn = > > "uid=ntadmin,ou=System,ou=User,dc=bright-prospects,dc=co > > m" > > ldap suffix = dc=bright-prospects,dc=com > > ldap machine suffix = sambaDomainName=N2HA,ou=Network > > ldap user suffix = ou=People,ou=User > > ldap group suffix = ou=Group > > ldap idmap suffix = ou=IdMap,ou=Network > > ldap passwd sync = yes > > ldap delete dn = no > > > > add user script = /home/admin/bin/smbldap-useradd -m %u > > delete user script = /home/admin/bin/smbldap-userdel %u > > add machine script = /home/admin/bin/smbldap-useradd -w %u > > add group script = /home/admin/bin/smbldap-groupadd -p %g > > #delete group script = /home/admin/bin/smbldap-groupdel %g > > add user to group script = /home/admin/bin/smbldap-groupmod -m %u > > %g delete user from group script = /home/admin/bin/smbldap-groupmod -x > %u > > % > > g > > set primary group script = /home/admin/bin/smbldap-usermod -g %g > %u > > passwd program = /home/admin/bin/smbldap-passwd %u > > > > vfs objects = extd_audit recycle > > recycle: directory_mode = 0770 > > recycle: keeptree = 1 > > recycle: touch = 1 > > recycle: minsize = 1 > > recycle: maxsize = 5000000 > > recycle: exclude = *.tmp *.temp ~$* *.obj *.~?? > > recycle: exclude_dir = /RealTimeBackup > > ;vscan-clamav: config-file = /etc/samba/vscan-clamav.conf > > > > [homes] > > comment = Home Directories > > ;valid users = %S, %D%w%S > > browseable = No > > read only = No > > inherit acls = Yes > > ; > > locking = no > > hide files = /.*/desktop.ini/thumbs.db/*.bitmap/NTUSER.*/ > > hide special files = yes > > path = /home/%S > > [profiles] > > comment = Network Profiles Service > > ;path = %H > > read only = No > > store dos attributes = Yes > > create mask = 0600 > > directory mask = 0700 > > ; > > hide files = /desktop.ini/thumbs.db/*.bitmap/ > > guest ok = yes > > path = /home/profiles > > [users] > > comment = All users > > path = /home > > read only = No > > inherit acls = Yes > > veto files = /aquota.user/groups/shares/ > > [groups] > > comment = All groups > > path = /home/groups > > read only = No > > inherit acls = Yes > > [printers] > > comment = All Printers > > path = /var/tmp > > printable = Yes > > create mask = 0600 > > browseable = No > > [print$] > > comment = Printer Drivers > > path = /var/lib/samba/drivers > > write list = @ntadmin root > > force group = ntadmin > > create mask = 0664 > > directory mask = 0775 > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > From joshua.peacock at fiserv.com Thu Jan 14 08:59:02 2010 From: joshua.peacock at fiserv.com (Peacock, Joshua) Date: Thu, 14 Jan 2010 09:59:02 -0600 Subject: [Samba] AIX and DFS In-Reply-To: References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> Message-ID: <1774B1C6F7D65448AE964FB69BC08AEE07BF739E@MKEXCHVS3.Mail.Fiserv.net> Thanks for all your help. I am using packages from pware. But I downloaded the the source for 3.3.7 and just ran a configure and I get the following in the config.log samba_cv_HAVE_BROKEN_READLINK=no Which I thought would need to be set to yes. I don't have access to a ftp/sftp site that I can give you access too. How would you like me to get you the log file (92k)? This is AIX 6.1 Thanks -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Sent: Thursday, January 14, 2010 9:48 AM To: Peacock, Joshua Cc: samba at lists.samba.org Subject: Re: [Samba] AIX and DFS On Thu, Jan 14, 2010 at 09:05:27AM -0600, Peacock, Joshua wrote: > https://bugzilla.samba.org/show_bug.cgi?id=6330 Heh, too much going on for my aging brain... > Miguel sent me the following bug report which states its fixed in > 3.3.5 > > Does this mean it needs to be compiled with an option to define > HAVE_BROKEN_READLINK? It should have figured that out itself if it is indeed fixed in 3.3.5. Can you post your config.log file somewhere? Thanks, Volker This message is intended only for the persons or entities to which it is addressed. The information transmitted herein may contain proprietary or confidential material. Review, reproduction, retransmission, distribution, disclosure or other use, and any consequent action taken by persons or entities other than intended recipients, are prohibited and may be unlawful. If you are not the intended recipient, please delete this information from your system and contact the sender. The information contained herein is subject to change without notice. Although reasonable precautions have been taken to ensure that no viruses are present, the sender makes no warranty or guaranty with respect thereto, and is not responsible for any loss or damage arising from the receipt or use of this e-mail or attachments hereto. From rob at steinmetznet.com Thu Jan 14 09:26:35 2010 From: rob at steinmetznet.com (Robert Steinmetz) Date: Thu, 14 Jan 2010 11:26:35 -0500 Subject: [Samba] Different Access to 2 Share with the same smb.conf Message-ID: <4B4F45BB.1020000@steinmetznet.com> I have a problem with accessing two share. Sigma works as expected one Windows always asks for a login name even though their smb.conf entries are the same; I even tried adding public to the Windows share with no success. [Sigma] Comment = Sigma Design Data path = /files/Lucretia/Sigma writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" -- Robert Steinmetz, AIA Principal Steinmetz & Associates From squeezer99 at gmail.com Thu Jan 14 09:28:46 2010 From: squeezer99 at gmail.com (Adam) Date: Thu, 14 Jan 2010 10:28:46 -0600 Subject: [Samba] Strange OpenLDAP errors w/ samba 3.4.3 In-Reply-To: <201001140828.24820.albrecht.dress@lios-tech.com> References: <201001140828.24820.albrecht.dress@lios-tech.com> Message-ID: <4B4F463E.1040003@gmail.com> are you using smbldap-tools? sounds like they may be misconfigured Albrecht Dre? wrote: > Hi all, > > after an upgrade of my Ubuntu 8.04 64-bit box to a self-compiled samba 3.4.3 (Lenny backport dpkg), I see strange error messages in my OpenLDAP log: > > slapd[3388]: do_search: invalid dn (sambaDomainName=,sambaDomainName=,cn=<...>,dc=<...>,dc=<...>) > > Samba seems to work, though, but this message makes me somewhat nervous. > > Any ideas? > > Thanks, Albrecht. > From albrecht.dress at lios-tech.com Thu Jan 14 10:01:42 2010 From: albrecht.dress at lios-tech.com (Albrecht =?utf-8?q?Dre=C3=9F?=) Date: Thu, 14 Jan 2010 18:01:42 +0100 Subject: [Samba] Strange OpenLDAP errors w/ samba 3.4.3 In-Reply-To: <4B4F463E.1040003@gmail.com> References: <201001140828.24820.albrecht.dress@lios-tech.com> <4B4F463E.1040003@gmail.com> Message-ID: <201001141801.42305.albrecht.dress@lios-tech.com> Adam schrieb am Donnerstag 14 Januar 2010 17:28: > are you using smbldap-tools? sounds like they may be misconfigured I do - the relevant entries there look sane afaict, though: sambaDomain="THE-DOMAIN" suffix="cn=<...>,dc=<...>,dc=<...>" usersdn="dc=<...>,dc=<...>" computersdn="ou=SmbComputers,${suffix}" groupsdn="ou=SmbGroups,${suffix}" idmapdn="ou=SmbIdmap,${suffix}" sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" At least, this matches the example... Thanks, Albrecht. From mikeegg1 at mac.com Thu Jan 14 10:05:51 2010 From: mikeegg1 at mac.com (Mike Eggleston) Date: Thu, 14 Jan 2010 11:05:51 -0600 Subject: [Samba] Windows 7 not joining my samba nt pdc domain? Message-ID: <20100114170551.GM21882@mail.mac.com> Morning, I'm running samba 3.3.3 on fedora core 5 (I need to upgrade FC5). I have a new windows 7 box that will not join the domain. Do I need to upgrade to samba 3.4.X or another version? Mike From drescherjm at gmail.com Thu Jan 14 10:07:55 2010 From: drescherjm at gmail.com (John Drescher) Date: Thu, 14 Jan 2010 12:07:55 -0500 Subject: [Samba] Windows 7 not joining my samba nt pdc domain? In-Reply-To: <20100114170551.GM21882@mail.mac.com> References: <20100114170551.GM21882@mail.mac.com> Message-ID: <387ee2021001140907o699c5544obda934c13264ad29@mail.gmail.com> On Thu, Jan 14, 2010 at 12:05 PM, Mike Eggleston wrote: > Morning, > > I'm running samba 3.3.3 on fedora core 5 (I need to upgrade FC5). I have > a new windows 7 box that will not join the domain. Do I need to upgrade > to samba 3.4.X or another version? > http://wiki.samba.org/index.php/Windows7 John From mikeegg1 at mac.com Thu Jan 14 10:13:17 2010 From: mikeegg1 at mac.com (Mike Eggleston) Date: Thu, 14 Jan 2010 11:13:17 -0600 Subject: [Samba] Windows 7 not joining my samba nt pdc domain? In-Reply-To: <387ee2021001140907o699c5544obda934c13264ad29@mail.gmail.com> References: <20100114170551.GM21882@mail.mac.com> <387ee2021001140907o699c5544obda934c13264ad29@mail.gmail.com> Message-ID: <20100114171317.GN21882@mail.mac.com> On Thu, 14 Jan 2010, John Drescher might have said: > On Thu, Jan 14, 2010 at 12:05 PM, Mike Eggleston wrote: > > Morning, > > > > I'm running samba 3.3.3 on fedora core 5 (I need to upgrade FC5). I have > > a new windows 7 box that will not join the domain. Do I need to upgrade > > to samba 3.4.X or another version? > > > http://wiki.samba.org/index.php/Windows7 > > John Very quick, John! Thanks. I'm trying this now. Mike From rob at steinmetznet.com Thu Jan 14 11:11:33 2010 From: rob at steinmetznet.com (Robert Steinmetz) Date: Thu, 14 Jan 2010 13:11:33 -0500 Subject: [Samba] Different Access to 2 Share with the same smb.conf In-Reply-To: <4B4F45BB.1020000@steinmetznet.com> References: <4B4F45BB.1020000@steinmetznet.com> Message-ID: <4B4F5E55.9090500@steinmetznet.com> Replying to my own message, It gets weirder, If I comment out the Force Group Directive on the Windows share it works. Why will on share work with the directive and one won't? Robert Steinmetz wrote: > I have a problem with accessing two share. Sigma works as expected one > Windows always asks for a login name even though their smb.conf > entries are the same; > I even tried adding public to the Windows share with no success. > > > [Sigma] > Comment = Sigma Design Data > path = /files/Lucretia/Sigma > writeable = yes > browseable = yes > create mask = 0764 > directory mask = 0775 > force group = "ATLANTA\domain users" > > [Windows] > comment = Atlanta Windows Files > path = /files/Lucretia/Windows > browseable = yes > writeable = yes > create mask = 0764 > directory mask = 0775 > force group = "ATLANTA\domain users" > -- Robert Steinmetz, AIA Principal Steinmetz & Associates From esiotrot at gmail.com Thu Jan 14 12:14:04 2010 From: esiotrot at gmail.com (Michael Wood) Date: Thu, 14 Jan 2010 21:14:04 +0200 Subject: [Samba] Strange OpenLDAP errors w/ samba 3.4.3 In-Reply-To: <201001140828.24820.albrecht.dress@lios-tech.com> References: <201001140828.24820.albrecht.dress@lios-tech.com> Message-ID: <5a8aa6681001141114q5166aa3av4888f63bb863f261@mail.gmail.com> 2010/1/14 Albrecht Dre? : > Hi all, > > after an upgrade of my Ubuntu 8.04 64-bit box to a self-compiled samba 3.4.3 (Lenny backport dpkg), I see strange error messages in my OpenLDAP log: > > slapd[3388]: do_search: invalid dn (sambaDomainName=,sambaDomainName=,cn=<...>,dc=<...>,dc=<...>) > > Samba seems to work, though, but this message makes me somewhat nervous. > > Any ideas? I don't know where it comes from, but I've seen someone else mention the same thing on this list: http://lists.samba.org/archive/samba/2009-December/152339.html Also a google search turns up some more hits, including this Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557343 -- Michael Wood From jra at samba.org Thu Jan 14 12:21:45 2010 From: jra at samba.org (Jeremy Allison) Date: Thu, 14 Jan 2010 11:21:45 -0800 Subject: [Samba] Samba 3.3.10 Available for Download In-Reply-To: References: Message-ID: <20100114192145.GD29489@samba1> On Thu, Jan 14, 2010 at 01:44:07PM +0100, Karolin Seeger wrote: > =================================================================== > "If you?re ridin? ahead of the herd, > take a look back every now and then > to make sure it?s still there with ya." > > Cowboy Proverb > =================================================================== > > > Release Announcements > ===================== > > This is the latest bugfix release of the Samba 3.3 series. > > Major enhancements in Samba 3.3.10 include: Thanks a *LOT* Karolin for getting this release out ! Much appreciated. Jeremy. From w.jojo at hvcc.edu Thu Jan 14 12:45:19 2010 From: w.jojo at hvcc.edu (William Jojo) Date: Thu, 14 Jan 2010 14:45:19 -0500 Subject: [Samba] AIX and DFS In-Reply-To: <1774B1C6F7D65448AE964FB69BC08AEE07BF739E@MKEXCHVS3.Mail.Fiserv.net> References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF739E@MKEXCHVS3.Mail.Fiserv.net> Message-ID: <4B4F744F.9090408@hvcc.edu> Peacock, Joshua wrote: > Thanks for all your help. I am using packages from pware. > > But I downloaded the the source for 3.3.7 and just ran a configure and I > get the following in the config.log > > samba_cv_HAVE_BROKEN_READLINK=no > > Which I thought would need to be set to yes. > > I don't have access to a ftp/sftp site that I can give you access too. > How would you like me to get you the log file (92k)? > > Just following this thread I did some digging and I think readlink is working as written. :-) http://www1.hrz.tu-darmstadt.de/hhlr/doku/sw/apidiffs.html#readlink http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.basetechref/doc/basetrf2/symlink.htm I think we either need to add AIX to the ifdef or properly handle the ERANGE. The former looks easier. ;-) At any rate, Joshua, are you using the 32- or 64-bit version of 3.3.7? I have a 32-bit patched smbd replacement you can test with the original patch Volker suggested. I can make a 64-bit if you need that. Interested? Cheers, Bill > This is AIX 6.1 > > Thanks > > -----Original Message----- > From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] > Sent: Thursday, January 14, 2010 9:48 AM > To: Peacock, Joshua > Cc: samba at lists.samba.org > Subject: Re: [Samba] AIX and DFS > > On Thu, Jan 14, 2010 at 09:05:27AM -0600, Peacock, Joshua wrote: > >> https://bugzilla.samba.org/show_bug.cgi?id=6330 >> > > Heh, too much going on for my aging brain... > > >> Miguel sent me the following bug report which states its fixed in >> 3.3.5 >> >> Does this mean it needs to be compiled with an option to define >> HAVE_BROKEN_READLINK? >> > > It should have figured that out itself if it is indeed fixed in 3.3.5. > Can you post your config.log file somewhere? > > Thanks, > > Volker > This message is intended only for the persons or entities to which it is > addressed. The information transmitted herein may contain proprietary or > confidential material. Review, reproduction, retransmission, distribution, > disclosure or other use, and any consequent action taken by persons or > entities other than intended recipients, are prohibited and may be unlawful. > If you are not the intended recipient, please delete this information from > your system and contact the sender. The information contained herein is > subject to change without notice. Although reasonable precautions have been > taken to ensure that no viruses are present, the sender makes no warranty > or guaranty with respect thereto, and is not responsible for any loss or > damage arising from the receipt or use of this e-mail or attachments hereto. > > From joshua.peacock at fiserv.com Thu Jan 14 12:53:30 2010 From: joshua.peacock at fiserv.com (Peacock, Joshua) Date: Thu, 14 Jan 2010 13:53:30 -0600 Subject: [Samba] AIX and DFS In-Reply-To: <4B4F744F.9090408@hvcc.edu> References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF739E@MKEXCHVS3.Mail.Fiserv.net> <4B4F744F.9090408@hvcc.edu> Message-ID: <1774B1C6F7D65448AE964FB69BC08AEE07C33E96@MKEXCHVS3.Mail.Fiserv.net> I am running 32bit and I would take that version to do some testing with. Will I need to file a bug report for this? Thanks -----Original Message----- From: William Jojo [mailto:w.jojo at hvcc.edu] Sent: Thursday, January 14, 2010 1:45 PM To: Peacock, Joshua Cc: Volker.Lendecke at SerNet.DE; samba at lists.samba.org Subject: Re: [Samba] AIX and DFS Peacock, Joshua wrote: > Thanks for all your help. I am using packages from pware. > > But I downloaded the the source for 3.3.7 and just ran a configure and I > get the following in the config.log > > samba_cv_HAVE_BROKEN_READLINK=no > > Which I thought would need to be set to yes. > > I don't have access to a ftp/sftp site that I can give you access too. > How would you like me to get you the log file (92k)? > > Just following this thread I did some digging and I think readlink is working as written. :-) http://www1.hrz.tu-darmstadt.de/hhlr/doku/sw/apidiffs.html#readlink http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.i bm.aix.basetechref/doc/basetrf2/symlink.htm I think we either need to add AIX to the ifdef or properly handle the ERANGE. The former looks easier. ;-) At any rate, Joshua, are you using the 32- or 64-bit version of 3.3.7? I have a 32-bit patched smbd replacement you can test with the original patch Volker suggested. I can make a 64-bit if you need that. Interested? Cheers, Bill > This is AIX 6.1 > > Thanks > > -----Original Message----- > From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] > Sent: Thursday, January 14, 2010 9:48 AM > To: Peacock, Joshua > Cc: samba at lists.samba.org > Subject: Re: [Samba] AIX and DFS > > On Thu, Jan 14, 2010 at 09:05:27AM -0600, Peacock, Joshua wrote: > >> https://bugzilla.samba.org/show_bug.cgi?id=6330 >> > > Heh, too much going on for my aging brain... > > >> Miguel sent me the following bug report which states its fixed in >> 3.3.5 >> >> Does this mean it needs to be compiled with an option to define >> HAVE_BROKEN_READLINK? >> > > It should have figured that out itself if it is indeed fixed in 3.3.5. > Can you post your config.log file somewhere? > > Thanks, > > Volker > This message is intended only for the persons or entities to which it is > addressed. The information transmitted herein may contain proprietary or > confidential material. Review, reproduction, retransmission, distribution, > disclosure or other use, and any consequent action taken by persons or > entities other than intended recipients, are prohibited and may be unlawful. > If you are not the intended recipient, please delete this information from > your system and contact the sender. The information contained herein is > subject to change without notice. Although reasonable precautions have been > taken to ensure that no viruses are present, the sender makes no warranty > or guaranty with respect thereto, and is not responsible for any loss or > damage arising from the receipt or use of this e-mail or attachments hereto. > > This message is intended only for the persons or entities to which it is addressed. The information transmitted herein may contain proprietary or confidential material. Review, reproduction, retransmission, distribution, disclosure or other use, and any consequent action taken by persons or entities other than intended recipients, are prohibited and may be unlawful. If you are not the intended recipient, please delete this information from your system and contact the sender. The information contained herein is subject to change without notice. Although reasonable precautions have been taken to ensure that no viruses are present, the sender makes no warranty or guaranty with respect thereto, and is not responsible for any loss or damage arising from the receipt or use of this e-mail or attachments hereto. From w.jojo at hvcc.edu Thu Jan 14 13:12:40 2010 From: w.jojo at hvcc.edu (William Jojo) Date: Thu, 14 Jan 2010 15:12:40 -0500 Subject: [Samba] AIX and DFS In-Reply-To: <1774B1C6F7D65448AE964FB69BC08AEE07C33E96@MKEXCHVS3.Mail.Fiserv.net> References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF739E@MKEXCHVS3.Mail.Fiserv.net> <4B4F744F.9090408@hvcc.edu> <1774B1C6F7D65448AE964FB69BC08AEE07C33E96@MKEXCHVS3.Mail.Fiserv.net> Message-ID: <4B4F7AB8.9050806@hvcc.edu> Peacock, Joshua wrote: > I am running 32bit and I would take that version to do some testing > with. > > Will I need to file a bug report for this? > > The new smbd is here: http://pware.hvcc.edu/download/aix53/joshua/smbd And if this fixes the problem, I'll file the bug and follow up with Volker. Cheers, Bill > Thanks > > -----Original Message----- > From: William Jojo [mailto:w.jojo at hvcc.edu] > Sent: Thursday, January 14, 2010 1:45 PM > To: Peacock, Joshua > Cc: Volker.Lendecke at SerNet.DE; samba at lists.samba.org > Subject: Re: [Samba] AIX and DFS > > Peacock, Joshua wrote: > >> Thanks for all your help. I am using packages from pware. >> >> But I downloaded the the source for 3.3.7 and just ran a configure and >> > I > >> get the following in the config.log >> >> samba_cv_HAVE_BROKEN_READLINK=no >> >> Which I thought would need to be set to yes. >> >> I don't have access to a ftp/sftp site that I can give you access too. >> How would you like me to get you the log file (92k)? >> >> >> > > Just following this thread I did some digging and I think readlink is > working as written. :-) > > http://www1.hrz.tu-darmstadt.de/hhlr/doku/sw/apidiffs.html#readlink > http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.i > bm.aix.basetechref/doc/basetrf2/symlink.htm > > I think we either need to add AIX to the ifdef or properly handle the > ERANGE. The former looks easier. ;-) > > At any rate, Joshua, are you using the 32- or 64-bit version of 3.3.7? I > > have a 32-bit patched smbd replacement you can test with the original > patch Volker suggested. I can make a 64-bit if you need that. > Interested? > > Cheers, > Bill > > > >> This is AIX 6.1 >> >> Thanks >> >> -----Original Message----- >> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] >> Sent: Thursday, January 14, 2010 9:48 AM >> To: Peacock, Joshua >> Cc: samba at lists.samba.org >> Subject: Re: [Samba] AIX and DFS >> >> On Thu, Jan 14, 2010 at 09:05:27AM -0600, Peacock, Joshua wrote: >> >> >>> https://bugzilla.samba.org/show_bug.cgi?id=6330 >>> >>> >> Heh, too much going on for my aging brain... >> >> >> >>> Miguel sent me the following bug report which states its fixed in >>> 3.3.5 >>> >>> Does this mean it needs to be compiled with an option to define >>> HAVE_BROKEN_READLINK? >>> >>> >> It should have figured that out itself if it is indeed fixed in 3.3.5. >> Can you post your config.log file somewhere? >> >> Thanks, >> >> Volker >> This message is intended only for the persons or entities to which it >> > is > >> addressed. The information transmitted herein may contain proprietary >> > or > >> confidential material. Review, reproduction, retransmission, >> > distribution, > >> disclosure or other use, and any consequent action taken by persons or >> entities other than intended recipients, are prohibited and may be >> > unlawful. > >> If you are not the intended recipient, please delete this information >> > from > >> your system and contact the sender. The information contained herein >> > is > >> subject to change without notice. Although reasonable precautions have >> > been > >> taken to ensure that no viruses are present, the sender makes no >> > warranty > >> or guaranty with respect thereto, and is not responsible for any loss >> > or > >> damage arising from the receipt or use of this e-mail or attachments >> > hereto. > >> >> > > This message is intended only for the persons or entities to which it is > addressed. The information transmitted herein may contain proprietary or > confidential material. Review, reproduction, retransmission, distribution, > disclosure or other use, and any consequent action taken by persons or > entities other than intended recipients, are prohibited and may be unlawful. > If you are not the intended recipient, please delete this information from > your system and contact the sender. The information contained herein is > subject to change without notice. Although reasonable precautions have been > taken to ensure that no viruses are present, the sender makes no warranty > or guaranty with respect thereto, and is not responsible for any loss or > damage arising from the receipt or use of this e-mail or attachments hereto. > > From juan at itos.uga.edu Thu Jan 14 13:46:34 2010 From: juan at itos.uga.edu (Juan Machado) Date: Thu, 14 Jan 2010 15:46:34 -0500 Subject: [Samba] pam_winbind WBC_ERR_AUTH_ERROR before even asking for a password Message-ID: <1C28E42139C61D4BB4F418A19EAA2E355FCA6B@MAIL.itos.uga.edu> Pam.d/system-auth : auth required pam_env.so auth sufficient pam_winbind.so auth sufficient pam_unix.so nullok auth required pam_deny.so account sufficient pam_winbind.so account required pam_unix.so account required pam_permit.so password sufficient pam_winbind.so password sufficient pam_unix.so nullok md5 shadow password required pam_deny.so session required pam_winbind.so session required pam_unix.so session required pam_mkhomedir.so When logging, after user names is asked, BEFORE password is being asked for, this is reported in the logs: Jan 14 15:37:50 london sshd[4549]: pam_winbind(sshd:auth): getting password (0x00000000) Jan 14 15:37:50 london sshd[4549]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password Any idea why ? And at the logon screen I get: login as: juan juan at server's password: Wrong Password Last login: Thu Jan 14 15:25:28 2010 from wve-systems-10.mydomain.com [juan at server ~]$ As you can see, after I provide the right password, it lets me in but a "Wrong Password" message is shown. Thanks Juan Machado From joshua.peacock at fiserv.com Thu Jan 14 13:48:54 2010 From: joshua.peacock at fiserv.com (Peacock, Joshua) Date: Thu, 14 Jan 2010 14:48:54 -0600 Subject: [Samba] AIX and DFS In-Reply-To: <4B4F7AB8.9050806@hvcc.edu> References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF739E@MKEXCHVS3.Mail.Fiserv.net> <4B4F744F.9090408@hvcc.edu> <1774B1C6F7D65448AE964FB69BC08AEE07C33E96@MKEXCHVS3.Mail.Fiserv.net> <4B4F7AB8.9050806@hvcc.edu> Message-ID: <1774B1C6F7D65448AE964FB69BC08AEE07C34104@MKEXCHVS3.Mail.Fiserv.net> Thanks I will let you know how it works -----Original Message----- From: William Jojo [mailto:w.jojo at hvcc.edu] Sent: Thursday, January 14, 2010 2:13 PM To: Peacock, Joshua Cc: Volker.Lendecke at SerNet.DE; samba at lists.samba.org Subject: Re: [Samba] AIX and DFS Peacock, Joshua wrote: > I am running 32bit and I would take that version to do some testing > with. > > Will I need to file a bug report for this? > > The new smbd is here: http://pware.hvcc.edu/download/aix53/joshua/smbd And if this fixes the problem, I'll file the bug and follow up with Volker. Cheers, Bill > Thanks > > -----Original Message----- > From: William Jojo [mailto:w.jojo at hvcc.edu] > Sent: Thursday, January 14, 2010 1:45 PM > To: Peacock, Joshua > Cc: Volker.Lendecke at SerNet.DE; samba at lists.samba.org > Subject: Re: [Samba] AIX and DFS > > Peacock, Joshua wrote: > >> Thanks for all your help. I am using packages from pware. >> >> But I downloaded the the source for 3.3.7 and just ran a configure and >> > I > >> get the following in the config.log >> >> samba_cv_HAVE_BROKEN_READLINK=no >> >> Which I thought would need to be set to yes. >> >> I don't have access to a ftp/sftp site that I can give you access too. >> How would you like me to get you the log file (92k)? >> >> >> > > Just following this thread I did some digging and I think readlink is > working as written. :-) > > http://www1.hrz.tu-darmstadt.de/hhlr/doku/sw/apidiffs.html#readlink > http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.i > bm.aix.basetechref/doc/basetrf2/symlink.htm > > I think we either need to add AIX to the ifdef or properly handle the > ERANGE. The former looks easier. ;-) > > At any rate, Joshua, are you using the 32- or 64-bit version of 3.3.7? I > > have a 32-bit patched smbd replacement you can test with the original > patch Volker suggested. I can make a 64-bit if you need that. > Interested? > > Cheers, > Bill > > > >> This is AIX 6.1 >> >> Thanks >> >> -----Original Message----- >> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] >> Sent: Thursday, January 14, 2010 9:48 AM >> To: Peacock, Joshua >> Cc: samba at lists.samba.org >> Subject: Re: [Samba] AIX and DFS >> >> On Thu, Jan 14, 2010 at 09:05:27AM -0600, Peacock, Joshua wrote: >> >> >>> https://bugzilla.samba.org/show_bug.cgi?id=6330 >>> >>> >> Heh, too much going on for my aging brain... >> >> >> >>> Miguel sent me the following bug report which states its fixed in >>> 3.3.5 >>> >>> Does this mean it needs to be compiled with an option to define >>> HAVE_BROKEN_READLINK? >>> >>> >> It should have figured that out itself if it is indeed fixed in 3.3.5. >> Can you post your config.log file somewhere? >> >> Thanks, >> >> Volker >> This message is intended only for the persons or entities to which it >> > is > >> addressed. The information transmitted herein may contain proprietary >> > or > >> confidential material. Review, reproduction, retransmission, >> > distribution, > >> disclosure or other use, and any consequent action taken by persons or >> entities other than intended recipients, are prohibited and may be >> > unlawful. > >> If you are not the intended recipient, please delete this information >> > from > >> your system and contact the sender. The information contained herein >> > is > >> subject to change without notice. Although reasonable precautions have >> > been > >> taken to ensure that no viruses are present, the sender makes no >> > warranty > >> or guaranty with respect thereto, and is not responsible for any loss >> > or > >> damage arising from the receipt or use of this e-mail or attachments >> > hereto. > >> >> > > This message is intended only for the persons or entities to which it is > addressed. The information transmitted herein may contain proprietary or > confidential material. Review, reproduction, retransmission, distribution, > disclosure or other use, and any consequent action taken by persons or > entities other than intended recipients, are prohibited and may be unlawful. > If you are not the intended recipient, please delete this information from > your system and contact the sender. The information contained herein is > subject to change without notice. Although reasonable precautions have been > taken to ensure that no viruses are present, the sender makes no warranty > or guaranty with respect thereto, and is not responsible for any loss or > damage arising from the receipt or use of this e-mail or attachments hereto. > > This message is intended only for the persons or entities to which it is addressed. The information transmitted herein may contain proprietary or confidential material. Review, reproduction, retransmission, distribution, disclosure or other use, and any consequent action taken by persons or entities other than intended recipients, are prohibited and may be unlawful. If you are not the intended recipient, please delete this information from your system and contact the sender. The information contained herein is subject to change without notice. Although reasonable precautions have been taken to ensure that no viruses are present, the sender makes no warranty or guaranty with respect thereto, and is not responsible for any loss or damage arising from the receipt or use of this e-mail or attachments hereto. From vagabond_king at yahoo.com Thu Jan 14 14:31:18 2010 From: vagabond_king at yahoo.com (Matthew J. Salerno) Date: Thu, 14 Jan 2010 13:31:18 -0800 (PST) Subject: [Samba] AD DNS scavenging and winbind: In-Reply-To: <723127.17265.qm@web34503.mail.mud.yahoo.com> References: <723127.17265.qm@web34503.mail.mud.yahoo.com> Message-ID: <554698.18439.qm@web34508.mail.mud.yahoo.com> ----- Original Message ---- From: Matthew J. Salerno To: samba at lists.samba.org Sent: Wed, January 13, 2010 2:08:57 PM Subject: [Samba] AD DNS scavenging and winbind: Red Hat Enterprise Linux Server release 5.4 (Tikanga) Samba 3.0.33-3.15.el5_4.1 I have run into an issue where the DNS records added by a net ads join seem to be being scavenged. From what I understand, Windows servers/workstations check in (update their host record) on the AD DNS server on a regular basis. So the question is, how can I have samba/winbind do the same? I could just setup a cron job that executes: net ads dns register -P But that's kind of ugly. I know I can't be the first person to see this behavior. Is there a more elegant solution? Thanks -------------------- Is there any native way to mimic the below functionality of a windows server/workstation? Or am I stuck with a cron job? http://support.microsoft.com/kb/816592 By default, Windows XP and Windows Server 2003 reregister their A and PTR resource records every 24 hours regardless of the computer's role. From dale at BriannasSaladDressing.com Thu Jan 14 14:49:57 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Thu, 14 Jan 2010 15:49:57 -0600 Subject: [Samba] Help - Cannot join Windows 7 client to Samba PDC In-Reply-To: <1D8B2718BBE44A9B81018FB13BF37DD8@IBMRBASCH> References: <1D8B2718BBE44A9B81018FB13BF37DD8@IBMRBASCH> Message-ID: <4B4F9185.1040201@BriannasSaladDressing.com> Using 3.4.3, I could not establish a machine trust with either Win7 or XP. After a lot of searching, I located an old forum entry that said to add the -i switch to the add machine parameter. After doing that one change, adding a system to the domain went as expected. Perhaps, it will work for you. I had not previously seen "-i" used in any howto, but it worked as the writer said it would. Using your smb.conf entry: add machine script = /home/admin/bin/smbldap-useradd -i -w '%u' Dale On 01/14/2010 3:27 AM, Richard Basch wrote: > I have been going through all the Wikis and various Google searches to try > to solve my problem, all to no avail. > > I can mount a Samba share, but whenever I try to login using a domain > account, I receive an error about "The trust relationship between this > workstation and the primary domain failed." > > What I have done so far, all to no avail. > - Upgraded from Samba 3.4.2 to Samba 3.4.4 (under OpenSUSE 11.2) > - Edited the registry settings on my Windows 7 client > HKLM\System\CCS\Services\LanmanWorkstation\Parameters > DWORD DomainCompatibilityMode = 1 > DWORD DNSNameResolutionRequired = 0 > (I also tried reducing the security requirements for signing& encryption, > but have read this is not required with current versions of Samba.) > > (And, I am running Windows 7 Professional on my client.) > > "testparm -v" indicates my smb.conf is valid, and I am able to mount shares, > which is a positive indication the OpenLDAP integration is working. I am > running OpenLDAP 2.4.15 or higher on all my LDAP servers (I think they are > all 2.4.19 - 2.4.21). > > DNS is static, with none of the normal ADS entries. Only the DHCP server is > allowed to modify DNS (and only the forward map allows updates, since DHCP > updates of the reverse in-addr.arpa maps were problematic). To assist with > finding the domain controller, I added the following to > C:\Windows\System32\Drivers\etc\lmhosts: > 192.168.15.2 tardis #PRE #DOM:N2HA > (Thus my attempts to join the domain appear successful, with the documented > warnings about the domain suffix. Unfortunately, appearances are deceiving > when I actually try to login using a domain account.) > > Attached are entries from my smbd.log and C:\Windows\debug\NetSetup.log and > smb.conf. > > Any assistance or guidance would be greatly appreciated. > > log.smbd > ======== > [2010/01/14 03:31:38, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client BAST machine account BAST$ > [2010/01/14 03:31:38, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client BAST machine account BAST$ > [2010/01/14 03:31:48, 0] lib/util_sock.c:539(read_fd_with_timeout) > [2010/01/14 03:31:48, 0] lib/util_sock.c:1491(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > peer. > [2010/01/14 03:33:17, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client BAST machine account BAST$ > [2010/01/14 03:33:17, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client BAST machine account BAST$ > [2010/01/14 03:33:30, 0] lib/util_sock.c:539(read_fd_with_timeout) > [2010/01/14 03:33:30, 0] lib/util_sock.c:1491(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > peer. > [2010/01/14 03:34:18, 0] lib/util_sock.c:539(read_fd_with_timeout) > [2010/01/14 03:34:18, 0] lib/util_sock.c:1491(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > peer. > > > C:\Windows\debug\NetSetup.log > ============================= > 01/13/2010 23:36:18:337 NetpJoinDomain: status of connecting to dc > '\\TARDIS': 0x0 > 01/13/2010 23:36:18:337 NetpProvisionComputerAccount: > 01/13/2010 23:36:18:337 lpDomain: N2HA > 01/13/2010 23:36:18:337 lpMachineName: BAST > 01/13/2010 23:36:18:337 lpMachineAccountOU: (NULL) > 01/13/2010 23:36:18:337 lpDcName: TARDIS > 01/13/2010 23:36:18:337 lpDnsHostName: (NULL) > 01/13/2010 23:36:18:337 lpMachinePassword: (null) > 01/13/2010 23:36:18:337 lpAccount: N2HA\ntadmin > 01/13/2010 23:36:18:337 lpPassword: (non-null) > 01/13/2010 23:36:18:337 dwJoinOptions: 0x25 > 01/13/2010 23:36:18:337 dwOptions: 0x40000003 > 01/13/2010 23:36:18:352 NetpLdapBind: ldap_bind failed on TARDIS: 49: > Invalid Credentials > 01/13/2010 23:36:18:426 NetpGetLsaPrimaryDomain: DNS Domain policy not > supported, falling back to Primary Domain > 01/13/2010 23:36:18:430 NetpGetLsaPrimaryDomain: status: 0x0 > 01/13/2010 23:36:18:432 NetpCreateComputerObjectInDs: DC passed '\\TARDIS' > doesn't have writable DS 0x101 > 01/13/2010 23:36:18:432 NetpProvisionComputerAccount: LDAP creation failed: > 0x32 > 01/13/2010 23:36:18:432 NetpJoinDomainOnDs: Function exits with status of: > 0x32 > 01/13/2010 23:36:18:434 NetpJoinDomainOnDs: status of disconnecting from > '\\TARDIS': 0x0 > 01/13/2010 23:36:18:434 NetpDoDomainJoin: status: 0x32 > 01/13/2010 23:36:18:450 > ----------------------------------------------------------------- > 01/13/2010 23:36:18:450 NetpDoDomainJoin > 01/13/2010 23:36:18:450 NetpMachineValidToJoin: 'BAST' > 01/13/2010 23:36:18:450 OS Version: 6.1 > 01/13/2010 23:36:18:450 Build number: 7600 > (7600.win7_rtm.090713-1255) > 01/13/2010 23:36:18:451 SKU: Windows 7 Professional > 01/13/2010 23:36:18:451 NetpDomainJoinLicensingCheck: ulLicenseValue=1, > Status: 0x0 > 01/13/2010 23:36:18:452 NetpGetLsaPrimaryDomain: status: 0x0 > 01/13/2010 23:36:18:453 NetpMachineValidToJoin: status: 0x0 > 01/13/2010 23:36:18:453 NetpJoinDomain > 01/13/2010 23:36:18:453 Machine: BAST > 01/13/2010 23:36:18:453 Domain: N2HA > 01/13/2010 23:36:18:453 MachineAccountOU: (NULL) > 01/13/2010 23:36:18:453 Account: N2HA\ntadmin > 01/13/2010 23:36:18:453 Options: 0x27 > 01/13/2010 23:36:18:453 NetpLoadParameters: loading registry parameters... > 01/13/2010 23:36:18:453 NetpLoadParameters: status: > DNSNameResolutionRequired set to '0' > 01/13/2010 23:36:18:453 NetpLoadParameters: status: DomainCompatibilityMode > set to '1' > 01/13/2010 23:36:18:453 NetpLoadParameters: status: 0x0 > 01/13/2010 23:36:18:453 NetpValidateName: checking to see if 'N2HA' is valid > as type 3 name > 01/13/2010 23:36:18:554 NetpCheckDomainNameIsValid [ Exists ] for 'N2HA' > returned 0x0 > 01/13/2010 23:36:18:554 NetpValidateName: name 'N2HA' is valid for type 3 > 01/13/2010 23:36:18:554 NetpDsGetDcName: trying to find DC in domain 'N2HA', > flags: 0x1020 > 01/13/2010 23:36:18:755 NetpLoadParameters: loading registry parameters... > 01/13/2010 23:36:18:755 NetpLoadParameters: status: > DNSNameResolutionRequired set to '0' > 01/13/2010 23:36:18:755 NetpLoadParameters: status: DomainCompatibilityMode > set to '1' > 01/13/2010 23:36:18:755 NetpLoadParameters: status: 0x0 > 01/13/2010 23:36:18:755 NetpDsGetDcName: found DC '\\TARDIS' in the > specified domain > 01/13/2010 23:36:18:755 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 > 01/13/2010 23:36:18:756 NetpJoinDomain: status of connecting to dc > '\\TARDIS': 0x0 > 01/13/2010 23:36:18:756 NetpProvisionComputerAccount: > 01/13/2010 23:36:18:756 lpDomain: N2HA > 01/13/2010 23:36:18:756 lpMachineName: BAST > 01/13/2010 23:36:18:756 lpMachineAccountOU: (NULL) > 01/13/2010 23:36:18:756 lpDcName: TARDIS > 01/13/2010 23:36:18:756 lpDnsHostName: (NULL) > 01/13/2010 23:36:18:756 lpMachinePassword: (null) > 01/13/2010 23:36:18:756 lpAccount: N2HA\ntadmin > 01/13/2010 23:36:18:756 lpPassword: (non-null) > 01/13/2010 23:36:18:756 dwJoinOptions: 0x27 > 01/13/2010 23:36:18:756 dwOptions: 0x40000003 > 01/13/2010 23:36:18:764 NetpLdapBind: ldap_bind failed on TARDIS: 49: > Invalid Credentials > 01/13/2010 23:36:18:773 NetpGetLsaPrimaryDomain: DNS Domain policy not > supported, falling back to Primary Domain > 01/13/2010 23:36:18:776 NetpGetLsaPrimaryDomain: status: 0x0 > 01/13/2010 23:36:18:779 NetpCreateComputerObjectInDs: DC passed '\\TARDIS' > doesn't have writable DS 0x101 > 01/13/2010 23:36:18:779 NetpProvisionComputerAccount: LDAP creation failed: > 0x32 > 01/13/2010 23:36:18:779 NetpProvisionComputerAccount: Retrying downlevel per > options > 01/13/2010 23:36:18:881 NetpManageMachineAccountWithSid: NetUserAdd on > 'TARDIS' for 'BAST$' failed: 0x8b0 > 01/13/2010 23:36:19:287 NetpManageMachineAccountWithSid: status of > attempting to set password on 'TARDIS' for 'BAST$': 0x0 > 01/13/2010 23:36:19:287 NetpProvisionComputerAccount: retry status of > creating account: 0x0 > 01/13/2010 23:36:19:287 NetpEncodeProvisioningBlob: Encoding provisioning > data > 01/13/2010 23:36:19:287 NetpInitBlobWin7: Constructing blob... > 01/13/2010 23:36:19:287 Blob version: 1 > > smb.conf > ======== > [global] > workgroup = N2HA > realm = INTERNAL.BRIGHT-PROSPECTS.COM > security = user > map to guest = Bad User > usershare allow guests = Yes > > server string = %h (Samba %v) > hosts allow = 192.168.0.0/16 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > smb ports = 445 139 > ;os level = 65 > local master = yes > domain master = yes > preferred master = yes > domain logons = yes > winbind use default domain = yes > > printing = cups > printcap name = cups > printcap cache time = 750 > cups options = raw > > name resolve order = wins lmhosts bcast > wins support = yes > dns proxy = no > ea support = yes > enable asu support = yes > time server = yes > deadtime = 10 > max log size = 4096 > hide unreadable = yes > hide dot files = no > template shell = /bin/false > veto oplock files = /*.pst/*.nsf/*.doc/*.xls/*.mdb/ > > client lanman auth = no > client ntlmv2 auth = yes > client plaintext auth = no > encrypt passwords = yes > lanman auth = no > ntlm auth = yes > null passwords = yes > server signing = auto > server schannel = auto > > passdb backend = ldapsam:ldaps://ldap.internal.bright-prospects.com/ > obey pam restrictions = no > ldap ssl = no > ldap admin dn = > "uid=ntadmin,ou=System,ou=User,dc=bright-prospects,dc=co > m" > ldap suffix = dc=bright-prospects,dc=com > ldap machine suffix = sambaDomainName=N2HA,ou=Network > ldap user suffix = ou=People,ou=User > ldap group suffix = ou=Group > ldap idmap suffix = ou=IdMap,ou=Network > ldap passwd sync = yes > ldap delete dn = no > > add user script = /home/admin/bin/smbldap-useradd -m %u > delete user script = /home/admin/bin/smbldap-userdel %u > add machine script = /home/admin/bin/smbldap-useradd -w %u > add group script = /home/admin/bin/smbldap-groupadd -p %g > #delete group script = /home/admin/bin/smbldap-groupdel %g > add user to group script = /home/admin/bin/smbldap-groupmod -m %u %g > delete user from group script = /home/admin/bin/smbldap-groupmod -x > %u % > g > set primary group script = /home/admin/bin/smbldap-usermod -g %g %u > passwd program = /home/admin/bin/smbldap-passwd %u > > vfs objects = extd_audit recycle > recycle: directory_mode = 0770 > recycle: keeptree = 1 > recycle: touch = 1 > recycle: minsize = 1 > recycle: maxsize = 5000000 > recycle: exclude = *.tmp *.temp ~$* *.obj *.~?? > recycle: exclude_dir = /RealTimeBackup > ;vscan-clamav: config-file = /etc/samba/vscan-clamav.conf > > [homes] > comment = Home Directories > ;valid users = %S, %D%w%S > browseable = No > read only = No > inherit acls = Yes > ; > locking = no > hide files = /.*/desktop.ini/thumbs.db/*.bitmap/NTUSER.*/ > hide special files = yes > path = /home/%S > [profiles] > comment = Network Profiles Service > ;path = %H > read only = No > store dos attributes = Yes > create mask = 0600 > directory mask = 0700 > ; > hide files = /desktop.ini/thumbs.db/*.bitmap/ > guest ok = yes > path = /home/profiles > [users] > comment = All users > path = /home > read only = No > inherit acls = Yes > veto files = /aquota.user/groups/shares/ > [groups] > comment = All groups > path = /home/groups > read only = No > inherit acls = Yes > [printers] > comment = All Printers > path = /var/tmp > printable = Yes > create mask = 0600 > browseable = No > [print$] > comment = Printer Drivers > path = /var/lib/samba/drivers > write list = @ntadmin root > force group = ntadmin > create mask = 0664 > directory mask = 0775 > > > From joshua.peacock at fiserv.com Thu Jan 14 15:17:56 2010 From: joshua.peacock at fiserv.com (Peacock, Joshua) Date: Thu, 14 Jan 2010 16:17:56 -0600 Subject: [Samba] AIX and DFS In-Reply-To: <4B4F7AB8.9050806@hvcc.edu> References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF739E@MKEXCHVS3.Mail.Fiserv.net> <4B4F744F.9090408@hvcc.edu> <1774B1C6F7D65448AE964FB69BC08AEE07C33E96@MKEXCHVS3.Mail.Fiserv.net> <4B4F7AB8.9050806@hvcc.edu> Message-ID: <1774B1C6F7D65448AE964FB69BC08AEE07C3450D@MKEXCHVS3.Mail.Fiserv.net> William, The patched version works great. Thank you for your time and effort. Volker should I reopen the bug on this? Thanks Josh -----Original Message----- From: William Jojo [mailto:w.jojo at hvcc.edu] Sent: Thursday, January 14, 2010 2:13 PM To: Peacock, Joshua Cc: Volker.Lendecke at SerNet.DE; samba at lists.samba.org Subject: Re: [Samba] AIX and DFS Peacock, Joshua wrote: > I am running 32bit and I would take that version to do some testing > with. > > Will I need to file a bug report for this? > > The new smbd is here: http://pware.hvcc.edu/download/aix53/joshua/smbd And if this fixes the problem, I'll file the bug and follow up with Volker. Cheers, Bill > Thanks > > -----Original Message----- > From: William Jojo [mailto:w.jojo at hvcc.edu] > Sent: Thursday, January 14, 2010 1:45 PM > To: Peacock, Joshua > Cc: Volker.Lendecke at SerNet.DE; samba at lists.samba.org > Subject: Re: [Samba] AIX and DFS > > Peacock, Joshua wrote: > >> Thanks for all your help. I am using packages from pware. >> >> But I downloaded the the source for 3.3.7 and just ran a configure and >> > I > >> get the following in the config.log >> >> samba_cv_HAVE_BROKEN_READLINK=no >> >> Which I thought would need to be set to yes. >> >> I don't have access to a ftp/sftp site that I can give you access too. >> How would you like me to get you the log file (92k)? >> >> >> > > Just following this thread I did some digging and I think readlink is > working as written. :-) > > http://www1.hrz.tu-darmstadt.de/hhlr/doku/sw/apidiffs.html#readlink > http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.i > bm.aix.basetechref/doc/basetrf2/symlink.htm > > I think we either need to add AIX to the ifdef or properly handle the > ERANGE. The former looks easier. ;-) > > At any rate, Joshua, are you using the 32- or 64-bit version of 3.3.7? I > > have a 32-bit patched smbd replacement you can test with the original > patch Volker suggested. I can make a 64-bit if you need that. > Interested? > > Cheers, > Bill > > > >> This is AIX 6.1 >> >> Thanks >> >> -----Original Message----- >> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] >> Sent: Thursday, January 14, 2010 9:48 AM >> To: Peacock, Joshua >> Cc: samba at lists.samba.org >> Subject: Re: [Samba] AIX and DFS >> >> On Thu, Jan 14, 2010 at 09:05:27AM -0600, Peacock, Joshua wrote: >> >> >>> https://bugzilla.samba.org/show_bug.cgi?id=6330 >>> >>> >> Heh, too much going on for my aging brain... >> >> >> >>> Miguel sent me the following bug report which states its fixed in >>> 3.3.5 >>> >>> Does this mean it needs to be compiled with an option to define >>> HAVE_BROKEN_READLINK? >>> >>> >> It should have figured that out itself if it is indeed fixed in 3.3.5. >> Can you post your config.log file somewhere? >> >> Thanks, >> >> Volker >> This message is intended only for the persons or entities to which it >> > is > >> addressed. The information transmitted herein may contain proprietary >> > or > >> confidential material. Review, reproduction, retransmission, >> > distribution, > >> disclosure or other use, and any consequent action taken by persons or >> entities other than intended recipients, are prohibited and may be >> > unlawful. > >> If you are not the intended recipient, please delete this information >> > from > >> your system and contact the sender. The information contained herein >> > is > >> subject to change without notice. Although reasonable precautions have >> > been > >> taken to ensure that no viruses are present, the sender makes no >> > warranty > >> or guaranty with respect thereto, and is not responsible for any loss >> > or > >> damage arising from the receipt or use of this e-mail or attachments >> > hereto. > >> >> > > This message is intended only for the persons or entities to which it is > addressed. The information transmitted herein may contain proprietary or > confidential material. Review, reproduction, retransmission, distribution, > disclosure or other use, and any consequent action taken by persons or > entities other than intended recipients, are prohibited and may be unlawful. > If you are not the intended recipient, please delete this information from > your system and contact the sender. The information contained herein is > subject to change without notice. Although reasonable precautions have been > taken to ensure that no viruses are present, the sender makes no warranty > or guaranty with respect thereto, and is not responsible for any loss or > damage arising from the receipt or use of this e-mail or attachments hereto. > > This message is intended only for the persons or entities to which it is addressed. The information transmitted herein may contain proprietary or confidential material. Review, reproduction, retransmission, distribution, disclosure or other use, and any consequent action taken by persons or entities other than intended recipients, are prohibited and may be unlawful. If you are not the intended recipient, please delete this information from your system and contact the sender. The information contained herein is subject to change without notice. Although reasonable precautions have been taken to ensure that no viruses are present, the sender makes no warranty or guaranty with respect thereto, and is not responsible for any loss or damage arising from the receipt or use of this e-mail or attachments hereto. From peteolcott at gmail.com Thu Jan 14 16:31:34 2010 From: peteolcott at gmail.com (Peter Olcott) Date: Thu, 14 Jan 2010 17:31:34 -0600 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler Message-ID: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> I spent several days (at least 20 hours) tying to get Fedora 11 Samba server going. I consulted every resource that I knew including this list. When I discovered that Fedora 11 Samba could be browsed immediately upon installation, and a simple reboot disabled this, I gave up. I decided to try Ubuntu. After intallation it took only five minutes of editing the smb.conf file to make my share fully operational. In terms of total cost of ownership Fedora and Red Hat have become big losers. From mlueck at lueckdatasystems.com Thu Jan 14 18:04:53 2010 From: mlueck at lueckdatasystems.com (Michael Lueck) Date: Thu, 14 Jan 2010 20:04:53 -0500 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler In-Reply-To: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> Message-ID: Peter Olcott wrote: > I decided to try > Ubuntu. After intallation it took only five minutes of editing the smb.conf > file to make my share fully operational. :-) I had been hearing good things about Ubuntu, however I was firmly in the Debian camp. When Etch came out, the Samba packages were so bad that I ended up trying Ubuntu (7.04). It worked great! Now I am a Ubuntu fan, no going back to Debian. Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ From joshua.peacock at fiserv.com Thu Jan 14 20:44:13 2010 From: joshua.peacock at fiserv.com (Peacock, Joshua) Date: Thu, 14 Jan 2010 21:44:13 -0600 Subject: [Samba] AIX and DFS In-Reply-To: <4B4F7AB8.9050806@hvcc.edu> References: <1774B1C6F7D65448AE964FB69BC08AEE07BF6B9A@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF7081@MKEXCHVS3.Mail.Fiserv.net> <1774B1C6F7D65448AE964FB69BC08AEE07BF739E@MKEXCHVS3.Mail.Fiserv.net> <4B4F744F.9090408@hvcc.edu> <1774B1C6F7D65448AE964FB69BC08AEE07C33E96@MKEXCHVS3.Mail.Fiserv.net> <4B4F7AB8.9050806@hvcc.edu> Message-ID: <1774B1C6F7D65448AE964FB69BC08AEE07C684F4@MKEXCHVS3.Mail.Fiserv.net> Sorry I didn't read the last line Bill had posted stating that he would take care of the bug report. Thanks again for your help -----Original Message----- From: William Jojo [mailto:w.jojo at hvcc.edu] Sent: Thursday, January 14, 2010 2:13 PM To: Peacock, Joshua Cc: Volker.Lendecke at SerNet.DE; samba at lists.samba.org Subject: Re: [Samba] AIX and DFS Peacock, Joshua wrote: > I am running 32bit and I would take that version to do some testing > with. > > Will I need to file a bug report for this? > > The new smbd is here: http://pware.hvcc.edu/download/aix53/joshua/smbd And if this fixes the problem, I'll file the bug and follow up with Volker. Cheers, Bill > Thanks > > -----Original Message----- > From: William Jojo [mailto:w.jojo at hvcc.edu] > Sent: Thursday, January 14, 2010 1:45 PM > To: Peacock, Joshua > Cc: Volker.Lendecke at SerNet.DE; samba at lists.samba.org > Subject: Re: [Samba] AIX and DFS > > Peacock, Joshua wrote: > >> Thanks for all your help. I am using packages from pware. >> >> But I downloaded the the source for 3.3.7 and just ran a configure and >> > I > >> get the following in the config.log >> >> samba_cv_HAVE_BROKEN_READLINK=no >> >> Which I thought would need to be set to yes. >> >> I don't have access to a ftp/sftp site that I can give you access too. >> How would you like me to get you the log file (92k)? >> >> >> > > Just following this thread I did some digging and I think readlink is > working as written. :-) > > http://www1.hrz.tu-darmstadt.de/hhlr/doku/sw/apidiffs.html#readlink > http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.i > bm.aix.basetechref/doc/basetrf2/symlink.htm > > I think we either need to add AIX to the ifdef or properly handle the > ERANGE. The former looks easier. ;-) > > At any rate, Joshua, are you using the 32- or 64-bit version of 3.3.7? I > > have a 32-bit patched smbd replacement you can test with the original > patch Volker suggested. I can make a 64-bit if you need that. > Interested? > > Cheers, > Bill > > > >> This is AIX 6.1 >> >> Thanks >> >> -----Original Message----- >> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] >> Sent: Thursday, January 14, 2010 9:48 AM >> To: Peacock, Joshua >> Cc: samba at lists.samba.org >> Subject: Re: [Samba] AIX and DFS >> >> On Thu, Jan 14, 2010 at 09:05:27AM -0600, Peacock, Joshua wrote: >> >> >>> https://bugzilla.samba.org/show_bug.cgi?id=6330 >>> >>> >> Heh, too much going on for my aging brain... >> >> >> >>> Miguel sent me the following bug report which states its fixed in >>> 3.3.5 >>> >>> Does this mean it needs to be compiled with an option to define >>> HAVE_BROKEN_READLINK? >>> >>> >> It should have figured that out itself if it is indeed fixed in 3.3.5. >> Can you post your config.log file somewhere? >> >> Thanks, >> >> Volker >> This message is intended only for the persons or entities to which it >> > is > >> addressed. The information transmitted herein may contain proprietary >> > or > >> confidential material. Review, reproduction, retransmission, >> > distribution, > >> disclosure or other use, and any consequent action taken by persons or >> entities other than intended recipients, are prohibited and may be >> > unlawful. > >> If you are not the intended recipient, please delete this information >> > from > >> your system and contact the sender. The information contained herein >> > is > >> subject to change without notice. Although reasonable precautions have >> > been > >> taken to ensure that no viruses are present, the sender makes no >> > warranty > >> or guaranty with respect thereto, and is not responsible for any loss >> > or > >> damage arising from the receipt or use of this e-mail or attachments >> > hereto. > >> >> > > This message is intended only for the persons or entities to which it is > addressed. The information transmitted herein may contain proprietary or > confidential material. Review, reproduction, retransmission, distribution, > disclosure or other use, and any consequent action taken by persons or > entities other than intended recipients, are prohibited and may be unlawful. > If you are not the intended recipient, please delete this information from > your system and contact the sender. The information contained herein is > subject to change without notice. Although reasonable precautions have been > taken to ensure that no viruses are present, the sender makes no warranty > or guaranty with respect thereto, and is not responsible for any loss or > damage arising from the receipt or use of this e-mail or attachments hereto. > > This message is intended only for the persons or entities to which it is addressed. The information transmitted herein may contain proprietary or confidential material. Review, reproduction, retransmission, distribution, disclosure or other use, and any consequent action taken by persons or entities other than intended recipients, are prohibited and may be unlawful. If you are not the intended recipient, please delete this information from your system and contact the sender. The information contained herein is subject to change without notice. Although reasonable precautions have been taken to ensure that no viruses are present, the sender makes no warranty or guaranty with respect thereto, and is not responsible for any loss or damage arising from the receipt or use of this e-mail or attachments hereto. From heals1ic at hotmail.com Wed Jan 13 15:20:01 2010 From: heals1ic at hotmail.com (heals1ic) Date: Wed, 13 Jan 2010 14:20:01 -0800 (PST) Subject: [Samba] Upgrading from samba-3.0.34 to 3.4.4 - result: domain controller unavailable In-Reply-To: <4B4E3970.3030304@arise.pl> References: <4B4E3970.3030304@arise.pl> Message-ID: <27153056.post@talk.nabble.com> What form is your domain name in the previous version of Samba? - DOMAIN.COM etc or just DOMAIN? I recently ran into a similar problem - http://old.nabble.com/Samba-PDC-workgroup-%3D-domain.com-support-td27139137.html Samba PDC workgroup = DOMAIN.COM support . When I went to access the domain from a windows machine it would only find a domain controller for the DOMAIN domain not the DOMAIN.COM domain even if DOMAIN.COM was the value for workgroup in the smb.conf file. I am wondering if samba has stopped supporting dotted domain names in their recent releases. Marcin Giedz-5 wrote: > > Hi. > > Today I upgraded samba from 3.0.34 to 3.4.4 without changing anything in > smb.conf but with changing local and domain sid: > old samba 1) net getdomainsid and getlocalsid > new samba 2) net setdomainsid and setlocalsid to ones (both the same) > from 1) > > after restarting samba I can't log into domain: XP says : domain > controller unavailable ... I tried to rejoin domain - and I can ;) > however again login fails with such message. > > Switching back to 3.0.34 results in proper log in > > What can be wrong? Have I forgotten abut something? > > Thanks, > Marcin > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- View this message in context: http://old.nabble.com/Upgrading-from-samba-3.0.34-to-3.4.4---result%3A-domain-controller-unavailable-tp27152208p27153056.html Sent from the Samba - General mailing list archive at Nabble.com. From glimmheiser at gmail.com Thu Jan 14 06:02:56 2010 From: glimmheiser at gmail.com (glimm -) Date: Thu, 14 Jan 2010 13:02:56 +0000 Subject: [Samba] Could not join to NT4 domain. Message-ID: <1eef4f891001140502kc8ee10m6a0fe731591da57d@mail.gmail.com> Hello. I can not enter the domain machine: net rpc join -S 192.168.128.10 -U user cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_UNSUCCESSFUL Could not initialise lsa pipe Enter root's password: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_UNSUCCESSFUL Error connecting to LSA pipe. Error was NT_STATUS_UNSUCCESSFUL uname -a Linux pr239-2 2.6.32-ARCH #1 SMP PREEMPT Thu Jan 7 22:19:56 UTC 2010 i686 AMD Duron(tm) processor AuthenticAMD GNU/Linux Samba compiled with Options: WITH_CIFSMOUNT WITH_PAM WITH_PAM_MODULES WITH_QUOTAS WITH_SENDFILE WITH_SYSLOG WITH_UTMP WITH_WINBIND Version 3.4.3 Thanks. From joshua.peacock at fiserv.com Wed Jan 13 22:49:40 2010 From: joshua.peacock at fiserv.com (Peacock, Joshua) Date: Wed, 13 Jan 2010 23:49:40 -0600 Subject: [Samba] AIX and DFS Message-ID: <1774B1C6F7D65448AE964FB69BC08AEE07BF69D2@MKEXCHVS3.Mail.Fiserv.net> Hello all I am running into a problem and hoping you can provide a little guidance. I am currently running 3.3.7 downloaded and installed from pware Config file has the following [global] # Workgroup section workgroup = DOMAIN server string = installs-aix Samba Server local master = no # Logging section log file = /usr/local/samba/var/log.%m log level = 10 syslog = 5 vfs object = extd_audit # Security section security = ADS realm = REALM.COM use spnego = yes winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes winbind separator = + idmap uid = 6000-20000 idmap gid = 6000-20000 encrypt passwords = yes host msdfs = yes load printers = no browsable = no socket options = TCP_NODELAY deadtime = 10 [dfs] comment = main location for all shares path = /usr/local/dfsroot browseable = yes msdfs root = yes Log File shows this [2010/01/13 23:12:44, 0] smbd/msdfs.c:is_msdfs_link_internal(447) is_msdfs_link_read_target: Error reading msdfs link ./test: Result too large [2010/01/13 23:12:44, 5] smbd/trans2.c:get_lanman2_dir_entry(1400) get_lanman2_dir_entry:Couldn't stat [./test] (No such file or directory) dfsroot dir has the following in it ls -la /usr/local/dfsroot/ total 0 drwxr-xr-x 2 root system 256 Jan 13 23:11 . drwxr-xr-x 7 root system 256 Jan 13 21:09 .. lrwxrwxrwx 1 root system 18 Jan 13 23:11 test -> msdfs:convert\conv I get the same error if attempting the connection from linux smbclient or windows xp Thanks for Your Help Josh This message is intended only for the persons or entities to which it is addressed. The information transmitted herein may contain proprietary or confidential material. Review, reproduction, retransmission, distribution, disclosure or other use, and any consequent action taken by persons or entities other than intended recipients, are prohibited and may be unlawful. If you are not the intended recipient, please delete this information from your system and contact the sender. The information contained herein is subject to change without notice. Although reasonable precautions have been taken to ensure that no viruses are present, the sender makes no warranty or guaranty with respect thereto, and is not responsible for any loss or damage arising from the receipt or use of this e-mail or attachments hereto. From alex_mgsm at mail.ru Thu Jan 14 22:26:33 2010 From: alex_mgsm at mail.ru (Alexander R. Fahrutdinov) Date: Fri, 15 Jan 2010 09:26:33 +0400 Subject: [Samba] pam_winbind WBC_ERR_AUTH_ERROR before even asking for a password In-Reply-To: <1C28E42139C61D4BB4F418A19EAA2E355FCA6B@MAIL.itos.uga.edu> References: <1C28E42139C61D4BB4F418A19EAA2E355FCA6B@MAIL.itos.uga.edu> Message-ID: <201001150926.33575.alex_mgsm@mail.ru> > When logging, after user names is asked, BEFORE password is being asked > for, this is reported in the logs: > > Jan 14 15:37:50 london sshd[4549]: pam_winbind(sshd:auth): getting > password (0x00000000) > > Jan 14 15:37:50 london sshd[4549]: pam_winbind(sshd:auth): request > wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), > NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password > PAM modules transfer password from top to bottom in PAM stack. You should use use_first_pass parameter of pam_winibind for using auth token, transferred from previous module in stack From natxo.asenjo at gmail.com Thu Jan 14 23:57:50 2010 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Fri, 15 Jan 2010 07:57:50 +0100 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler In-Reply-To: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> Message-ID: <90f6e8271001142257j7ab5d4e0yd0c82d62555b81@mail.gmail.com> On Fri, Jan 15, 2010 at 12:31 AM, Peter Olcott wrote: > I spent several days (at least 20 hours) tying to get Fedora 11 Samba server > going. I consulted every resource that I knew including this list. When I > discovered that Fedora 11 Samba could be browsed immediately upon > installation, and a simple reboot disabled this, I gave up. I decided to try > Ubuntu. After intallation it took only five minutes of editing the smb.conf > file to make my share fully operational. In terms of total cost of ownership > Fedora and Red Hat have become big losers. while distro wars are kind of funny, I would rather you specified what went wrong than just troll about Fedora. There are lots of people using samba and fedora without any hassle at all. At the end of the day, it's just about editing a text file, smb.conf on both platforms. -- natxo From retlaw.rentuam at gmail.com Fri Jan 15 00:16:15 2010 From: retlaw.rentuam at gmail.com (Walter Mautner) Date: Fri, 15 Jan 2010 08:16:15 +0100 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler In-Reply-To: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> Message-ID: <201001150816.15609.retlaw.rentuam@gmail.com> Am Freitag, 15. Januar 2010 00:31:34 schrieb Peter Olcott: > I spent several days (at least 20 hours) tying to get Fedora 11 Samba > server going. I consulted every resource that I knew including this list. > When I discovered that Fedora 11 Samba could be browsed immediately upon > installation, and a simple reboot disabled this, I gave up. I decided to Actually, Samba is similar on both linux distributions. What might have gone wrong? Perhaps a policy kit issue or whatever .... since you didn't investigate the issue using standard troubleshooting procedures, noone can tell - and you end up as a troll. > try Ubuntu. After intallation it took only five minutes of editing the > smb.conf file to make my share fully operational. In terms of total cost > of ownership Fedora and Red Hat have become big losers. > From eero.volotinen at iki.fi Fri Jan 15 01:02:32 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Fri, 15 Jan 2010 10:02:32 +0200 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler In-Reply-To: <90f6e8271001142257j7ab5d4e0yd0c82d62555b81@mail.gmail.com> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> <90f6e8271001142257j7ab5d4e0yd0c82d62555b81@mail.gmail.com> Message-ID: <20100115100232.950krvsy04w8ok40@webmail.welho.com> Quoting Natxo Asenjo : > On Fri, Jan 15, 2010 at 12:31 AM, Peter Olcott wrote: >> I spent several days (at least 20 hours) tying to get Fedora 11 Samba server >> going. I consulted every resource that I knew including this list. When I >> discovered that Fedora 11 Samba could be browsed immediately upon >> installation, and a simple reboot disabled this, I gave up. I decided to try >> Ubuntu. After intallation it took only five minutes of editing the smb.conf >> file to make my share fully operational. In terms of total cost of ownership >> Fedora and Red Hat have become big losers. > > while distro wars are kind of funny, I would rather you specified what > went wrong than just troll about Fedora. There are lots of people > using samba and fedora without any hassle at all. > > At the end of the day, it's just about editing a text file, smb.conf > on both platforms. Fedora is now shipping selinux enabled by default? Just need to turn it off or know how to configure it :) -- Eero, RHCE From GABY at il.ibm.com Fri Jan 15 01:03:14 2010 From: GABY at il.ibm.com (Gabby Romano) Date: Fri, 15 Jan 2010 10:03:14 +0200 Subject: [Samba] AUTO: I am out of office. (returning 17-01-2010) Message-ID: I am out of the office until 17-01-2010. I will reply to emails when I return. please contact my manager for any issues. Note: This is an automated response to your message "Re: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler" sent on 15/1/10 9:16:15. This is the only notification you will receive while this person is away. From walk2sun at arcor.de Fri Jan 15 02:42:07 2010 From: walk2sun at arcor.de (Harry Jede) Date: Fri, 15 Jan 2010 10:42:07 +0100 Subject: [Samba] Strange OpenLDAP errors w/ samba 3.4.3 In-Reply-To: <5a8aa6681001141114q5166aa3av4888f63bb863f261@mail.gmail.com> References: <201001140828.24820.albrecht.dress@lios-tech.com> <5a8aa6681001141114q5166aa3av4888f63bb863f261@mail.gmail.com> Message-ID: <201001151042.08020.walk2sun@arcor.de> On Donnerstag, 14. Januar 2010 wrote Michael Wood: > 2010/1/14 Albrecht Dre? : > > Hi all, > > > > after an upgrade of my Ubuntu 8.04 64-bit box to a self-compiled > > samba 3.4.3 (Lenny backport dpkg), I see strange error messages in > > my OpenLDAP log: > > > > slapd[3388]: do_search: invalid dn > > (sambaDomainName=,sambaDomainName=,cn=<...>,dc=<...>,dc=<.. > >.>) > > > > Samba seems to work, though, but this message makes me somewhat > > nervous. > > > > Any ideas? > > I don't know where it comes from, but I've seen someone else mention > the same thing on this list: > > http://lists.samba.org/archive/samba/2009-December/152339.html > > Also a google search turns up some more hits, including this Debian > bug: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557343 I believe that the user has a wrong suffix: ldap suffix = dc=bushey,dc=jamie-thompson,dc=co,dc=uk,dc=. "dc=." can not be a valid domain component, because the dot is the delimeter in DNS-Syntax. > > -- > Michael Wood -- Gruss Harry Jede From bj at SerNet.DE Fri Jan 15 02:49:46 2010 From: bj at SerNet.DE (=?iso-8859-1?Q?Bj=F6rn?= Jacke) Date: Fri, 15 Jan 2010 10:49:46 +0100 Subject: [Samba] Strange OpenLDAP errors w/ samba 3.4.3 In-Reply-To: <201001140828.24820.albrecht.dress@lios-tech.com> References: <201001140828.24820.albrecht.dress@lios-tech.com> Message-ID: On 2010-01-14 at 08:28 +0100 Albrecht Dre? sent off: > > after an upgrade of my Ubuntu 8.04 64-bit box to a self-compiled samba 3.4.3 (Lenny backport dpkg), I see strange error messages in my OpenLDAP log: > > slapd[3388]: do_search: invalid dn (sambaDomainName=,sambaDomainName=,cn=<...>,dc=<...>,dc=<...>) > > Samba seems to work, though, but this message makes me somewhat nervous. This has been polished for 3.5. As it's not a serious thing it has not been backported for 3.4 however. Cheers Bj?rn From Guillaume.Rousse at inria.fr Fri Jan 15 03:46:38 2010 From: Guillaume.Rousse at inria.fr (Guillaume Rousse) Date: Fri, 15 Jan 2010 11:46:38 +0100 Subject: [Samba] Feedback to getting to samba 4 blog In-Reply-To: References: Message-ID: <4B50478E.7020007@inria.fr> Le 14/01/2010 15:07, Andreas Moroder a ?crit : > Hello, > > I did not find a way tu put my opinion to the blog so I answer here. I > hope this is ok. > > We ( a public hospital ) are one of the few that have no AD, because I > wanted to wait that samba has this functionality. > Every solution that give us the stability of samba and also AD is ok for > us, but please this year, otherwise I will be force to start with MS AD. You can use AD, while still delegating autentication to a unix-based kerberos realm. And use samba for print and file services. -- BOFH excuse #357: I'd love to help you -- it's just that the Boss won't let me near the computer. From bubulle at debian.org Thu Jan 14 23:13:46 2010 From: bubulle at debian.org (Christian PERRIER) Date: Fri, 15 Jan 2010 07:13:46 +0100 Subject: [Samba] Ubuntu packaging vs Debian packaging (was: Given up on Fedora Ubuntu is 1000-folder simpler) In-Reply-To: References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> Message-ID: <20100115061346.GV15413@cc-mykerinos.onera> Quoting Michael Lueck (mlueck at lueckdatasystems.com): > Peter Olcott wrote: > >I decided to try > >Ubuntu. After intallation it took only five minutes of editing the smb.conf > >file to make my share fully operational. > > :-) > > I had been hearing good things about Ubuntu, however I was firmly in the Debian camp. > > When Etch came out, the Samba packages were so bad that I ended up trying Ubuntu (7.04). It worked great! > > Now I am a Ubuntu fan, no going back to Debian. May I very respectfully mention that you're spreading out what I consider nonsense? Samba packages in Ubuntu are directly derived from Debian packages. So, telling that "Debian packages are bad" while "Ubuntu packages are good" is just....silly. They're basically the same..:-) The team that maintains samba packages in Debian follows bugs that are reported in Ubuntu. The Ubuntu server folks follow Debian BTS. And both are tight together by Steve Langasek, longstanding maintainer of samba packages in Debian along with me....and Ubuntu release manager. So, I think you can believe us when we say that packages are identical.. And, well, the initial work is done and Debian. This is something I'm personnally proud of and you'll understand that the above remark is particularly hurting. This is because of the work done by a Debian developer that you will have Samba 3.4.4 in a few days if you follow the development of Ubuntu "whatever funky name they give to 10.04". What is different are versions in stable releases. Both Ubuntu and Debian have a quite similar policy wrt updating upstream software versions in stable releases (update for security-related issues and "important" issues by backporting upstream changes). However, our schedules are different. So, at one given moment, you may find different upstream version in the respective stable versions of both distributions (for instance, Ubuntu Jaunty (IIRC) has Samba 3.3.* while Debian will never have 3.3 (Lenny has 3.2.5+important fixes and Squeeze will have 3.4 or 3.5 depending on the release schedule). In general, Ubuntu is likely to have more recent versions than Debian because of its faster release schedule. Again, and more generally, please don't oppose Ubuntu and Debian. We work fairly well together in general, despite the noise made from time to time when there are different points of view. But we both need "the other" to live and develop. And, when "packages are bad", please, pretty please with sugar on top.....take care to report. This is how we can contribute and help upstream (namely the Samba Team) to improve their software (as a matter of example, you may want to check bugs reported by "pkg-samba-main at lists.alioth.debian.org" in Samba's Bugzilla....or more precisely for recent examples, bugs #7020 and #7021. From kseeger at samba.org Fri Jan 15 04:36:29 2010 From: kseeger at samba.org (Karolin Seeger) Date: Fri, 15 Jan 2010 12:36:29 +0100 Subject: [Samba] sambaXP 2010 Message-ID: samba eXPerience 2010 - call for papers --------------------------------------- From May 3rd to 7th 2010 developers and users will meet again in Goettingen, Germany at the ninth international Samba conference, the "samba eXPerience 2010". The sambaXP is the leading event with focus on the most important free alternative to proprietary SMB/CIFS servers. The call for papers and early bird registration are open until January 31st 2010. Please find all necessary information at the conference site: http://sambaXP.org. For detailled indormation about the conference topics refer to the section "Call for Papers" on the website. Before the conference, there will be a tutorial about clustering with Samba. The sambaXP week will start on Monday with a two day advanced workshop in English for those who want to upgrade their Samba knowledge. Chairman of the sambaXP is again John Terpstra, early Samba Team member and well known author regarding Samba and related fields. The conference is kindly supported by our sponsors GOOGLE and INTEL. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From fabio at bonilha.eti.br Fri Jan 15 05:33:35 2010 From: fabio at bonilha.eti.br (Fabio Bonilha) Date: Fri, 15 Jan 2010 10:33:35 -0200 Subject: [Samba] Full_Audit preventing file writing In-Reply-To: References: Message-ID: Volker, Check the message I sent you in private. Regards. Volker Lendecke escreveu: > On Wed, Jan 13, 2010 at 04:27:27PM -0200, Fabio Bonilha wrote: >> The level 10 debug is more like a monster, maybe it's easier if you tell >> what I should look for. > > It should shrink a lot with bzip2 -9. Feel free to send it > in private mail. > > Volker > From Volker.Lendecke at SerNet.DE Fri Jan 15 05:56:22 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Fri, 15 Jan 2010 13:56:22 +0100 Subject: [Samba] Full_Audit preventing file writing In-Reply-To: References: Message-ID: On Fri, Jan 15, 2010 at 10:33:35AM -0200, Fabio Bonilha wrote: > Volker, > > Check the message I sent you in private. Arrived, but sillily busy. I'll try to look at it over the weekend. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mail at avenuedesign.net Fri Jan 15 05:52:29 2010 From: mail at avenuedesign.net (Ed Murray) Date: Fri, 15 Jan 2010 12:52:29 +0000 Subject: [Samba] Ubuntu packaging vs Debian packaging (was: Given up on Fedora Ubuntu is 1000-folder simpler) In-Reply-To: <20100115061346.GV15413@cc-mykerinos.onera> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> <20100115061346.GV15413@cc-mykerinos.onera> Message-ID: <4055A50BACBD95419C9EA09E5B78D5528E90E4@exchange.avenuedesign.net> The similarities are much bigger than their differences. Yes there are pros & cons to both Debian & Ubuntu. For example do you prefer a 2 year release cycle or a 6 month release cycle. I use both distributions in different circumstances. It is thanks to everyone who has put in an effort to Debian over the past 16 odd years that Ubuntu even exists... P.S. Props to all the Samba, Debian, Ubuntu & all the other open source developers here... From peteolcott at gmail.com Fri Jan 15 06:54:04 2010 From: peteolcott at gmail.com (Peter Olcott) Date: Fri, 15 Jan 2010 07:54:04 -0600 Subject: [Samba] Options for responding to this group? Message-ID: <87e0d5201001150554y455cc0f4hd6d3f9cb33daac5a@mail.gmail.com> Is the only option for responding to posts in this group to receive ALL of the messages posted in this group by email? From Hullen at t-online.de Fri Jan 15 07:05:00 2010 From: Hullen at t-online.de (Helmut Hullen) Date: 15 Jan 2010 15:05:00 +0100 Subject: [Samba] Options for responding to this group? In-Reply-To: <87e0d5201001150554y455cc0f4hd6d3f9cb33daac5a@mail.gmail.com> Message-ID: Hallo, Peter, Du meintest am 15.01.10: > Is the only option for responding to posts in this group to receive > ALL of the messages posted in this group by email? Yes - that's the major principle of mailing lists. Viele Gruesse! Helmut From jht at samba.org Fri Jan 15 07:42:18 2010 From: jht at samba.org (John H Terpstra) Date: Fri, 15 Jan 2010 08:42:18 -0600 Subject: [Samba] Options for responding to this group? In-Reply-To: <87e0d5201001150554y455cc0f4hd6d3f9cb33daac5a@mail.gmail.com> References: <87e0d5201001150554y455cc0f4hd6d3f9cb33daac5a@mail.gmail.com> Message-ID: <4B507ECA.5060407@samba.org> On 01/15/2010 07:54 AM, Peter Olcott wrote: > Is the only option for responding to posts in this group to receive ALL of > the messages posted in this group by email? 1) Subscribers to the samba mailing list can control whether or not they receive messages that are posted to the list. This is an on/off setting in the subscribers' optional settings. 2) Subscribers who elect to receive messages posted to the list will receive ALL messages postings. 3) There is no option to filter on message subject. 4) List subscribers can post to the list. Messages sent by a subscriber will be sent directly to the list. 5) Non-subscribers can also post to the list. Messages sent by a non-subscriber will be held for moderation. It is up to the moderator to determine what will be accepted or rejected. 6) There are a number of moderators, each exercises his/her own discretion. 7) There have been (and possibly still are) subscribers who elect not to receive postings to the mailing list. 8) Subscribers who elect not to receive postings CAN post to the list. - John Terpstra a list moderator From nadezhda.ivanova at postpath.com Fri Jan 15 07:59:07 2010 From: nadezhda.ivanova at postpath.com (Nadezhda Ivanova) Date: Fri, 15 Jan 2010 16:59:07 +0200 (EET) Subject: [Samba] Options for responding to this group? Message-ID: Also I believe there is an option to receive a daily digest, rather than in real time, at least there used to be... ----- Original Message ----- > From: samba-bounces at lists.samba.org > To: Peter Olcott , John H Terpstra > Cc: samba at lists.samba.org > Sent: Friday, January 15, 2010 4:37:21 PM GMT+0200 Europe;Athens > Subject: Re: [Samba] Options for responding to this group? > > On 01/15/2010 07:54 AM, Peter Olcott wrote: > > Is the only option for responding to posts in this group to receive > ALL of > > the messages posted in this group by email? > > 1) Subscribers to the samba mailing list can control whether or not > they > receive messages that are posted to the list. This is an on/off > setting > in the subscribers' optional settings. > > 2) Subscribers who elect to receive messages posted to the list will > receive ALL messages postings. > > 3) There is no option to filter on message subject. > > 4) List subscribers can post to the list. Messages sent by a > subscriber > will be sent directly to the list. > > 5) Non-subscribers can also post to the list. Messages sent by a > non-subscriber will be held for moderation. It is up to the moderator > to determine what will be accepted or rejected. > > 6) There are a number of moderators, each exercises his/her own > discretion. > > 7) There have been (and possibly still are) subscribers who elect not > to > receive postings to the mailing list. > > 8) Subscribers who elect not to receive postings CAN post to the list. > > - John Terpstra > a list moderator > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba From gaiseric.vandal at gmail.com Fri Jan 15 08:05:43 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Fri, 15 Jan 2010 10:05:43 -0500 Subject: [Samba] Could not join to NT4 domain. In-Reply-To: <1eef4f891001140502kc8ee10m6a0fe731591da57d@mail.gmail.com> References: <1eef4f891001140502kc8ee10m6a0fe731591da57d@mail.gmail.com> Message-ID: <4B508447.50406@gmail.com> Maybe try using Administrator as the name - I think you want to use an account on the domain that has rights to add machines to the domain, rather than the local root account. YOu may also be able to precreate the machine account on NT4. And are you running the latest NT4 patch (6a.) With SP3 or SP4 they changed the security parameters on NT4. On 01/14/10 08:02, glimm - wrote: > Hello. I can not enter the domain machine: > > net rpc join -S 192.168.128.10 -U user > cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error > NT_STATUS_UNSUCCESSFUL > Could not initialise lsa pipe > Enter root's password: > cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error > NT_STATUS_UNSUCCESSFUL > Error connecting to LSA pipe. Error was NT_STATUS_UNSUCCESSFUL > > uname -a > Linux pr239-2 2.6.32-ARCH #1 SMP PREEMPT Thu Jan 7 22:19:56 UTC 2010 i686 > AMD Duron(tm) processor AuthenticAMD GNU/Linux > > Samba compiled with Options: > WITH_CIFSMOUNT > WITH_PAM > WITH_PAM_MODULES > WITH_QUOTAS > WITH_SENDFILE > WITH_SYSLOG > WITH_UTMP > WITH_WINBIND > > Version 3.4.3 > > Thanks. > From gayleard at eircom.net Fri Jan 15 08:09:34 2010 From: gayleard at eircom.net (Timothy Murphy) Date: Fri, 15 Jan 2010 15:09:34 +0000 Subject: [Samba] Options for responding to this group? References: <87e0d5201001150554y455cc0f4hd6d3f9cb33daac5a@mail.gmail.com> <4B507ECA.5060407@samba.org> Message-ID: John H Terpstra wrote: > 7) There have been (and possibly still are) subscribers who elect not to > receive postings to the mailing list. > > 8) Subscribers who elect not to receive postings CAN post to the list. I imagine there are a large number of subscribers who like me read postings through the gmane newsgroup, or through some other mailing-list -> newsgroup combo. How can one completely turn off email postings in such a case? I have opted for email digests, which I delete unread. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland From esiotrot at gmail.com Fri Jan 15 08:29:53 2010 From: esiotrot at gmail.com (Michael Wood) Date: Fri, 15 Jan 2010 17:29:53 +0200 Subject: [Samba] Options for responding to this group? In-Reply-To: References: <87e0d5201001150554y455cc0f4hd6d3f9cb33daac5a@mail.gmail.com> <4B507ECA.5060407@samba.org> Message-ID: <5a8aa6681001150729n61a1c65ai7776cb60d52ac3aa@mail.gmail.com> 2010/1/15 Timothy Murphy : > John H Terpstra wrote: > >> 7) There have been (and possibly still are) subscribers who elect not to >> receive postings to the mailing list. >> >> 8) Subscribers who elect not to receive postings CAN post to the list. > > I imagine there are a large number of subscribers who like me > read postings through the gmane newsgroup, or through some other > mailing-list -> newsgroup combo. > > How can one completely turn off email postings in such a case? > I have opted for email digests, which I delete unread. Go to: https://lists.samba.org/mailman/options/samba Log on using your e-mail address and password. (If you don't know your password, click on the "Remind" button to have it e-mailed to you.) Scroll down to the "Your samba Subscription Options" section. The first option is called "Mail delivery". Set it to "disabled". If you want to do this for several mailing lists that all live on lists.samba.org, check the "Set globally" checkbox. Then just click on the "Submit my changes" button at the bottom. -- Michael Wood From presgas at gmail.com Fri Jan 15 08:44:49 2010 From: presgas at gmail.com (Robert Freeman-Day) Date: Fri, 15 Jan 2010 10:44:49 -0500 (EST) Subject: [Samba] Feedback to getting to samba 4 blog In-Reply-To: <4B50478E.7020007@inria.fr> References: <4B50478E.7020007@inria.fr> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 15 Jan 2010, Guillaume Rousse wrote: > Date: Fri, 15 Jan 2010 11:46:38 +0100 > From: Guillaume Rousse > To: samba at lists.samba.org > Subject: Re: [Samba] Feedback to getting to samba 4 blog > > Le 14/01/2010 15:07, Andreas Moroder a ?crit : >> Hello, >> >> I did not find a way tu put my opinion to the blog so I answer here. I >> hope this is ok. >> >> We ( a public hospital ) are one of the few that have no AD, because I >> wanted to wait that samba has this functionality. >> Every solution that give us the stability of samba and also AD is ok for >> us, but please this year, otherwise I will be force to start with MS AD. > You can use AD, while still delegating autentication to a unix-based kerberos > realm. And use samba for print and file services. > > -- I can confirm that our environment was set up this way and worked. One thing you will have to google if you go to AD with unix kerberos is "Cross Realm Trust". I will also say that we consolidated our Kerberos KCD to just using the AD servers as KDCs. With some hickups, it works passably. - ---Robert Freeman-Day - --------------- I would really like you to be on my side, but the side you show me isn't what I had in mind. - -Judybats GPG Public Key: http:keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktQjXEACgkQup357T5MfTZ4cwCdELuFyUZOGXeXMsnjwl5bROGN lpcAoLRQEwlKbxT37NVBBgDk8UbMnnnH =7iq0 -----END PGP SIGNATURE----- From peteolcott at gmail.com Fri Jan 15 09:40:27 2010 From: peteolcott at gmail.com (Peter Olcott) Date: Fri, 15 Jan 2010 10:40:27 -0600 Subject: [Samba] Options for responding to this group? In-Reply-To: <4B507ECA.5060407@samba.org> References: <87e0d5201001150554y455cc0f4hd6d3f9cb33daac5a@mail.gmail.com> <4B507ECA.5060407@samba.org> Message-ID: <87e0d5201001150840kf3975acx3f8ab87043707316@mail.gmail.com> On Fri, Jan 15, 2010 at 8:42 AM, John H Terpstra wrote: > On 01/15/2010 07:54 AM, Peter Olcott wrote: > > Is the only option for responding to posts in this group to receive ALL > of > > the messages posted in this group by email? > > 1) Subscribers to the samba mailing list can control whether or not they > receive messages that are posted to the list. This is an on/off setting > in the subscribers' optional settings. > > 2) Subscribers who elect to receive messages posted to the list will > receive ALL messages postings. > > 3) There is no option to filter on message subject. > > 4) List subscribers can post to the list. Messages sent by a subscriber > will be sent directly to the list. > > 5) Non-subscribers can also post to the list. Messages sent by a > non-subscriber will be held for moderation. It is up to the moderator > to determine what will be accepted or rejected. > > 6) There are a number of moderators, each exercises his/her own discretion. > > 7) There have been (and possibly still are) subscribers who elect not to > receive postings to the mailing list. > > 8) Subscribers who elect not to receive postings CAN post to the list. > > - John Terpstra > a list moderator > How do subscribers that elect to NOT receive email postings respopnd to s specific message such as this one? From shirishpargaonkar at gmail.com Fri Jan 15 10:47:45 2010 From: shirishpargaonkar at gmail.com (Shirish Pargaonkar) Date: Fri, 15 Jan 2010 11:47:45 -0600 Subject: [Samba] samba4 compilation error Message-ID: <4a4634331001150947u2bcd66c5n51208b2140226975@mail.gmail.com> Not sure if this is a known error during samba4 source code compilation and how to fix it (which file has struct iovec defined and where to include it) Compiling ../libcli/util/tstream.c ../libcli/util/tstream.c:39: error: field ?tmp_vector? has incomplete type The following command failed: DATA_BLOB pdu_blob; struct iovec tmp_vector; }; pwd = /usr/src/gitsamba/samba/source4 Compiling ../libcli/util/tstream.c ../libcli/util/tstream.c:39: error: field ?tmp_vector? has incomplete type The following command failed: gcc -I../lib/tevent -I../lib/talloc -Ilib/replace -fPIC -I./include -I. -I./lib -I./../lib/replace -I./../lib/talloc -I./.. -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H -c ../libcli/util/tstream.c -o ../libcli/util/tstream.o make: *** [../libcli/util/tstream.o] Error 1 From shirishpargaonkar at gmail.com Fri Jan 15 11:04:26 2010 From: shirishpargaonkar at gmail.com (Shirish Pargaonkar) Date: Fri, 15 Jan 2010 12:04:26 -0600 Subject: [Samba] samba4 compilation error In-Reply-To: <4a4634331001150947u2bcd66c5n51208b2140226975@mail.gmail.com> References: <4a4634331001150947u2bcd66c5n51208b2140226975@mail.gmail.com> Message-ID: <4a4634331001151004o45f52953h762f40e7d769436c@mail.gmail.com> I got past this error by including linux/uio.h in the .c file but not sure that is where the header file should be included. On Fri, Jan 15, 2010 at 11:47 AM, Shirish Pargaonkar wrote: > Not sure if this is a known error during samba4 source code compilation > and how to fix it (which file has struct iovec defined and where to include it) > > > Compiling ../libcli/util/tstream.c > ../libcli/util/tstream.c:39: error: field ?tmp_vector? has incomplete type > The following command failed: > > ? ? ? ?DATA_BLOB pdu_blob; > ? ? ? ?struct iovec tmp_vector; > }; > > ?pwd ? ? ? ?= /usr/src/gitsamba/samba/source4 > Compiling ../libcli/util/tstream.c > ../libcli/util/tstream.c:39: error: field ?tmp_vector? has incomplete type > The following command failed: > gcc -I../lib/tevent ? -I../lib/talloc -Ilib/replace ? ? -fPIC > -I./include -I. -I./lib -I./../lib/replace > -I./../lib/talloc -I./.. -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H ?-c > ../libcli/util/tstream.c -o > ../libcli/util/tstream.o > make: *** [../libcli/util/tstream.o] Error 1 > From lagern at lafayette.edu Fri Jan 15 13:20:36 2010 From: lagern at lafayette.edu (Nathan Lager) Date: Fri, 15 Jan 2010 15:20:36 -0500 Subject: [Samba] Samba, and NFS. lag? Message-ID: <4B50CE14.405@lafayette.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Afternoon! I have a samba server, which shares out an NFS mounted share. It seems that everything works rather well, except that i get some lag when modifying a file. If i share a directory which is local to the samba server, no lag, everything works perfectly. However, when i share an NFS mounted volume, i get about 30 seconds of lag while writing a file after it's been modified. In my test, i did the following: - From Windows xp, browse to \\smbserver\share\ browse to a directory which you have permission to write to. open an existing file (in my case, a text file, using Notepad). Add a line to the file. save the file. Notepad hangs for about 30 seconds, and then successfully completes its write. The only thin special about this windows XP client is that it has the Novell mobile client installed. I ran into an issue where windows was first trying to access my smb server using novell's ncp, but this was corrected by moving around the provider order in Windows networking. Any suggestions? Anything i can check? Am i perhaps looking an an NFS performance issue? I'm able to modify files over the nfs mount from the smb server without an issue. Thanks! - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 610-330-5907 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktQzhQACgkQsZqG4IN3sumiIACgq9ms6T+hVVBVgdCyPztB6SMV bhYAnRM+bEJ3Mz5Gu96/iVqVYS4Hz/cH =v0Q/ -----END PGP SIGNATURE----- From morgan at tuxedo.darktech.org Fri Jan 15 13:46:16 2010 From: morgan at tuxedo.darktech.org (Rob Shinn) Date: Fri, 15 Jan 2010 15:46:16 -0500 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler In-Reply-To: References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> Message-ID: <4B50D418.5000900@tuxedo.darktech.org> Michael Lueck wrote: > When Etch came out, the Samba packages were so bad that I ended up > trying Ubuntu (7.04). It worked great! That's just silly. I use Ubuntu on my desktops and servers mostly because I prefer the extra fit-and-polish it has to Debian. But I've used both and the packages themselves are basically the same. A particular Ubuntu stable release package of Samba is more likely to be more current than the Debian stable release, but that's a result of policy differences, not technical ones. The source for the packages is the same: the Debian package repos. The main difference is that Ubuntu might add a patch or two that hasn't made it into the stable Debian package yet, but other than that, they are the same. Kudos to the good work of the Debian devs. Without you, there would be no Ubuntu and the world would be much worse off without Debian. As far as the comments on Fedora, you're also aware that the Ubuntu devs follow Fedora development and take away some of their best stuff, too, right? From jerry at plainjoe.org Fri Jan 15 13:48:04 2010 From: jerry at plainjoe.org (Gerald Carter) Date: Fri, 15 Jan 2010 14:48:04 -0600 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: <4B50CE14.405@lafayette.edu> References: <4B50CE14.405@lafayette.edu> Message-ID: <4B50D484.2050202@plainjoe.org> Nathan Lager wrote: > Afternoon! > I have a samba server, which shares out an NFS mounted share. It seems > that everything works rather well, except that i get some lag when > modifying a file. If i share a directory which is local to the samba > server, no lag, everything works perfectly. However, when i share an > NFS mounted volume, i get about 30 seconds of lag while writing a file > after it's been modified. Hey Nathan, A 30 second lag is normally an indication of an oplock break timeout. Just an fyi...If you are re-exporting an nfs mounted volume on linux, try setting "kernel oplocks = no" since I don't bnelieve the kernel file lease mechanism is availble on an NFS mount but I could be wrong on that one. Just a suggestion. cheers, jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From lsorense at csclub.uwaterloo.ca Fri Jan 15 14:06:09 2010 From: lsorense at csclub.uwaterloo.ca (Lennart Sorensen) Date: Fri, 15 Jan 2010 16:06:09 -0500 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler In-Reply-To: <4B50D418.5000900@tuxedo.darktech.org> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> <4B50D418.5000900@tuxedo.darktech.org> Message-ID: <20100115210609.GD24305@caffeine.csclub.uwaterloo.ca> On Fri, Jan 15, 2010 at 03:46:16PM -0500, Rob Shinn wrote: > That's just silly. I use Ubuntu on my desktops and servers mostly > because I prefer the extra fit-and-polish it has to Debian. But I've > used both and the packages themselves are basically the same. A > particular Ubuntu stable release package of Samba is more likely to be > more current than the Debian stable release, but that's a result of > policy differences, not technical ones. The source for the packages is > the same: the Debian package repos. The main difference is that Ubuntu > might add a patch or two that hasn't made it into the stable Debian > package yet, but other than that, they are the same. Intesting, given I stick with debian because I prefer things that upgrade correctly (something ubuntu really needs some polish on). I guess it depends where you like your polish applied. > Kudos to the good work of the Debian devs. Without you, there would be > no Ubuntu and the world would be much worse off without Debian. > > As far as the comments on Fedora, you're also aware that the Ubuntu devs > follow Fedora development and take away some of their best stuff, too, > right? -- Len Sorensen From lagern at lafayette.edu Fri Jan 15 14:23:47 2010 From: lagern at lafayette.edu (Nathan Lager) Date: Fri, 15 Jan 2010 16:23:47 -0500 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: <4B50D484.2050202@plainjoe.org> References: <4B50CE14.405@lafayette.edu> <4B50D484.2050202@plainjoe.org> Message-ID: <4B50DCE3.8070906@lafayette.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This didnt seem to help. As a side, note, i've also tried it without the Novell client. This didnt help either. Thanks just the same for the response. On 01/15/2010 03:48 PM, Gerald Carter wrote: > Nathan Lager wrote: >> Afternoon! >> I have a samba server, which shares out an NFS mounted share. It seems >> that everything works rather well, except that i get some lag when >> modifying a file. If i share a directory which is local to the samba >> server, no lag, everything works perfectly. However, when i share an >> NFS mounted volume, i get about 30 seconds of lag while writing a file >> after it's been modified. > > Hey Nathan, > > A 30 second lag is normally an indication of an oplock > break timeout. Just an fyi...If you are re-exporting an > nfs mounted volume on linux, try setting "kernel oplocks = no" > since I don't bnelieve the kernel file lease mechanism is > availble on an NFS mount but I could be wrong on that one. > Just a suggestion. > > > > > cheers, jerry > > - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 610-330-5907 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktQ3OMACgkQsZqG4IN3sun27wCeL3TzsFao7x12Dgh+F/OABf2X CTAAmQE54iRoF7WuKtfJVT3IdbBNoGXw =EKvT -----END PGP SIGNATURE----- From samba at tlinx.org Fri Jan 15 15:55:45 2010 From: samba at tlinx.org (Linda Walsh) Date: Fri, 15 Jan 2010 14:55:45 -0800 Subject: [Samba] Win7 can and cannot join domain; speed issues? (tests to /dev/zero & /dev/null?) Message-ID: <4B50F271.3020800@tlinx.org> I've made some pseudo progress .. I deleted my DNS domain name from my client -- after that, I was able to get a message (Welcome to Bliss Domain) -- followed by 'Domain join failed, you will not be in the Domain. Reboot now to activate your new domain name. Upon reboot, it thinks I am in Bliss domain, BUT it acts completely unjoined -- no domain groups in group list selections, Shares won't work -- says I need permission from 'Domain\me', or the funniest (if I it wasn't also sad), was when I connected to the share as ClientWorkstation\me, it then told me I couldn't alter files w/o permission from Athena\me. Um...I am me?...and I'm on my workstation, but it thinks I need permission from me? What's up with that! Anyways, back to workgroup Bliss, and file sharing is normal again. Also have an ongoing oddity -- read/write speed to a network share. I can't figure out why it's so slow. Writes are faster than reads. My tests are a bit weird. To test out write, I write to /dev/null on the target sys, and to test read, I'm reading from /dev/zero. Locally, these copies return instantaneously. But over the network I get about 34MB/s read, and 39MB/s write. But oddly smbd is nearly 100% cpu bound. I was using 'dd' with a 1GB block size. So shouldn't 'smbd' usually have been asleep awaiting I/O completion (which is near instantaneous). I'd expect to be getting more along the lines of 60-70MB/s R+W (Gigabit network with large packet (9014) enabled. It's a bit faster than standard packets by about 10%. But that's not real exciting... Shouldn't tests to a remote /dev/zero and /dev/null be valid for testing a no-filesystem load raw transfer rate? -linda From jht at samba.org Fri Jan 15 21:35:00 2010 From: jht at samba.org (John H Terpstra) Date: Fri, 15 Jan 2010 22:35:00 -0600 Subject: [Samba] Options for responding to this group? In-Reply-To: <87e0d5201001150840kf3975acx3f8ab87043707316@mail.gmail.com> References: <87e0d5201001150554y455cc0f4hd6d3f9cb33daac5a@mail.gmail.com> <4B507ECA.5060407@samba.org> <87e0d5201001150840kf3975acx3f8ab87043707316@mail.gmail.com> Message-ID: <4B5141F4.7050304@samba.org> On 01/15/2010 10:40 AM, Peter Olcott wrote: > On Fri, Jan 15, 2010 at 8:42 AM, John H Terpstra wrote: > >> On 01/15/2010 07:54 AM, Peter Olcott wrote: >>> Is the only option for responding to posts in this group to receive ALL >> of >>> the messages posted in this group by email? >> >> 1) Subscribers to the samba mailing list can control whether or not they >> receive messages that are posted to the list. This is an on/off setting >> in the subscribers' optional settings. >> >> 2) Subscribers who elect to receive messages posted to the list will >> receive ALL messages postings. >> >> 3) There is no option to filter on message subject. >> >> 4) List subscribers can post to the list. Messages sent by a subscriber >> will be sent directly to the list. >> >> 5) Non-subscribers can also post to the list. Messages sent by a >> non-subscriber will be held for moderation. It is up to the moderator >> to determine what will be accepted or rejected. >> >> 6) There are a number of moderators, each exercises his/her own discretion. >> >> 7) There have been (and possibly still are) subscribers who elect not to >> receive postings to the mailing list. >> >> 8) Subscribers who elect not to receive postings CAN post to the list. >> >> - John Terpstra >> a list moderator >> > > How do subscribers that elect to NOT receive email postings respopnd to s > specific message such as this one? > a) We have quite a few subscribers who read the samba list archives via the web. b) What response does this message require? My intent was to inform newer subscribers who were not aware that not being sent list postings is a real option. Cheers, John T. From bubulle at debian.org Sat Jan 16 00:06:38 2010 From: bubulle at debian.org (Christian PERRIER) Date: Sat, 16 Jan 2010 08:06:38 +0100 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler In-Reply-To: <4B50D418.5000900@tuxedo.darktech.org> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> <4B50D418.5000900@tuxedo.darktech.org> Message-ID: <20100116070638.GB4636@mykerinos.kheops.frmug.org> Quoting Rob Shinn (morgan at tuxedo.darktech.org): > I've used both and the packages themselves are basically the same. > A particular Ubuntu stable release package of Samba is more likely > to be more current than the Debian stable release, but that's a > result of policy differences, not technical ones. The source for > the packages is the same: the Debian package repos. The main > difference is that Ubuntu might add a patch or two that hasn't made > it into the stable Debian package yet, but other than that, they are > the same. Differences now are only on packaging. The most proeminent differences (http://patches.ubuntu.com/s/samba/samba_2:3.4.3-2ubuntu1.patch) I can see between the 3.4.3-2 packages (Ubuntu doesn't have 3.4.4 yet): + + debian/smb.conf: + - Comment out the default [homes] share, and add a comment about "valid users = %s" + to show users how to restrict access to \\server\username to only username. + - Set 'usershare allow guests', so that usershare admins are allowed to create + public shares in additon to authenticated ones. + - add map to guest = Bad user, maps bad username to gues access. -->so, mostly differences in the default smb.conf Here, I still prefer sticking with the policy we had in recent years by being as close as possible to upstream defaults + + debian/control: + - Don't build against ctdb. --> Ubuntu packages are built without clustering support. Their call..:-) + + debian/rules: + - Enable "native" PIE hardening. + - Add BIND_NOW to maximize benefit of RELRO hardening. --> These, I should discuss with Steve Langasek + + Add ufw integration: + - Created debian/samba.ufw.profile. --> This is a consequence of Ubuntu using ufw by default Interestingly, the biggest part of the diff between Ubuntu package and Debian ones is made of security patches that aren't used any more. So, in short, they have cruft..:) From kyrrin at bluefeathertech.com Sat Jan 16 02:28:57 2010 From: kyrrin at bluefeathertech.com (Bruce Lane) Date: Sat, 16 Jan 2010 01:28:57 -0800 Subject: [Samba] Cannot connect from XP to Samba: Password prompt repeated Message-ID: <201001160128570625.006DA371@192.168.42.129> Fellow samba folk, This one's making me want to tear out what little hair I have left. THE *NIX PLATFORM: FreeBSD 7.0-RELEASE, Samba 3.3.8. THE ENVIRONMENT: Small domain, Windows 2003 servers and XP-pro based workstations. The FreeBSD server is a member server in the domain, so at least that works. THE SYMPTOMS: This is bizarre. I can, using mount_smbfs on the FreeBSD side, easily connect to shares on the Windows server. No hassle, no pain. It Just Works. HOWEVER -- When I try to connect to a share on the Samba side from any Windows system, I get repeated requests for the username and password, and no combination of such (not even one which I know to be valid) wants to work. Here's the paste from my smb.conf file. To save space, I have removed the sections I'm not using (as in the ones which I left commented out). #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = BFT-INT # server string is the equivalent of the NT Description field server string = BFT Web Server # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want # user level security. See the Samba-HOWTO-Collection for details. security = ads password server = haku2.int.bluefeathertech.com client use spnego = yes # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.42. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = no # Put a capping on the size of the log files (in Kb). max log size = 50 # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of realm = int.bluefeathertech.com # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. passdb backend = tdbsam # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces = 192.168.42.130/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = no # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = no # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = no # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = 192.168.42.90 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The default is NO. dns proxy = no #============================ Share Definitions ============================== [webstuff] comment = Featherweb doc directories path = /usr/local/www/htdocs browseable = yes writable = yes valid users = kyrrin jlanfri kathy write list = @www @wheel create mask = 0755 [logging] comment = Featherweb logging path = /var/log browseable = yes writable = no valid users = kyrrin jlanfri kathy featherweb# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What puzzles me is this was working just fine for months, and then it failed for no apparent reason. Any guesses? Thanks much. -=-=-=-=-=-=-=-=-=-=-=- Bruce Lane, Owner & Head Hardware Heavy, Blue Feather Technologies -- http://www.bluefeathertech.com kyrrin (at) bluefeathertech do/t c=o=m "Quid Malmborg in Plano..." From mlueck at lueckdatasystems.com Sat Jan 16 03:40:16 2010 From: mlueck at lueckdatasystems.com (Michael Lueck) Date: Sat, 16 Jan 2010 05:40:16 -0500 Subject: [Samba] Ubuntu packaging vs Debian packaging In-Reply-To: <20100115061346.GV15413@cc-mykerinos.onera> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> <20100115061346.GV15413@cc-mykerinos.onera> Message-ID: Christian PERRIER wrote: > Samba packages in Ubuntu are directly derived from Debian > packages. So, telling that "Debian packages are bad" while "Ubuntu > packages are good" is just....silly. They're basically the same..:-) When Etch originally shipped, the Samba packages maintainers for Debian acknowledged that the state of Samba was less perfect than they desired. After the conference, for which I ended up using an Ubuntu server to present on, I again tested Etch (another clean load) and by that time the Samba packages were working properly. Just that the OP on this thread sounded very much like the reason I ended up switching from Debian to Ubuntu. Thus my comment... "and the rest is history..." Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ From Volker.Lendecke at SerNet.DE Sat Jan 16 03:46:58 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Sat, 16 Jan 2010 11:46:58 +0100 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: <4B50CE14.405@lafayette.edu> References: <4B50CE14.405@lafayette.edu> Message-ID: On Fri, Jan 15, 2010 at 03:20:36PM -0500, Nathan Lager wrote: > Any suggestions? Anything i can check? Am i perhaps looking an an NFS > performance issue? I'm able to modify files over the nfs mount from the > smb server without an issue. No, this is probably not a NFS performance thing, NFS is not *that* slow. Next try after "kernel oplocks = no" would be "posix locking = no". Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From bsdadmin2008 at gmail.com Sat Jan 16 07:01:01 2010 From: bsdadmin2008 at gmail.com (JBornhoft) Date: Sat, 16 Jan 2010 09:01:01 -0500 Subject: [Samba] Regularly being asked for username/password Message-ID: <4B51C69D.6010701@gmail.com> I'm a bit of a noob w/ samba and I set up a small samba shar (v. 3.4.0) on my ubuntu machine which hosts a shared drive for a single vista laptop (my wife's machine). My question is .. is it normal for her to regularly be asked to enter her username and password or is it something that I've done in my configuration. Note: I used the configuration guide from Linux Journal (Nov/Dec/Jan). Many thanks in advance! J From drescherjm at gmail.com Sat Jan 16 08:03:11 2010 From: drescherjm at gmail.com (John Drescher) Date: Sat, 16 Jan 2010 10:03:11 -0500 Subject: [Samba] Regularly being asked for username/password In-Reply-To: <4B51C69D.6010701@gmail.com> References: <4B51C69D.6010701@gmail.com> Message-ID: <387ee2021001160703o4b737dcfsa5b12081997fb6bc@mail.gmail.com> > I'm a bit of a noob w/ samba and I set up a small samba shar (v. 3.4.0) on > my ubuntu machine which hosts a shared drive for a single vista laptop (my > wife's machine). > > My question is .. is it normal for her to regularly be asked to enter her > username and password or is it something that I've done in my configuration. > This is not normal. You should only be asked this once or at most 1 time per share if shares are on different servers. John From bsdadmin2008 at gmail.com Sat Jan 16 08:58:01 2010 From: bsdadmin2008 at gmail.com (JBornhoft) Date: Sat, 16 Jan 2010 10:58:01 -0500 Subject: [Samba] Regularly being asked for username/password In-Reply-To: <387ee2021001160703o4b737dcfsa5b12081997fb6bc@mail.gmail.com> References: <4B51C69D.6010701@gmail.com> <387ee2021001160703o4b737dcfsa5b12081997fb6bc@mail.gmail.com> Message-ID: <4B51E209.3040002@gmail.com> Ok thanks .. so where can i begin to look for the prob? John Drescher wrote: >> I'm a bit of a noob w/ samba and I set up a small samba shar (v. 3.4.0) on >> my ubuntu machine which hosts a shared drive for a single vista laptop (my >> wife's machine). >> >> My question is .. is it normal for her to regularly be asked to enter her >> username and password or is it something that I've done in my configuration. >> > > This is not normal. You should only be asked this once or at most 1 > time per share if shares are on different servers. > > John > From drescherjm at gmail.com Sat Jan 16 09:11:05 2010 From: drescherjm at gmail.com (John Drescher) Date: Sat, 16 Jan 2010 11:11:05 -0500 Subject: [Samba] Regularly being asked for username/password In-Reply-To: <4B51E209.3040002@gmail.com> References: <4B51C69D.6010701@gmail.com> <387ee2021001160703o4b737dcfsa5b12081997fb6bc@mail.gmail.com> <4B51E209.3040002@gmail.com> Message-ID: <387ee2021001160811p1d122c3at6f88937924ae332e@mail.gmail.com> >>> My question is .. is it normal for her to regularly be asked to enter her >>> username and password or is it something that I've done in my >>> configuration. >>> >> >> This is not normal. You should only be asked this once or at most 1 >> time per share if shares are on different servers. >> > Ok thanks .. so where can i begin to look for the prob? Take a look at the samba logs in /var/log/samba and post your smb.conf John From bsdadmin2008 at gmail.com Sat Jan 16 09:28:48 2010 From: bsdadmin2008 at gmail.com (JBornhoft) Date: Sat, 16 Jan 2010 11:28:48 -0500 Subject: [Samba] Regularly being asked for username/password In-Reply-To: <387ee2021001160811p1d122c3at6f88937924ae332e@mail.gmail.com> References: <4B51C69D.6010701@gmail.com> <387ee2021001160703o4b737dcfsa5b12081997fb6bc@mail.gmail.com> <4B51E209.3040002@gmail.com> <387ee2021001160811p1d122c3at6f88937924ae332e@mail.gmail.com> Message-ID: <4B51E940.90102@gmail.com> Ok .. I logged into swat and restarted all services. winbindd is not running and does not start up. After restarting all services I logged into the share from the vista laptop. ==> log.smbd <== [2010/01/16 11:17:57, 0] smbd/server.c:1068(main) smbd version 3.4.0 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 ==> log.nmbd <== [2010/01/16 11:18:20, 0] nmbd/nmbd_become_lmb.c:395(become_local_master_stage2) ***** Samba name server ALTALOMA is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.100 ***** ==> log.babopc <== [2010/01/16 11:21:59, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:21:59, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:27, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:27, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:28, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:28, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:28, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:43, 1] smbd/service.c:1047(make_connection_snum) babopc (192.168.1.103) connect to service Sambis initially as user mother (uid=0, gid=100) (pid 12126) ^C Here is my smb.conf: # Samba config file created using SWAT # from UNKNOWN (127.0.0.) # Date: 2010/01/16 11:27:11 [global] netbios name = ALTALOMA server string = %h server (Samba, Ubuntu) client schannel = Yes server schannel = Yes map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d valid users = Mother, nobody admin users = Mother write list = Mother [Sambis] path = /home/jason/data/sambis hosts allow = 192.168.1. hosts deny = ALL [print$] comment = Printer Drivers path = /var/lib/samba/printers [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No browsable = No One more thing .. I tell the laptop to save the username and password and it never does. Many thanks! John Drescher wrote: >>>> My question is .. is it normal for her to regularly be asked to enter her >>>> username and password or is it something that I've done in my >>>> configuration. >>>> >>> This is not normal. You should only be asked this once or at most 1 >>> time per share if shares are on different servers. >>> >> Ok thanks .. so where can i begin to look for the prob? > > Take a look at the samba logs in /var/log/samba > > and post your smb.conf > > John > From eero.volotinen at iki.fi Sat Jan 16 09:38:44 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Sat, 16 Jan 2010 18:38:44 +0200 Subject: [Samba] Regularly being asked for username/password In-Reply-To: <4B51E940.90102@gmail.com> References: <4B51C69D.6010701@gmail.com> <387ee2021001160703o4b737dcfsa5b12081997fb6bc@mail.gmail.com> <4B51E209.3040002@gmail.com> <387ee2021001160811p1d122c3at6f88937924ae332e@mail.gmail.com> <4B51E940.90102@gmail.com> Message-ID: <4B51EB94.3020408@iki.fi> > One more thing .. I tell the laptop to save the username and password > and it never does. So you are not running pdc? Use same password and account name on windows vista and it works without asking password anymore. -- Eero From bsdadmin2008 at gmail.com Sat Jan 16 09:49:52 2010 From: bsdadmin2008 at gmail.com (JBornhoft) Date: Sat, 16 Jan 2010 11:49:52 -0500 Subject: [Samba] Regularly being asked for username/password In-Reply-To: <4B51EB94.3020408@iki.fi> References: <4B51C69D.6010701@gmail.com> <387ee2021001160703o4b737dcfsa5b12081997fb6bc@mail.gmail.com> <4B51E209.3040002@gmail.com> <387ee2021001160811p1d122c3at6f88937924ae332e@mail.gmail.com> <4B51E940.90102@gmail.com> <4B51EB94.3020408@iki.fi> Message-ID: <4B51EE30.3080404@gmail.com> Will that work even if she doesn't have a password on her laptop? Eero Volotinen wrote: > >> One more thing .. I tell the laptop to save the username and password >> and it never does. > > So you are not running pdc? Use same password and account name on > windows vista and it works without asking password anymore. > > -- > Eero > From eero.volotinen at iki.fi Sat Jan 16 09:52:40 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Sat, 16 Jan 2010 18:52:40 +0200 Subject: [Samba] Regularly being asked for username/password In-Reply-To: <4B51EE30.3080404@gmail.com> References: <4B51C69D.6010701@gmail.com> <387ee2021001160703o4b737dcfsa5b12081997fb6bc@mail.gmail.com> <4B51E209.3040002@gmail.com> <387ee2021001160811p1d122c3at6f88937924ae332e@mail.gmail.com> <4B51E940.90102@gmail.com> <4B51EB94.3020408@iki.fi> <4B51EE30.3080404@gmail.com> Message-ID: <4B51EED8.3080009@iki.fi> On 1/16/10 6:49 PM, JBornhoft wrote: > Will that work even if she doesn't have a password on her laptop? Well, just set password on laptop or remove from samba account? -- Eero From steve.chupack at dealer.com Sat Jan 16 09:13:50 2010 From: steve.chupack at dealer.com (Steve Chupack) Date: Sat, 16 Jan 2010 11:13:50 -0500 Subject: [Samba] Domain trusts and samba member servers In-Reply-To: <20090806083951.216b3329@stchupack-m4300> References: <90d977ac0908051642n1634e977tcd9d1fd2be723df0@mail.gmail.com> <20090806083951.216b3329@stchupack-m4300> Message-ID: <20100116111350.1c77fe6e@stchupack-m4300> Below is something I posted a while ago and got no responses... Maybe it was too convoluted for anyone to bother with, so let me try and put it more simply. I have a Win Server 2008 AD box (NEWDOMAIN) which is trusted by my samba DC (OLDDOMAIN). Users on NEWDOMAIN can access resources on the OLDDOMAIN DC just fine. But the trust relationship is not recognized or respected by my samba member servers in OLDDOMAIN. So, very simply put, even if nobody has the specific howto: Do samba member servers understand interdomain trusts? Thanks for any and all input -- I am at a standstill with a fairly major project and any help at all would be greatly appreciated. I have a suspicion it has something to do with winbind on the member servers, but I'm having no luck. On Thu, 6 Aug 2009 08:39:51 -0400 Steve Chupack wrote: > I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all member servers will remain as Samba boxes). > > NEWDOMAIN = new Win2k3 PDC > OLDDOMAIN = current samba PDC > OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN > > I've successfully established a trust relationship between OLDOMAIN and NEWDOMAIN where OLDDOMAIN trusts NEWDOMAIN. Users in NEWDOMAIN have full access to resources on the OLDDOMAIN PDC. > > Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users in NEWDOMAIN do not. > > Can someone help with the general concept here? Should it work as I've configured it? Does OLDDOMAIN_MEMBER need to be running winbind against OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN). > > Sorry if this is confusing -- tried to make it as clear as possible. > > Steve From bubulle at debian.org Sat Jan 16 10:42:50 2010 From: bubulle at debian.org (Christian PERRIER) Date: Sat, 16 Jan 2010 18:42:50 +0100 Subject: [Samba] [Announce] Samba 3.5.0rc1 Available for Download In-Reply-To: References: Message-ID: <20100116174250.GL4636@mykerinos.kheops.frmug.org> Quoting Karolin Seeger (kseeger at samba.org): > Release Announcements > ===================== > > This is the first release candidate of Samba 3.5. This is *not* > intended for production environments and is designed for testing > purposes only. Please report any defects via the Samba bug reporting > system at https://bugzilla.samba.org/. > > Major enhancements in Samba 3.5.0 include: This release candidate version was uploaded today to Debian experimental (I wasn't fast enough to have the prereleases...), so that brave hearts can try it on Debian systems.... From lipixx at gmail.com Sat Jan 16 16:55:21 2010 From: lipixx at gmail.com (LiPi -) Date: Sun, 17 Jan 2010 00:55:21 +0100 Subject: [Samba] Regularly being asked for username/password In-Reply-To: <4B51C69D.6010701@gmail.com> References: <4B51C69D.6010701@gmail.com> Message-ID: Not a Samba problem, ;) http://forums.techarena.in/windows-vista-network/717695.htm The same occurs with Windows XP Home. LiPi. 2010/1/16 JBornhoft > I'm a bit of a noob w/ samba and I set up a small samba shar (v. 3.4.0) on > my ubuntu machine which hosts a shared drive for a single vista laptop (my > wife's machine). > > My question is .. is it normal for her to regularly be asked to enter her > username and password or is it something that I've done in my configuration. > > Note: I used the configuration guide from Linux Journal (Nov/Dec/Jan). > > Many thanks in advance! > > > J > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > From malz at jetlan.com Sun Jan 17 00:33:13 2010 From: malz at jetlan.com (malz) Date: Sun, 17 Jan 2010 18:03:13 +1030 Subject: [Samba] Domain trusts and samba member servers References: <90d977ac0908051642n1634e977tcd9d1fd2be723df0@mail.gmail.com><20090806083951.216b3329@stchupack-m4300> <20100116111350.1c77fe6e@stchupack-m4300> Message-ID: As a thought, can you put the Samba box in as a member server of the Server 2008 AD ? Run the 2008 Server in 2003 AD mode and it will work perfectly. I have done this successfully. 2008 AD Server (DNS/AD/WINS) Suse 11.0 Member server (Samba version 3.4.4-1.1-2267-SUSE-CODE11) (F&P, Postfix Mail) You won't have to worry about your trust issues this way. Cheers Mal -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Steve Chupack Sent: Sunday, 17 January 2010 2:44 AM To: samba at lists.samba.org Subject: [Samba] Domain trusts and samba member servers Below is something I posted a while ago and got no responses... Maybe it was too convoluted for anyone to bother with, so let me try and put it more simply. I have a Win Server 2008 AD box (NEWDOMAIN) which is trusted by my samba DC (OLDDOMAIN). Users on NEWDOMAIN can access resources on the OLDDOMAIN DC just fine. But the trust relationship is not recognized or respected by my samba member servers in OLDDOMAIN. So, very simply put, even if nobody has the specific howto: Do samba member servers understand interdomain trusts? Thanks for any and all input -- I am at a standstill with a fairly major project and any help at all would be greatly appreciated. I have a suspicion it has something to do with winbind on the member servers, but I'm having no luck. On Thu, 6 Aug 2009 08:39:51 -0400 Steve Chupack wrote: > I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all member servers will remain as Samba boxes). > > NEWDOMAIN = new Win2k3 PDC > OLDDOMAIN = current samba PDC > OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN > > I've successfully established a trust relationship between OLDOMAIN and NEWDOMAIN where OLDDOMAIN trusts NEWDOMAIN. Users in NEWDOMAIN have full access to resources on the OLDDOMAIN PDC. > > Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users in NEWDOMAIN do not. > > Can someone help with the general concept here? Should it work as I've configured it? Does OLDDOMAIN_MEMBER need to be running winbind against OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN). > > Sorry if this is confusing -- tried to make it as clear as possible. > > Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From Volker.Lendecke at SerNet.DE Sun Jan 17 09:49:32 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Sun, 17 Jan 2010 17:49:32 +0100 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <4B015BF6.9060002@BriannasSaladDressing.com> References: <4B015BF6.9060002@BriannasSaladDressing.com> Message-ID: On Mon, Nov 16, 2009 at 08:04:38AM -0600, Dale Schroeder wrote: > After upgrading Debian to 3.4.3-1, my mailbox has been overflowing with > panic messages similar to what is posted below. > Winbind is having some kind of problem with pulling in the AD groups. > Any other Debian users seeing this? This looks a bit like https://bugzilla.samba.org/show_bug.cgi?id=6889 which was fixed in 3.4.4. Can you retry with that? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From dumaresq at gmail.com Sun Jan 17 14:11:51 2010 From: dumaresq at gmail.com (Andrew Dumaresq) Date: Sun, 17 Jan 2010 16:11:51 -0500 Subject: [Samba] Dynamic DNS failures with Samba4 Message-ID: <4B537D17.8040006@gmail.com> Hi, I've used samba3 for years, and it mostly did exactly what I wanted, In the last few weeks I decided to install Samba4. I got it installed and everything seems to be working as expected. I have one small issue, and I'm not really sure if the problem is Samba4, bind, my client PC or something else I haven't considered. I've got one Linux server, which acts as a Samba (4.0.0alpha9-GIT-27087e6) server and a DNS (BIND 9.6.1-P2) server, it is also my PDC. I've got a number of windows clients two of which are currently in the Domain. One PC which is windows XP can update its DNS entries with no issues: 17-Jan-2010 15:51:18.042 gss cred: "DNS/dumaresq.local at DUMARESQ.LOCAL", GSS_C_ACCEPT, 4294965265 17-Jan-2010 15:51:18.113 gss-api source name (accept) is gandalf$@DUMARESQ.LOCAL 17-Jan-2010 15:51:18.113 process_gsstkey(): dns_tsigerror_noerror I have another PC that is windows VISTA which cannot update its DNS entries: 17-Jan-2010 15:54:25.875 gss cred: "DNS/dumaresq.local at DUMARESQ.LOCAL", GSS_C_ACCEPT, 4294965078 17-Jan-2010 15:54:25.876 failed gss_accept_sec_context: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Wrong principal in request. 17-Jan-2010 15:54:25.876 process_gsstkey(): dns_tsigerror_badkey I believe I've got BIND setup correctly since it works for the Windows XP PC but here's the relevant configs: options { directory "/var/cache/bind"; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; tkey-gssapi-credential "DNS/dumaresq.local"; tkey-domain "DUMARESQ.LOCAL"; }; zone "dumaresq.local" { type master; file "/etc/bind/dumaresq/db.dumaresq"; update-policy { grant localhost subdomain * A AAAA; grant DUMARESQ.LOCAL ms-self * A AAAA; }; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/dumaresq/db.192"; update-policy { grant *.LOCAL wildcard *.1.168.192.in-addr.arpa. PTR; }; }; Here's my smb.conf file: [globals] netbios name = morannon workgroup = dumaresq realm = dumaresq.local server role = domain controller log file = /var/log/samba/log.%m log level = 2 debug level = 2 interfaces = eth1 lo bind interfaces only = yes Is this a problem with Windows vista? I'm assuming that either vista can't get the correct credentials from the KDC (which is Samba) or that Samba is delivering the wrong credentials. I see the following entry in the samba logs for the computer that fails: [Sun Jan 17 15:09:43 2010 EST, 2 auth/kerberos/krb5_init_context.c:74:smb_krb5_debug_wrapper()] Kerberos: TGS-REQ aragorn$@DUMARESQ.LOCAL from 192.168.1.222 for DNS/dumaresq.local at DUMARESQ.LOCAL [canonicalize, renewable, forwardable] So I think samba is doing what it should. I'm lost here, anybody have any thoughts? From squeezer99 at gmail.com Sun Jan 17 15:31:05 2010 From: squeezer99 at gmail.com (Adam) Date: Sun, 17 Jan 2010 16:31:05 -0600 Subject: [Samba] Given up on Fedora Ubuntu is 1000-folder simpler In-Reply-To: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> References: <87e0d5201001141531m4342be87n9bd508224a546662@mail.gmail.com> Message-ID: <4B538FA9.9050900@gmail.com> didyou try disabling fedora's firewal with /etc/rc.d/init.d/iptables stop and then running ntsysv and unchecking iptables? Peter Olcott wrote: > I spent several days (at least 20 hours) tying to get Fedora 11 Samba server > going. I consulted every resource that I knew including this list. When I > discovered that Fedora 11 Samba could be browsed immediately upon > installation, and a simple reboot disabled this, I gave up. I decided to try > Ubuntu. After intallation it took only five minutes of editing the smb.conf > file to make my share fully operational. In terms of total cost of ownership > Fedora and Red Hat have become big losers. > From steve at greengecko.co.nz Sun Jan 17 15:12:19 2010 From: steve at greengecko.co.nz (steve) Date: Mon, 18 Jan 2010 11:12:19 +1300 Subject: [Samba] performance tweaks?? Message-ID: <1263766339.6678.707.camel@xpc> Has anyone any tips on improving samba performance with debian lenny? I've set up a raid 0 partition on a couple of new WD 1TB disks, formatting the majority of it as a single reiserfs partition. I must admit I should probably have set the blocksize to something other than the default at the time, but now it's well populated, changing stuff like that is going to be a big problem. Performance is pretty poor to put it politely - primary use is a single samba share with a very large directory structure, millions of files. Can anyone suggest any improvements that can stop it being that slow? I regularly see 50+% in waitio. Version in use samba 3.2.5-4lenny7, and I'd rather not change off the formal release path unless it'll make a big improvement. Cheers, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: steve at greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From ryan.suarez at sheridanc.on.ca Sun Jan 17 15:55:10 2010 From: ryan.suarez at sheridanc.on.ca (Ryan Suarez) Date: Sun, 17 Jan 2010 17:55:10 -0500 Subject: [Samba] samba->active directory: ports needed Message-ID: <4B53954E.3080709@sheridanc.on.ca> Greetings we have samba v3.3.x as a domain member of active directory. Samba also uses winbind for user enumeration. What ports need to be opened on the network ACLs to allow samba to connect to active directory? thanks, Ryan From steve.chupack at dealer.com Sun Jan 17 15:59:55 2010 From: steve.chupack at dealer.com (Steve Chupack) Date: Sun, 17 Jan 2010 17:59:55 -0500 Subject: [Samba] Domain trusts and samba member servers In-Reply-To: References: <90d977ac0908051642n1634e977tcd9d1fd2be723df0@mail.gmail.com> <20090806083951.216b3329@stchupack-m4300> <20100116111350.1c77fe6e@stchupack-m4300> Message-ID: <20100117175955.4884e76b@stchupack-m4300> Well, the idea was to have OLDDOMAIN and NEWDOMAIN authenticating users simultaneously as we migrate people to NEWDOMAIN in a controlled/progressive rollout.. I assume my samba box will no longer act as a domain controller if I make it a member server of the 2008 box, but I would actually like to be wrong on this point. ;-) On Sun, 17 Jan 2010 18:03:13 +1030 "malz" wrote: > > As a thought, can you put the Samba box in as a member server of the > Server 2008 AD ? Run the 2008 Server in 2003 AD mode and it will work > perfectly. I have done this successfully. > > 2008 AD Server (DNS/AD/WINS) > Suse 11.0 Member server (Samba version 3.4.4-1.1-2267-SUSE-CODE11) > (F&P, Postfix Mail) > > You won't have to worry about your trust issues this way. > > Cheers > Mal > > > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Steve Chupack > Sent: Sunday, 17 January 2010 2:44 AM > To: samba at lists.samba.org > Subject: [Samba] Domain trusts and samba member servers > > Below is something I posted a while ago and got no responses... Maybe it > was too convoluted for anyone to bother with, so let me try and put it > more simply. > > I have a Win Server 2008 AD box (NEWDOMAIN) which is trusted by my samba > DC (OLDDOMAIN). Users on NEWDOMAIN can access resources on the OLDDOMAIN > DC just fine. But the trust relationship is not recognized or respected > by my samba member servers in OLDDOMAIN. > > So, very simply put, even if nobody has the specific howto: Do samba > member servers understand interdomain trusts? > > Thanks for any and all input -- I am at a standstill with a fairly major > project and any help at all would be greatly appreciated. I have a > suspicion it has something to do with winbind on the member servers, but > I'm having no luck. > > > > > On Thu, 6 Aug 2009 08:39:51 -0400 > Steve Chupack wrote: > > > I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all > member servers will remain as Samba boxes). > > > > NEWDOMAIN = new Win2k3 PDC > > OLDDOMAIN = current samba PDC > > OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN > > > > I've successfully established a trust relationship between OLDOMAIN > and NEWDOMAIN where OLDDOMAIN trusts NEWDOMAIN. Users in NEWDOMAIN have > full access to resources on the OLDDOMAIN PDC. > > > > Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in > NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected > (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users > in NEWDOMAIN do not. > > > > Can someone help with the general concept here? Should it work as I've > configured it? Does OLDDOMAIN_MEMBER need to be running winbind against > OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter > would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN). > > > > Sorry if this is confusing -- tried to make it as clear as possible. > > > > Steve From himmat.baldaniya at hotmail.com Sun Jan 17 21:20:27 2010 From: himmat.baldaniya at hotmail.com (himmat baldaniya) Date: Mon, 18 Jan 2010 09:50:27 +0530 Subject: [Samba] how to use m4_pattern_allow Message-ID: hello what is "m4_pattern_allow" ?? how to use it ?? I am installing patch of acl-2.2.49.tar.gz but it gives me error stating -- "line 1650 :AC_CONFIG_MACRO:m4" line 1650 : use m4_pattern_allow" thankx _________________________________________________________________ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop From garydale at rogers.com Sun Jan 17 21:36:02 2010 From: garydale at rogers.com (Gary Dale) Date: Sun, 17 Jan 2010 23:36:02 -0500 Subject: [Samba] how to use m4_pattern_allow In-Reply-To: References: Message-ID: <4B53E532.40804@rogers.com> himmat baldaniya wrote: > hello > > what is "m4_pattern_allow" ?? > how to use it ?? > I am installing patch of acl-2.2.49.tar.gz but it gives me error stating -- > "line 1650 :AC_CONFIG_MACRO:m4" > line 1650 : use m4_pattern_allow" > > thankx > _________________________________________________________________ > New Windows 7: Find the right PC for you. Learn more. > http://windows.microsoft.com/shop > m4 is a macro-processor that is used quite a bit in Unix programming. Read up on it if you intend to compile code. From Volker.Lendecke at SerNet.DE Mon Jan 18 00:19:07 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 18 Jan 2010 08:19:07 +0100 Subject: [Samba] performance tweaks?? In-Reply-To: <1263766339.6678.707.camel@xpc> References: <1263766339.6678.707.camel@xpc> Message-ID: On Mon, Jan 18, 2010 at 11:12:19AM +1300, steve wrote: > Has anyone any tips on improving samba performance with debian lenny? > > I've set up a raid 0 partition on a couple of new WD 1TB disks, > formatting the majority of it as a single reiserfs partition. I must > admit I should probably have set the blocksize to something other than > the default at the time, but now it's well populated, changing stuff > like that is going to be a big problem. > > Performance is pretty poor to put it politely - primary use is a single > samba share with a very large directory structure, millions of files. > Can anyone suggest any improvements that can stop it being that slow? I > regularly see 50+% in waitio. Do you have individual directories with huge numbers of files? This is a known performance problem with a workaround: case sensitive = yes preserve case = no short preserve case = no Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From thomas.gutzler at gmail.com Mon Jan 18 01:19:44 2010 From: thomas.gutzler at gmail.com (Thomas Gutzler) Date: Mon, 18 Jan 2010 16:19:44 +0800 Subject: [Samba] Windows 7 machine trust accounts expiring In-Reply-To: <83B18857-B36A-46F9-9B67-3F638BE49205@receptiveit.com.au> References: <83B18857-B36A-46F9-9B67-3F638BE49205@receptiveit.com.au> Message-ID: <4B5419A0.4080409@gmail.com> Hi, I'm having the same problem with my Windows 7 machines (64 bit Enterprise) but not Vista. After exactly one month they complain that "The trust relationship between this workstation and the primary domain failed." and I have to rejoin the domain, which fixes it for another month. This happens with and without the "X" account flag set. I'm running samba 3.4.0-3ubuntu5 on ubuntu jaunty with tdbsam. When the trust relationship expires, the samba log says: rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client IX machine account IX$ Interestingly, even after rejoining the domain, when I log on as a domain user for the first time, it shows the above error once more and then logs on happily. I also found this line several times: smbd/service.c:1009(make_connection_snum) '/path/to/IX_' does not exist or permission denied when connecting to [tom] Error was No such file or directory I'm logging on to the machine "ix" as user "tom" and none of the machine accounts have home directories and so far none of them complained about it missing; except the Windows7 ones. If I create the directory and log in it says: smbd/service.c:1047(make_connection_snum) ix (130.95.136.139) connect to service tom initially as user tom (uid=1050, gid=1050) (pid 6387) smbd/service.c:1047(make_connection_snum) ix (130.95.136.139) connect to service tom initially as user IX$ (uid=1214, gid=200) (pid 6387) smbd/nttrans.c:2076(call_nt_transact_ioctl) call_nt_transact_ioctl(0x1401c4): Currently not implemented. and logs in happily. There are no files in the newly created directories. Alex: You mentioned that you wouldn't know until early this month if the update to 3.4.3 solve this problem; did it? Tom On Wed, Dec 16, 2009 at 13:06, Alex Ferrara wrote: > I think I have narrowed this down even further. > > I have been working through getting rid of error messages in the > logs, and I have updated Samba to 3.4.3. This might have fixed the > issue, and I won't know for some time, but I can still see the > following error appearing in the logs, which seems to line up with > the core issue of machine trust accounts expiring. > > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. > Rejecting auth request from client AC-2150 machine account AC-2150$ > > I have noticed that the new Windows 7 machines say the password has > expired on the same date that is in "sambaPwdLastSet". I added the > "X" attribute in sambaAcctFlags in an attempt to stop the accounts > from expiring. From budhi.hamdani at gmail.com Mon Jan 18 01:54:02 2010 From: budhi.hamdani at gmail.com (budhi hamdani) Date: Mon, 18 Jan 2010 15:54:02 +0700 Subject: [Samba] NT_STATUS_INVALID_HANDLE Message-ID: Dear All, a few day i tried to install samba 3.0, 3.3.9 and the latest i tried to install 3.4 in FreeBSD 7.0 installation process work well but every time i try to execute it always failed and in the log i found this : [2010/01/18 17:24:25, 0] lib/messages_local.c:112(messaging_tdb_init) ERROR: Failed to initialise messages database: Invalid argument [2010/01/18 17:24:25, 0] lib/messages.c:204(messaging_init) messaging_tdb_init failed: NT_STATUS_INVALID_HANDLE [2010/01/18 17:24:25, 0] smbd/server.c:67(smbd_messaging_context) Could not init smbd messaging context. i try to googling it and never found about NT_STATUS_INVALID_HANDLE any hint i'd be appreciate... thank's -- Budhi Hamdani From himmat.baldaniya at hotmail.com Mon Jan 18 02:01:51 2010 From: himmat.baldaniya at hotmail.com (himmat baldaniya) Date: Mon, 18 Jan 2010 14:31:51 +0530 Subject: [Samba] hide directories in samba Message-ID: hello how to hide directories in samba??? for example- i have share "mrt" and mrt consists of mrt1 and mrt2 subfolders, so what i have to do is that i dont want the user (who logs into mrt) to view mrt1 and mrt2.. so how to do that plzz help ??? thankyou _________________________________________________________________ Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop From Volker.Lendecke at SerNet.DE Mon Jan 18 02:07:07 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 18 Jan 2010 10:07:07 +0100 Subject: [Samba] NT_STATUS_INVALID_HANDLE In-Reply-To: References: Message-ID: On Mon, Jan 18, 2010 at 03:54:02PM +0700, budhi hamdani wrote: > Dear All, > a few day i tried to install samba 3.0, 3.3.9 and the latest i tried to > install 3.4 in FreeBSD 7.0 installation process work well > but every time i try to execute it always failed and in the log i found this > : > > [2010/01/18 17:24:25, 0] lib/messages_local.c:112(messaging_tdb_init) > ERROR: Failed to initialise messages database: Invalid argument > [2010/01/18 17:24:25, 0] lib/messages.c:204(messaging_init) > messaging_tdb_init failed: NT_STATUS_INVALID_HANDLE > [2010/01/18 17:24:25, 0] smbd/server.c:67(smbd_messaging_context) > Could not init smbd messaging context. > > i try to googling it and never found about NT_STATUS_INVALID_HANDLE > any hint i'd be appreciate... Can you try to run strace -o /tmp/smbd.strace -f -ttT smbd -d 0 -i and upload /tmp/smbd.strace somewhere? Thanks, Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From eero.volotinen at iki.fi Mon Jan 18 02:12:10 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Mon, 18 Jan 2010 11:12:10 +0200 Subject: [Samba] hide directories in samba In-Reply-To: References: Message-ID: <20100118111210.m7azazy6soscocgw@webmail.welho.com> Quoting himmat baldaniya : > > hello > how to hide directories in samba??? > for example- > i have share "mrt" and mrt consists of mrt1 and mrt2 subfolders, > so what i have to do is that i dont want the user (who logs into > mrt) to view mrt1 and mrt2.. > so how to do that plzz help ??? > thankyou hide unreadable = yes and then use acl to take access rights from mrt1 and mrt2 -- Eero From Volker.Lendecke at SerNet.DE Mon Jan 18 02:18:39 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 18 Jan 2010 10:18:39 +0100 Subject: [Samba] [patch] swat status page - add share path support In-Reply-To: <200912202351.34830.mg@fork.pl> References: <200912202351.34830.mg@fork.pl> Message-ID: On Sun, Dec 20, 2009 at 11:51:34PM +0100, Marcin Gryszkalis wrote: > I created little patch (against 3.3.9) to swat to support > showing share path for locked files (like smbstatus does). Pushed to master, thanks. Depending on how much you want it in 3.5, you might want to file a bug report at bugzilla.samba.org, 3.5 is in RC state and can only get stuff with a proper bug report. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From budhi.hamdani at gmail.com Mon Jan 18 02:39:13 2010 From: budhi.hamdani at gmail.com (budhi hamdani) Date: Mon, 18 Jan 2010 16:39:13 +0700 Subject: [Samba] NT_STATUS_INVALID_HANDLE In-Reply-To: References: Message-ID: Hello, Thx for reply You can get smbd.strace from this url : http://222.124.204.155/~budhi/samba/ Thx before On Mon, Jan 18, 2010 at 4:07 PM, Volker Lendecke wrote: > On Mon, Jan 18, 2010 at 03:54:02PM +0700, budhi hamdani wrote: > > Dear All, > > a few day i tried to install samba 3.0, 3.3.9 and the latest i tried to > > install 3.4 in FreeBSD 7.0 installation process work well > > but every time i try to execute it always failed and in the log i found > this > > : > > > > [2010/01/18 17:24:25, 0] lib/messages_local.c:112(messaging_tdb_init) > > ERROR: Failed to initialise messages database: Invalid argument > > [2010/01/18 17:24:25, 0] lib/messages.c:204(messaging_init) > > messaging_tdb_init failed: NT_STATUS_INVALID_HANDLE > > [2010/01/18 17:24:25, 0] smbd/server.c:67(smbd_messaging_context) > > Could not init smbd messaging context. > > > > i try to googling it and never found about NT_STATUS_INVALID_HANDLE > > any hint i'd be appreciate... > > Can you try to run > > strace -o /tmp/smbd.strace -f -ttT smbd -d 0 -i > > and upload /tmp/smbd.strace somewhere? > > Thanks, > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAktUJLsACgkQbZMKAi3WUkk6BgCggIKNQOXUSox7ri9yvkLWrgiV > kowAnidiLRkdfbdJvLSsEaXk4lGjmU4f > =Uy0C > -----END PGP SIGNATURE----- > > -- Budhi Hamdani Network Manager of PT. Motekar Garuda Media From x.illusi0n at gmail.com Mon Jan 18 03:09:26 2010 From: x.illusi0n at gmail.com (JC) Date: Mon, 18 Jan 2010 11:09:26 +0100 Subject: [Samba] Samba/Winbind uid/gid Message-ID: Hi, I actually have to install another samba server connected to Active directory by using winbind. All works ok, but i have a little problem. In fact if i use getent |grep user on server1, the output is the following: server1:~# getent |grep user user:*:20083:20040:USER:/home/user:/bin/bash server1:~# on the second one server which use the same AD and the same configuration file exept for netbios i obtain: server2:~# getent |grep user user:*:20018:20110:USER:/home/user:/bin/bash server2:~# Is there a solution to abtain the same uid/gid on both server for all users? Thanks for your help, From Volker.Lendecke at SerNet.DE Mon Jan 18 03:33:14 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 18 Jan 2010 11:33:14 +0100 Subject: [Samba] NT_STATUS_INVALID_HANDLE In-Reply-To: References: Message-ID: On Mon, Jan 18, 2010 at 04:39:13PM +0700, budhi hamdani wrote: > Hello, Thx for reply > You can get smbd.strace from this url : > http://222.124.204.155/~budhi/samba/ 24953 18:18:29.915751 fcntl(4, F_SETLKW, {type=0 /* F_??? */, whence=SEEK_SET, start=0, len=0}) = -1 EINVAL (Invalid argument) <0.000017> That's the culprit. The relevant Samba code lines try to do a tdb->methods->tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0, 1) which is a lock of one byte (not len=0 as in your strace). My first guess would be a 32/64 bit problem with your build environment or something similar. Is that possible? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From a.busam at hofmann-foerdertechnik.com Mon Jan 18 03:26:16 2010 From: a.busam at hofmann-foerdertechnik.com (Alexander Busam) Date: Mon, 18 Jan 2010 11:26:16 +0100 Subject: [Samba] Different file permissions on new file Message-ID: <4B543748.8040909@hofmann-foerdertechnik.com> Hello list :-) I got different file permissions on a new created/copied file. If I copy the file to \\192.168.1.25\data I got -rwx------ 1 advantage advantage 0 Jan 18 11:16 test.txt If I copy the file to \\192.168.1.25\data\pix I got -rwxrwxr--+ 1 advantage advantage 0 Jan 18 11:18 test.txt The permissions of the path to the share are: drwxrwxr-x+ 14 advantage advantage 4096 Jan 18 11:16 data What is wrong? Best regards, Alex The smb.conf: # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2010/01/18 11:22:35 [global] workgroup = HMDBSRV server string = map to guest = Bad Password printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon script = scripts\login.bat logon path = \\%L\profiles\.msprofile logon drive = L: logon home = \\%L\%U\.9xprofile domain master = No ldap admin dn = cn=xxx,dc=yyyy,dc=de ldap group suffix = ou=groups ldap machine suffix = ou=hosts ldap passwd sync = Yes ldap suffix = dc=yyyy,dc=de ldap ssl = no ldap user suffix = ou=users usershare allow guests = Yes printing = cups cups options = raw print command = lpq command = %p lprm command = oplocks = No [data] comment = Datenbank path = /data force user = advantage force group = advantage read only = No guest ok = Yes preserve case = No level2 oplocks = No From bashirwz at googlemail.com Mon Jan 18 04:51:29 2010 From: bashirwz at googlemail.com (Wasim Bashir) Date: Mon, 18 Jan 2010 11:51:29 +0000 Subject: [Samba] winbind 3.4.3 creates .bak file Message-ID: <91aedba31001180351s101db1b3u36bf53c137311573@mail.gmail.com> Hi, How do i stop winbind from creating a .bak file of the cache, ie everytime i restart it, it creates a winbindd_cache.tdb.bak. Thanks in advance, Wasim From dale at BriannasSaladDressing.com Mon Jan 18 08:09:51 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Mon, 18 Jan 2010 09:09:51 -0600 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: References: <4B015BF6.9060002@BriannasSaladDressing.com> Message-ID: <4B5479BF.7000500@BriannasSaladDressing.com> On 01/17/2010 10:49 AM, Volker Lendecke wrote: > On Mon, Nov 16, 2009 at 08:04:38AM -0600, Dale Schroeder wrote: > >> After upgrading Debian to 3.4.3-1, my mailbox has been overflowing with >> panic messages similar to what is posted below. >> Winbind is having some kind of problem with pulling in the AD groups. >> Any other Debian users seeing this? >> > This looks a bit like > > https://bugzilla.samba.org/show_bug.cgi?id=6889 > > which was fixed in 3.4.4. Can you retry with that? > > Volker > I've suspected that ever since reading Karolin's release notes for 3.4.4. Debian has not yet released 3.4.4 to "testing", but I'll gladly try it as soon as it's available. For the interim, all winbind systems are reverted back to "stable" (3.2.5-4lenny7). The ldap and standalone systems run perfectly well under 3.4.3. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556536 Thanks, Dale From kriskaido at gmail.com Mon Jan 18 08:33:00 2010 From: kriskaido at gmail.com (Kris Kaido) Date: Mon, 18 Jan 2010 16:33:00 +0100 Subject: [Samba] Samba/winbind with Active Directory auth Message-ID: <2aa1891e1001180733x2e429e99wa2b781ec1c47f599@mail.gmail.com> Hi List, I'm installing a Samba server with the intended purpose of serving files to Windows users with seamless authentication on the smb server. For that, I've been reading and following every single google search result regarding the subject, but it seems I'm stuck at some point where other people are not blocked ... To summarize, I have these commands OK: # kinit admin_user at DOMAIN.EXAMPLE.COM # klist (ticket ok) # net join ads -S server -U admin_user # wbinfo -u and -g (both showing "DOMAIN\...") # wbinfo -t (succeeded) I configured PAM to use winbind, and to test it I'm using ssh with the same config as I will for samba Here's what I get when I try to ssh into my smb server using my AD credentials: Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): getting password (0x00000000) Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): request failed: Named pipe dicconnected, PAM error was System error (4), NT error was NT_STATUS_PIPE_DISCONNECTED Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): internal module error (retval = 4, user = 'DOMAIN\myusername') Jan 18 15:34:18 smb sshd[9157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.5.6 user= DOMAIN\myusername Jan 18 15:34:20 smb sshd[9157]: Failed password for DOMAIN\myusername from 192.168.5.6 port 50872 ssh2 Any idea on what this error (NT_STATUS...) means ? Also when trying this I get an error: smb:~# wbinfo -a admin_user%admin_pwd plaintext password authentication failed Could not authenticate user henry_admin with plaintext password challenge/response password authentication failed error code was NT_STATUS_PIPE_DISCONNECTED (0xc00000b0) error messsage was: Named pipe dicconnected Could not authenticate user admin_user with challenge/response smb:~# Here's my PAM config: auth sufficient pam_winbind.so auth required pam_unix.so use_first_pass account sufficient pam_winbind.so account required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session sufficient pam_winbind.so session required pam_unix.so password requisite pam_cracklib.so retry=3 type= password sufficient pam_unix.so nullok use_authtok md5 shadow password sufficient pam_winbind.so use_first_pass password required pam_deny.so Any help would be greatly appreciated. Thanks, k. From bubulle at debian.org Mon Jan 18 08:16:41 2010 From: bubulle at debian.org (Christian Perrier) Date: Mon, 18 Jan 2010 16:16:41 +0100 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <4B5479BF.7000500@BriannasSaladDressing.com> References: <4B015BF6.9060002@BriannasSaladDressing.com> <4B5479BF.7000500@BriannasSaladDressing.com> Message-ID: <4B547B59.8050404@debian.org> Dale Schroeder a ?crit : > I've suspected that ever since reading Karolin's release notes for > 3.4.4. Debian has not yet released 3.4.4 > to "testing", but I'll gladly try it as soon as it's available. For the That should happen in about one week, assuming that no dependency chain is blocking it. (roughly speaking, "releasing to testing" is automated and happens after 10 days in unstable, if no RC bug appeared *and* if the dependecies can be satisfied in testing) > interim, all winbind systems are reverted > back to "stable" (3.2.5-4lenny7). The ldap and standalone systems run > perfectly well under 3.4.3. I think you can anyway safely (but manually) install 3.4.4 packages on testing systems with dpkg (better try it with "--dry-run" before). From yudi.shiddiq at yahoo.com Mon Jan 18 09:43:45 2010 From: yudi.shiddiq at yahoo.com (yudi shiddiq) Date: Mon, 18 Jan 2010 08:43:45 -0800 (PST) Subject: [Samba] Windows7 Join PDC Message-ID: <592856.66885.qm@web54409.mail.re2.yahoo.com> Hello all,,, I'm a newbie in linux.... I have a problem to join windows7 to PDC, i'm using Open Suse 10.0 as PDC and using samba version 3.0.20... From abartlet at samba.org Mon Jan 18 10:46:02 2010 From: abartlet at samba.org (Andrew Bartlett) Date: Tue, 19 Jan 2010 06:46:02 +1300 Subject: [Samba] Windows7 Join PDC In-Reply-To: <592856.66885.qm@web54409.mail.re2.yahoo.com> References: <592856.66885.qm@web54409.mail.re2.yahoo.com> Message-ID: <1263836762.12035.9.camel@ruth> On Mon, 2010-01-18 at 08:43 -0800, yudi shiddiq wrote: > Hello all,,, > > I'm a newbie in linux.... > > I have a problem to join windows7 to PDC, i'm using Open Suse 10.0 as PDC and using samba version 3.0.20... If you are a newbie, I would suggest you do not attempt to upgrade Samba on it's own. Or if you must, then find RPM packages (sernet has some for a wide variety of OS versions) of the recent code pre-packaged. It is best to upgrade the server OS to a current revision for other reasons anyway. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: This is a digitally signed message part URL: From abartlet at samba.org Mon Jan 18 10:53:01 2010 From: abartlet at samba.org (Andrew Bartlett) Date: Tue, 19 Jan 2010 06:53:01 +1300 Subject: [Samba] how to use m4_pattern_allow In-Reply-To: References: Message-ID: <1263837181.12035.16.camel@ruth> On Mon, 2010-01-18 at 09:50 +0530, himmat baldaniya wrote: > hello > > what is "m4_pattern_allow" ?? > how to use it ?? > I am installing patch of acl-2.2.49.tar.gz but it gives me error stating -- > "line 1650 :AC_CONFIG_MACRO:m4" > line 1650 : use m4_pattern_allow" This means that the version of 'acl' you are trying to install is not compatible with the OS yo are trying to install it on. Why are you not trying to install it via a package management system? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: This is a digitally signed message part URL: From fgatwork at verizon.net Mon Jan 18 10:48:42 2010 From: fgatwork at verizon.net (Frank Gruman) Date: Mon, 18 Jan 2010 12:48:42 -0500 Subject: [Samba] Samba/winbind with Active Directory auth In-Reply-To: <2aa1891e1001180733x2e429e99wa2b781ec1c47f599@mail.gmail.com> References: <2aa1891e1001180733x2e429e99wa2b781ec1c47f599@mail.gmail.com> Message-ID: <1263836922.25107.6.camel@toybox.thegrumans> On Mon, 2010-01-18 at 16:33 +0100, Kris Kaido wrote: > Hi List, > > I'm installing a Samba server with the intended purpose of serving files to > Windows users with seamless authentication on the smb server. > For that, I've been reading and following every single google search result > regarding the subject, but it seems I'm stuck at some point where other > people are not blocked ... > > To summarize, I have these commands OK: > # kinit admin_user at DOMAIN.EXAMPLE.COM > # klist (ticket ok) > # net join ads -S server -U admin_user > # wbinfo -u and -g (both showing "DOMAIN\...") > # wbinfo -t (succeeded) > > I configured PAM to use winbind, and to test it I'm using ssh with the same > config as I will for samba > > Here's what I get when I try to ssh into my smb server using my AD > credentials: > Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): getting password > (0x00000000) > Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): request failed: > Named pipe dicconnected, PAM error was System error (4), NT error was > NT_STATUS_PIPE_DISCONNECTED > Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): internal module > error (retval = 4, user = 'DOMAIN\myusername') > Jan 18 15:34:18 smb sshd[9157]: pam_unix(sshd:auth): authentication failure; > logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.5.6 > user= DOMAIN\myusername > Jan 18 15:34:20 smb sshd[9157]: Failed password for DOMAIN\myusername from > 192.168.5.6 port 50872 ssh2 > > Any idea on what this error (NT_STATUS...) means ? > > Also when trying this I get an error: > smb:~# wbinfo -a admin_user%admin_pwd > plaintext password authentication failed > Could not authenticate user henry_admin with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_PIPE_DISCONNECTED (0xc00000b0) > error messsage was: Named pipe dicconnected > Could not authenticate user admin_user with challenge/response > smb:~# > > Here's my PAM config: > auth sufficient pam_winbind.so > auth required pam_unix.so use_first_pass > account sufficient pam_winbind.so > account required pam_unix.so > session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 > session sufficient pam_winbind.so > session required pam_unix.so > password requisite pam_cracklib.so retry=3 type= > password sufficient pam_unix.so nullok use_authtok md5 shadow > password sufficient pam_winbind.so use_first_pass > password required pam_deny.so > > Any help would be greatly appreciated. > > Thanks, > > k. Two things. 1 - make sure nscd is disabled (not just stopped - disable it to prevent restarting on the next reboot) 2 - I found that using "winbind use default domain = yes" caused a lot of my default authentication issues to go away. I only have one domain and so I don't need the extra information / complexity of having to specify domains. Regards, Frank From robert at leblancnet.us Mon Jan 18 12:25:19 2010 From: robert at leblancnet.us (Robert LeBlanc) Date: Mon, 18 Jan 2010 12:25:19 -0700 Subject: [Samba] Samba/Winbind uid/gid In-Reply-To: References: Message-ID: On Mon, Jan 18, 2010 at 3:09 AM, JC wrote: > Hi, > > I actually have to install another samba server connected to Active > directory by using winbind. > > All works ok, but i have a little problem. > > In fact if i use getent |grep user on server1, the output is the following: > server1:~# getent |grep user > user:*:20083:20040:USER:/home/user:/bin/bash > server1:~# > > on the second one server which use the same AD and the same > configuration file exept for netbios i obtain: > server2:~# getent |grep user > user:*:20018:20110:USER:/home/user:/bin/bash > server2:~# > > Is there a solution to abtain the same uid/gid on both server for all > users? > > You didn't specify what version of Samba you are using. If you are using 3.4.x, I suggest idmap_hash, if you are using something earlier, than I would suggest idmap_rid. There are man pages for both. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University From dale at BriannasSaladDressing.com Mon Jan 18 12:30:12 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Mon, 18 Jan 2010 13:30:12 -0600 Subject: [Samba] Samba/Winbind uid/gid In-Reply-To: References: Message-ID: <4B54B6C4.6030807@BriannasSaladDressing.com> The simplest solution is called RID. See: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2606608 Dale On 01/18/2010 4:09 AM, JC wrote: > Hi, > > I actually have to install another samba server connected to Active > directory by using winbind. > > All works ok, but i have a little problem. > > In fact if i use getent |grep user on server1, the output is the following: > server1:~# getent |grep user > user:*:20083:20040:USER:/home/user:/bin/bash > server1:~# > > on the second one server which use the same AD and the same > configuration file exept for netbios i obtain: > server2:~# getent |grep user > user:*:20018:20110:USER:/home/user:/bin/bash > server2:~# > > Is there a solution to abtain the same uid/gid on both server for all users? > > Thanks for your help, > From linuxbox at wavenet.at Mon Jan 18 13:46:24 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Mon, 18 Jan 2010 21:46:24 +0100 Subject: [Samba] Samba 3.4.4 & Windows 7 offline folders Message-ID: <4B54C8A0.7080701@wavenet.at> Hi! Is it possible that Samba 3.4 has some problems with offline folder synchronisation on windows 7 clients? I can't get it really working. I added this entries according to another user experiencing similar problems to the share: [homes] [...] create mask = 0611 oplocks = yes level2 oplocks = yes map archive = yes map system = yes map hidden = yes So windows 7 starts the sync at least (before it cancels it immediately after starting it) but a problem remains: If I change one file offline OR online windows 7 complains a conflict because the 2 files have changed on serverside and offline!? I read that you can check if the samba version is too old for offline folders by searching for that lines in the samba log: ... I have that lines although I have Samba 3.4.4 call_nt_transact_ioctl(0x901af): Currently not implemented. can somebody give me a hint please how I get windows 7 & Samba & offline folders working? regards Martin From klou at themusiclink.net Mon Jan 18 14:54:11 2010 From: klou at themusiclink.net (Kris Lou) Date: Mon, 18 Jan 2010 13:54:11 -0800 Subject: [Samba] Samba+LDAP + Primary GIDs Message-ID: Hi List, This may be more of an LDAP question than a Samba question - if so, let me know! I have an implementation of samba + openldap, and using that server as an external ldap server for an Openfiler install. I've run into problems with user authentication (WinXP) where either samba or ldap is only recognizing the user's gid - which as I understand it is the Primary Group. However, authentication against any secondary group is denied. I've checked the samba logs, and as far as I can tell, uid's and gid's (primary) are getting passed and authenticated - but no mention of checking the 2ndary groups. I've checked my ldif's - the groups exist, the users exists as memberids, but it looks like samba is only checking the gid? Is this something that anybody else has seen? Thanks, Kris From morgan at tuxedo.darktech.org Mon Jan 18 15:06:56 2010 From: morgan at tuxedo.darktech.org (Rob Shinn) Date: Mon, 18 Jan 2010 17:06:56 -0500 Subject: [Samba] Samba+LDAP + Primary GIDs In-Reply-To: References: Message-ID: <4B54DB80.3040703@tuxedo.darktech.org> Kris Lou wrote: > I've checked my ldif's - the groups exist, the users exists as > memberids, but it looks like samba is only checking the gid? > Can you post the LDIFs of your groups (you can edit out any incriminating evidence ;)? Sounds like your groups are lacking correct sambaSID or sambaGroupType attributes. From klou at themusiclink.net Mon Jan 18 15:19:39 2010 From: klou at themusiclink.net (Kris Lou) Date: Mon, 18 Jan 2010 14:19:39 -0800 Subject: [Samba] Samba+LDAP + Primary GIDs In-Reply-To: <4B54DB80.3040703@tuxedo.darktech.org> References: <4B54DB80.3040703@tuxedo.darktech.org> Message-ID: Hi Rob, Thanks for the quick reply - Here it is (mostly with some cut and paste). CentOS 5.4 Samba 3.2.15 dn: cn=Domain Admins,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Administrators sambaSID: S-1-5-21-957249707-1866601452-441284377-512 sambaGroupType: 2 displayName: Domain Admins structuralObjectClass: posixGroup entryUUID: 1a60146c-cfad-102d-96b0-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z gidNumber: 512 cn: Domain Admins userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: memberUid: memberUid: entryCSN: 20091028001757Z#000001#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091028001757Z dn: cn=Domain Users,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Users sambaSID: S-1-5-21-957249707-1866601452-441284377-513 sambaGroupType: 2 displayName: Domain Users structuralObjectClass: posixGroup entryUUID: 1a7ebb60-cfad-102d-96b1-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z gidNumber: 513 cn: Domain Users userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: memberUid: entryCSN: 20091215225639Z#000001#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091215225639Z dn: cn=Domain Guests,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Guests Users sambaSID: S-1-5-21-957249707-1866601452-441284377-514 sambaGroupType: 2 displayName: Domain Guests structuralObjectClass: posixGroup entryUUID: 1a845502-cfad-102d-96b2-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests userPassword:: e2NyeXB0fXg= memberUid: design memberUid: fedex memberUid: infobox memberUid: mailbox memberUid: test entryCSN: 20090521203023Z#000002#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090521203023Z dn: cn=Domain Computers,ou=Group,dc=themusiclink,dc=net objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 515 cn: Domain Computers description: Netbios Domain Computers accounts sambaSID: S-1-5-21-957249707-1866601452-441284377-515 sambaGroupType: 2 displayName: Domain Computers structuralObjectClass: posixGroup entryUUID: 1a8ab492-cfad-102d-96b3-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z entryCSN: 20090507234700Z#000004#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090507234700Z dn: cn=Administrators,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Members can fully administer the computer/sambaDom ainName sambaSID: S-1-5-32-544 sambaGroupType: 5 displayName: Administrators structuralObjectClass: posixGroup entryUUID: 1a905d16-cfad-102d-96b4-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators userPassword: memberUid: administrator memberUid: root entryCSN: 20090516003337Z#000001#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090516003337Z dn: sambaDomainName=MLC,dc=themusiclink,dc=net objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: MLC sambaSID: S-1-5-21-957249707-1866601452-441284377 structuralObjectClass: sambaDomain entryUUID: 1aab5d3c-cfad-102d-96b9-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234701Z sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaForceLogoff: -1 sambaMinPwdAge: 0 sambaMaxPwdAge: -1 sambaPwdHistoryLength: 0 gidNumber: 1033 uidNumber: 1043 sambaNextRid: 1100 entryCSN: 20100104223853Z#000002#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20100104223853Z n: cn=TML.Accounting,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.Accounting userPassword:: e2NyeXB0fXg= gidNumber: 1145 structuralObjectClass: posixGroup entryUUID: 90185732-cfad-102d-97b9-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1011 sambaGroupType: 2 displayName: TML Accounting description: Domain Unix group memberUid: mailman memberUid: mtong memberUid: psmith memberUid: spatrino memberUid: klou memberUid: tocampo entryCSN: 20091202193050Z#000003#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193050Z dn: cn=TML.CustomerService,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.CustomerService userPassword:: e2NyeXB0fXg= gidNumber: 1030 structuralObjectClass: posixGroup entryUUID: 901f89bc-cfad-102d-97ba-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1145 sambaGroupType: 2 displayName: TML Customer Service description: Domain Unix group memberUid: aatz memberUid: rbrown memberUid: middenm memberUid: shipper1 memberUid: msoyangco memberUid: psmith memberUid: loliphant memberUid: klou memberUid: tocampo entryCSN: 20091202193050Z#000004#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193050Z dn: cn=TML.Marketing,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping structuralObjectClass: posixGroup entryUUID: 90270db8-cfad-102d-97bb-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1028 sambaGroupType: 2 displayName: TML Marketing description: Domain Unix group gidNumber: 1028 cn: TML.Marketing userPassword:: e2NyeXB0fXg= memberUid: aatz memberUid: cchan memberUid: grich memberUid: labels memberUid: mailman memberUid: mjohans memberUid: schen memberUid: shipper1 memberUid: klou memberUid: tocampo entryCSN: 20091202193050Z#000005#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193050Z dn: cn=TML,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top cn: TML userPassword:: e2NyeXB0fXg= gidNumber: 1026 structuralObjectClass: posixGroup entryUUID: 902c14f2-cfad-102d-97bc-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z memberUid: aatz memberUid: bjones memberUid: bsweinberg memberUid: cchan memberUid: darguello memberUid: dbeasley memberUid: ggrimm memberUid: grich memberUid: jbruno memberUid: jlaplaca memberUid: jshort memberUid: kbyrne memberUid: mtong memberUid: loliphant memberUid: mgosnell memberUid: middenm memberUid: mjohans memberUid: mlekas memberUid: msoyangco memberUid: psmith memberUid: schen memberUid: ship1 memberUid: slevintow memberUid: spatrino memberUid: sthompson memberUid: tatz memberUid: tbrownlee memberUid: tchum memberUid: training memberUid: ups memberUid: mguiffre memberUid: ship2 memberUid: ship3 memberUid: ship4 memberUid: klou memberUid: jboron memberUid: tocampo memberUid: dhaberman entryCSN: 20091215225639Z#000002#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091215225639Z dn: cn=TML.Sales,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.Sales userPassword:: e2NyeXB0fXg= gidNumber: 1029 structuralObjectClass: posixGroup entryUUID: 903119c0-cfad-102d-97bd-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1006 sambaGroupType: 2 displayName: TML Sales description: Domain Unix group memberUid: jbruno memberUid: bsweinberg memberUid: loliphant memberUid: bjones memberUid: jshort memberUid: sthompson memberUid: mlekas memberUid: jlaplaca memberUid: mguiffre memberUid: kbyrne memberUid: klou memberUid: tocampo memberUid: dhaberman entryCSN: 20091215225530Z#000000#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091215225530Z dn: cn=TML.QA,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping structuralObjectClass: posixGroup entryUUID: 903729b4-cfad-102d-97be-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1009 sambaGroupType: 2 displayName: TML.QA description: Domain Unix group gidNumber: 1033 cn: TML.QA userPassword:: e2NyeXB0fXg= memberUid: ggrimm memberUid: tatz memberUid: darguello memberUid: grich memberUid: klou memberUid: tocampo entryCSN: 20091202193051Z#000001#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=TML.Purchasing,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.Purchasing userPassword:: e2NyeXB0fXg= gidNumber: 1034 structuralObjectClass: posixGroup entryUUID: 903bc794-cfad-102d-97bf-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1007 sambaGroupType: 2 displayName: TML Purchasing description: Domain Unix group memberUid: slevintow memberUid: klou memberUid: tocampo entryCSN: 20091202193051Z#000002#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=TML.Warehouse,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.Warehouse userPassword:: e2NyeXB0fXg= gidNumber: 1035 structuralObjectClass: posixGroup entryUUID: 90406b28-cfad-102d-97c0-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1008 sambaGroupType: 2 displayName: TML Warehouse description: Domain Unix group memberUid: tchum memberUid: dbeasley memberUid: mgosnell memberUid: tbrownlee memberUid: rbrown memberUid: ups memberUid: ship1 memberUid: ship2 memberUid: ship3 memberUid: ship4 memberUid: klou memberUid: tocampo entryCSN: 20091202193051Z#000003#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=TML.RTL,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.RTL userPassword:: e2NyeXB0fXg= gidNumber: 1047 structuralObjectClass: posixGroup entryUUID: 904504a8-cfad-102d-97c1-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1047 sambaGroupType: 2 displayName: TML RTL description: Domain Unix group memberUid: middenm memberUid: loliphant memberUid: klou memberUid: tocampo entryCSN: 20091202193051Z#000004#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top cn: AXL userPassword:: e2NyeXB0fXg= gidNumber: 1036 structuralObjectClass: posixGroup entryUUID: 9049a9ae-cfad-102d-97c2-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z memberUid: mhohman memberUid: btownsend memberUid: kliu memberUid: ljiang memberUid: schen memberUid: training memberUid: vsin memberUid: klou memberUid: achan memberUid: hku memberUid: kyao memberUid: mlee memberUid: mmccoy memberUid: tgao memberUid: vtomic memberUid: wkwan memberUid: ycheng memberUid: yliu memberUid: aku memberUid: mwessner memberUid: aliu memberUid: ichen memberUid: jmagana memberUid: rhaile memberUid: vxue memberUid: jli memberUid: tbuddingh memberUid: vhttech memberUid: tocampo entryCSN: 20091202193051Z#000005#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.Sales,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: AXL.Sales userPassword:: e2NyeXB0fXg= gidNumber: 1037 structuralObjectClass: posixGroup entryUUID: 904b9e80-cfad-102d-97c3-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1005 sambaGroupType: 2 displayName: AXL Sales description: Domain Unix group memberUid: mhohman memberUid: btownsend memberUid: ljiang memberUid: achan memberUid: mmccoy memberUid: vtomic memberUid: aliu memberUid: klou memberUid: tocampo entryCSN: 20091202193051Z#000006#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.Sales.Manager,ou=Group,dc=themusiclink,dc=net structuralObjectClass: posixGroup entryUUID: 904fa2fa-cfad-102d-97c4-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1038 sambaGroupType: 2 displayName: AXL Sales Manager description: Domain Unix group gidNumber: 1038 cn: AXL.Sales.Manager userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: vtomic memberUid: tocampo entryCSN: 20091202193051Z#000007#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.Purchasing,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: AXL.Purchasing userPassword:: e2NyeXB0fXg= gidNumber: 1039 structuralObjectClass: posixGroup entryUUID: 9054d5f4-cfad-102d-97c5-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1039 sambaGroupType: 2 displayName: AXL Purchasing description: Domain Unix group memberUid: kyao memberUid: tgao memberUid: wkwan memberUid: ycheng memberUid: aliu memberUid: klou memberUid: tocampo entryCSN: 20091202193051Z#000008#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.Purchasing.Manager,ou=Group,dc=themusiclink,dc=net structuralObjectClass: posixGroup entryUUID: 9059cc12-cfad-102d-97c6-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1040 sambaGroupType: 2 displayName: AXL Purchasing Manager description: Domain Unix group gidNumber: 1040 cn: AXL.Purchasing.Manager userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: wkwan memberUid: tocampo entryCSN: 20091202193051Z#000009#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.Engineering,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: AXL.Engineering userPassword:: e2NyeXB0fXg= gidNumber: 1041 structuralObjectClass: posixGroup entryUUID: 905e6b50-cfad-102d-97c7-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1041 sambaGroupType: 2 displayName: AXL Engineering description: Domain Unix group memberUid: aku memberUid: aliu memberUid: ichen memberUid: jmagana memberUid: rhaile memberUid: klou memberUid: jli memberUid: tbuddingh memberUid: tocampo entryCSN: 20091202193051Z#00000a#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.Engineering.Manager,ou=Group,dc=themusiclink,dc=net structuralObjectClass: posixGroup entryUUID: 90631006-cfad-102d-97c8-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1042 sambaGroupType: 2 displayName: AXL Engineering Manager description: Domain Unix group gidNumber: 1042 cn: AXL.Engineering.Manager userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: jli memberUid: aku memberUid: tocampo memberUid: jmagana memberUid: tbuddingh entryCSN: 20091221193322Z#000000#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091221193322Z dn: cn=AXL.CustomerService,ou=Group,dc=themusiclink,dc=net structuralObjectClass: posixGroup entryUUID: 9067a7c4-cfad-102d-97c9-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1043 sambaGroupType: 2 displayName: AXL Customer Service description: Domain Unix group gidNumber: 1043 cn: AXL.CustomerService userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: mmccoy memberUid: aliu memberUid: ljiang memberUid: vsin memberUid: tocampo entryCSN: 20091202193051Z#00000c#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.CustomerService.Manager,ou=Group,dc=themusiclink,dc=net structuralObjectClass: posixGroup entryUUID: 906c48b0-cfad-102d-97ca-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1044 sambaGroupType: 2 displayName: AXL Customer Service Manager description: Domain Unix group gidNumber: 1044 cn: AXL.CustomerService.Manager userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: ljiang memberUid: vsin memberUid: tocampo entryCSN: 20091202193051Z#00000d#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.Accounting,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: AXL.Accounting userPassword:: e2NyeXB0fXg= gidNumber: 1045 structuralObjectClass: posixGroup entryUUID: 9070ec4e-cfad-102d-97cb-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1045 sambaGroupType: 2 displayName: AXL Accounting description: Domain Unix group memberUid: kliu memberUid: hku memberUid: mlee memberUid: aliu memberUid: vxue memberUid: klou memberUid: tocampo entryCSN: 20091202193051Z#00000e#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: cn=AXL.Accounting.Manager,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: AXL.Accounting.Manager userPassword:: e2NyeXB0fXg= gidNumber: 1046 structuralObjectClass: posixGroup entryUUID: 90758614-cfad-102d-97cc-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1046 sambaGroupType: 2 displayName: AXL Accounting Manager description: Domain Unix group memberUid: kliu memberUid: hku memberUid: klou memberUid: tocampo entryCSN: 20091202193051Z#00000f#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193051Z dn: uid=inez$,ou=People,dc=themusiclink,dc=net uid: inez$ sambaSID: S-1-5-21-957249707-1866601452-441284377-2326 displayName: INEZ$ sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1233688280 sambaPwdMustChange: 2147483647 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF sambaAcctFlags: [W ] sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 objectClass: sambaSamAccount objectClass: account structuralObjectClass: account entryUUID: a4090ae8-cfad-102d-97cf-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235051Z sambaNTPassword: EB97ADC8AE0B0D345521BA0B4ED10410 sambaPwdLastSet: 1262646184 entryCSN: 20100104230304Z#000000#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20100104230304Z dn: uid=mguiffre$,ou=People,dc=themusiclink,dc=net uid: mguiffre$ sambaSID: S-1-5-21-957249707-1866601452-441284377-2358 displayName: MGUIFFRE$ sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1203349442 sambaPwdMustChange: 2147483647 sambaNTPassword: B4477BB59E8B04EE0635CEE872F9E3E1 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1203349442 sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF sambaAcctFlags: [W ] sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 objectClass: sambaSamAccount objectClass: account structuralObjectClass: account entryUUID: a4420226-cfad-102d-97d0-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235051Z entryCSN: 20090507235051Z#000013#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090507235051Z dn: uid=MICHAEL$,ou=People,dc=themusiclink,dc=net uid: MICHAEL$ sambaSID: S-1-5-21-957249707-1866601452-441284377-2244 displayName: MICHAEL$ sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1235874383 sambaPwdMustChange: 2147483647 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF sambaAcctFlags: [W ] sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 objectClass: sambaSamAccount objectClass: account structuralObjectClass: account entryUUID: a4749e8e-cfad-102d-97d1-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235052Z sambaNTPassword: C4FCBF20D7CF3EC3595535D90CCCA660 sambaPwdLastSet: 1262238476 entryCSN: 20091231054756Z#000000#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091231054756Z dn: uid=lrrr$,ou=People,dc=themusiclink,dc=net uid: lrrr$ sambaSID: S-1-5-21-957249707-1866601452-441284377-1014 displayName: Computer Acct sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 0 sambaNTPassword: 01F5F78FF4DC2A00D532520533E2108D sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 0 sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF sambaAcctFlags: [W ] sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 objectClass: sambaSamAccount objectClass: account structuralObjectClass: account entryUUID: a47af162-cfad-102d-97d2-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235052Z entryCSN: 20090507235052Z#000005#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090507235052Z dn: uid=RYAN$,ou=People,dc=themusiclink,dc=net uid: RYAN$ sambaSID: S-1-5-21-957249707-1866601452-441284377-2260 displayName: THE-M47RJJ9T53W$ sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1234524689 sambaPwdMustChange: 2147483647 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF sambaAcctFlags: [W ] sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 objectClass: sambaSamAccount objectClass: account structuralObjectClass: account entryUUID: a480f800-cfad-102d-97d3-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235052Z sambaNTPassword: 9656CE740570EBB847AD131D65E3BBEB sambaPwdLastSet: 1246490780 entryCSN: 20090701232620Z#000000#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090701232620Z dn: uid=salesspare$,ou=People,dc=themusiclink,dc=net uid: salesspare$ sambaSID: S-1-5-21-957249707-1866601452-441284377-2410 displayName: SALESSPARE$ sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1233972359 sambaPwdMustChange: 2147483647 sambaNTPassword: 75B1501C5F90B5D23F824AB99CA47E14 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1233972359 sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF sambaAcctFlags: [W ] sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 objectClass: sambaSamAccount objectClass: account structuralObjectClass: account entryUUID: a503c17c-cfad-102d-97d4-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235053Z entryCSN: 20090507235053Z#000004#00#000000 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090507235053Z Kris Lou klou at themusiclink.net On Mon, Jan 18, 2010 at 2:06 PM, Rob Shinn wrote: > Kris Lou wrote: >> >> I've checked my ldif's - the groups exist, the users exists as >> memberids, but it looks like samba is only checking the gid? >> > > Can you post the LDIFs of your groups (you can edit out any incriminating > evidence ;)? ?Sounds like your groups are lacking correct sambaSID or > sambaGroupType attributes. > From jra at samba.org Mon Jan 18 15:30:38 2010 From: jra at samba.org (Jeremy Allison) Date: Mon, 18 Jan 2010 14:30:38 -0800 Subject: [Samba] Samba 3.4.4 & Windows 7 offline folders In-Reply-To: <4B54C8A0.7080701@wavenet.at> References: <4B54C8A0.7080701@wavenet.at> Message-ID: <20100118223037.GA5569@jeremy-laptop> On Mon, Jan 18, 2010 at 09:46:24PM +0100, Martin Hochreiter wrote: > Hi! > > Is it possible that Samba 3.4 has some problems with offline folder > synchronisation on windows 7 clients? > > I can't get it really working. I added this entries according to > another user experiencing > similar problems to the share: > > [homes] > [...] > create mask = 0611 > oplocks = yes > level2 oplocks = yes > map archive = yes > map system = yes > map hidden = yes > > So windows 7 starts the sync at least (before it cancels it > immediately after starting it) but a problem remains: > If I change one file offline OR online windows 7 complains a > conflict because the 2 files have changed on serverside and > offline!? > > I read that you can check if the samba version is too old for > offline folders by searching for that lines in the samba log: > > ... I have that lines although I have Samba 3.4.4 > > call_nt_transact_ioctl(0x901af): Currently not implemented. > > can somebody give me a hint please how I get windows 7 & Samba & > offline folders working? We did fix a bug in this recently (with Microsoft's help). But it should definately be fixed in 3.4.4. I'll take a look at this once I'm back with my full test environment (next week). In the meantime can you log a bug at bugzilla.samba.org so this problem doesn't get lost. Thanks, Jeremy. From steve at greengecko.co.nz Mon Jan 18 17:10:41 2010 From: steve at greengecko.co.nz (steve) Date: Tue, 19 Jan 2010 13:10:41 +1300 Subject: [Samba] performance tweaks?? In-Reply-To: References: <1263766339.6678.707.camel@xpc> Message-ID: <1263859841.6678.935.camel@xpc> On Mon, 2010-01-18 at 08:19 +0100, Volker Lendecke wrote: > On Mon, Jan 18, 2010 at 11:12:19AM +1300, steve wrote: > > Has anyone any tips on improving samba performance with debian lenny? > > > > I've set up a raid 0 partition on a couple of new WD 1TB disks, > > formatting the majority of it as a single reiserfs partition. I must > > admit I should probably have set the blocksize to something other than > > the default at the time, but now it's well populated, changing stuff > > like that is going to be a big problem. > > > > Performance is pretty poor to put it politely - primary use is a single > > samba share with a very large directory structure, millions of files. > > Can anyone suggest any improvements that can stop it being that slow? I > > regularly see 50+% in waitio. > > Do you have individual directories with huge numbers of > files? This is a known performance problem with a > workaround: > > case sensitive = yes > preserve case = no > short preserve case = no > > Volker I tried this, and ended up woth 2 pc's that could only see the top level of the shaare. So I reverted it, and they *still* can only see one level down. Is this some known xp weirdness? Most of the domain are fine. Cheers, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: steve at greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From Volker.Lendecke at SerNet.DE Mon Jan 18 17:15:06 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue, 19 Jan 2010 01:15:06 +0100 Subject: [Samba] performance tweaks?? In-Reply-To: <1263859841.6678.935.camel@xpc> References: <1263766339.6678.707.camel@xpc> <1263859841.6678.935.camel@xpc> Message-ID: On Tue, Jan 19, 2010 at 01:10:41PM +1300, steve wrote: > I tried this, and ended up woth 2 pc's that could only see the top level > of the shaare. So I reverted it, and they *still* can only see one level > down. Ok, well... Maybe you have upper/lower case directories in your shares? Sorry, I had thought that the meaning of those parameters is pretty obvious: They assume that all file names on disk are a specific case. You should add "default case = lower" if you have everything lower-case. My apologies for not telling you in the first place, Volker From budhi.hamdani at gmail.com Mon Jan 18 17:32:20 2010 From: budhi.hamdani at gmail.com (budhi hamdani) Date: Tue, 19 Jan 2010 07:32:20 +0700 Subject: [Samba] NT_STATUS_INVALID_HANDLE In-Reply-To: References: Message-ID: honestly I do not know... when i try to configure, then make and make install everything go smooth no trouble at all even when i install from ports no error either... but when i try to start smbd always failed, but nmbd and winbind start successfully On Mon, Jan 18, 2010 at 5:33 PM, Volker Lendecke wrote: > On Mon, Jan 18, 2010 at 04:39:13PM +0700, budhi hamdani wrote: > > Hello, Thx for reply > > You can get smbd.strace from this url : > > http://222.124.204.155/~budhi/samba/ > > 24953 18:18:29.915751 fcntl(4, F_SETLKW, {type=0 /* F_??? */, > whence=SEEK_SET, start=0, len=0}) = -1 EINVAL (Invalid argument) <0.000017> > > That's the culprit. The relevant Samba code lines try to do a > > tdb->methods->tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0, 1) > > which is a lock of one byte (not len=0 as in your strace). > My first guess would be a 32/64 bit problem with your build > environment or something similar. Is that possible? > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAktUOOoACgkQbZMKAi3WUklmvACfeRnq5n1k5NbAxM+DmCmkwlLy > VyEAn2Zjl0PqwgmnkkEjdN1RJKwEFgAd > =qW9C > -----END PGP SIGNATURE----- > > -- Budhi Hamdani Network Manager of PT. Motekar Garuda Media From t-oota at dh.jp.nec.com Mon Jan 18 19:46:58 2010 From: t-oota at dh.jp.nec.com (ITPFS oota) Date: Tue, 19 Jan 2010 11:46:58 +0900 Subject: [Samba] TOSHARG-ConfigSmarts.xml translation to Japanese finished and some bug Message-ID: <20100119024658.GA14028@mail.linux.bs1.fc.nec.co.jp> Now, TOSHARG-ConfigSmarts.xml translate to Japanese finished(3.4.0 base). And some bug found. ------------------------------------------------------------------------------- separate servers -------------------no data Some environments dictate the need to have separate servers, each with their own resources, each of which are accessible only by certain users or groups. This is one of the simple, but highly effective, ways that Samba can replace many physical Windows servers in one Samba installation. ------------------------------------------------------------------------------- This configuration style can be used either with NetBIOS names, or using NetBIOS-less SMB over TCP services. If run using NetBIOS mode (the most common method) it is important that the parameter 139 should be specified in the primary &smb.conf; file. Failure to do this will result in Samba operating over TCP port 445 and problematic operation at best, and at worst only being able to obtain the functionality that is specified in the primary &smb.conf; file. The use of NetBIOS over TCP/IP using only TCP port 139 means that the use of the %L macro is fully enabled. If the 139 is not specified (the default is 445 139, or if forgot )--^ the value of this parameter is set at 139 445 then the %L macro is not serviceable. -------------------------------------------------------------------------------- master smb.conf /etc/samba ------------------no data The master &smb.conf; file is shown in the Master smb.conf File Global Section. The two files that specify the share information for each server are shown in the smb-merlin.conf File Share Section, and the smb-sauron.conf File Share Section. All three files are locate in the /etc/samba directory. -- --- Oota Toshiya --- t-oota at dh.jp.nec.com NEC Systems Software Operations Unit Shiba,Minato,Tokyo IT Platform Solutions Division Japan,Earth,Solar system (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster) From alex_mgsm at mail.ru Mon Jan 18 21:23:45 2010 From: alex_mgsm at mail.ru (Alexander R. Fahrutdinov) Date: Tue, 19 Jan 2010 08:23:45 +0400 Subject: [Samba] Samba/winbind with Active Directory auth In-Reply-To: <2aa1891e1001180733x2e429e99wa2b781ec1c47f599@mail.gmail.com> References: <2aa1891e1001180733x2e429e99wa2b781ec1c47f599@mail.gmail.com> Message-ID: <201001190823.46056.alex_mgsm@mail.ru> ? ????????? ?? ??????????? 18 ?????? 2010 19:33:00 ????? Kris Kaido ???????: > Hi List, > > I'm installing a Samba server with the intended purpose of serving files to > Windows users with seamless authentication on the smb server. > For that, I've been reading and following every single google search result > regarding the subject, but it seems I'm stuck at some point where other > people are not blocked ... > > To summarize, I have these commands OK: > # kinit admin_user at DOMAIN.EXAMPLE.COM > # klist (ticket ok) > # net join ads -S server -U admin_user > # wbinfo -u and -g (both showing "DOMAIN\...") > # wbinfo -t (succeeded) Try to use Kerberos auth (wbinfo -K login%pass). It's possible, Windows PDC does not support NT-style auth via pipe. Also, try 'nt pipe support = no' option in smb.conf file. From Volker.Lendecke at SerNet.DE Mon Jan 18 23:46:15 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue, 19 Jan 2010 07:46:15 +0100 Subject: [Samba] Samba/winbind with Active Directory auth In-Reply-To: <201001190823.46056.alex_mgsm@mail.ru> References: <2aa1891e1001180733x2e429e99wa2b781ec1c47f599@mail.gmail.com> <201001190823.46056.alex_mgsm@mail.ru> Message-ID: On Tue, Jan 19, 2010 at 08:23:45AM +0400, Alexander R. Fahrutdinov wrote: > ? ????????? ?? ??????????? 18 ?????? 2010 19:33:00 ????? Kris Kaido ???????: > > Hi List, > > > > I'm installing a Samba server with the intended purpose of serving files to > > Windows users with seamless authentication on the smb server. > > For that, I've been reading and following every single google search result > > regarding the subject, but it seems I'm stuck at some point where other > > people are not blocked ... > > > > To summarize, I have these commands OK: > > # kinit admin_user at DOMAIN.EXAMPLE.COM > > # klist (ticket ok) > > # net join ads -S server -U admin_user > > # wbinfo -u and -g (both showing "DOMAIN\...") > > # wbinfo -t (succeeded) > > Try to use Kerberos auth (wbinfo -K login%pass). It's possible, Windows PDC > does not support NT-style auth via pipe. Also, try 'nt pipe support = no' > option in smb.conf file. ??? nt pipe support = no is extremely unlikely to ever help these days. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From mueller at tropenklinik.de Tue Jan 19 01:29:53 2010 From: mueller at tropenklinik.de (=?iso-8859-1?Q?Daniel_M=FCller?=) Date: Tue, 19 Jan 2010 09:29:53 +0100 Subject: [Samba] Samba 3.4 clustering CTDB Message-ID: <004f01ca98e1$92fe3fc0$b8fabf40$@de> Hello to all, Did someone succed with samba clustering using CTDB? We just started a project trying to set up a cluster with Samba 3.4 and ctdb and 2 nodes. We aim to substitute the samba pdc bdc thing which is not sufficient I thing. Because when the pdc is down the bdc must be set manually to be the pdc. If clustering should work then ctdb (load balancing!?)will decide which node to authenticate against and will sync user groups and files. If one node fails the other would take over and users and clients can work on. Are these things possible in current state of development??? Greetings Daniel From himmat.baldaniya at hotmail.com Tue Jan 19 01:39:27 2010 From: himmat.baldaniya at hotmail.com (himmat baldaniya) Date: Tue, 19 Jan 2010 14:09:27 +0530 Subject: [Samba] subfolder level restriction Message-ID: hello I have three users u1 ,u2 and u3 I have a share named "mrt" and it has two subfolder "mrt1" and "mrt2". what i have to do is that when u1 logs in mrt it should view all the contents inside mrt (including contents of its subfolderand all) and when u2 logs into mrt it should view mrt1 and restrict mrt2 and in same way when u3 logs into mrt ,it could access mrt2 and restrict mrt1 how should i do this ?? please Help!!!! thankyou _________________________________________________________________ Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop From mueller at tropenklinik.de Tue Jan 19 01:53:57 2010 From: mueller at tropenklinik.de (=?iso-8859-1?Q?Daniel_M=FCller?=) Date: Tue, 19 Jan 2010 09:53:57 +0100 Subject: [Samba] subfolder level restriction In-Reply-To: References: Message-ID: <006b01ca98e4$efcff830$cf6fe890$@de> Look at the issue "dont descend" in the [mrt] config. Daniel ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von himmat baldaniya Gesendet: Dienstag, 19. Januar 2010 09:39 An: samba samba Betreff: [Samba] subfolder level restriction hello I have three users u1 ,u2 and u3 I have a share named "mrt" and it has two subfolder "mrt1" and "mrt2". what i have to do is that when u1 logs in mrt it should view all the contents inside mrt (including contents of its subfolderand all) and when u2 logs into mrt it should view mrt1 and restrict mrt2 and in same way when u3 logs into mrt ,it could access mrt2 and restrict mrt1 how should i do this ?? please Help!!!! thankyou _________________________________________________________________ Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From Volker.Lendecke at SerNet.DE Tue Jan 19 02:26:25 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue, 19 Jan 2010 10:26:25 +0100 Subject: [Samba] Samba 3.4 clustering CTDB In-Reply-To: <004f01ca98e1$92fe3fc0$b8fabf40$@de> References: <004f01ca98e1$92fe3fc0$b8fabf40$@de> Message-ID: On Tue, Jan 19, 2010 at 09:29:53AM +0100, Daniel M?ller wrote: > Did someone succed with samba clustering using CTDB? > We just started a project trying to set up a cluster with Samba 3.4 and > ctdb and 2 nodes. We aim to > substitute the samba pdc bdc thing which is not sufficient I thing. Because > when the pdc is down the bdc must be set > manually to be the pdc. > If clustering should work then ctdb (load balancing!?)will decide which node > to authenticate against and will sync user groups and files. If one > node fails the other would take over and users and clients can work on. > Are these things possible in current state of development??? In theory, yes, but for the PDC/BDC thing it is not necessary. Yes, if your PDC is permanently down and will not come back, you have to manually upgrade the BDC. But for authentication purposes the BDC is just fine, you only can not change passwords for example. But when your PDC is down, changing passwords or creating new users should be the least of your problems. Just my 2ct Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From kseeger at samba.org Tue Jan 19 03:24:38 2010 From: kseeger at samba.org (Karolin Seeger) Date: Tue, 19 Jan 2010 11:24:38 +0100 Subject: [Samba] [Announce] Samba 3.4.5 Available for Download Message-ID: ================================================================= "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ================================================================= Release Announcements ===================== This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.5 include: o Fix memory in leak in smbd (bug #7020). o Fix changing of ACLs on writable files with "dos filemode=yes" (bug #5202). ###################################################################### Changes ####### Changes since 3.4.4 ------------------- o Jeremy Allison * BUG 5202: Fix changing of ACLs on writable files with "dos filemode=yes". * BUG 7020: Fix memory leak in smbd. * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. * BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. o G?nther Deschner * BUG 7043: Fix crash bug in "SMBC_parse_path". o Volker Lendecke * BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS server. o Stefan Metzmacher * BUG 6642: Fix opening the quota magic file. * BUG 6919: Fix remote quota management. o SASAJIMA Toshihiro * BUG 7034: Fix internal error caused by vfs_cap. ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.5.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From dan.sheridan at postman.org.uk Tue Jan 19 04:56:11 2010 From: dan.sheridan at postman.org.uk (Daniel Sheridan) Date: Tue, 19 Jan 2010 11:56:11 +0000 Subject: [Samba] domain printer issues In-Reply-To: <20091201150955.GB14081@mthelena.ber.redhat.com> References: <4B0E0ED6.2010708@vpac.org> <4B0F2EA7.8050407@vpac.org> <1259337837.19665.39.camel@coquet> <4B12F253.8010705@vpac.org> <1259671011.6977.123.camel@coquet> <20091201150955.GB14081@mthelena.ber.redhat.com> Message-ID: <1263902170.6175.3461.camel@coquet> On Tue, 2009-12-01 at 16:09 +0100, Guenther Deschner wrote: > On Tue, Dec 01, 2009 at 12:36:51PM +0000, Daniel Sheridan wrote: > > On Mon, 2009-11-30 at 09:14 +1100, Brian May wrote: > > > Daniel Sheridan wrote: > > > > FWIW, I have the same problem here with Samba 3.4.2 and Windows XP > > > > clients. In fact, one printer driver works via point'n'print, but > > > > the others do not, so for now I've set all printers to use that one > > > > driver (the PPDs are similar enough that it's not a problem). > > > > > > Ok, so maybe it was the upgrade from 3.2.5 to 3.4.2 (required for > > > Windows 7) that broke things. The first few days seemed fine, so I > > > thought it was OK, but maybe that is because nobody reported > > > problems... > > > > I'm currently blaming 3.4.x. Downgrading to 3.3.2 (the most recent 3.3 > > easily available as an Ubuntu package) makes the driver installation > > work perfectly. Upgrading to 3.4.x breaks it again. Clean /var/lib/samba > > and /var/cache/samba each time. > > This is unfortunately a known issue and we are actively working on > resolving this; if you have a chance to test, the 3-4-test git branch > should have the necessary fixes (unless you are running sparc). > > For Samba 3.4.4 these issues will be resolved. (resurrecting old thread for context) I'm still seeing this behaviour in 3.4.5 -- XP claims that the server does not have the correct printer driver installed. Is there anything I can provide that will help to debug this? Dan. From lucia.frika at gmail.com Tue Jan 19 05:32:54 2010 From: lucia.frika at gmail.com (Lucia Donatto) Date: Tue, 19 Jan 2010 13:32:54 +0100 Subject: [Samba] How do update samba on Ubuntu Message-ID: Hi all, I?ve got an ubuntu 8.04 server with samba 3.0.28 and ldap installed in a net that is working ok. I?d like to actualize samba to the actual version and don?t know how. Sudo apt-get upgrade will do? I?ve read in internet that some people uninstall it and it really scares me! If someone have any idea about how to do it and can give me a link or some clue about it, I really will apreciate it! Thank you very much for your time. From linuxbox at wavenet.at Tue Jan 19 06:06:34 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Tue, 19 Jan 2010 14:06:34 +0100 Subject: [Samba] How do update samba on Ubuntu In-Reply-To: References: Message-ID: <4B55AE5A.4070208@wavenet.at> Am 2010-01-19 13:32, schrieb Lucia Donatto: > Hi all, I?ve got an ubuntu 8.04 server with samba 3.0.28 and ldap installed > in a net that is working ok. > I?d like to actualize samba to the actual version and don?t know how. > Sudo apt-get upgrade will do? > I?ve read in internet that some people uninstall it and it really scares me! > If someone have any idea about how to do it and can give me a link or some > clue about it, I really will apreciate it! > > Thank you very much for your time. > Hi Lucia! I used that "how-to" http://www.jeremycole.com/blog/2009/12/01/upgrade-samba-3-0-28a-to-3-4-3-on-ubuntu-8-04-lts/ That worked fine for me with samba 3.4.4 and samba 3.4.5 If you prefer packages - you can add deb http://ppa.launchpad.net/pgquiles/ppa/ubuntu hardy main deb-src http://ppa.launchpad.net/pgquiles/ppa/ubuntu hardy main to your apt - source list and install the provided 3.4.3 packages. Please keep in mind that there are differences between 3.0 and 3.4 (tdbsam, ldap-scheme, some config changes)! regards Martin From linuxbox at wavenet.at Tue Jan 19 06:44:24 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Tue, 19 Jan 2010 14:44:24 +0100 Subject: [Samba] Samba 3.4.4 & Windows 7 offline folders In-Reply-To: <20100118223037.GA5569@jeremy-laptop> References: <4B54C8A0.7080701@wavenet.at> <20100118223037.GA5569@jeremy-laptop> Message-ID: <4B55B738.7020004@wavenet.at> > We did fix a bug in this recently (with Microsoft's help). But > it should definately be fixed in 3.4.4. > > I'll take a look at this once I'm back with my full test environment > (next week). In the meantime can you log a bug at bugzilla.samba.org > so this problem doesn't get lost. > > Thanks, > > Jeremy. > > Thank you Jeremey ... as we use offline folders intensive it's a little bit annoying for us, you can imagine - we will do some testing today with the newer 3.4.5 and if the situation is unchanged, I'll open a ticket. regards Martin From r.martel at csuohio.edu Tue Jan 19 07:46:52 2010 From: r.martel at csuohio.edu (Robert M. Martel - CSU) Date: Tue, 19 Jan 2010 09:46:52 -0500 Subject: [Samba] Winbind problem on Solaris 9 - samba 3.4.4 In-Reply-To: <4B4E353C.8000606@csuohio.edu> References: <4B4E353C.8000606@csuohio.edu> Message-ID: <4B55C5DC.8050304@csuohio.edu> Greetings, Have not heard from anyone on this topic. I tried building samba 3.3.10 with same environment - same issue: ld.so.1: su: fatal: relocation error: file /usr/lib/security/pam_winbind.so.1: symbol libintl_bindtextdomain: referenced symbol not found I could access shares from client PCs, but not log onto or "su" to an active directory user. On 01/13/2010 04:03 PM, Robert M. Martel - CSU wrote: > Greetings > > Samba 3.4.4 built on Solaris 9 with gcc version 3.4.6 > > This is an Active Directory member server which was working with Samba > 3.2.15 installed. > > I was able to build 3.4.4 without errors as well as access shares as an > active directory user from a client PC without any issues so far. > > When I try to su to an active directory user in a terminal session I get > the following error: > > ld.so.1: su: fatal: relocation error: file > /usr/lib/security/pam_winbind.so.1: symbol libintl_bindtextdomain: > referenced symbol not found > > I have SMClintl from SunFreeware installed to support some other > packages, there also exists a libintl.so.1 in /usr/lib which is much > smaller than the one in /usr/local/lib. > > I tried changing crle to put /usr/local/lib before /usr/lib but it did > not make a difference. > > Any suggestions on how to resolve this issue? > > Thanks! > Bob > -- *********************************************************************** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 r.martel at csuohio.edu -Jeff Lynne *********************************************************************** From rvandolson at esri.com Tue Jan 19 15:48:59 2010 From: rvandolson at esri.com (Ray Van Dolson) Date: Tue, 19 Jan 2010 14:48:59 -0800 Subject: [Samba] Tracking down rogue workgroup Message-ID: <20100119224859.GA14169@esri.com> Hi folks. Periodically a workgroup shows up on our network with an inappropriate name. We're trying to find the best way to track this down as it's quite intermittent. We can obviously look for announcement messages (in broadcast packets on ports 138/139), but this must be done on each subnet and we have enough subnets that this would be rather tedious and at best, a last resort. The workgroup is available to machines in every subnet, so apparently its presence is getting relayed back to the domain controllers... For protocol gurus: is there a particular packet we can look for on the domain controllers that could help us narrow down our search to the right subnet? A message from the local master browser sending a list of workgroups perhaps? Or a message updating WINS entries? Any suggestions would be appreciated! Thanks, Ray From michaelh at jaswin.com.au Tue Jan 19 17:04:08 2010 From: michaelh at jaswin.com.au (Michael Heydon) Date: Wed, 20 Jan 2010 09:04:08 +0900 Subject: [Samba] subfolder level restriction In-Reply-To: <006b01ca98e4$efcff830$cf6fe890$@de> References: <006b01ca98e4$efcff830$cf6fe890$@de> Message-ID: <4B564878.5060204@jaswin.com.au> Daniel M?ller wrote: > Look at the issue "dont descend" in the [mrt] config. > Daniel > "dont descend" affects the share regardless of who connects to it. To create different views for different users would require creating several shares with different "dont descend" values. > when u1 logs in mrt it should view all the contents inside mrt (including contents of its > subfolderand all) > and when u2 logs into mrt it should view mrt1 and restrict mrt2 and in same > way when u3 logs into mrt ,it could access mrt2 and restrict mrt I think unix permissions would be the obvious solution. Create groups called g1 and g2, add u1 to both groups, u2 to g1 and u3 to g2. Then chown root.g1 mrt1 , chown root.g2 mrt2 and chmod them both to 770 (or 750). If you want more flexibility, you can use ACLs (assuming your FS and OS support them). *Michael Heydon - IT Administrator * michaelh at jaswin.com.au From ryan.suarez at sheridanc.on.ca Tue Jan 19 21:42:00 2010 From: ryan.suarez at sheridanc.on.ca (Ryan Suarez) Date: Tue, 19 Jan 2010 23:42:00 -0500 Subject: [Samba] domain printer issues In-Reply-To: <1263902170.6175.3461.camel@coquet> References: <4B0E0ED6.2010708@vpac.org> <4B0F2EA7.8050407@vpac.org> <1259337837.19665.39.camel@coquet> <4B12F253.8010705@vpac.org> <1259671011.6977.123.camel@coquet> <20091201150955.GB14081@mthelena.ber.redhat.com> <1263902170.6175.3461.camel@coquet> Message-ID: <4B568998.5060303@sheridanc.on.ca> Daniel Sheridan wrote: > On Tue, 2009-12-01 at 16:09 +0100, Guenther Deschner wrote: > >> On Tue, Dec 01, 2009 at 12:36:51PM +0000, Daniel Sheridan wrote: >> >>> On Mon, 2009-11-30 at 09:14 +1100, Brian May wrote: >>> >>>> Daniel Sheridan wrote: >>>> >>>>> FWIW, I have the same problem here with Samba 3.4.2 and Windows XP >>>>> clients. In fact, one printer driver works via point'n'print, but >>>>> the others do not, so for now I've set all printers to use that one >>>>> driver (the PPDs are similar enough that it's not a problem). >>>>> >>>> Ok, so maybe it was the upgrade from 3.2.5 to 3.4.2 (required for >>>> Windows 7) that broke things. The first few days seemed fine, so I >>>> thought it was OK, but maybe that is because nobody reported >>>> problems... >>>> >>> I'm currently blaming 3.4.x. Downgrading to 3.3.2 (the most recent 3.3 >>> easily available as an Ubuntu package) makes the driver installation >>> work perfectly. Upgrading to 3.4.x breaks it again. Clean /var/lib/samba >>> and /var/cache/samba each time. >>> >> This is unfortunately a known issue and we are actively working on >> resolving this; if you have a chance to test, the 3-4-test git branch >> should have the necessary fixes (unless you are running sparc). >> >> For Samba 3.4.4 these issues will be resolved. >> >> I'm still seeing this behaviour in 3.4.5 -- XP claims that the server >> does not have the correct printer driver installed. Is there anything I >> can provide that will help to debug this? >> I believe the developers were referring to this: https://bugzilla.samba.org/show_bug.cgi?id=6883 It was supposedly addressed in 3.4.4 and marked resolved. If your still having issues then you should leave a comment there and request to reopen bug. I personally haven't had a chance to try this version out yet. From koen.linders at koca.be Wed Jan 20 01:18:37 2010 From: koen.linders at koca.be (Koen Linders) Date: Wed, 20 Jan 2010 09:18:37 +0100 Subject: [Samba] '/tmp' does not exist or permission denied ...: /tmp has 777 permission Message-ID: <001301ca99a9$2ab3a720$801af560$@linders@koca.be> Not sure what caused it. It must be some change to permissions. I know I changed the root password with passwd and changed it back afterwards when problems started. I know for sure I didn't change a thing to the samba config. No firewall running atm. This morning I did smbpasswd as root and set it (to be sure) to same passwd as the original one. But I don't think this matters anymore. I did hope so when I went to sleep :) Debian Etch Samba 3.0.24 All worked well as PDC Exact message: SMBD/SERVICE.C:MAKE_CONNECTION_SNUM(920) 'tmp' does not exist or permission denied when connecting to [IPC$]. Error was permission denied. Permission on /tmp Ls -al / /tmp drwxrwxrwt The weird thing is. I can access 2 out 3 shares even after restarting server and workstation. Netlogon is not accessible and I can't browse the server. The 2 shares are in the same directory as the main share which is inaccessible atm. When I try to login as different user (koenl) on the server (not via workstation), I get can't cd to /data/home/koenl Permissions /data: 775 root.root /data/home 775 root.root /data/home/koenl 755 koenl.ICT /data/shares 755 root.root /data/shares/newton 775 root.root (main directory of share is meant to be readable by world) (This is the inaccessible share) /data/shares/ict 770 g+s (accessible share) (Any application to change ALL permissions to default on debian? I can umount the data partition before) Any idea? Koen From heupink at merit.unu.edu Wed Jan 20 02:18:59 2010 From: heupink at merit.unu.edu (mourik jan c heupink) Date: Wed, 20 Jan 2010 10:18:59 +0100 Subject: [Samba] '/tmp' does not exist or permission denied ...: /tmp has 777 permission In-Reply-To: <001301ca99a9$2ab3a720$801af560$@linders@koca.be> References: <001301ca99a9$2ab3a720$801af560$@linders@koca.be> Message-ID: <4B56CA83.5050302@merit.unu.edu> > Exact message: > SMBD/SERVICE.C:MAKE_CONNECTION_SNUM(920) 'tmp' does not exist or > permission denied when connecting to [IPC$]. Error was permission > denied. I have no idea, but could it be that 'tmp' is not the directory /tmp, but one of your samba shares, called 'tmp'? MJ From koen.linders at koca.be Wed Jan 20 03:18:13 2010 From: koen.linders at koca.be (Koen Linders) Date: Wed, 20 Jan 2010 11:18:13 +0100 Subject: [Samba] '/tmp' does not exist or permission denied ...: /tmp has 777 permission SOLVED In-Reply-To: <4B56CA83.5050302@merit.unu.edu> References: <001301ca99a9$2ab3a720$801af560$@linders@koca.be> <4B56CA83.5050302@merit.unu.edu> Message-ID: <001e01ca99b9$e1008e70$a301ab50$@linders@koca.be> > I have no idea, but could it be that 'tmp' is not the directory /tmp, > but one of your samba shares, called 'tmp'? > > MJ Nope, but thx anyway. I changed the permission in the /root dir yesterday with chmod 700 .* I only wanted to change the hidden files that started with . (like .ssh) This caused .. to have wrong permissions. It should have 755 so anything can cd out of the directory. How something small like this, can cause so many problems. Lesson learned here! Koen Linders From mueller at tropenklinik.de Wed Jan 20 06:06:30 2010 From: mueller at tropenklinik.de (=?iso-8859-1?Q?Daniel_M=FCller?=) Date: Wed, 20 Jan 2010 14:06:30 +0100 Subject: [Samba] registry based config Message-ID: <005201ca99d1$61b8dc40$252a94c0$@de> Dear all, the registry based config on samba 3.3.1 suse 10.2: I imported the shares with net conf import fileinsmbconfformat_ofshares. I made them available in smb.conf by: include registry=yes. Users have access to the shares. But I get the error when opening the registry of my sambaserver from an xp client: Klicking on HK_LOCAL_MACHINE>Software>Samba>smbconf gives me : An error occurred opening smbconf. No Access!. How can I grant access to show the internal keys. Greetings Daniel ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- From Jacques.Kostic at pmintl.com Wed Jan 20 09:16:38 2010 From: Jacques.Kostic at pmintl.com (Kostic, Jacques) Date: Wed, 20 Jan 2010 17:16:38 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 Message-ID: Hi, I have Setup connection from my brand new iMac to my windows Server 2003. I am using gigabit line and I am getting only 15 Mbites / sec speed. Any way to get much better? Many thanks for your help. Jko Jacques KOSTIC Philip Morris International Senior IS Analyst Finance Systems Av Rhodanie 50 1001 Lausanne E-mail: Jacques.Kostic at pmintl.com Phone: +41 (58) 242 7727 Fax: +41 (58) 242 0101 From Volker.Lendecke at SerNet.DE Wed Jan 20 10:14:27 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Wed, 20 Jan 2010 18:14:27 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: On Wed, Jan 20, 2010 at 05:16:38PM +0100, Kostic, Jacques wrote: > I have Setup connection from my brand new iMac to my windows Server 2003. > > I am using gigabit line and I am getting only 15 Mbites / sec speed. > > Any way to get much better? Hmm. iMac is client or server? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From lagern at lafayette.edu Wed Jan 20 10:28:41 2010 From: lagern at lafayette.edu (Nathan Lager) Date: Wed, 20 Jan 2010 12:28:41 -0500 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: References: <4B50CE14.405@lafayette.edu> Message-ID: <4B573D49.8030208@lafayette.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That hasnt helped either. Same lag on file modification. Thanks. On 01/16/2010 05:46 AM, Volker Lendecke wrote: > On Fri, Jan 15, 2010 at 03:20:36PM -0500, Nathan Lager wrote: >> Any suggestions? Anything i can check? Am i perhaps looking an an NFS >> performance issue? I'm able to modify files over the nfs mount from the >> smb server without an issue. > > No, this is probably not a NFS performance thing, NFS is not > *that* slow. Next try after "kernel oplocks = no" would be > "posix locking = no". > > Volker - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 610-330-5907 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktXPUkACgkQsZqG4IN3sulhJwCgqciUoWOtxcpRbMORwpWrSXMk MIgAnRRMhaEWU7mynN7B6N8UVOCqJsPk =aypr -----END PGP SIGNATURE----- From Volker.Lendecke at SerNet.DE Wed Jan 20 10:56:33 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Wed, 20 Jan 2010 18:56:33 +0100 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: <4B573D49.8030208@lafayette.edu> References: <4B50CE14.405@lafayette.edu> <4B573D49.8030208@lafayette.edu> Message-ID: On Wed, Jan 20, 2010 at 12:28:41PM -0500, Nathan Lager wrote: > That hasnt helped either. > > Same lag on file modification. > > Thanks. Please connect, look in smbstatus which process is responsible for your client and strace it. strace -ttT -o /tmp/smbd.strace -p Upload /tmp/smbd.strace somewhere please. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From lagern at lafayette.edu Wed Jan 20 11:10:25 2010 From: lagern at lafayette.edu (Nathan Lager) Date: Wed, 20 Jan 2010 13:10:25 -0500 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: References: <4B50CE14.405@lafayette.edu> <4B573D49.8030208@lafayette.edu> Message-ID: <4B574711.6070208@lafayette.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank's, i'll get on that. in the meantime. I've run wireshark during the write process. Here's what i've come up with. When i initiate the write (file->save), i see, from my workstation, to the smb server and "NT Create Andx request path: \test\testfile.txt" Immediately after that, i get a response from the smb server, to my workstation: "microsoft-ds > cognex-insight [ACK] seq=1 Ack=127 Win=36448 Len:0" 28 seconds later, i get, from my workstation, to the server: "Echo Request" Immdiately after that, i get another microsoft-ds > cognex-insight [ACK] Then the whole thing seems to start over again, except this time, no 28 second pause, and the write completes. On 01/20/2010 12:56 PM, Volker Lendecke wrote: > On Wed, Jan 20, 2010 at 12:28:41PM -0500, Nathan Lager wrote: >> That hasnt helped either. >> >> Same lag on file modification. >> >> Thanks. > > Please connect, look in smbstatus which process is > responsible for your client and strace it. > > strace -ttT -o /tmp/smbd.strace -p > > Upload /tmp/smbd.strace somewhere please. > > Volker - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 610-330-5907 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktXRxEACgkQsZqG4IN3suknRQCfUFc86qkDPr1twg4zE2+qA1Tr sxEAn0TsA1sVV1m56QOCbsr+hXec/ywT =hqfY -----END PGP SIGNATURE----- From lagern at lafayette.edu Wed Jan 20 11:36:18 2010 From: lagern at lafayette.edu (Nathan Lager) Date: Wed, 20 Jan 2010 13:36:18 -0500 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: References: <4B50CE14.405@lafayette.edu> <4B573D49.8030208@lafayette.edu> Message-ID: <4B574D22.2000503@lafayette.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OK, Here we go. http://www.undrground.org/smb/smbd.strace On 01/20/2010 12:56 PM, Volker Lendecke wrote: > On Wed, Jan 20, 2010 at 12:28:41PM -0500, Nathan Lager wrote: >> That hasnt helped either. >> >> Same lag on file modification. >> >> Thanks. > > Please connect, look in smbstatus which process is > responsible for your client and strace it. > > strace -ttT -o /tmp/smbd.strace -p > > Upload /tmp/smbd.strace somewhere please. > > Volker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktXTSIACgkQsZqG4IN3sunZqACffagPWZAH3BKFTfe2NSytiOWx zfAAoJgks2s5Dt1Pg0vh+49o9FMIcRWj =uCY5 -----END PGP SIGNATURE----- From johannes at truschnigg.info Wed Jan 20 11:41:24 2010 From: johannes at truschnigg.info (Johannes Truschnigg) Date: Wed, 20 Jan 2010 19:41:24 +0100 Subject: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+) Message-ID: <201001201941.28423.johannes@truschnigg.info> Hello list, I'm using Samba 3.4.5 on a home-hosted fileserver of mine to easily share files with both GNU/Linux and Windows XP (Professional 32Bit SP3) clients. The machines are connected to each other via a switched GBit ethernet network, the actual available bandwidth between the server and the nodes over TCP amounts to about 940-980MBit (according to iperf). The server's storage backend is aquite potent, and achieves sequential read and write speeds well over the network's linespeed (somewhere around 180MiB/s read and 130MiB/s write at worst and well over 200MiB/s and 160MiB/s, resp., at best). When serving files from the very same filesystem as with Samba, Apache 2.2 delivers about 110MiB/s on average, and NFSv4-transfers match that number in terms of speed. With Samba and SMB/CIFS, however, the transfer speed tops out at rather disappointing 28-30MiB/s, serving both Windows and GNU/Linux clients. I'm using the in-kernel CIFS support on the GNU/Linux machines, and the default "Attach Network Drive"-feature with Windows. Using the (afaik pure userspace) `smbclient` implementation on the GNU machine doesn't change anything to the better, the speed remains at the aforementioned ~30MiB/s. The server system isn't really loaded while serving files over CIFS (its cores don't even clock to higher frequencies, but remain at a comfortable 1GHz), and smbd never consumes substantially more than ~15% CPUtime while reading from disk and delivering to the clients. I tried adopting advice from the Samba manual's performance tuning section (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/speed.html), but that didn't improve the situation at all - transfer speed remained roughly the same, compared to these settings' default values. Playing with the clients' mount options (rsize and wsize, specifically) didn't yield any noticeable improvements, either. I continue to see other peoples' reports on the web that they manage to squeeze much higher transfer rates (70MiB/s+) out of dedicated NAS appliances via SMB/CIFS (most of which supposedly also run Samba for providing that service), and I fail to see why my platform won't deliver similar results, as the hardware should easily match whatever those NAS-devices offer. Below I will list what I think might be relevant information to track down what's wrong; in case I'm missing something that'd be of use, please, let me know! ----SNIP START: egrep -v '^[[:space:]]*[;#]|^$' /etc/samba/smb.conf ---- [global] workgroup = ARBEITSGRUPPE security = share load printers = no guest account = nobody dns proxy = no syslog = 1 syslog only = yes socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 disable netbios = yes unix extensions = yes unix charset = UTF-8 display charset = UTF-8 use mmap = yes use sendfile = yes wins support = no [files] path = /srv/files/pub/ public = yes only guest = yes writable = yes printable = no ---- SNIP END: egrep -v '^[[:space:]]*[;#]|^$' /etc/samba/smb.conf ---- My GNU/Linux client mounts the share with the following options: ---- SNIP START: /etc/fstab ---- //virtue.local/files /media/network cifs \ auto,user,pass=,rw,uid=1000,gid=100,noexec,nolock,\ file_mode=0664,dir_mode=0775,iocharset=utf8,\ wsize=57344,rsize=57344 0 0 ---- SNIP END: /etc/fstab ---- The output of `smbd -d` is recorded here: http://pasted.at/fb1889588d_nl.html All GNU/Linux clients use recent (2.6.32+) kernels and are x86_64 machines. All clients are able to get the HTTP transfer speeds described above. I'm still using the very same kernel that was used to build Samba/smbd on. There's nothing out of the ordinary recorded in the server's logs. `nmbd` isn't running on the server, as I don't need that kind of name resolution support. Samba is Version 3.4.5, running on Gentoo GNU/Linux ~amd64. If anyone spots something obvious that might limit transfer speeds in the way I described, please leave a comment. Thanks very much in advance for your time and effort! -- with best regards: - Johannes Truschnigg ( johannes at truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 133337 xmpp: johannes at truschnigg.info Please do not bother me with HTML-eMail or attachments. Thank you. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From jlayton at samba.org Wed Jan 20 12:55:16 2010 From: jlayton at samba.org (Jeff Layton) Date: Wed, 20 Jan 2010 14:55:16 -0500 Subject: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+) In-Reply-To: <201001201941.28423.johannes@truschnigg.info> References: <201001201941.28423.johannes@truschnigg.info> Message-ID: <20100120145516.1802c7c8@tlielax.poochiereds.net> On Wed, 20 Jan 2010 19:41:24 +0100 Johannes Truschnigg wrote: > Hello list, > > I'm using Samba 3.4.5 on a home-hosted fileserver of mine to easily share > files with both GNU/Linux and Windows XP (Professional 32Bit SP3) clients. The > machines are connected to each other via a switched GBit ethernet network, the > actual available bandwidth between the server and the nodes over TCP amounts > to about 940-980MBit (according to iperf). > > The server's storage backend is aquite potent, and achieves sequential read > and write speeds well over the network's linespeed (somewhere around 180MiB/s > read and 130MiB/s write at worst and well over 200MiB/s and 160MiB/s, resp., > at best). When serving files from the very same filesystem as with Samba, > Apache 2.2 delivers about 110MiB/s on average, and NFSv4-transfers match that > number in terms of speed. > > With Samba and SMB/CIFS, however, the transfer speed tops out at rather > disappointing 28-30MiB/s, serving both Windows and GNU/Linux clients. I'm > using the in-kernel CIFS support on the GNU/Linux machines, and the default > "Attach Network Drive"-feature with Windows. Using the (afaik pure userspace) > `smbclient` implementation on the GNU machine doesn't change anything to the > better, the speed remains at the aforementioned ~30MiB/s. > > The server system isn't really loaded while serving files over CIFS (its cores > don't even clock to higher frequencies, but remain at a comfortable 1GHz), and > smbd never consumes substantially more than ~15% CPUtime while reading from > disk and delivering to the clients. > > I tried adopting advice from the Samba manual's performance tuning section > (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/speed.html), but > that didn't improve the situation at all - transfer speed remained roughly the > same, compared to these settings' default values. Playing with the clients' > mount options (rsize and wsize, specifically) didn't yield any noticeable > improvements, either. > > I continue to see other peoples' reports on the web that they manage to > squeeze much higher transfer rates (70MiB/s+) out of dedicated NAS appliances > via SMB/CIFS (most of which supposedly also run Samba for providing that > service), and I fail to see why my platform won't deliver similar results, as > the hardware should easily match whatever those NAS-devices offer. > > Below I will list what I think might be relevant information to track down > what's wrong; in case I'm missing something that'd be of use, please, let me > know! > > ----SNIP START: egrep -v '^[[:space:]]*[;#]|^$' /etc/samba/smb.conf ---- > [global] > workgroup = ARBEITSGRUPPE > security = share > load printers = no > guest account = nobody > dns proxy = no > syslog = 1 > syslog only = yes > socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 > disable netbios = yes > unix extensions = yes > unix charset = UTF-8 > display charset = UTF-8 > use mmap = yes > use sendfile = yes > wins support = no > [files] > path = /srv/files/pub/ > public = yes > only guest = yes > writable = yes > printable = no > ---- SNIP END: egrep -v '^[[:space:]]*[;#]|^$' /etc/samba/smb.conf ---- > > My GNU/Linux client mounts the share with the following options: > ---- SNIP START: /etc/fstab ---- > //virtue.local/files /media/network cifs \ > auto,user,pass=,rw,uid=1000,gid=100,noexec,nolock,\ > file_mode=0664,dir_mode=0775,iocharset=utf8,\ > wsize=57344,rsize=57344 0 0 > ---- SNIP END: /etc/fstab ---- > > The output of `smbd -d` is recorded here: http://pasted.at/fb1889588d_nl.html > > All GNU/Linux clients use recent (2.6.32+) kernels and are x86_64 machines. > All clients are able to get the HTTP transfer speeds described above. > > I'm still using the very same kernel that was used to build Samba/smbd on. > There's nothing out of the ordinary recorded in the server's logs. `nmbd` > isn't running on the server, as I don't need that kind of name resolution > support. Samba is Version 3.4.5, running on Gentoo GNU/Linux ~amd64. > > > If anyone spots something obvious that might limit transfer speeds in the way > I described, please leave a comment. Thanks very much in advance for your time > and effort! Most likely, you're running into the lack of parallelism in Linux' CIFS client. Writes are done in in turn currently and not in parallel as they should be. Fixing it is something we'd like to do, but it's a non-trivial amount of work and it'll probably be a while before it's fixed. -- Jeff Layton From jlayton at samba.org Wed Jan 20 13:00:54 2010 From: jlayton at samba.org (Jeff Layton) Date: Wed, 20 Jan 2010 15:00:54 -0500 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: <4B574D22.2000503@lafayette.edu> References: <4B50CE14.405@lafayette.edu> <4B573D49.8030208@lafayette.edu> <4B574D22.2000503@lafayette.edu> Message-ID: <20100120150054.407efd68@tlielax.poochiereds.net> On Wed, 20 Jan 2010 13:36:18 -0500 Nathan Lager wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > OK, Here we go. > > http://www.undrground.org/smb/smbd.strace > > > On 01/20/2010 12:56 PM, Volker Lendecke wrote: > > On Wed, Jan 20, 2010 at 12:28:41PM -0500, Nathan Lager wrote: > >> That hasnt helped either. > >> > >> Same lag on file modification. > >> > >> Thanks. > > > > Please connect, look in smbstatus which process is > > responsible for your client and strace it. > > > > strace -ttT -o /tmp/smbd.strace -p > > > > Upload /tmp/smbd.strace somewhere please. > > > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAktXTSIACgkQsZqG4IN3sunZqACffagPWZAH3BKFTfe2NSytiOWx > zfAAoJgks2s5Dt1Pg0vh+49o9FMIcRWj > =uCY5 > -----END PGP SIGNATURE----- Looks like it's taking forever for flock() calls to time out, and then it finally fails with -ENOLCK: 13:24:00.268018 flock(28, 0x60 /* LOCK_??? */) = -1 ENOLCK (No locks available) <30.000971> ...often that means that you don't have rpc.statd running on the client. -- Jeff Layton From masaog at fshac.com Wed Jan 20 12:22:43 2010 From: masaog at fshac.com (Masao Garcia) Date: Wed, 20 Jan 2010 13:22:43 -0600 Subject: [Samba] Change AD user password from Linux Message-ID: <5B940415C1E34A838CE52973910759C6@fourseasonschicago.net> Has anyone gotten Active Directory user passwords changed from a Linux (Ubuntu 8.04) client? I used https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto as a guide, so I'm using Kerberos and Winbind (all apt-get). Samba version is 3.0.28a with a Windows Sever 2008 R2 DC, but running AD 2003 native. The client box is an LTSP box, and I'm able to ssh in with AD accounts. However, when I type passwd I get the error message "passwd: Authentication token manipulation error". In the auth.log file I get "pam_unix(passwd:chauthtok): user "kmasters" does not exist in /etc/passwd". Is it possible my Samba version is too old? common-auth: auth sufficient pam_krb5.so auth required pam_unix.so nullok_secure use_first_pass common-account: account sufficient pam_winbind.so account required pam_unix.so common-session: session required pam_mkhomedir.so umask=0022 skel=/etc/skel common-password: password sufficient pam_unix.so nullok md5 shadow password sufficient pam_ldap.so use_first_pass password required pam_deny.so smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM server string = %h server (Samba, Ubuntu) security = ADS map to guest = Bad User obey pam restrictions = Yes password server = dc1.mydomain.com passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 10000-20000 idmap gid = 10000-20000 template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes invalid users = root From steve at greengecko.co.nz Wed Jan 20 13:13:30 2010 From: steve at greengecko.co.nz (steve) Date: Thu, 21 Jan 2010 09:13:30 +1300 Subject: [Samba] performance tweaks?? In-Reply-To: References: <1263766339.6678.707.camel@xpc> <1263859841.6678.935.camel@xpc> Message-ID: <1264018410.6678.1080.camel@xpc> On Tue, 2010-01-19 at 01:15 +0100, Volker Lendecke wrote: > On Tue, Jan 19, 2010 at 01:10:41PM +1300, steve wrote: > > I tried this, and ended up woth 2 pc's that could only see the top level > > of the shaare. So I reverted it, and they *still* can only see one level > > down. > > Ok, well... Maybe you have upper/lower case directories in > your shares? Sorry, I had thought that the meaning of those > parameters is pretty obvious: They assume that all file > names on disk are a specific case. You should add "default > case = lower" if you have everything lower-case. > > My apologies for not telling you in the first place, > > Volker As these are microsofties, there is mixed case and white space all over the place. Will this have the desired effect? case sensitive = no preserve case = no short preserve case = no I'm seeing noticeable degraded performance when swapping from the old server, with samba 3.0.22, to a new server with double the memory, 50% more horsepower and 30% faster disks, running 3.2.5. Any suggestions will be gratefully received. Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: steve at greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From lists.john at gmail.com Wed Jan 20 13:16:03 2010 From: lists.john at gmail.com (john) Date: Wed, 20 Jan 2010 12:16:03 -0800 Subject: [Samba] Change AD user password from Linux In-Reply-To: <5B940415C1E34A838CE52973910759C6@fourseasonschicago.net> References: <5B940415C1E34A838CE52973910759C6@fourseasonschicago.net> Message-ID: <2be970b51001201216t3f9c1cc7xdfdc5e0a50397c44@mail.gmail.com> Hi Masao, I have essentially the same setup as you (ltsp, AD, Winbind). My users are able to change their passwords with the 'passwd' command. Here's the contents of /etc/pam.d/common-password file password sufficient pam_winbind.so password required pam_unix.so nullok obscure min=4 max=8 md5 Hth, John On Wed, Jan 20, 2010 at 11:22 AM, Masao Garcia wrote: > Has anyone gotten Active Directory user passwords changed from a Linux > (Ubuntu 8.04) client? ?I used > https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto as a guide, so > I'm using Kerberos and Winbind (all apt-get). ?Samba version is 3.0.28a with > a Windows Sever 2008 R2 DC, but running AD 2003 native. ?The client box is > an LTSP box, and I'm able to ssh in with AD accounts. ?However, when I type > passwd I get the error message "passwd: Authentication token manipulation > error". ?In the auth.log file I get "pam_unix(passwd:chauthtok): user > "kmasters" does not exist in /etc/passwd". ?Is it possible my Samba version > is too old? > > > > common-auth: > > auth ? ?sufficient ? ? ?pam_krb5.so > > auth ? ?required ? ? ? ?pam_unix.so nullok_secure use_first_pass > > > > common-account: > > account sufficient ? ? ?pam_winbind.so > > account required ? ? ? ?pam_unix.so > > > > common-session: > > session required ? ? ? ?pam_mkhomedir.so umask=0022 skel=/etc/skel > > > > common-password: > > password ? sufficient ? pam_unix.so nullok md5 shadow > > password ? sufficient ? pam_ldap.so use_first_pass > > password ? required ? ? pam_deny.so > > > > smb.conf: > > [global] > > ? ? ? ?workgroup = MYDOMAIN > > ? ? ? ?realm = MYDOMAIN.COM > > ? ? ? ?server string = %h server (Samba, Ubuntu) > > ? ? ? ?security = ADS > > ? ? ? ?map to guest = Bad User > > ? ? ? ?obey pam restrictions = Yes > > ? ? ? ?password server = dc1.mydomain.com > > ? ? ? ?passdb backend = tdbsam > > ? ? ? ?pam password change = Yes > > ? ? ? ?passwd program = /usr/bin/passwd %u > > ? ? ? ?passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > > ? ? ? ?unix password sync = Yes > > ? ? ? ?syslog = 0 > > ? ? ? ?log file = /var/log/samba/log.%m > > ? ? ? ?max log size = 1000 > > ? ? ? ?domain master = No > > ? ? ? ?dns proxy = No > > ? ? ? ?usershare allow guests = Yes > > ? ? ? ?panic action = /usr/share/samba/panic-action %d > > ? ? ? ?idmap uid = 10000-20000 > > ? ? ? ?idmap gid = 10000-20000 > > ? ? ? ?template homedir = /home/%U > > ? ? ? ?template shell = /bin/bash > > ? ? ? ?winbind separator = + > > ? ? ? ?winbind enum users = Yes > > ? ? ? ?winbind enum groups = Yes > > ? ? ? ?winbind use default domain = Yes > > ? ? ? ?invalid users = root > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: ?https://lists.samba.org/mailman/options/samba > From drescherjm at gmail.com Wed Jan 20 13:19:08 2010 From: drescherjm at gmail.com (John Drescher) Date: Wed, 20 Jan 2010 15:19:08 -0500 Subject: [Samba] performance tweaks?? In-Reply-To: <1264018410.6678.1080.camel@xpc> References: <1263766339.6678.707.camel@xpc> <1263859841.6678.935.camel@xpc> <1264018410.6678.1080.camel@xpc> Message-ID: <387ee2021001201219ocf1d34cw2ce31ffe0c51349a@mail.gmail.com> On Wed, Jan 20, 2010 at 3:13 PM, steve wrote: > On Tue, 2010-01-19 at 01:15 +0100, Volker Lendecke wrote: >> On Tue, Jan 19, 2010 at 01:10:41PM +1300, steve wrote: >> > I tried this, and ended up woth 2 pc's that could only see the top level >> > of the shaare. So I reverted it, and they *still* can only see one level >> > down. >> >> Ok, well... Maybe you have upper/lower case directories in >> your shares? Sorry, I had thought that the meaning of those >> parameters is pretty obvious: They assume that all file >> names on disk are a specific case. You should add "default >> case = lower" if you have everything lower-case. >> >> My apologies for not telling you in the first place, >> >> Volker > > As these are microsofties, there is mixed case and white space all over > the place. > I have a script I use to force the case. Here is a link: http://github.com/drescherjm/jmdgentoooverlay/blob/master/Other/shell-scripts/mvcase.sh John From lagern at lafayette.edu Wed Jan 20 13:35:33 2010 From: lagern at lafayette.edu (Nathan Lager) Date: Wed, 20 Jan 2010 15:35:33 -0500 Subject: [Samba] Samba, and NFS. lag? In-Reply-To: <20100120150054.407efd68@tlielax.poochiereds.net> References: <4B50CE14.405@lafayette.edu> <4B573D49.8030208@lafayette.edu> <4B574D22.2000503@lafayette.edu> <20100120150054.407efd68@tlielax.poochiereds.net> Message-ID: <4B576915.9020402@lafayette.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/20/2010 03:00 PM, Jeff Layton wrote: > ...often that means that you don't have rpc.statd running on the client. I officially feel like a dolt now. Thank you for pointing out what should have been painfully obvious. I started up the nfslock service on my samba server, and the issue is gone. Thanks! Here's to public humiliation. :P -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktXaRUACgkQsZqG4IN3sumEiwCgjsu7CywPEauep8TZAufwL2fH RzgAnjgDPui2dwBd75efZ7UPahhtYgko =VNjc -----END PGP SIGNATURE----- From cj.keist at colostate.edu Wed Jan 20 14:23:51 2010 From: cj.keist at colostate.edu (CJ Keist) Date: Wed, 20 Jan 2010 14:23:51 -0700 Subject: [Samba] Samba shares freezing Message-ID: <4B577467.5090809@colostate.edu> All, Looking for some help here. Not finding anything on the net that looks the same as what I'm seeing. Running Solaris 10 Sparc, on a Sunfire 5220, 16Gb of RAM. Samba version 3.4.5 and using ZFS file systems with user quotas. All cifs clients shares to this server freeze after about 10 to 15 minutes of connectivity. Only fix is to restart samba. I'm not getting any errors from samba or on the /var/adm/messages or /var/log/syslog files. Totally stumped here. This freezing also happened with 3.4.0. Compile of samba ./configure --with-quotas --disable-shared-libs Config: # Samba config file created using SWAT # from UNKNOWN (???) # Date: 2010/01/20 14:18:59 [global] workgroup = ENGR_DOM server string = Samba Server security = DOMAIN password level = 8 lanman auth = Yes client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 syslog = 2 log file = /var/log/samba/logs/log.%m max open files = 10000 socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No preferred master = Auto domain master = No dns proxy = No wins server = xxx.xx.xxx.xxx kernel oplocks = No lock spin time = 3 remote announce = xxx.xx.xxx.xxx acl check permissions = No acl group control = Yes oplocks = No level2 oplocks = No strict locking = No [top] comment = Top of the Tree path = /top read only = No create mask = 0755 directory security mask = 0755 [projects] comment = Project space path = /XKA1/projects read only = No create mask = 0775 directory mask = 02771 inherit permissions = Yes inherit acls = Yes [profiles] comment = Windows Roaming Profiles path = /XKA1/profiles valid users = +admin, +ens-students, +ACother read only = No profile acls = Yes [ens$] path = / valid users = name, name2, name3 force user = root read only = No acl map full control = No [dean] comment = Dean Group path = /XKA2/admin/Dean valid users = +Dean force group = Dean read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ebo] comment = EBO path = /XKA2/admin/EBO valid users = +ebo, +ebostdnt force group = ebo read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [adr] comment = Associate Dean for Researc path = /XKA2/admin/ResearchDean valid users = +adr force group = adr read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [adu] comment = Associate Dean for UnderGraduates path = /XKA2/admin/AcadAffairs valid users = +adu force group = adu read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [wmep] comment = Women&Minority in Engineering Programs path = /XKA2/admin/WMEP valid users = +wmep force group = wmep read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [development] comment = Engineering Development path = /XKA2/admin/Development valid users = +Devel force group = Devel read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ce] comment = Civil Engineering path = /XKA2/academic/CE valid users = +CEgroup force group = CEgroup read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [cira] comment = CIRA path = /XKA2/academic/CIRA valid users = +cira force group = cira read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [atmos] comment = ATMOS path = /XKA2/academic/Atmos valid users = +Atmosfac force group = Atmosfac read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ece] comment = Electrical and Computer Engineering path = /XKA2/academic/ECE valid users = +ECEgroup force group = ECEgroup read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [me] comment = Mechanical Engineering path = /XKA2/academic/ME valid users = +MEgroup force group = MEgroup read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [cheme] comment = Chemical Engineering path = /XKA2/academic/ChemE valid users = +ChEgroup force group = ChEgroup read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [biom] path = /XKA2/academic/BIOM valid users = +biom force group = biom read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes [ebo-student] comment = EBO-Student path = /XKA2/admin/EBO/people/Student-Employees valid users = +ebostdnt force group = ebostdnt read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [adu-student] path = /XKA2/admin/AcadAffairs/people/Student-Employees valid users = +adustdnt, +adu read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ats-student] path = /XKA2/academic/Atmos/people/Student-Employees valid users = +ats-student, +Atmosfac read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [committees] comment = Committees space path = /XKA2/committees read only = No create mask = 0770 directory mask = 0770 inherit permissions = Yes inherit acls = Yes [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 inherit permissions = Yes inherit owner = Yes -- C. J. Keist Email: cj.keist at colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' From masaog at fshac.com Wed Jan 20 14:33:11 2010 From: masaog at fshac.com (Masao Garcia) Date: Wed, 20 Jan 2010 15:33:11 -0600 Subject: [Samba] Change AD user password from Linux In-Reply-To: <2be970b51001201216t3f9c1cc7xdfdc5e0a50397c44@mail.gmail.com> References: <5B940415C1E34A838CE52973910759C6@fourseasonschicago.net> <2be970b51001201216t3f9c1cc7xdfdc5e0a50397c44@mail.gmail.com> Message-ID: <0C7D7305C5184EF387007C1A731ED75C@fourseasonschicago.net> John, Thanks for the reply. I edited my common-password file like yours and now I am prompted to enter the user's current password but after that, it gives me the "User not known to the underlying authentication module" error. Auth.log now gives me: pam_winbind(passwd:chauthtok): getting password (0x00000020) Jan 20 15:15:33 LTSP2 passwd[6505]: pam_winbind(passwd:chauthtok): request failed: Named pipe dicconnected, PAM error was System error (4), NT error was NT_STATUS_PIPE_DISCONNECTED Jan 20 15:15:33 LTSP2 passwd[6505]: pam_winbind(passwd:chauthtok): internal module error (retval = 4, user = 'idyson') Jan 20 15:15:33 LTSP2 passwd[6505]: pam_unix(passwd:chauthtok): user "idyson" does not exist in /etc/passwd I forgot to include my /etc/nsswitch.conf file: passwd: files winbind group: files winbind shadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: files ldap -----Original Message----- From: john [mailto:lists.john at gmail.com] Sent: Wednesday, January 20, 2010 2:16 PM To: Masao Garcia Cc: samba at lists.samba.org Subject: Re: [Samba] Change AD user password from Linux Hi Masao, I have essentially the same setup as you (ltsp, AD, Winbind). My users are able to change their passwords with the 'passwd' command. Here's the contents of /etc/pam.d/common-password file password sufficient pam_winbind.so password required pam_unix.so nullok obscure min=4 max=8 md5 Hth, John From jra at samba.org Wed Jan 20 14:43:14 2010 From: jra at samba.org (Jeremy Allison) Date: Wed, 20 Jan 2010 13:43:14 -0800 Subject: [Samba] Samba shares freezing In-Reply-To: <4B577467.5090809@colostate.edu> References: <4B577467.5090809@colostate.edu> Message-ID: <20100120214314.GA4141@jeremy-laptop> On Wed, Jan 20, 2010 at 02:23:51PM -0700, CJ Keist wrote: > All, > Looking for some help here. Not finding anything on the net that > looks the same as what I'm seeing. Running Solaris 10 Sparc, on a > Sunfire 5220, 16Gb of RAM. Samba version 3.4.5 and using ZFS file > systems with user quotas. > > All cifs clients shares to this server freeze after about 10 to 15 > minutes of connectivity. Only fix is to restart samba. I'm not > getting any errors from samba or on the /var/adm/messages or > /var/log/syslog files. Totally stumped here. This freezing also > happened with 3.4.0. Can you attach to a frozen smbd with truss to see where it might be stuck. Or alternatively ensure you are built with symbols, attach to the frozen process with gdb and get a backtrace using the "bt" command. Jeremy. From jax at nwmt.us Wed Jan 20 14:41:22 2010 From: jax at nwmt.us (Jack Downes) Date: Wed, 20 Jan 2010 14:41:22 -0700 Subject: [Samba] Samba shares freezing In-Reply-To: <4B577467.5090809@colostate.edu> References: <4B577467.5090809@colostate.edu> Message-ID: <4B577882.1010509@nwmt.us> Hey, if you are using Solaris 10, not openSol, you might want to look at this page. We are using it here at a hospital with some 2k users (probably a lot less than you, but...) and it's working very well. http://www.nineproductions.com/technology/1-sun-solaris/3-solaris-10-samba-zfs-configuration.html One of the things we had major problems with was not having oplocks. As I recall, they are pretty useful. we have kernel oplocks=yes, oplocks=yes, but use a fair amount of vetos. This serves as a fileserver for everyone's My Documents folder. However, we don't use roaming profiles, so that's probably a blessing on our side there. Hopefully that link helps you as much as it did us. CJ Keist wrote: > All, > Looking for some help here. Not finding anything on the net that > looks the same as what I'm seeing. Running Solaris 10 Sparc, on a > Sunfire 5220, 16Gb of RAM. Samba version 3.4.5 and using ZFS file > systems with user quotas. > > All cifs clients shares to this server freeze after about 10 to 15 > minutes of connectivity. Only fix is to restart samba. I'm not > getting any errors from samba or on the /var/adm/messages or > /var/log/syslog files. Totally stumped here. This freezing also > happened with 3.4.0. > > Compile of samba > ./configure --with-quotas --disable-shared-libs > > Config: > > # Samba config file created using SWAT > # from UNKNOWN (???) > # Date: 2010/01/20 14:18:59 > > [global] > workgroup = ENGR_DOM > server string = Samba Server > security = DOMAIN > password level = 8 > lanman auth = Yes > client NTLMv2 auth = Yes > map untrusted to domain = Yes > log level = 1 > syslog = 2 > log file = /var/log/samba/logs/log.%m > max open files = 10000 > socket options = TCP_NODELAY IPTOS_LOWDELAY > load printers = No > preferred master = Auto > domain master = No > dns proxy = No > wins server = xxx.xx.xxx.xxx > kernel oplocks = No > lock spin time = 3 > remote announce = xxx.xx.xxx.xxx > acl check permissions = No > acl group control = Yes > oplocks = No > level2 oplocks = No > strict locking = No > > [top] > comment = Top of the Tree > path = /top > read only = No > create mask = 0755 > directory security mask = 0755 > > [projects] > comment = Project space > path = /XKA1/projects > read only = No > create mask = 0775 > directory mask = 02771 > inherit permissions = Yes > inherit acls = Yes > > [profiles] > comment = Windows Roaming Profiles > path = /XKA1/profiles > valid users = +admin, +ens-students, +ACother > read only = No > profile acls = Yes > > [ens$] > path = / > valid users = name, name2, name3 > force user = root > read only = No > acl map full control = No > > [dean] > comment = Dean Group > path = /XKA2/admin/Dean > valid users = +Dean > force group = Dean > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [ens] > comment = ENS Groups > path = /XKA2/admin/ENS > valid users = +admin > force group = admin > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [ebo] > comment = EBO > path = /XKA2/admin/EBO > valid users = +ebo, +ebostdnt > force group = ebo > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [adr] > comment = Associate Dean for Researc > path = /XKA2/admin/ResearchDean > valid users = +adr > force group = adr > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [adu] > comment = Associate Dean for UnderGraduates > path = /XKA2/admin/AcadAffairs > valid users = +adu > force group = adu > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [wmep] > comment = Women&Minority in Engineering Programs > path = /XKA2/admin/WMEP > valid users = +wmep > force group = wmep > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [development] > comment = Engineering Development > path = /XKA2/admin/Development > valid users = +Devel > force group = Devel > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [ce] > comment = Civil Engineering > path = /XKA2/academic/CE > valid users = +CEgroup > force group = CEgroup > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [cira] > comment = CIRA > path = /XKA2/academic/CIRA > valid users = +cira > force group = cira > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [atmos] > comment = ATMOS > path = /XKA2/academic/Atmos > valid users = +Atmosfac > force group = Atmosfac > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [ece] > comment = Electrical and Computer Engineering > path = /XKA2/academic/ECE > valid users = +ECEgroup > force group = ECEgroup > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [me] > comment = Mechanical Engineering > path = /XKA2/academic/ME > valid users = +MEgroup > force group = MEgroup > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [cheme] > comment = Chemical Engineering > path = /XKA2/academic/ChemE > valid users = +ChEgroup > force group = ChEgroup > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [biom] > path = /XKA2/academic/BIOM > valid users = +biom > force group = biom > read only = No > create mask = 0770 > directory mask = 02770 > inherit permissions = Yes > inherit acls = Yes > > [ebo-student] > comment = EBO-Student > path = /XKA2/admin/EBO/people/Student-Employees > valid users = +ebostdnt > force group = ebostdnt > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [adu-student] > path = /XKA2/admin/AcadAffairs/people/Student-Employees > valid users = +adustdnt, +adu > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [ats-student] > path = /XKA2/academic/Atmos/people/Student-Employees > valid users = +ats-student, +Atmosfac > read only = No > create mask = 0770 > directory mask = 02770 > inherit acls = Yes > > [committees] > comment = Committees space > path = /XKA2/committees > read only = No > create mask = 0770 > directory mask = 0770 > inherit permissions = Yes > inherit acls = Yes > > [homes] > comment = Home Directories > read only = No > create mask = 0640 > directory mask = 0751 > inherit permissions = Yes > inherit owner = Yes From pradhanparas at gmail.com Wed Jan 20 15:46:35 2010 From: pradhanparas at gmail.com (Paras pradhan) Date: Wed, 20 Jan 2010 16:46:35 -0600 Subject: [Samba] pipe error Message-ID: <8b711df41001201446x3554cb1cq27f24cef073219c4@mail.gmail.com> Hi, When I try to connect to samba server from windows XP machines, I get an err "No process is on the other end of the pipe" .But some of the users running windows vista said they are not having any issues on that. The log.wb log says: [2010/01/20 16:43:41.368049, 0, pid=23202, effective(0, 1), real(0, 1)] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine abc.xyz.com pipe \NETLOGON fnum 0x4000returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED Samba is 3.0.34 running under solaris 9. Thanks Paras. From lists.john at gmail.com Wed Jan 20 16:09:40 2010 From: lists.john at gmail.com (john) Date: Wed, 20 Jan 2010 15:09:40 -0800 Subject: [Samba] Change AD user password from Linux In-Reply-To: <0C7D7305C5184EF387007C1A731ED75C@fourseasonschicago.net> References: <5B940415C1E34A838CE52973910759C6@fourseasonschicago.net> <2be970b51001201216t3f9c1cc7xdfdc5e0a50397c44@mail.gmail.com> <0C7D7305C5184EF387007C1A731ED75C@fourseasonschicago.net> Message-ID: <2be970b51001201509m8d7cc09hf49dc9d620b78de4@mail.gmail.com> Hi Masao, On Wed, Jan 20, 2010 at 1:33 PM, Masao Garcia wrote: > John, > > Thanks for the reply. ?I edited my common-password file like yours and now I > am prompted to enter the user's current password but after that, it gives me > the "User not known to the underlying authentication module" error. my nsswitch.conf looks like: passwd: files winbind group files winbind shadow files winbind hosts files dns wins networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis I can't account for the fact that some of my entries have semi-colon's in them. John From johannes at truschnigg.info Wed Jan 20 16:10:07 2010 From: johannes at truschnigg.info (Johannes Truschnigg) Date: Thu, 21 Jan 2010 00:10:07 +0100 Subject: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+) In-Reply-To: <20100120145516.1802c7c8@tlielax.poochiereds.net> References: <201001201941.28423.johannes@truschnigg.info> <20100120145516.1802c7c8@tlielax.poochiereds.net> Message-ID: <201001210010.11142.johannes@truschnigg.info> On Wednesday 20 January 2010 20:55:16 Jeff Layton wrote: > [?] > Most likely, you're running into the lack of parallelism in Linux' CIFS > client. Writes are done in in turn currently and not in parallel as > they should be. > [?] Very interesting; but that wouldn't explain why it's slow for Windows XP clients, would it? Is there any SMB/CIFS client implementation that's known for its speed so I could test if it's really a client issue? -- with best regards: - Johannes Truschnigg ( johannes at truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 133337 xmpp: johannes at truschnigg.info Please do not bother me with HTML-eMail or attachments. Thank you. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From masaog at fshac.com Wed Jan 20 16:25:33 2010 From: masaog at fshac.com (Masao Garcia) Date: Wed, 20 Jan 2010 17:25:33 -0600 Subject: [Samba] Change AD user password from Linux In-Reply-To: <2be970b51001201509m8d7cc09hf49dc9d620b78de4@mail.gmail.com> References: <5B940415C1E34A838CE52973910759C6@fourseasonschicago.net><2be970b51001201216t3f9c1cc7xdfdc5e0a50397c44@mail.gmail.com><0C7D7305C5184EF387007C1A731ED75C@fourseasonschicago.net> <2be970b51001201509m8d7cc09hf49dc9d620b78de4@mail.gmail.com> Message-ID: <8F8D1D893F3C460DA0BEF78B3434FFCB@fourseasonschicago.net> John, Still no go on the password change. I'm going to set up a fresh Ubuntu 8.04 install....I'm thinking maybe because my test LTSP server was set up to authenticate to a SambaPDC, maybe something is "tainted" and is causing the problem. Thank you for your help. -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of john Sent: Wednesday, January 20, 2010 5:10 PM To: samba at lists.samba.org Subject: Re: [Samba] Change AD user password from Linux Hi Masao, On Wed, Jan 20, 2010 at 1:33 PM, Masao Garcia wrote: > John, > > Thanks for the reply. ?I edited my common-password file like yours and now I > am prompted to enter the user's current password but after that, it gives me > the "User not known to the underlying authentication module" error. my nsswitch.conf looks like: passwd: files winbind group files winbind shadow files winbind hosts files dns wins networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis I can't account for the fact that some of my entries have semi-colon's in them. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From jra at samba.org Wed Jan 20 17:47:51 2010 From: jra at samba.org (Jeremy Allison) Date: Wed, 20 Jan 2010 16:47:51 -0800 Subject: [Samba] Samba shares freezing In-Reply-To: <4B578952.1080505@colostate.edu> References: <4B577467.5090809@colostate.edu> <20100120214314.GA4141@jeremy-laptop> <4B578952.1080505@colostate.edu> Message-ID: <20100121004751.GA5449@jeremy-laptop> On Wed, Jan 20, 2010 at 03:53:06PM -0700, CJ Keist wrote: > Jermey, > Thank you for your response. I don't have gdb installed but > here is truss of my share until it froze. It's blocked in an fcntl lock call on file descriptor 13. Unfortunately your truss trace doesn't show the open of fd 13, so I don't know what file this is. As it's an wait lock I'm guessing this is a tdb file. Install gdb next, and get the backtrace for more details. Jeremy. From learner.study at gmail.com Wed Jan 20 21:42:01 2010 From: learner.study at gmail.com (Learner Study) Date: Wed, 20 Jan 2010 20:42:01 -0800 Subject: [Samba] samba 3.0.25 with Windows 7 or Vista Message-ID: <7efa8a7d1001202042y6a4f4239x9f3ba6ef40c36a60@mail.gmail.com> Hello experts: I have been using samba 3.0.25 and it has been giving decent performance with windows XP or 2003 (about 60MB/s reads). But, I just tried with vista or windows7 but the perf is pretty bad (down to 8MB/s). I even enabled the Customize->video stream option on vista/windows7 but no impact. Any ideas what could be going wrong here? Has someone seen this? Any pointers - greatly appreciated. Thanks! From learner.study at gmail.com Wed Jan 20 21:42:01 2010 From: learner.study at gmail.com (Learner Study) Date: Wed, 20 Jan 2010 20:42:01 -0800 Subject: [Samba] samba 3.0.25 with Windows 7 or Vista Message-ID: <7efa8a7d1001202042y6a4f4239x9f3ba6ef40c36a60@mail.gmail.com> Hello experts: I have been using samba 3.0.25 and it has been giving decent performance with windows XP or 2003 (about 60MB/s reads). But, I just tried with vista or windows7 but the perf is pretty bad (down to 8MB/s). I even enabled the Customize->video stream option on vista/windows7 but no impact. Any ideas what could be going wrong here? Has someone seen this? Any pointers - greatly appreciated. Thanks! From drescherjm at gmail.com Wed Jan 20 21:49:45 2010 From: drescherjm at gmail.com (John Drescher) Date: Wed, 20 Jan 2010 23:49:45 -0500 Subject: [Samba] samba 3.0.25 with Windows 7 or Vista In-Reply-To: <7efa8a7d1001202042y6a4f4239x9f3ba6ef40c36a60@mail.gmail.com> References: <7efa8a7d1001202042y6a4f4239x9f3ba6ef40c36a60@mail.gmail.com> Message-ID: <387ee2021001202049o3b498c7ck73d55752999d09c6@mail.gmail.com> On Wed, Jan 20, 2010 at 11:42 PM, Learner Study wrote: > Hello experts: > > I have been using samba 3.0.25 and it has been giving decent > performance with windows XP or 2003 (about 60MB/s reads). But, I just > tried with vista or windows7 but the perf is pretty bad (down to > 8MB/s). I even enabled the Customize->video stream option on > vista/windows7 but no impact. > > Any ideas what could be going wrong here? Has someone seen this? > > Any pointers - greatly appreciated. > Your samba version was from 2007. Please upgrade to a recent release. Samba 3.4.5 has much better support for windows 7. John From bj at SerNet.DE Wed Jan 20 23:00:16 2010 From: bj at SerNet.DE (=?iso-8859-1?Q?Bj=F6rn?= Jacke) Date: Thu, 21 Jan 2010 07:00:16 +0100 Subject: [Samba] performance tweaks?? In-Reply-To: <387ee2021001201219ocf1d34cw2ce31ffe0c51349a@mail.gmail.com> References: <1263766339.6678.707.camel@xpc> <1263859841.6678.935.camel@xpc> <1264018410.6678.1080.camel@xpc> <387ee2021001201219ocf1d34cw2ce31ffe0c51349a@mail.gmail.com> Message-ID: On 2010-01-20 at 15:19 -0500 John Drescher sent off: > I have a script I use to force the case. > > Here is a link: > > http://github.com/drescherjm/jmdgentoooverlay/blob/master/Other/shell-scripts/mvcase.sh and in case you also have umlauts and other non-ascii characters in file names, you can use convmv, which can also lowercase your files and take care of the encoding, whatever encoding you tell it your files have. Cheers Bj?rn -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From linuxbox at wavenet.at Thu Jan 21 00:58:32 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Thu, 21 Jan 2010 08:58:32 +0100 Subject: [Samba] Samba 3.4.4 & Windows 7 offline folders In-Reply-To: <20100118223037.GA5569@jeremy-laptop> References: <4B54C8A0.7080701@wavenet.at> <20100118223037.GA5569@jeremy-laptop> Message-ID: <4B580928.5020107@wavenet.at> > We did fix a bug in this recently (with Microsoft's help). But > it should definately be fixed in 3.4.4. > > I'll take a look at this once I'm back with my full test environment > (next week). In the meantime can you log a bug at bugzilla.samba.org > so this problem doesn't get lost. > > Thanks, > > Jeremy. > > Jeremy, we don't had the issue with Samba 3.4.5 the last 2 days anymore. If it occurs again somewhere on our clients i will open a bug ticket. Thank you From Jacques.Kostic at pmintl.com Thu Jan 21 01:31:17 2010 From: Jacques.Kostic at pmintl.com (Kostic, Jacques) Date: Thu, 21 Jan 2010 09:31:17 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 Message-ID: Hi Volker, iMac is the client. Jko Jacques KOSTIC Philip Morris International Senior IS Analyst Finance Systems Av Rhodanie 50 1001 Lausanne E-mail: Jacques.Kostic at pmintl.com Phone: +41 (58) 242 7727 Fax: +41 (58) 242 0101 From Volker.Lendecke at SerNet.DE Thu Jan 21 01:52:02 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Thu, 21 Jan 2010 09:52:02 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: On Thu, Jan 21, 2010 at 09:31:17AM +0100, Kostic, Jacques wrote: > iMac is the client. iMac is the client, Windows is the server? If I got you right, there is not much any Samba forum can do here. Please contact your friendly Apple or Microsoft support :-) Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From Moray.Henderson at ict-software.org Thu Jan 21 02:37:25 2010 From: Moray.Henderson at ict-software.org (Moray Henderson) Date: Thu, 21 Jan 2010 09:37:25 +0000 Subject: [Samba] Tracking down rogue workgroup In-Reply-To: <20100119224859.GA14169@esri.com> References: <20100119224859.GA14169@esri.com> Message-ID: <000c01ca9a7d$5879b080$096d1180$@Henderson@ict-software.org> Ray Van Dolson wrote: >Hi folks. Periodically a workgroup shows up on our network with an >inappropriate name. We're trying to find the best way to track this >down as it's quite intermittent. > >We can obviously look for announcement messages (in broadcast packets >on ports 138/139), but this must be done on each subnet and we have >enough subnets that this would be rather tedious and at best, a last >resort. > >The workgroup is available to machines in every subnet, so apparently >its presence is getting relayed back to the domain controllers... > >For protocol gurus: is there a particular packet we can look for on the >domain controllers that could help us narrow down our search to the >right subnet? A message from the local master browser sending a list >of workgroups perhaps? > >Or a message updating WINS entries? > >Any suggestions would be appreciated! > >Thanks, >Ray Have cron execute a short script every few minutes looking for the workgroup, and emailing you what it finds: nmblookup -M MSHOME > /tmp/workgroup.txt if ! grep -q failed /tmp/workgroup.txt; then mail -s "Workgroup found" root < /tmp/workgroup.txt fi Vista machines tend to announce themselves as workgroups, so if you have anyone bringing a laptop into your network, or connecting through a VPN link, you can see this sort of thing. Moray. "To err is human.? To purr, feline" From tjaalton at cc.hut.fi Thu Jan 21 02:59:59 2010 From: tjaalton at cc.hut.fi (Timo Aaltonen) Date: Thu, 21 Jan 2010 11:59:59 +0200 (EET) Subject: [Samba] domain join & kinit woes Message-ID: Hi I've got problems getting things to work here.. The setup: AD: W2008R1 client: Ubuntu 10.04 (lucid alpha2), with samba 3.4.3, MIT 1.7 I get an error when joining the domain, and when trying to kinit using the machine principal with any other name than HOST$ (and that worked only after forcing the crypto to des-cbc-crc): nexus6 etc # net ads join -W ORG.AALTO.FI -U wa.aaltonen Enter wa.aaltonen's password: Using short domain name -- AALTO Joined 'NEXUS6' to realm 'org.aalto.fi' [2010/01/21 10:49:35, 0] libads/kerberos.c:332(ads_kinit_password) kerberos_kinit_password NEXUS6$@ORG.AALTO.FI failed: Client not found in Kerberos database nexus6 etc # klist -k Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/nexus6.org.aalto.fi at ORG.AALTO.FI 2 host/nexus6.org.aalto.fi at ORG.AALTO.FI 2 host/nexus6.org.aalto.fi at ORG.AALTO.FI 2 host/nexus6 at ORG.AALTO.FI 2 host/nexus6 at ORG.AALTO.FI 2 host/nexus6 at ORG.AALTO.FI 2 NEXUS6$@ORG.AALTO.FI 2 NEXUS6$@ORG.AALTO.FI 2 NEXUS6$@ORG.AALTO.FI nexus6 etc # kinit -k NEXUS6$@ORG.AALTO.FI kinit: Client not found in Kerberos database while getting initial credentials nexus6 etc # kinit -k NEXUS6$ nexus6 etc # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: NEXUS6$@ORG.AALTO.FI Valid starting Expires Service principal 01/21/10 11:00:13 01/21/10 21:00:13 krbtgt/ORG.AALTO.FI at ORG.AALTO.FI renew until 01/22/10 11:00:13 I've been pulling my hair because of this... Would W2008 R2 help? We can't upgrade yet though, since the backup software doesn't support it atm. Here's the smb.conf and krb5.conf. Note that I'm trying to use sssd instead of winbind, but it fails to do a sasl bind because of invalid creds, so there has to be something wrong in the kerberos setup. Funny that the same-ish krb5.conf works just fine on Solaris. #### krb5.conf [libdefaults] default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc default_realm = ORG.AALTO.FI dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = true [realms] ORG.AALTO.FI = { kdc = dc01.org.aalto.fi kdc = dc02.org.aalto.fi kdc = dc03.org.aalto.fi kdc = dc04.org.aalto.fi kdc = dca01.org.aalto.fi kdc = dca02.org.aalto.fi kdc = dct01.org.aalto.fi kdc = dct02.org.aalto.fi kpasswd_server = dc01.org.aalto.fi kpasswd_protocol = SET_CHANGE admin_server = dc01.org.aalto.fi } [domain_realm] .org.aalto.fi = ORG.AALTO.FI [appdefaults] kinit = { renewable = true forwardable = true } ##### smb.conf [global] workgroup = AALTO realm = ORG.AALTO.FI security = ads kerberos method = system keytab winbind use default domain = yes From vollivier at gmail.com Thu Jan 21 05:44:26 2010 From: vollivier at gmail.com (Virgil Ollivier) Date: Thu, 21 Jan 2010 13:44:26 +0100 Subject: [Samba] Samba/Winbind 3.4.4 on AIX 5.3 TL 10 does not retrieve ANY User's Secondary Groups Message-ID: <141912211001210444n777143a7q19720995f30d1e5e@mail.gmail.com> Hi folks ! Has someone any idea on this issue on AIX 5.3 TL 10 with winbind ? I'm really stuck now ... I think everything is working pretty well with WINBIND and AD 2k3 , but not my most important point : I absolutely need the Secondary groups of each AD user which get connected to the AIX to use this filter with sudo... I only get Primary Group (which is by default "Domain Users" ) I'll try to be as clear as possible to explain you what are all the relationships between WINBIND & Active Directory & SUDO, and show you a "working" example (on Linux). 1 . Active Directory : -------------------------------- Installed Version : Win2003 R1 SP2 without SFU because : we do not have the right to use them on this architecture - this is related to another soft above the AD, which is used to do the user's provisionning - - We only modified the schema directory to have the sudoers manage by the AD : from : http://www.gratisoft.us/sudo/readme_ldap.html [...] If using an Active Directory server, copy schema.ActiveDirectory to your Windows domain controller and run the following command: ldifde -i -f schema.ActiveDirectory -c dc=X dc=example,dc=com [...] - All users (Windows / Unix) are created by the "AD's way" : everybody is "Domain Users" as a primary group, then have a variable number of secondary groups (at least one). This one is giving all "necessary privileges" either to access Windows or Unix systems/apps . But for Unix, a sec. group is used for the sudo's privilege elevation too. 2 . WINBIND : ---------------------- - And on ALL Unix/Linux machines is installed Winbind & and configured. Installed packages : ------------------------------- pware53.base.rte 5.3.0.0 COMMITTED pWare base for 5.3 pware53.bdb.rte 4.6.21.4 COMMITTED Berkeley DB 4.6.21 pware53.cyrus-sasl.rte 2.1.22.2 COMMITTED cyrus-sasl 2.1.22 pware53.gettext.rte 0.17.0.0 COMMITTED GNU gettext 0.17 pware53.krb5.rte 1.6.3.1 COMMITTED MIT Kerberos 1.6.3 pware53.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1 pware53.ncurses.rte 5.7.0.1 COMMITTED ncurses 5.7.0.1 pware53.openldap.rte 2.4.19.0 COMMITTED OpenLDAP 2.4.19 pware53.openssl.rte 0.9.8.10 COMMITTED OpenSSL 0.9.8j pware53.popt.rte 1.10.4.0 COMMITTED popt 1.10.4 pware53.readline.rte 6.1.0.0 COMMITTED GNU readline 6.1 pware53.samba.rte 3.4.4.0 COMMITTED Samba 3.4.4 pware53.sudo.rte 1.7.2.1 COMMITTED sudo 1.7.2p1 pware53.zlib.rte 1.2.3.0 COMMITTED zlib 1.2.3 Here is the smb.conf : [global] workgroup = PEPS realm = PEPS.LOCAL server string = PEPS Security IAM security = ads ; use kerberos keytab = true load printers = no log file = /var/log/samba/%m.log client use spnego = yes max log size = 50 log level = 5 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 password server = PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL idmap backend = rid:PEPS=10000-20000 idmap uid = 10000 - 20000 idmap gid = 10000 - 20000 winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind nested groups = yes ; winbind separator = + winbind use default domain = yes allow trusted domains = no template shell = /bin/ksh dns proxy = no preferred master = no encrypt passwords = yes auth methods = winbind winbind refresh tickets = true winbind expand groups = 8 3 . SUDO : ----------------- - In the AD's sudoers OU, we have all sec. groups configured with the good privileges (authorized commands / hosts / noexec ...) - sudo is looking for a secondary group (with a ldap query) to match. Here is the Linux example : [pepsrh5.peps.local:test:/home/PEPS/test:] id uid=11137(test) gid=10513(Domain Users) groups=10512(Domain Admins),10513(Domain Users),10518(Schema Admins),10519(Enterprise Admins),11111(ghba8),11113(unix),11132(adminL),11605(CERTSVC_DCOM_ACCESS) [pepsrh5.peps.local:test:/home/PEPS/test:] groups Domain Users Domain Admins Schema Admins Enterprise Admins ghba8 unix adminL CERTSVC_DCOM_ACCESS [pepsrh5.peps.local:test:/home/PEPS/test:] sudo su - LDAP Config Summary =================== uri ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/ ldap_version 3 sudoers_base ou=SUDOers,dc=peps,dc=local binddn bindpw bind_timelimit 3000 timelimit 3 ssl yes tls_checkpeer (no) tls_cacertdir /etc/openldap/cacerts/ =================== sudo: ldap_initialize(ld, ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option: tls_cacertdir -> /etc/openldap/cacerts/ sudo: ldap_set_option: timelimit -> 3 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 3) sudo: ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD) sudo: ldap_sasl_bind_s() ok sudo: found:CN=defaults,OU=SUDOers,DC=peps,DC=local sudo: ldap sudoOption: 'timestamp_timeout=0' sudo: ldap sudoOption: 'loglinelen=0' sudo: ldap sudoOption: 'syslog_badpri=alert' sudo: ldap sudoOption: 'syslog=local2' sudo: ldap sudoOption: 'syslog_goodpri=alert' sudo: ldap sudoOption: '!env_reset' sudo: ldap sudoOption: 'log_year' sudo: ldap sudoOption: 'log_host' sudo: ldap sudoOption: 'insults' sudo: ldap sudoOption: 'logfile=/var/log/sudo.log' sudo: ldap search '(|(sudoUser=test)(sudoUser=%Domain Users)(sudoUser=%ghba8)(sudoUser=%unix)(sudoUser=%CERTSVC_DCOM_ACCESS)(sudoUser=ALL))' sudo: found:CN=ghba8,OU=SUDOers,DC=peps,DC=local <-- here we can see that the user has been found into the sec. group ghba8 <-- here below there are the matching sudo authorized privileges [...] --> sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap sudoCommand 'ALL' ... MATCH! sudo: Command allowed sudo: ldap sudoOption: 'authenticate' sudo: user_matches=1 sudo: host_matches=1 sudo: sudo_ldap_lookup(0)=0x02 Password: [root at pepsrh5 ~]# Here is the AIX example : [pepsaix53.peps.local:test:/home/PEPS/test:] id uid=11137(test) gid=10513(domain users) [pepsaix53.peps.local:test:/home/PEPS/test:] groups domain users [pepsaix53.peps.local:test:/home/PEPS/test:] lsuser -R WINBIND test test id=11137 pgrp=domain users home=/home/PEPS/test shell=/bin/ksh gecos= registry=WINBIND roles= id=11137 pgrp=domain users home=/home/PEPS/test shell=/bin/ksh pgid=10513 gecos= shell=/bin/ksh pgrp=domain users SID=S-1-5-21-1911926800-2589015463-1641127959-1137 [pepsaix53.peps.local:test:/home/PEPS/test:] sudo su - LDAP Config Summary =================== uri ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/ ldap_version 3 sudoers_base ou=SUDOers,dc=peps,dc=local binddn bindpw bind_timelimit 3000 timelimit 3 ssl yes tls_checkpeer (no) tls_cacertdir /etc/openldap/cacerts/ =================== sudo: ldap_initialize(ld, ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option: tls_cacertdir -> /etc/openldap/cacerts/ sudo: ldap_set_option: timelimit -> 3 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 3) sudo: ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD) sudo: ldap_sasl_bind_s() ok sudo: found:CN=defaults,OU=SUDOers,DC=peps,DC=local sudo: ldap sudoOption: 'timestamp_timeout=0' sudo: ldap sudoOption: 'loglinelen=0' sudo: ldap sudoOption: 'syslog_badpri=alert' sudo: ldap sudoOption: 'syslog=local2' sudo: ldap sudoOption: 'syslog_goodpri=alert' sudo: ldap sudoOption: '!env_reset' sudo: ldap sudoOption: 'log_year' sudo: ldap sudoOption: 'log_host' sudo: ldap sudoOption: 'insults' sudo: ldap sudoOption: 'logfile=/var/log/sudo.log' sudo: ldap search '(|(sudoUser=test)(sudoUser=%domain users)(sudoUser=ALL))' sudo: ldap search 'sudoUser=+*' sudo: user_matches=0 sudo: host_matches=0 sudo: sudo_ldap_lookup(0)=0x60 Password: test is not in the sudoers file. This incident will be reported. 4 . Traces : ------------------ 4.1 when user test ran '[pepsaix53.peps.local:test:/home/PEPS/test:] id' command winbindd -SFi -d 3 gives : [...] [180298]: request interface version [180298]: request location of privileged pipe [180298]: getpwuid 11147 [233722]: uid to sid 11147 [233722]: lookupsid S-1-5-21-1911926800-2589015463-1641127959-1147 ads: fetch sequence_number for PEPS get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" Successfully contacted LDAP server 9.100.71.180 get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" Successfully contacted LDAP server 9.100.71.180 get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" Successfully contacted LDAP server 9.100.71.180 Connected to LDAP server pepsdc1.peps.local ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 ads_sasl_spnego_bind: got server principal name = pepsdc1$@PEPS.LOCAL ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Thu, 21 Jan 2010 14:31:43 CET ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT ads: query_user [233722]: sid to uid S-1-5-21-1911926800-2589015463-1641127959-1147 [233722]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-513 [180298]: getgrgid 10513 [233722]: gid 10513 to sid [233722]: lookupsid S-1-5-21-1911926800-2589015463-1641127959-513 sid_to_name [rpc] S-1-5-21-1911926800-2589015463-1641127959-513 for domain PEPS connection_ok: Connection to pepsdc1.peps.local for domain PEPS has died or was never started (fd == -1) Doing spnego session setup (blob length=107) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=pepsdc1$@PEPS.LOCAL Doing kerberos session setup ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu, 21 Jan 2010 14:31:43 CET ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT Connecting to 9.100.71.180 at port 135 Connecting to 9.100.71.180 at port 1025 [233722]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-513 get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" Successfully contacted LDAP server 9.100.71.180 get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" Successfully contacted LDAP server 9.100.71.180 get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" get_dc_list: preferred server list: "pepsdc1.peps.local, PEPSDC1.PEPS.LOCAL PEPSDC2.PEPS.LOCAL" Successfully contacted LDAP server 9.100.71.180 Connected to LDAP server pepsdc1.peps.local ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 ads_sasl_spnego_bind: got server principal name = pepsdc1$@PEPS.LOCAL ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Thu, 21 Jan 2010 14:31:43 CET ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT Connecting to 9.100.71.180 at port 135 Connecting to 9.100.71.180 at port 1025 ads lookup_groupmem for sid=S-1-5-21-1911926800-2589015463-1641127959-513 succeeded [180298]: getgrgid 10513 [233722]: gid 10513 to sid [233722]: lookupsid S-1-5-21-1911926800-2589015463-1641127959-513 [233722]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-513 results : [pepsaix53.peps.local:test:/home/PEPS/test:] id uid=11147(test) gid=10513(domain users) 4.2 . when user test run '[pepsaix53.peps.local:test:/home/PEPS/test:] id test' command winbindd -SFi -d 3 gives : [...] [323810]: request interface version [323810]: request location of privileged pipe [323810]: getpwnam test [233726]: lookupname PEPS\test [233726]: lookupsid S-1-5-21-1911926800-2589015463-1641127959-1147 [233726]: sid to uid S-1-5-21-1911926800-2589015463-1641127959-1147 [233726]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-513 [323810]: getgrgid 10513 [233726]: gid 10513 to sid [233726]: lookupsid S-1-5-21-1911926800-2589015463-1641127959-513 [233726]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-513 [323810]: getgroups test [233726]: lookupname PEPS\test [233726]: getsidaliases [233726]: getsidaliases [233726]: getsidaliases [233726]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-513 [233726]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-1113 [233726]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-1605 [233726]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-1605 [323810]: getgrgid 11113 [233726]: gid 11113 to sid [233726]: lookupsid S-1-5-21-1911926800-2589015463-1641127959-1113 [233726]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-1113 [323810]: getgrgid 11605 [233726]: gid 11605 to sid [233726]: lookupsid S-1-5-21-1911926800-2589015463-1641127959-1605 [233726]: sid to gid S-1-5-21-1911926800-2589015463-1641127959-1605 results : [pepsaix53.peps.local:test:/home/PEPS/test:] id test uid=11147(test) gid=10513(domain users) groups=11113(unix),11605(certsvc_dcom_access) 4.3 . when as root we run 'lsuser -R WINBIND test' [pepsaix53:root:/home/root:] lsuser -R WINBIND test test id=11147 pgrp=domain users home=/home/PEPS/test shell=/bin/ksh gecos= login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=77 registry=WINBIND SYSTEM=WINBIND OR WINBIND[UNAVAIL] OR compat logintimes= loginretries=5 pwdwarntime=0 account_locked=false minage=1 maxage=13 maxexpired=-1 minalpha=1 minother=1 mindiff=1 maxrepeats=2 minlen=8 histexpire=0 histsize=8 pwdchecks= dictionlist=/usr/share/dict/words fsize=-1 cpu=-1 data=524288 stack=524288 core=2097151 rss=524288 nofiles=-1 time_last_login=1264076318 time_last_unsuccessful_login=1263895814 tty_last_login=/dev/pts/2 tty_last_unsuccessful_login=ssh host_last_login=9.212.28.117 host_last_unsuccessful_login=9.212.28.117 unsuccessful_login_count=0 roles= id=11147 pgrp=domain users home=/home/PEPS/test shell=/bin/ksh pgid=10513 gecos= shell=/bin/ksh pgrp=domain users SID=S-1-5-21-1911926800-2589015463-1641127959-1147 We have not the "groups=" field ... :/ ! As you could see these are 2 different behaviours ! :D Maybe it's not due to Winbind or SUDO, but only to AIX... I really don't know ... It seems that the sudo ldap query is based on either 'id' or 'lsuser' commands, or on how AIX stores the user's uid/pgrp/groups into the system, which I don't know ... Hoping I was clear enough... if not don't hesitate to tell me. Thanks. Virgil. From Jacques.Kostic at pmintl.com Thu Jan 21 06:03:16 2010 From: Jacques.Kostic at pmintl.com (Kostic, Jacques) Date: Thu, 21 Jan 2010 14:03:16 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: Hi Volker, Pleeease be nice ;-) A normal network between one XP and one W2K3 server with a giga bit switch in the midle produce more that 400Mb/ sec transfer rate. If I just replace the XP by my iMac with Samba connecting to the W2K3 I am getting less than 15Mb/Sec... I mean if I could have an explanation or help to optimize samba... Many thanks jko -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Sent: Thursday, January 21, 2010 9:52 AM To: Kostic, Jacques Cc: samba at lists.samba.org Subject: Re: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 On Thu, Jan 21, 2010 at 09:31:17AM +0100, Kostic, Jacques wrote: > iMac is the client. iMac is the client, Windows is the server? If I got you right, there is not much any Samba forum can do here. Please contact your friendly Apple or Microsoft support :-) Volker From gsscholz at gmail.com Thu Jan 21 06:22:22 2010 From: gsscholz at gmail.com (Sebastian Scholz) Date: Thu, 21 Jan 2010 13:22:22 +0000 (UTC) Subject: [Samba] net rpc user add produces duplicate SID References: Message-ID: Sebastian Scholz gmail.com> writes: > > I moved the domain SID and the local SID to the new pdc and filled the ldap > directory with all users and machines from the old machine. I can access the > smb via smbclient, id user works and getent passwd, etc. > > BUT when I try to add a new user with > # net rpc user add newusername > the user gets a SID which is already used by a machine account. The command > responds with "Faild to add user 'newusername' with: No such user." > # pdbedit -L > reports this user and this machine account with ldapsam_getsampwsid: More > than one user with SID [S-1-5-21....]. Failing. count=2. Deleting the user > with > # net rpc user delete newusername > works. > Hi List the same actually happens when I add a new machine to the domain with net dom join Can I change the SID/RID somehow after adding a new account or is there a way to tell net to start from a different RID? Thanks Sebastian From Volker.Lendecke at SerNet.DE Thu Jan 21 06:26:42 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Thu, 21 Jan 2010 14:26:42 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: On Thu, Jan 21, 2010 at 02:03:16PM +0100, Kostic, Jacques wrote: > Pleeease be nice ;-) Well, I try to be :-) > A normal network between one XP and one W2K3 server with > a giga bit switch in the midle produce more that 400Mb/ > sec transfer rate. > > If I just replace the XP by my iMac with Samba connecting > to the W2K3 I am getting less than 15Mb/Sec... > > I mean if I could have an explanation or help to optimize samba... Ok, which piece of Samba are you actually using? What do you *exactly* mean by "iMac with samba connecting to W2K3"? If this means you issue smbclient //w2k3/share on the command line, then yes, this is our business. If you instead use the native iMac tools and mount //w2k3/share into your local system. If the latter is the case (you are using the native iMac GUI to connect to the server), then no, no Samba piece is involved. In that case, you need to contact your Apple support. Please clarify what you are doing and apologies if I was not precise enough. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From jlayton at samba.org Thu Jan 21 06:31:24 2010 From: jlayton at samba.org (Jeff Layton) Date: Thu, 21 Jan 2010 08:31:24 -0500 Subject: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+) In-Reply-To: <201001210010.11142.johannes@truschnigg.info> References: <201001201941.28423.johannes@truschnigg.info> <20100120145516.1802c7c8@tlielax.poochiereds.net> <201001210010.11142.johannes@truschnigg.info> Message-ID: <20100121083124.7ffa8fc2@tlielax.poochiereds.net> On Thu, 21 Jan 2010 00:10:07 +0100 Johannes Truschnigg wrote: > On Wednesday 20 January 2010 20:55:16 Jeff Layton wrote: > > [?] > > Most likely, you're running into the lack of parallelism in Linux' CIFS > > client. Writes are done in in turn currently and not in parallel as > > they should be. > > [?] > > Very interesting; but that wouldn't explain why it's slow for Windows XP > clients, would it? Is there any SMB/CIFS client implementation that's known > for its speed so I could test if it's really a client issue? > Oops, missed that point in the initial email. You're correct -- it wouldn't explain why windows is slow. I *think* smbclient is actually reasonably fast and does parallel reads/writes. You may want to try it. If it's also slow, I'd probably do some analysis of the traffic on the wire and see if you can determine the cause that way. -- Jeff Layton -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From Jacques.Kostic at pmintl.com Thu Jan 21 06:34:51 2010 From: Jacques.Kostic at pmintl.com (Kostic, Jacques) Date: Thu, 21 Jan 2010 14:34:51 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: We I connect to //w2k3/share I am effectively using a GUI tool to do that. The tool show me my server like this: smb://licorne If I the double click on this, then I am getting all my shares and I can mount one. So Yes Samba is used and at the end the smbclient //w2k3/share is raised to map my drive. I may forums I saw some performance issues with Samba but no relevant answers on how to optimize. Many thanks jko -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Sent: Thursday, January 21, 2010 2:27 PM To: Kostic, Jacques Cc: samba at lists.samba.org Subject: Re: How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 On Thu, Jan 21, 2010 at 02:03:16PM +0100, Kostic, Jacques wrote: > Pleeease be nice ;-) Well, I try to be :-) > A normal network between one XP and one W2K3 server with a giga bit > switch in the midle produce more that 400Mb/ sec transfer rate. > > If I just replace the XP by my iMac with Samba connecting to the W2K3 > I am getting less than 15Mb/Sec... > > I mean if I could have an explanation or help to optimize samba... Ok, which piece of Samba are you actually using? What do you *exactly* mean by "iMac with samba connecting to W2K3"? If this means you issue smbclient //w2k3/share on the command line, then yes, this is our business. If you instead use the native iMac tools and mount //w2k3/share into your local system. If the latter is the case (you are using the native iMac GUI to connect to the server), then no, no Samba piece is involved. In that case, you need to contact your Apple support. Please clarify what you are doing and apologies if I was not precise enough. Volker From Volker.Lendecke at SerNet.DE Thu Jan 21 06:58:07 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Thu, 21 Jan 2010 14:58:07 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: On Thu, Jan 21, 2010 at 02:34:51PM +0100, Kostic, Jacques wrote: > We I connect to //w2k3/share I am effectively using a GUI tool to do that. > > The tool show me my server like this: > > smb://licorne > > If I the double click on this, then I am getting all my > shares and I can mount one. > > So Yes Samba is used and at the end the smbclient > //w2k3/share is raised to map my drive. Ok, I think we have a misunderstanding here. smb://licorne does not necessarily mean Samba is used. It does mean that the SMB (Server Message Block) protocol is used. OS/X has its own implementation of the SMB protocol that has nothing to do with Samba. If a Windows share/volume shows up on your Desktop as an icon which you can open by clicking on it and you can directly open, say, pdf files from that, then no, Samba is not involved. In that case it is purely Apple code that the Samba community has no stakes in. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From Jacques.Kostic at pmintl.com Thu Jan 21 06:59:46 2010 From: Jacques.Kostic at pmintl.com (Kostic, Jacques) Date: Thu, 21 Jan 2010 14:59:46 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: Ok, now I get you point. I will then contact them to see what they will answer. Many thanks for your patience ;-) Jko -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Sent: Thursday, January 21, 2010 2:58 PM To: Kostic, Jacques Cc: samba at lists.samba.org Subject: Re: How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 On Thu, Jan 21, 2010 at 02:34:51PM +0100, Kostic, Jacques wrote: > We I connect to //w2k3/share I am effectively using a GUI tool to do that. > > The tool show me my server like this: > > smb://licorne > > If I the double click on this, then I am getting all my shares and I > can mount one. > > So Yes Samba is used and at the end the smbclient //w2k3/share is > raised to map my drive. Ok, I think we have a misunderstanding here. smb://licorne does not necessarily mean Samba is used. It does mean that the SMB (Server Message Block) protocol is used. OS/X has its own implementation of the SMB protocol that has nothing to do with Samba. If a Windows share/volume shows up on your Desktop as an icon which you can open by clicking on it and you can directly open, say, pdf files from that, then no, Samba is not involved. In that case it is purely Apple code that the Samba community has no stakes in. Volker From Hullen at t-online.de Thu Jan 21 06:42:00 2010 From: Hullen at t-online.de (Helmut Hullen) Date: 21 Jan 2010 14:42:00 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: Message-ID: Hallo, Kostic,, Du meintest am 21.01.10: > A normal network between one XP and one W2K3 server with a giga bit > switch in the midle produce more that 400Mb/ sec transfer rate. That's about 40 MByte/s - is the destination of the transfer a hard disk? Viele Gruesse! Helmut From drescherjm at gmail.com Thu Jan 21 07:11:14 2010 From: drescherjm at gmail.com (John Drescher) Date: Thu, 21 Jan 2010 09:11:14 -0500 Subject: [Samba] Fwd: samba 3.0.25 with Windows 7 or Vista In-Reply-To: <31539a7b1001210554g756337dwb31341c52f580b7a@mail.gmail.com> References: <7efa8a7d1001202042y6a4f4239x9f3ba6ef40c36a60@mail.gmail.com> <387ee2021001202049o3b498c7ck73d55752999d09c6@mail.gmail.com> <31539a7b1001210554g756337dwb31341c52f580b7a@mail.gmail.com> Message-ID: <387ee2021001210611n190244bdp6557ff201393782c@mail.gmail.com> ---------- Forwarded message ---------- From: Eliel Oliveira Date: Thu, Jan 21, 2010 at 8:54 AM Subject: Re: [Samba] samba 3.0.25 with Windows 7 or Vista To: John Drescher Are you using it as PDC ? The suport for Win 7 had been added in versions 3.3.X and 3.4.X improving the perfomance of the shares, and suport for domain. its all on the release notes. just take a look at regards From gsscholz at gmail.com Thu Jan 21 07:28:43 2010 From: gsscholz at gmail.com (Sebastian Scholz) Date: Thu, 21 Jan 2010 14:28:43 +0000 (UTC) Subject: [Samba] net rpc user add produces duplicate SID References: Message-ID: Sebastian Scholz gmail.com> writes: > > Sebastian Scholz gmail.com> writes: > > > > > > I moved the domain SID and the local SID to the new pdc and filled the ldap > > directory with all users and machines from the old machine. I can access > > the smb via smbclient, id user works and getent passwd, etc. > > > > BUT when I try to add a new user with > > # net rpc user add newusername > > the user gets a SID which is already used by a machine account. The command > > responds with "Faild to add user 'newusername' with: No such user." > > # pdbedit -L > > reports this user and this machine account with ldapsam_getsampwsid: More > > than one user with SID [S-1-5-21....]. Failing. count=2. Deleting the user > > with > > # net rpc user delete newusername > > works. > > > > Hi List > > the same actually happens when I add a new machine to the domain with > net dom join > > Can I change the SID/RID somehow after adding a new account or is there a > way to tell net to start from a different RID? > > Thanks > Sebastian > Me again, I hot fixed the problem for me by adding and deleting a dummy user a couple of times: # for i in `seq 0 50 ` ; do # net rpc user add username -U root%geheim # net rpc user delete username -U root%geheim # done but I still guess this is a bug in the net command. Regards Sebastian From waseemzhr at gmail.com Thu Jan 21 08:18:53 2010 From: waseemzhr at gmail.com (Waseem Azhar) Date: Thu, 21 Jan 2010 20:18:53 +0500 Subject: [Samba] importing user hashes using 'net samdump' Message-ID: Hi, Does anyone tried importing 'password hashes' from Exchange server 2003 or 2007 using 'net samdump' or tried 'smbtorture' ? when I try 'net samdump' against Exchange Server with Domain functional level NT4 it works. But fails with Exchange 2003 with Domain functional level "Windows 2003 server" and Exchange server 2007. Are these tools not ready for Windows 2003 or 2008 domains ? I saw netlogon service (on windows DC) complaining [CRITICAL] NetrDatabaseSync2: called from WAZHAR. This machine doesn't support replication. Same error in both Exchange Server 2003 and 2007. Any ideas ? Thanks, -WAzhar From Jacques.Kostic at pmintl.com Thu Jan 21 08:21:51 2010 From: Jacques.Kostic at pmintl.com (Kostic, Jacques) Date: Thu, 21 Jan 2010 16:21:51 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: The funny thing when I setup my Connections to Windows Shares, I am configuring Samba with the famous smb.conf file. So I gess we have Samba behind ;-) Jko -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Sent: Thursday, January 21, 2010 9:52 AM To: Kostic, Jacques Cc: samba at lists.samba.org Subject: Re: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 On Thu, Jan 21, 2010 at 09:31:17AM +0100, Kostic, Jacques wrote: > iMac is the client. iMac is the client, Windows is the server? If I got you right, there is not much any Samba forum can do here. Please contact your friendly Apple or Microsoft support :-) Volker From rvandolson at esri.com Thu Jan 21 08:58:09 2010 From: rvandolson at esri.com (Ray Van Dolson) Date: Thu, 21 Jan 2010 07:58:09 -0800 Subject: [Samba] Tracking down rogue workgroup In-Reply-To: <000c01ca9a7d$5879b080$096d1180$@Henderson@ict-software.org> References: <20100119224859.GA14169@esri.com> <000c01ca9a7d$5879b080$096d1180$@Henderson@ict-software.org> Message-ID: <20100121155809.GA13528@esri.com> On Thu, Jan 21, 2010 at 01:37:25AM -0800, Moray Henderson wrote: > Ray Van Dolson wrote: > >Hi folks. Periodically a workgroup shows up on our network with an > >inappropriate name. We're trying to find the best way to track this > >down as it's quite intermittent. > > > >We can obviously look for announcement messages (in broadcast packets > >on ports 138/139), but this must be done on each subnet and we have > >enough subnets that this would be rather tedious and at best, a last > >resort. > > > >The workgroup is available to machines in every subnet, so apparently > >its presence is getting relayed back to the domain controllers... > > > >For protocol gurus: is there a particular packet we can look for on the > >domain controllers that could help us narrow down our search to the > >right subnet? A message from the local master browser sending a list > >of workgroups perhaps? > > > >Or a message updating WINS entries? > > > >Any suggestions would be appreciated! > > > >Thanks, > >Ray > > Have cron execute a short script every few minutes looking for the > workgroup, and emailing you what it finds: > > nmblookup -M MSHOME > /tmp/workgroup.txt > if ! grep -q failed /tmp/workgroup.txt; then > mail -s "Workgroup found" root < /tmp/workgroup.txt > fi > > Vista machines tend to announce themselves as workgroups, so if you have > anyone bringing a laptop into your network, or connecting through a VPN > link, you can see this sort of thing. > This seems to be a decent way to tell right when the workgroup shows up, but I don't think it helps us track down which IP address is responsible for generating it, or helping us narrow down the subnet its on even... (if I'm wrong, please correct me on that). Right now we're sifting through traffic to the domain controller looking for announcement packets including the workgroup name, and, presumably an IP of a Local Master Browser or subnet... Ray From Moray.Henderson at ict-software.org Thu Jan 21 09:15:01 2010 From: Moray.Henderson at ict-software.org (Moray Henderson) Date: Thu, 21 Jan 2010 16:15:01 +0000 Subject: [Samba] Tracking down rogue workgroup In-Reply-To: <20100121155809.GA13528@esri.com> References: <20100119224859.GA14169@esri.com> <000c01ca9a7d$5879b080$096d1180$@Henderson@ict-software.org> <20100121155809.GA13528@esri.com> Message-ID: <001601ca9ab4$e5852720$b08f7560$@Henderson@ict-software.org> Ray Van Dolson wrote: >On Thu, Jan 21, 2010 at 01:37:25AM -0800, Moray Henderson wrote: >> Ray Van Dolson wrote: >> >Hi folks. Periodically a workgroup shows up on our network with an >> >inappropriate name. We're trying to find the best way to track this >> >down as it's quite intermittent. >> > >> >We can obviously look for announcement messages (in broadcast packets >> >on ports 138/139), but this must be done on each subnet and we have >> >enough subnets that this would be rather tedious and at best, a last >> >resort. >> > >> >The workgroup is available to machines in every subnet, so apparently >> >its presence is getting relayed back to the domain controllers... >> > >> >For protocol gurus: is there a particular packet we can look for on the >> >domain controllers that could help us narrow down our search to the >> >right subnet? A message from the local master browser sending a list >> >of workgroups perhaps? >> > >> >Or a message updating WINS entries? >> > >> >Any suggestions would be appreciated! >> > >> >Thanks, >> >Ray >> >> Have cron execute a short script every few minutes looking for the >> workgroup, and emailing you what it finds: >> >> nmblookup -M MSHOME > /tmp/workgroup.txt >> if ! grep -q failed /tmp/workgroup.txt; then >> mail -s "Workgroup found" root < /tmp/workgroup.txt >> fi >> >> Vista machines tend to announce themselves as workgroups, so if you have >> anyone bringing a laptop into your network, or connecting through a VPN >> link, you can see this sort of thing. >> > >This seems to be a decent way to tell right when the workgroup shows >up, but I don't think it helps us track down which IP address is >responsible for generating it, or helping us narrow down the subnet its >on even... (if I'm wrong, please correct me on that). > >Right now we're sifting through traffic to the domain controller >looking for announcement packets including the workgroup name, and, >presumably an IP of a Local Master Browser or subnet... > >Ray It should do. The nmblookup command should return an IP address; if you add a -S option as well it should give you the node status: $ nmblookup -M MSHOME -S querying MSHOME on 66.255.255.255 66.102.9.104 MSHOME<1d> Looking up status of 66.102.9.104 MEDIACENTER <00> - B MEDIACENTER <03> - B MEDIACENTER <20> - B ..__MSBROWSE__. <01> - B MSHOME <1d> - B MSHOME <1e> - B MSHOME <00> - B MAC Address = 00-00-00-00-00-00 Moray. "To err is human.? To purr, feline" All IP addresses in this email are fictional. Any resemblance to actual IP addresses, online or offline, is entirely coincidental. No binary digits were harmed during the production of this email. From zorg at probesys.com Thu Jan 21 09:10:28 2010 From: zorg at probesys.com (zorg) Date: Thu, 21 Jan 2010 17:10:28 +0100 Subject: [Samba] vfs_acl_xattr and question Message-ID: <4B587C74.9050802@probesys.com> hello I ve managed succesfully to used this module but I have still a little problem In fact for folder that where create before with acl each user is not mark in (property->security- I subscribed to the list and am awaiting a response. Thanks Best Regards, Roxane Eliff DADS/SEO AIX Administrator Office 301-763-7488 Mail Stop - 2K278B ----- Forwarded by Roxane B Eliff/DACMO/HQ/BOC on 01/21/2010 11:19 AM ----- From: Roxane B Eliff/DACMO/HQ/BOC To: samba at lists.samba.org Cc: Roxane B Eliff/DACMO/HQ/BOC at BOC Date: 01/19/2010 04:03 PM Subject: I am writing from the US Census Bureau in Washington, DC. There is an immediate need for samba to be implemented on 3 AIX lpars. Attached is the smb.conf file and testparm for dadsp003. Here is the scenario: 3 AIX, 6.1 lpars, dadsp001, dadsp002 and dadsp003. Installed samba 3.0.24 from aix6 cd. Currently installed on dadsp002 and dadsp003. Configured only on dadsp003. The local networks on all 3 lpars are 192.168.0 and 192.168.1 I have 2 shares configured. The daemons (smdb and nmdb) are running and users can connect to the shares on dadsp003. How do I add/configure the other 2 lpars (dadsp001 and dadsp002) so a user can login to dadsp001 or dadsp002 and have the shares available. We do not use ldap on the AIX servers. I am using smbpasswd to configure users as you will see in the smb.conf.dadsp003 file. We have the "net use" command for dadsp003 working via ssh login from AIX to windows. In addition to any configuration, my guess would be that the same "net use" command can be changed to point from the correct server. I have no idea if I am asking the right question(s), but I have to start somewhere. The developers/testers are way behind in their work waiting on the samba configuration. HELP ASAP please. I have read and googled to the point of confusion. A phone call would be great, but if email is the only way, then I will take what I can get. Best Regards, Roxane Eliff AIX Systems Administrator US Dept. of Commerce (US Census Bureau) Direct 301-763-7488 Mobile 443-271-3814 From el_alexluna at yahoo.com.mx Thu Jan 21 09:34:59 2010 From: el_alexluna at yahoo.com.mx (Alejandro Rodriguez Luna) Date: Thu, 21 Jan 2010 08:34:59 -0800 (PST) Subject: [Samba] Samba 3.4.5 compilation Message-ID: <195497.81680.qm@web50803.mail.re2.yahoo.com> Hi all. One simple (perhaps dummy) question. I want to install the latest samba version for a test networrk with W7 clients, all i need is samba as a PDC nothing fancy like kerberos, ldap, etc etc, which parameter do i have to put along ./configure ---------------------------------- Alejandro Rodriguez Luna Web: http://www.alexluna.org E-mail: el_alexluna at yahoo.com.mx MSN: el_alexluna at yahoo.com.mx GTalk: alexluna at gmail.com Movil: 044-311-112-86-41 ---------------------------------- Encuentra las mejores recetas en Yahoo! Cocina. http://mx.mujer.yahoo.com/cocina/ From drescherjm at gmail.com Thu Jan 21 09:43:34 2010 From: drescherjm at gmail.com (John Drescher) Date: Thu, 21 Jan 2010 11:43:34 -0500 Subject: [Samba] Samba 3.4.5 compilation In-Reply-To: <195497.81680.qm@web50803.mail.re2.yahoo.com> References: <195497.81680.qm@web50803.mail.re2.yahoo.com> Message-ID: <387ee2021001210843v2c15aeefuc3414c6fcad1dbba@mail.gmail.com> On Thu, Jan 21, 2010 at 11:34 AM, Alejandro Rodriguez Luna wrote: > > Hi all. > One simple (perhaps dummy) question. I want to install the latest samba version for a test networrk with W7 clients, all i need is samba as a PDC nothing fancy like kerberos, ldap, etc etc, which parameter do i have to put along ./configure ./configure --help and it will give you help John From rvandolson at esri.com Thu Jan 21 09:51:58 2010 From: rvandolson at esri.com (Ray Van Dolson) Date: Thu, 21 Jan 2010 08:51:58 -0800 Subject: [Samba] Tracking down rogue workgroup In-Reply-To: <001601ca9ab4$e5852720$b08f7560$@Henderson@ict-software.org> References: <20100119224859.GA14169@esri.com> <000c01ca9a7d$5879b080$096d1180$@Henderson@ict-software.org> <20100121155809.GA13528@esri.com> <001601ca9ab4$e5852720$b08f7560$@Henderson@ict-software.org> Message-ID: <20100121165158.GA14488@esri.com> > >This seems to be a decent way to tell right when the workgroup shows > >up, but I don't think it helps us track down which IP address is > >responsible for generating it, or helping us narrow down the subnet its > >on even... (if I'm wrong, please correct me on that). > > > >Right now we're sifting through traffic to the domain controller > >looking for announcement packets including the workgroup name, and, > >presumably an IP of a Local Master Browser or subnet... > > > >Ray > > It should do. The nmblookup command should return an IP address; if you > add a -S option as well it should give you the node status: > > $ nmblookup -M MSHOME -S > querying MSHOME on 66.255.255.255 > 66.102.9.104 MSHOME<1d> > Looking up status of 66.102.9.104 > MEDIACENTER <00> - B > MEDIACENTER <03> - B > MEDIACENTER <20> - B > ..__MSBROWSE__. <01> - B > MSHOME <1d> - B > MSHOME <1e> - B > MSHOME <00> - B > > MAC Address = 00-00-00-00-00-00 Well, will give it a try. A tcpdump seems to indicate that when I run the above command, my workstation is merely sending out a Name query broadcast on my local subnet for the workgroup in question. Does this query (it does appear to have the recursion bit set) propagate to other subnets via the local master browsers or DC's (assuming my packet reaches them)? Just curious... Thanks! Ray From johannes at truschnigg.info Thu Jan 21 09:58:21 2010 From: johannes at truschnigg.info (Johannes Truschnigg) Date: Thu, 21 Jan 2010 17:58:21 +0100 Subject: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+) In-Reply-To: References: Message-ID: <201001211758.25022.johannes@truschnigg.info> Hi Matt, thanks very much for your input! On Thursday 21 January 2010 15:02:09 M D wrote: > [?] > socket options = IPTOS_LOWDELAY TCP_NODELAY > > After this, I'm seeing significantly quicker transfers to windows 7 clients > - at almost line speed > [?] I had those options enabled a while back, and tried once again today - to no positive effect whatsoever. Performance has in fact been going down, albeit very slightly, with those settings by about 5-10%. I top out at 27MiB/s with all my clients. Thanks for your insights regarding kernel tunables - I already tweaked the kernel's TCP parameters (initial window size, rx buffer memory, etc.) to allow for better transfer speeds on my GBit link, and other file transfer protocols easily hit the speeds I'd like to see with CIFS - that is, more than 100MiB/s. Right now, even OpenSSH's sftp-server using sftp is faster for me (with considerably more load on the transfer's endpoints, of course) than smbd serving up CIFS. -- with best regards: - Johannes Truschnigg ( johannes at truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 133337 xmpp: johannes at truschnigg.info Please do not bother me with HTML-eMail or attachments. Thank you. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From johannes at truschnigg.info Thu Jan 21 10:05:23 2010 From: johannes at truschnigg.info (Johannes Truschnigg) Date: Thu, 21 Jan 2010 18:05:23 +0100 Subject: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+) In-Reply-To: <20100121083124.7ffa8fc2@tlielax.poochiereds.net> References: <201001201941.28423.johannes@truschnigg.info> <201001210010.11142.johannes@truschnigg.info> <20100121083124.7ffa8fc2@tlielax.poochiereds.net> Message-ID: <201001211805.26782.johannes@truschnigg.info> On Thursday 21 January 2010 14:31:24 Jeff Layton wrote: > [?] > I *think* smbclient is actually reasonably fast and does parallel > reads/writes. You may want to try it. If it's also slow, I'd probably > do some analysis of the traffic on the wire and see if you can > determine the cause that way. As stated in my initial mail, I already tried using `smbclient`, and it basically hits the very same speed-limit that the kernel's CIFS-implementation cannot exceed. Is there any canonical or recommended way to debug/profile smbd's performance characteristica at runtime? I'm not sure how looking into the transferred packets themselves could help me, since the reason for the bad performance is either on the server (I'm quite adamantly sure by now that the server, and smbd specifically, is the root of the problem at hand), or the clients - not the wire or networking equipment in between. If you can elaborate on the subject though, I'd be delighted to listen and learn :) Thanks very much for contributing! -- with best regards: - Johannes Truschnigg ( johannes at truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 133337 xmpp: johannes at truschnigg.info Please do not bother me with HTML-eMail or attachments. Thank you. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From Moray.Henderson at ict-software.org Thu Jan 21 10:18:13 2010 From: Moray.Henderson at ict-software.org (Moray Henderson) Date: Thu, 21 Jan 2010 17:18:13 +0000 Subject: [Samba] Tracking down rogue workgroup In-Reply-To: <20100121165158.GA14488@esri.com> References: <20100119224859.GA14169@esri.com> <000c01ca9a7d$5879b080$096d1180$@Henderson@ict-software.org> <20100121155809.GA13528@esri.com> <001601ca9ab4$e5852720$b08f7560$@Henderson@ict-software.org> <20100121165158.GA14488@esri.com> Message-ID: <001701ca9abd$b7c1fa80$2745ef80$@Henderson@ict-software.org> Ray Van Dolson wrote: >> >This seems to be a decent way to tell right when the workgroup shows >> >up, but I don't think it helps us track down which IP address is >> >responsible for generating it, or helping us narrow down the subnet its >> >on even... (if I'm wrong, please correct me on that). >> > >> >Right now we're sifting through traffic to the domain controller >> >looking for announcement packets including the workgroup name, and, >> >presumably an IP of a Local Master Browser or subnet... >> > >> >Ray >> >> It should do. The nmblookup command should return an IP address; if you >> add a -S option as well it should give you the node status: >> >> $ nmblookup -M MSHOME -S >> querying MSHOME on 66.255.255.255 >> 66.102.9.104 MSHOME<1d> >> Looking up status of 66.102.9.104 >> MEDIACENTER <00> - B >> MEDIACENTER <03> - B >> MEDIACENTER <20> - B >> ..__MSBROWSE__. <01> - B >> MSHOME <1d> - B >> MSHOME <1e> - B >> MSHOME <00> - B >> >> MAC Address = 00-00-00-00-00-00 > >Well, will give it a try. A tcpdump seems to indicate that when I run >the above command, my workstation is merely sending out a Name query >broadcast on my local subnet for the workgroup in question. > >Does this query (it does appear to have the recursion bit set) >propagate to other subnets via the local master browsers or DC's >(assuming my packet reaches them)? > >Just curious... > >Thanks! >Ray I'm not sure exactly how it propagates, but if you run it on a subnet that can see the rogue workgroup you ought to get an answer. Moray. "To err is human.? To purr, feline" From Volker.Lendecke at SerNet.DE Thu Jan 21 10:20:45 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Thu, 21 Jan 2010 18:20:45 +0100 Subject: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+) In-Reply-To: <201001211805.26782.johannes@truschnigg.info> References: <201001201941.28423.johannes@truschnigg.info> <201001210010.11142.johannes@truschnigg.info> <20100121083124.7ffa8fc2@tlielax.poochiereds.net> <201001211805.26782.johannes@truschnigg.info> Message-ID: On Thu, Jan 21, 2010 at 06:05:23PM +0100, Johannes Truschnigg wrote: > As stated in my initial mail, I already tried using `smbclient`, and it > basically hits the very same speed-limit that the kernel's CIFS-implementation > cannot exceed. Which version of smbclient? Please use 3.2 at least. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From Volker.Lendecke at SerNet.DE Thu Jan 21 10:22:46 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Thu, 21 Jan 2010 18:22:46 +0100 Subject: [Samba] How to speed up Samba From Mac OS 10.6 to access Windows Share under W2K3 In-Reply-To: References: Message-ID: On Thu, Jan 21, 2010 at 04:21:51PM +0100, Kostic, Jacques wrote: > The funny thing when I setup my Connections to Windows > Shares, I am configuring Samba with the famous smb.conf > file. > So I gess we have Samba behind ;-) That's why I initially asked who is client and who is server: If you had said that your iMac is the server, then we were in much closer business. For the server side Apple does ship Samba, at least for the releases I have seen. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From awilliam at whitemice.org Thu Jan 21 09:54:59 2010 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Thu, 21 Jan 2010 11:54:59 -0500 Subject: [Samba] Help with samba implementation In-Reply-To: References: Message-ID: <1264092899.8831.18.camel@linux-m3mt> On Thu, 2010-01-21 at 11:20 -0500, roxane.b.eliff at census.gov wrote: > I am writing from the US Census Bureau in Washington, DC. There is an > immediate need for samba to be implemented on 3 AIX lpars. > Attached is the smb.conf file and testparm for dadsp003. > Here is the scenario: > 3 AIX, 6.1 lpars, dadsp001, dadsp002 and dadsp003. Installed samba 3.0.24 > from aix6 cd. Currently installed on dadsp002 and dadsp003. Configured > only on dadsp003. That is a *seriously* antique version of Samba, you may have some compatibility issues with newer client OSs. pWare provides much more current versions of Samba for AIX Otherwise these is nothing different about setting up Samba on AIX vs. other operating systems. > The local networks on all 3 lpars are 192.168.0 and 192.168.1 > I have 2 shares configured. The daemons (smdb and nmdb) are running and > users can connect to the shares on dadsp003. > How do I add/configure the other 2 lpars (dadsp001 and dadsp002) so a user > can login to dadsp001 or dadsp002 and have the shares available. We do > not use ldap on the AIX servers. I am using smbpasswd to configure users > as you will see in the smb.conf.dadsp003 file. You will need to add identical entries to all three smbpasswd (given that you have no network backend for authentication / identification). > We have the "net use" command for dadsp003 working via ssh login from AIX > to windows. In addition to any configuration, my guess would be that the > same "net use" command can be changed to point from the correct server. > I have no idea if I am asking the right question(s), I'm not sure what "from AIX to windows" means. > but I have to start > somewhere. The developers/testers are way behind in their work waiting on > the samba configuration. HELP ASAP please. I have read and googled to > the point of confusion. Google is not your friend. Avoid all documentation except and which really do lay it out step-by-step, especially the Guide. Start with . > A phone call would be great, but if email is the only way, then I will > take what I can get. Do you have the smbd & nmbd services running? Do Windows clients see the Samba servers? -- OpenGroupware developer: awilliam at whitemice.org OpenGroupare & Cyrus IMAPd documenation @ From cj.keist at colostate.edu Thu Jan 21 10:25:35 2010 From: cj.keist at colostate.edu (CJ Keist) Date: Thu, 21 Jan 2010 10:25:35 -0700 Subject: [Samba] Samba shares freezing In-Reply-To: <20100121004751.GA5449@jeremy-laptop> References: <4B577467.5090809@colostate.edu> <20100120214314.GA4141@jeremy-laptop> <4B578952.1080505@colostate.edu> <20100121004751.GA5449@jeremy-laptop> Message-ID: <4B588E0F.40101@colostate.edu> Jermey, Will work on getting a trace back with gdb. I'm now seeing in the log files for clients this error: [2010/01/21 09:19:01, 0] smbd/oplock.c:317(oplock_timeout_handler) Oplock break failed for file mozilla/thunderbird/pluginreg.dat -- replying anyway What's strange is this error only occurs with our terminal servers, where we have multiple users logged in. All other single clients do not show this error at all? And it is with our terminal server users that are seeing the most problems with the shares freezing up or acting very slow. Jeremy Allison wrote: > On Wed, Jan 20, 2010 at 03:53:06PM -0700, CJ Keist wrote: >> Jermey, >> Thank you for your response. I don't have gdb installed but >> here is truss of my share until it froze. > > It's blocked in an fcntl lock call on file descriptor 13. > Unfortunately your truss trace doesn't show the open of > fd 13, so I don't know what file this is. As it's an > wait lock I'm guessing this is a tdb file. > > Install gdb next, and get the backtrace for more details. > > Jeremy. -- C. J. Keist Email: cj.keist at colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' From rvandolson at esri.com Thu Jan 21 10:40:41 2010 From: rvandolson at esri.com (Ray Van Dolson) Date: Thu, 21 Jan 2010 09:40:41 -0800 Subject: [Samba] Tracking down rogue workgroup In-Reply-To: <001701ca9abd$b7c1fa80$2745ef80$@Henderson@ict-software.org> References: <20100119224859.GA14169@esri.com> <000c01ca9a7d$5879b080$096d1180$@Henderson@ict-software.org> <20100121155809.GA13528@esri.com> <001601ca9ab4$e5852720$b08f7560$@Henderson@ict-software.org> <20100121165158.GA14488@esri.com> <001701ca9abd$b7c1fa80$2745ef80$@Henderson@ict-software.org> Message-ID: <20100121174041.GB16149@esri.com> On Thu, Jan 21, 2010 at 09:18:13AM -0800, Moray Henderson wrote: > Ray Van Dolson wrote: > >> >This seems to be a decent way to tell right when the workgroup shows > >> >up, but I don't think it helps us track down which IP address is > >> >responsible for generating it, or helping us narrow down the subnet > its > >> >on even... (if I'm wrong, please correct me on that). > >> > > >> >Right now we're sifting through traffic to the domain controller > >> >looking for announcement packets including the workgroup name, and, > >> >presumably an IP of a Local Master Browser or subnet... > >> > > >> >Ray > >> > >> It should do. The nmblookup command should return an IP address; if > you > >> add a -S option as well it should give you the node status: > >> > >> $ nmblookup -M MSHOME -S > >> querying MSHOME on 66.255.255.255 > >> 66.102.9.104 MSHOME<1d> > >> Looking up status of 66.102.9.104 > >> MEDIACENTER <00> - B > >> MEDIACENTER <03> - B > >> MEDIACENTER <20> - B > >> ..__MSBROWSE__. <01> - B > >> MSHOME <1d> - B > >> MSHOME <1e> - B > >> MSHOME <00> - B > >> > >> MAC Address = 00-00-00-00-00-00 > > > >Well, will give it a try. A tcpdump seems to indicate that when I run > >the above command, my workstation is merely sending out a Name query > >broadcast on my local subnet for the workgroup in question. > > > >Does this query (it does appear to have the recursion bit set) > >propagate to other subnets via the local master browsers or DC's > >(assuming my packet reaches them)? > > > >Just curious... > > > >Thanks! > >Ray > > I'm not sure exactly how it propagates, but if you run it on a subnet > that can see the rogue workgroup you ought to get an answer. Unfortunately, Linux clients can't see it (at least not with nbmlookup -M -- -), but Windows clients can. The Windows clients emit a unicast LANMAN NetServerEnum2 request to their browse master, and the browse master returns a response with a list of workgroups many of which are not on the local subnet... It's not clear to me if the browse master is getting the out of subnet workgroups in its list from the domain browser (or domain controller, whatever), or elsewhere... Right now we're going to set up a port span on our domain controller and look for workgroup announcement messages or WINS updates containing the workgroup name from local master browsers.... Good times :) From jamesp at musicreports.com Thu Jan 21 11:07:25 2010 From: jamesp at musicreports.com (James D. Parra) Date: Thu, 21 Jan 2010 10:07:25 -0800 (PST) Subject: [Samba] file attributes (ACL's) lost Message-ID: <372231F5EF8B4FE88858FB1EFA181562@adminPC> Hello, I have an iSCSI mount that I disconnected from during a reboot and after remounting it all the ACL's are missing. Using 'll' shows no extended file attributes and 'getfacl' on the dir' shows that the previous attributes are now missing. Restarting smb, nmb, & winbind didn't restore them either. Is there a way to restore the attributes? Not sure how they were lost in the fist place. Many thanks in advance. James From drescherjm at gmail.com Thu Jan 21 11:21:50 2010 From: drescherjm at gmail.com (John Drescher) Date: Thu, 21 Jan 2010 13:21:50 -0500 Subject: [Samba] file attributes (ACL's) lost In-Reply-To: <372231F5EF8B4FE88858FB1EFA181562@adminPC> References: <372231F5EF8B4FE88858FB1EFA181562@adminPC> Message-ID: <387ee2021001211021y1e9bea13t2b36a8da85bdc992@mail.gmail.com> On Thu, Jan 21, 2010 at 1:07 PM, James D. Parra wrote: > Hello, > > I have an iSCSI mount that I disconnected from during a reboot and after > remounting it all the ACL's are missing. Using 'll' shows no extended file > attributes and 'getfacl' on the dir' shows that the previous attributes > are now missing. Restarting smb, nmb, & winbind didn't restore them > either. > I don't think there is any backup of the posix acls anywhere in samba. > > Is there a way to restore the attributes? Not sure how they were lost in > the fist place. > Did you mount your filesystem with the appropriate acl options. Do you have acls enabled in your kernel? John From jamesp at musicreports.com Thu Jan 21 12:23:03 2010 From: jamesp at musicreports.com (James D. Parra) Date: Thu, 21 Jan 2010 11:23:03 -0800 (PST) Subject: [Samba] file attributes (ACL's) lost In-Reply-To: <387ee2021001211021y1e9bea13t2b36a8da85bdc992@mail.gmail.com> References: <372231F5EF8B4FE88858FB1EFA181562@adminPC> <387ee2021001211021y1e9bea13t2b36a8da85bdc992@mail.gmail.com> Message-ID: > I have an iSCSI mount that I disconnected from during a reboot and > after remounting it all the ACL's are missing. Using 'll' shows no > extended file attributes and 'getfacl' on the dir' shows that the > previous attributes are now missing. Restarting smb, nmb, & winbind > didn't restore them either. > I don't think there is any backup of the posix acls anywhere in samba. > > Is there a way to restore the attributes? Not sure how they were lost > in the fist place. > Did you mount your filesystem with the appropriate acl options. Do you have acls enabled in your kernel? ~~~~~~~~~~~~~~~~~~~~~~~~~ Thank you, John. That was the problem; I mounted it with ext3 default instead of ext3 acl,user_xattr. All is well. Best, James From nf-vale at critical-links.com Thu Jan 21 12:50:53 2010 From: nf-vale at critical-links.com (nf-vale) Date: Thu, 21 Jan 2010 19:50:53 +0000 Subject: [Samba] Samba 3.4.4 & Windows 7 offline folders In-Reply-To: <4B580928.5020107@wavenet.at> References: <4B54C8A0.7080701@wavenet.at> <20100118223037.GA5569@jeremy-laptop> <4B580928.5020107@wavenet.at> Message-ID: <201001211950.53591.nf-vale@critical-links.com> Is this issue only related with Windows 7 clients or does it affect other Windows versions too (I'm using Samba 3.4.3 version)? On Thursday 21 January 2010 07:58:32 Martin Hochreiter wrote: > > We did fix a bug in this recently (with Microsoft's help). But > > it should definately be fixed in 3.4.4. > > > > I'll take a look at this once I'm back with my full test environment > > (next week). In the meantime can you log a bug at bugzilla.samba.org > > so this problem doesn't get lost. > > > > Thanks, > > > > Jeremy. > > Jeremy, we don't had the issue with Samba 3.4.5 the last 2 days anymore. > If it occurs again somewhere on our clients i will open a bug ticket. > > Thank you > From presgas at gmail.com Thu Jan 21 13:17:44 2010 From: presgas at gmail.com (Robert Freeman-Day) Date: Thu, 21 Jan 2010 15:17:44 -0500 (EST) Subject: [Samba] Samba 3.4.5 compilation In-Reply-To: <195497.81680.qm@web50803.mail.re2.yahoo.com> References: <195497.81680.qm@web50803.mail.re2.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 21 Jan 2010, Alejandro Rodriguez Luna wrote: > Date: Thu, 21 Jan 2010 08:34:59 -0800 (PST) > From: Alejandro Rodriguez Luna > To: samba at lists.samba.org > Subject: [Samba] Samba 3.4.5 compilation > > > Hi all. One simple (perhaps dummy) question. I want to install the > latest samba version for a test networrk with W7 clients, all i need is > samba as a PDC nothing fancy like kerberos, ldap, etc etc, which > parameter do i have to put along ./configure > ---------------------------------- > > Alejandro Rodriguez Luna > Alejandro, Before you dive into anything and think you do not need the features you are refering to, you may want to read over some of the docs from samba and others. You would not be happy to have to reconfigure/reinstall if you ended up missing a feature: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html http://www.enterprisenetworkingplanet.com/nethub/article.php/1144701/Build-A-Primary-Domain-Controller-With-Samba.htm - ---Robert Freeman-Day - --------------- I would really like you to be on my side, but the side you show me isn't what I had in mind. - -Judybats GPG Public Key: http:keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktYtmgACgkQup357T5MfTYNXQCfe8er3twwSZhsZQu4yXbYMM4+ aNkAoMVz+rCvbqQ5iVuAGID01oOpTUMy =SO6i -----END PGP SIGNATURE----- From baier at zpid.de Wed Jan 20 08:26:16 2010 From: baier at zpid.de (Christiane Baier) Date: Wed, 20 Jan 2010 16:26:16 +0100 Subject: [Samba] possible bug Message-ID: <4B572098.7F5ED9D0@zpid.de> Hello, don't know if this behavior is a bug, but I want to share this information. samba server version 3.4.3 is installed on solaris10 x86 compiled with gcc Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared Thread model: posix gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath) and options CFLAG=-02 ./configure --with-configdir=/etc/samba --disable-swat --with-privatedir=/etc/samba/private --with-lockdir=/var/lock --with-piddir=/var/run --with-logfilebase=/var/log --disable-cups --without-krb5 --with-utmp --prefix=/export/samba343 There have to be some symlinks in /usr/lib ln -s /export/samba343/lib/libtalloc.so libtalloc.so ln -s /export/samba343/lib/libtalloc.so.1 libtalloc.so.1 ln -s /export/samba343/lib/libtdb.so.1 libtdb.so.1 ln -s /export/samba343/lib/libtdb.so libtdb.so ln -s /export/samba343/lib/libwbclient.so libwbclient.so ln -s /export/samba343/lib/libwbclient.so.0 libwbclient.so.0 otherwise samba won't find the libraries. It's started via inetd and works fine with linux and windows clients But with Mac OS X 10.4.11 mount_smbfs fails with the error message mount_smbfs: negotiate phase failed: syserr = Connection reset by peer smbclient on the same Mac works fine. If debugging is enabled for smbd and level set to 10 (nothing else changed) # inetadm -m svc:/network/netbios-ssn/tcp:default exec="/export/samba343/sbin/smbd -d 10" # svcadm refresh svc:/network/inetd:default # svcadm restart svc:/network/inetd:default mount_smbfs works from Mac client So why does it not work if debugging level is set to anything below 10? Kind Regards Christiane Baier -- ZPID - Leibniz-Zentrum f?r Psychologische Information und Dokumentation Dr. Christiane Baier Fon: +49(0)651-201-2978 Dipl.Inform.(FH) Fax: +49(0)651-201-2604 Informationstechnologie E-Mail: baier at zpid.de Universit?t Trier, 54286 Trier http://www.zpid.de/ From cj.keist at colostate.edu Wed Jan 20 15:53:06 2010 From: cj.keist at colostate.edu (CJ Keist) Date: Wed, 20 Jan 2010 15:53:06 -0700 Subject: [Samba] Samba shares freezing In-Reply-To: <20100120214314.GA4141@jeremy-laptop> References: <4B577467.5090809@colostate.edu> <20100120214314.GA4141@jeremy-laptop> Message-ID: <4B578952.1080505@colostate.edu> Jermey, Thank you for your response. I don't have gdb installed but here is truss of my share until it froze. Jeremy Allison wrote: > On Wed, Jan 20, 2010 at 02:23:51PM -0700, CJ Keist wrote: >> All, >> Looking for some help here. Not finding anything on the net that >> looks the same as what I'm seeing. Running Solaris 10 Sparc, on a >> Sunfire 5220, 16Gb of RAM. Samba version 3.4.5 and using ZFS file >> systems with user quotas. >> >> All cifs clients shares to this server freeze after about 10 to 15 >> minutes of connectivity. Only fix is to restart samba. I'm not >> getting any errors from samba or on the /var/adm/messages or >> /var/log/syslog files. Totally stumped here. This freezing also >> happened with 3.4.0. > > Can you attach to a frozen smbd with truss to > see where it might be stuck. Or alternatively > ensure you are built with symbols, attach to > the frozen process with gdb and get a backtrace > using the "bt" command. > > Jeremy. -- C. J. Keist Email: cj.keist at colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: truss.txt URL: From chrischris_90 at hotmail.com Thu Jan 21 06:43:55 2010 From: chrischris_90 at hotmail.com (Chris_90) Date: Thu, 21 Jan 2010 05:43:55 -0800 (PST) Subject: [Samba] [HELP] SAMBA as PDC for windows. Message-ID: <27257909.post@talk.nabble.com> Hi guys, well, reason I'm here is because im stuck, I've tried everything but have come up empty handed every single time, and I really need this security, and fast. I'm not going to pay a few thousand for windows server ... because this can be done with SAMBA. Here goes. I tried to setup samba with defaults, went to (on windows) Control Panel -> System -> (TAB) Computer Name -> Change ... Change domain name to my domain name I setup on samba .... and I get this error : [code] A domain controler for domain X could not be located. Ensure the domain name is typed correctly. [/code] After that I went to a website and got some other configs and I used them : [code] [global] workgroup = aerothermdomain wins support = yes printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: domain logons = Yes os level = 65 usershare allow guests = No add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain logons = Yes domain master = Yes local master = Yes os level = 64 preferred master = Yes security = user netbios name = aerotherm passdb backend = smbpasswd [/code] But still I get exactly the same error, now I don't know if I need some other things setup with this for it to work, I need some help urgently ... please help ... N.B. On this comp no DHCP or DNS server is setup, for the sole reason that I have no idea how to do it. I would appreciate the help ... and please be very specific as I have about 2 weeks linux experience .... I use SUSE 11.1. Thanx in advance. Chris. -- View this message in context: http://old.nabble.com/-HELP--SAMBA-as-PDC-for-windows.-tp27257909p27257909.html Sent from the Samba - General mailing list archive at Nabble.com. From chrischris_90 at hotmail.com Thu Jan 21 06:45:12 2010 From: chrischris_90 at hotmail.com (Chris_90) Date: Thu, 21 Jan 2010 05:45:12 -0800 (PST) Subject: [Samba] [HELP] SAMBA as PDC for windows. Message-ID: <27257909.post@talk.nabble.com> Hi guys, well, reason I'm here is because im stuck, I've tried everything but have come up empty handed every single time, and I really need this security, and fast. I'm not going to pay a few thousand for windows server ... because this can be done with SAMBA. Here goes. I tried to setup samba with defaults, went to (on windows) Control Panel -> System -> (TAB) Computer Name -> Change ... Change domain name to my domain name I setup on samba .... and I get this error : [code] A domain controler for domain X could not be located. Ensure the domain name is typed correctly. [/code] After that I went to a website and got some other configs and I used them : [code] [global] workgroup = mydomain wins support = yes printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: domain logons = Yes os level = 65 usershare allow guests = No add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain logons = Yes domain master = Yes local master = Yes os level = 64 preferred master = Yes security = user netbios name = mycomp passdb backend = smbpasswd [/code] But still I get exactly the same error, now I don't know if I need some other things setup with this for it to work, I need some help urgently ... please help ... N.B. On this comp no DHCP or DNS server is setup, for the sole reason that I have no idea how to do it. I would appreciate the help ... and please be very specific as I have about 2 weeks linux experience .... I use SUSE 11.1. Thanx in advance. Chris. -- View this message in context: http://old.nabble.com/-HELP--SAMBA-as-PDC-for-windows.-tp27257909p27257909.html Sent from the Samba - General mailing list archive at Nabble.com. From gpowers01junk at gmail.com Thu Jan 21 13:39:11 2010 From: gpowers01junk at gmail.com (g p) Date: Thu, 21 Jan 2010 14:39:11 -0600 Subject: [Samba] standalone server - force connections from windows group to be a specific unix user (UID) Message-ID: <9b43daf1001211239u49c05669t5664508676c23ea0@mail.gmail.com> We have an application that is run as setuid on the linux side, and it's directory structure has a consistent owner:group with 755 permissions throughout. When the application is started under linux, the process is suid to run as the owner of the contents of this directory structure, and is therefore able to read/write any file needed during execution. We have a port of this application now on windows, and need to be able to have a similar access scheme to be able to have the windows users (which could be any arbitrary user both on and off a domain, and the number of users vary widely from 1 to many thousands so a smbuser map is not desirable - nor is the need to maintain idmap, windbind, ldap, etc. configurations) access the data that resides on the linux system, but do not wish to just open up the linux samba share to allow anyone read/write access. Ideally, we would be able to have the linux system just be a stand alone samba server with share level access control, and be able to use some mechanism to allow read/write access to the samba shares based on the group a windows user belongs to. It would be nice to have a windows user of some predetermined windows group always be forced via samba to the UID that owns the samba exported linux directories and files. Does anyone know of a lightweight (from an admin setup and maintainability standpoint) samba configuration that would meet this need, or behave in a similar manner without the need for moderate to very complex directory service configurations? Any help would be greatly appreciated! From bryn.bird at btinternet.com Wed Jan 20 10:43:49 2010 From: bryn.bird at btinternet.com (Bryn Bird) Date: Wed, 20 Jan 2010 17:43:49 +0000 Subject: [Samba] SAMBA - STARTUP DISC Message-ID: <3D17762D-3EB3-4791-8BD1-BDB2C65EDDE8@btinternet.com> I have an eMac and my startup disc is full mostly of Samba. I have never even heard of it before. How did I get it and how can I get rid of it and regain some startup space. Bryn Bird From rob at steinmetznet.com Thu Jan 21 14:08:32 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Thu, 21 Jan 2010 15:08:32 -0600 Subject: [Samba] Samba Permissions Problem Message-ID: <4B58C250.6060305@steinmetznet.com> I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the "force group" in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" root at louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 10001 48 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? -- Robert Steinmetz, AIA Principal Steinmetz & Associates From presgas at gmail.com Thu Jan 21 14:44:05 2010 From: presgas at gmail.com (Robert Freeman-Day) Date: Thu, 21 Jan 2010 16:44:05 -0500 (EST) Subject: [Samba] [HELP] SAMBA as PDC for windows. In-Reply-To: <27257909.post@talk.nabble.com> References: <27257909.post@talk.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 21 Jan 2010, Chris_90 wrote: > Date: Thu, 21 Jan 2010 05:45:12 -0800 (PST) > From: Chris_90 > To: samba at lists.samba.org > Subject: [Samba] [HELP] SAMBA as PDC for windows. > > > Hi guys, well, reason I'm here is because im stuck, I've tried everything but > have come up empty handed every single time, and I really need this > security, and fast. I'm not going to pay a few thousand for windows server > ... because this can be done with SAMBA. Here goes. I tried to setup samba > with defaults, went to (on windows) Control Panel -> System -> (TAB) > Computer Name -> Change ... Change domain name to my domain name I setup on > samba .... and I get this error : > [code] > A domain controler for domain X could not be located. > Ensure the domain name is typed correctly. > [/code] > After that I went to a website and got some other configs and I used them : > [code] > [global] > workgroup = mydomain > wins support = yes > printing = cups > printcap name = cups > printcap cache time = 750 > cups options = raw > map to guest = Bad User > include = /etc/samba/dhcp.conf > logon path = \%L\profiles\.msprofile > logon home = \%L\%U\.9xprofile > logon drive = P: > domain logons = Yes > os level = 65 > usershare allow guests = No > add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s > /bin/false %m$ > domain logons = Yes > domain master = Yes > local master = Yes > os level = 64 > preferred master = Yes > security = user > netbios name = mycomp > passdb backend = smbpasswd > [/code] > > But still I get exactly the same error, now I don't know if I need some > other things setup with this for it to work, I need some help urgently ... > please help ... N.B. On this comp no DHCP or DNS server is setup, for the > sole reason that I have no idea how to do it. I would appreciate the help > ... and please be very specific as I have about 2 weeks linux experience > .... I use SUSE 11.1. > > Thanx in advance. > Chris. > -- > View this message in context: http://old.nabble.com/-HELP--SAMBA-as-PDC-for-windows.-tp27257909p27257909.html > Sent from the Samba - General mailing list archive at Nabble.com. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > You may want to read over some of the docs from samba and others. Also, you need DNS or at least DNS records for your domain controller. Read over the docs below before replying with further questions. Setting up a Domain Controller is not a trivial or quick task. http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html http://www.enterprisenetworkingplanet.com/nethub/article.php/10950_1144701_1 - ---Robert Freeman-Day - --------------- I would really like you to be on my side, but the side you show me isn't what I had in mind. - -Judybats GPG Public Key: http:keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktYyqUACgkQup357T5MfTaDgwCgqUmKHIRzAIX8qhVFj9zc3gaJ skoAnicqDDcKzoM/Ql8SaYFsulAT1Erc =C+O+ -----END PGP SIGNATURE----- From sprog at online.ru Thu Jan 21 14:29:56 2010 From: sprog at online.ru (Igor) Date: Fri, 22 Jan 2010 00:29:56 +0300 Subject: [Samba] Samba behind NAT Message-ID: <1693463358.20100122002956@online.ru> Hello All, I have a strange problem regarding samba 3.0.37 I have samba server installed in the local network behind NAT, the router iptables are configured as follows: #samba $IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV $IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP -m multiport --dports 139,145 -j DNAT --to-destination $FILESERV #samba $IPT -A FORWARD -p udp -m state --state NEW -i $INET_IFACE -d $FILESERV -m multiport --dports 137,138 -j ACCEPT $IPT -A FORWARD -p tcp -m state --state NEW -i $INET_IFACE -d $FILESERV -m multiport --dports 139,145 -j ACCEPT The samba server is working fine and both smbd and nmbd are started. I have no problems accessing samba shares from local network using \\IP or \\HOSTNAME But when I try to access samba from outside of my network I can only use \\IP, any attempt to use \\HOSTNAME results in "Windows couldn't find HOSTNAME..." message, though HOSTNAME on windows machine is resolved correctly. I thought it might be related to "interfaces" option, so I added router address into it but still cannot access samba by HOSTNAME from outside of the network. I all so sure that the problem doesn't relate to one particular windows setup since I can reproduce the problem on all windows machines outside local network. From samba log files it looks like there is no connection comes when \\HOSTNAME is used on windows computers. I would appreciate if someone could shed a light upon the problem. Thanks in advance. -- Best regards, Igor mailto:sprog at online.ru From eero.volotinen at iki.fi Thu Jan 21 15:07:30 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Fri, 22 Jan 2010 00:07:30 +0200 Subject: [Samba] Samba behind NAT In-Reply-To: <1693463358.20100122002956@online.ru> References: <1693463358.20100122002956@online.ru> Message-ID: <385fe02c1001211407u8904759n3740f1c820067c0f@mail.gmail.com> 2010/1/21 Igor : > Hello All, > > ?I have a strange problem regarding samba 3.0.37 > > ?I have samba server installed in the local network behind NAT, the > ?router iptables are configured as follows: > > ?#samba > ?$IPT -t nat -A PREROUTING -i $INET_IFACE -p udp ?-d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV > ?$IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp ?-d $INET_IP -m multiport --dports 139,145 -j DNAT --to-destination $FILESERV > > ?#samba > ?$IPT -A FORWARD -p udp -m state --state NEW -i $INET_IFACE -d $FILESERV -m multiport --dports 137,138 -j ACCEPT > ?$IPT -A FORWARD -p tcp -m state --state NEW -i $INET_IFACE -d $FILESERV -m multiport --dports 139,145 -j ACCEPT > > ?The samba server is working fine and both smbd and nmbd are started. I > ?have no problems accessing samba shares from local network using \\IP or > ?\\HOSTNAME > > ?But when I try to access samba from outside of my network I can only > ?use \\IP, any attempt to use \\HOSTNAME results in "Windows couldn't > ?find HOSTNAME..." message, though HOSTNAME on windows machine is resolved > ?correctly. > > ?I thought it might be related to "interfaces" option, so I added > ?router address into it but still cannot access samba by HOSTNAME from > ?outside of the network. I all so sure that the problem doesn't relate to > ?one particular windows setup since I can reproduce the problem on all > ?windows machines outside local network. > > ?From samba log files it looks like there is no connection comes when > ?\\HOSTNAME is used on windows computers. > > > ?I would appreciate if someone could shed a light upon the problem. > ?Thanks in advance. try \\fully.qualified.dns.name.of.samba.server -- Eero From jra at samba.org Thu Jan 21 15:42:32 2010 From: jra at samba.org (Jeremy Allison) Date: Thu, 21 Jan 2010 14:42:32 -0800 Subject: [Samba] Samba 3.4.4 & Windows 7 offline folders In-Reply-To: <201001211950.53591.nf-vale@critical-links.com> References: <4B54C8A0.7080701@wavenet.at> <20100118223037.GA5569@jeremy-laptop> <4B580928.5020107@wavenet.at> <201001211950.53591.nf-vale@critical-links.com> Message-ID: <20100121224232.GA8640@jeremy-laptop> On Thu, Jan 21, 2010 at 07:50:53PM +0000, nf-vale wrote: > Is this issue only related with Windows 7 clients or does it affect other > Windows versions too (I'm using Samba 3.4.3 version)? The offline files bug was only reported against a specific version of Windows Vista, but I wouldn't be surprised if it affected other versions too. Jeremy. From claudiacrb at gmail.com Thu Jan 21 15:56:46 2010 From: claudiacrb at gmail.com (Claudia Rodriguez Brasicott) Date: Thu, 21 Jan 2010 18:26:46 -0430 Subject: [Samba] Cannot join domain Message-ID: <9fed31651001211456j2b6c3d00scffcd7c07b3eb4df@mail.gmail.com> Hello, I just configured a computer on my local network to work as a PDC with Samba, although I'm not able to join the Domain from the windows computer I want to add. I though it was that the server was unreachable, but I can ping the server from the computer and viceversa. If someone please can help me, I'll appreciate it. The smb.conf file is here: ------------------- [global] workgroup = LGD netbios name = LGD-SERVER server string = %h server (Samba, Ubuntu) passdb backend = tdbsam security = user username map = /etc/samba/smbusers name resolve order = wins bcast hosts domain logons = yes prefered master = yes wins support = yes # Set CUPS for printing printcap name = CUPS printing = CUPS # Default logon logon drive = H: # logon script = scripts/logon.bat logon path = \\%N\profile\%U # Useradd scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u idmap uid = 15000-20000 idmap gid = 15000-20000 # sync smb passwords woth linux passwords passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd chat debug = yes unix password sync = yes # set the loglevel log level = 3 [homes] comment = Home valid users = %S read only = no browsable = no [printers] comment = All Printers path = /var/spool/samba printable = yes guest ok = yes browsable = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = Administrator valid users = %U read only = no [profile] comment = User profiles path = /home/samba/profiles valid users = %U create mode = 0600 directory mode = 0700 writable = yes browsable = no ------------------------- From stan at hardwarefreak.com Thu Jan 21 16:26:41 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 21 Jan 2010 17:26:41 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) Message-ID: <4B58E2B1.9000907@hardwarefreak.com> Hello fellow Samba users and devs. This is my first post. I've searched documentation far and wide for Windows, Linux, and Samba, and have not been able to shed any light on this issue. I can't get more than 8MB/s during a single file copy stream out of my Samba server over my 100FDX switched network either from Win2K or WinXP (I don't have a *nix client to test with). The network is idle during testing. Via FTP on these Win machines to/from the same filesystem (100GB XFS) as the Samba share I consistently get just a shade over 11MB/s. However, if I launch two simultaneous file copy streams from Windows Explorer or from the command line, I hit the 11MB/s I see via FTP. Interestingly, if I launch a file copy with the source file being on one smb share on the server, and the destination being another smb share (separate filesystem) on the server, the combined throughput is also 8MB/s, 4 up and 4 down, which is very strange as this should be two distinct streams. I can copy files between the Win2K and WinXP machines at just over 10MB/s in a single stream and max out the 11MB/s with two streams. I've tweaked every relevant Windows registry setting I can identify, and I've tried all combination of the following smb.conf settings with various buffer sizes max xmit = 65535 socket options = TCP_NODELAY socket options = SO_SNDBUF=262144 SO_RCVBUF=262144 socket options = IPTOS_LOWDELAY and none of these tweaks make a difference. Still only 8MB/s with a single stream. I've eliminated the network hardware and any CPU/mem/disk bottlenecks on the server and workstations as possible causes. The machines are all much more powerful than the minimums required to fully saturate a 100FDX network. I don't know if the problem lies with the Windows clients or with smbd. The one thing that is certain is that this is a single stream performance issue. Launching multiple copy streams maxes the network just as FTP does. Why is 3MB/s of free bandwidth being left on the table for single stream operations to from smbd? Any/all hints comments are welcome. I've burned many hours on trying to figure this out to no avail, and if I had any hair I'm sure I'd have pulled much of it out troubleshooting this. ;) I'd really like to max out that single stream performance. Thanks. -- Stan From sprog at online.ru Thu Jan 21 16:33:01 2010 From: sprog at online.ru (Igor) Date: Fri, 22 Jan 2010 02:33:01 +0300 Subject: [Samba] Samba behind NAT In-Reply-To: <385fe02c1001211407u8904759n3740f1c820067c0f@mail.gmail.com> References: <1693463358.20100122002956@online.ru> <385fe02c1001211407u8904759n3740f1c820067c0f@mail.gmail.com> Message-ID: <1116603767.20100122023301@online.ru> Hello Eero, Friday, January 22, 2010, 1:07:30 AM, you wrote: I forgot to mention - I used DNS name available all over the Internet like \\www.whatever.com It just won't work though I can resolve www.whatever.com using nslookup on windows machine and I can ping it and traceroute it, all so server's tcp ports are available (not sure about UDP ones) but they should be as well. I can access file server's HTTP but still \\www.whatever.com would produce "Windows could not find www.whatever.com" It looks like the problem relates to NAT|samba binding, I had a similar configuration but the file server had a direct IP address and I could access it via \\www.whatever.com, the funny thing is that I couldn't access it via IP address but \\HOSTNAME always worked for it. EV> 2010/1/21 Igor : >> Hello All, >> >> ?I have a strange problem regarding samba 3.0.37 >> >> ?I have samba server installed in the local network behind NAT, the >> ?router iptables are configured as follows: >> >> ?#samba >> ?$IPT -t nat -A PREROUTING -i $INET_IFACE -p udp ?-d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV >> ?$IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp ?-d $INET_IP -m multiport --dports 139,145 -j DNAT --to-destination $FILESERV >> >> ?#samba >> ?$IPT -A FORWARD -p udp -m state --state NEW -i $INET_IFACE -d $FILESERV -m multiport --dports 137,138 -j ACCEPT >> ?$IPT -A FORWARD -p tcp -m state --state NEW -i $INET_IFACE -d $FILESERV -m multiport --dports 139,145 -j ACCEPT >> >> ?The samba server is working fine and both smbd and nmbd are started. I >> ?have no problems accessing samba shares from local network using \\IP or >> ?\\HOSTNAME >> >> ?But when I try to access samba from outside of my network I can only >> ?use \\IP, any attempt to use \\HOSTNAME results in "Windows couldn't >> ?find HOSTNAME..." message, though HOSTNAME on windows machine is resolved >> ?correctly. >> >> ?I thought it might be related to "interfaces" option, so I added >> ?router address into it but still cannot access samba by HOSTNAME from >> ?outside of the network. I all so sure that the problem doesn't relate to >> ?one particular windows setup since I can reproduce the problem on all >> ?windows machines outside local network. >> >> ?From samba log files it looks like there is no connection comes when >> ?\\HOSTNAME is used on windows computers. >> >> >> ?I would appreciate if someone could shed a light upon the problem. >> ?Thanks in advance. EV> try \\fully.qualified.dns.name.of.samba.server EV> -- EV> Eero -- www.rol.ru Best regards, Igor mailto:sprog at online.ru From jonnt at taylortelephone.com Thu Jan 21 15:54:21 2010 From: jonnt at taylortelephone.com (Taylor, Jonn) Date: Thu, 21 Jan 2010 16:54:21 -0600 Subject: [Samba] samba 3.4 ldap sambaLogonTime update Message-ID: <4B58DB1D.1090309@taylortelephone.com> Is there a good way to update sambaLogonTime when a user logs on? Centos 5.4 Samab 3.4.5 from sernet PDC+LDAP -- Jonn Taylor From sprog at online.ru Thu Jan 21 17:04:44 2010 From: sprog at online.ru (Igor) Date: Fri, 22 Jan 2010 03:04:44 +0300 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B58E2B1.9000907@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> Message-ID: <9210629800.20100122030444@online.ru> Hello Stan, Friday, January 22, 2010, 2:26:41 AM, you wrote: I don't find it strange at all. Your computer is acting as a traffic proxy between two samba servers. If you have 100Mb network interface your bandwidth should split exactly in two. FTP is a different protocol. You might find the answer if you look at the percentage the carrying protocol like SAMBA consumes out of the traffic to support protocol integrity. You may find out that the rest 2Mb (you should actually have no more than 10Mb/s at 100Mb interface) are used by the carrying protocol itself. That somehow "though the protocol itself allows" but "for the sake of connectivity" the maximum size of the packet is set to 64?. Which is not surprising as far as Microsoft goes. I'm sure people around here might provide you with some data about SAMBA efficiency, but just remembering what a big difference 1000Mb Ethernet produces over 100Mb as far as SAMBA is concerned - well my best guess it's not more that 80% of all traffic. 20% goes for protocol support. SH> hit the 11MB/s I see via FTP. Interestingly, if I launch a file copy with the SH> source file being on one smb share on the server, and the destination being SH> another smb share (separate filesystem) on the server, the combined throughput SH> is also 8MB/s, 4 up and 4 down, which is very strange as this should be two SH> distinct streams. I can copy files between the Win2K and WinXP machines at just SH> over 10MB/s in a single stream and max out the 11MB/s with two streams. -- www.rol.ru Best regards, Igor mailto:sprog at online.ru From sprog at online.ru Thu Jan 21 17:24:19 2010 From: sprog at online.ru (Igor) Date: Fri, 22 Jan 2010 03:24:19 +0300 Subject: [Samba] Samba behind NAT In-Reply-To: <4A09477D575C2C4B86497161427DD94C149ED523F1@city-exchange07> References: <1693463358.20100122002956@online.ru> <4A09477D575C2C4B86497161427DD94C149ED523F1@city-exchange07> Message-ID: <1774946511.20100122032419@online.ru> Hello James, Friday, January 22, 2010, 1:11:12 AM, you wrote: You're right, I messed it up, that was causing the problem in the first place. Now all the Windows XP machines outside of the network are able to connect to samba server using both \\HOSTNAME and \\IP. But Windows 2003 server is still only able to use \\IP. :-), but I will figure it out. Many thanks! >> #samba >> $IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d >> $INET_IP -m multiport --dports 137,138 -j DNAT >> --to-destination $FILESERV >> $IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d >> $INET_IP -m multiport --dports 139,145 -j DNAT >> --to-destination $FILESERV >> >> #samba >> $IPT -A FORWARD -p udp -m state --state NEW -i $INET_IFACE >> -d $FILESERV -m multiport --dports 137,138 -j ACCEPT >> $IPT -A FORWARD -p tcp -m state --state NEW -i $INET_IFACE >> -d $FILESERV -m multiport --dports 139,145 -j ACCEPT >> JZ> Also, JZ> Is port 145 in your ruleset a typo? JZ> Try changing that to port 445. JZ> James Zuelow JZ> Network Specialist JZ> City and Borough of Juneau MIS (907)586-0236 -- www.rol.ru Best regards, Igor mailto:sprog at online.ru From sprog at online.ru Thu Jan 21 17:43:22 2010 From: sprog at online.ru (Igor) Date: Fri, 22 Jan 2010 03:43:22 +0300 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B58E2B1.9000907@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> Message-ID: <1997159877.20100122034322@online.ru> Hello Stan, Friday, January 22, 2010, 2:26:41 AM, you wrote: Check it out, I found it with google: http://oreilly.com/catalog/samba/chapter/book/appb.pdf You see "out of the box" there is about 20% difference between SMB and FTP performance which corresponds with your experience. SH> Hello fellow Samba users and devs. This is my first post. I've searched SH> documentation far and wide for Windows, Linux, and Samba, and have not been able SH> to shed any light on this issue. SH> I can't get more than 8MB/s during a single file copy stream out of my Samba SH> server over my 100FDX switched network either from Win2K or WinXP (I don't have SH> a *nix client to test with). The network is idle during testing. Via FTP on SH> these Win machines to/from the same filesystem (100GB XFS) as the Samba share I SH> consistently get just a shade over 11MB/s. However, if I launch two SH> simultaneous file copy streams from Windows Explorer or from the command line, I SH> hit the 11MB/s I see via FTP. Interestingly, if I launch a file copy with the SH> source file being on one smb share on the server, and the destination being SH> another smb share (separate filesystem) on the server, the combined throughput SH> is also 8MB/s, 4 up and 4 down, which is very strange as this should be two SH> distinct streams. I can copy files between the Win2K and WinXP machines at just SH> over 10MB/s in a single stream and max out the 11MB/s with two streams. SH> I've tweaked every relevant Windows registry setting I can identify, and I've SH> tried all combination of the following smb.conf settings with various buffer sizes SH> max xmit = 65535 SH> socket options = TCP_NODELAY SH> socket options = SO_SNDBUF=262144 SO_RCVBUF=262144 SH> socket options = IPTOS_LOWDELAY SH> and none of these tweaks make a difference. Still only 8MB/s with a single stream. SH> I've eliminated the network hardware and any CPU/mem/disk bottlenecks on the SH> server and workstations as possible causes. The machines are all much more SH> powerful than the minimums required to fully saturate a 100FDX network. SH> I don't know if the problem lies with the Windows clients or with smbd. The one SH> thing that is certain is that this is a single stream performance issue. SH> Launching multiple copy streams maxes the network just as FTP does. Why is SH> 3MB/s of free bandwidth being left on the table for single stream operations to SH> from smbd? SH> Any/all hints comments are welcome. I've burned many hours on trying to figure SH> this out to no avail, and if I had any hair I'm sure I'd have pulled much of it SH> out troubleshooting this. ;) I'd really like to max out that single stream SH> performance. SH> Thanks. SH> -- SH> Stan -- www.rol.ru Best regards, Igor mailto:sprog at online.ru From joe at pyx.ch Thu Jan 21 17:21:46 2010 From: joe at pyx.ch (Joe Ammann) Date: Fri, 22 Jan 2010 01:21:46 +0100 Subject: [Samba] readline/termcap problems compiling Samba 3.5.0rc1 on CentOS 5.4 64-bit Message-ID: <201001220121.46172.joe@pyx.ch> Hi all When I try to compile 3.5.0rc1 on CentOS 5.4, I get the seemingly well know problem below Linking bin/smbclient /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `tgetnum' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `tgetent' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `tgetstr' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `tgoto' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `UP' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `BC' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `tputs' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `PC' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `tgetflag' collect2: ld returned 1 exit status make: *** [bin/smbclient] Error 1 I googled and read quite a bit, all links seem to suggest that either a missing readline-devel and/or ncurses-devel might be the cuplrit. Now, I think I got everything installed: # rpm -qa --queryformat '%{name}\t%{version}\t%{arch}\n' | egrep '(readline|curses|termcap)' | sort libtermcap 2.0.8 i386 libtermcap 2.0.8 x86_64 libtermcap-devel 2.0.8 i386 libtermcap-devel 2.0.8 x86_64 ncurses 5.5 i386 ncurses 5.5 x86_64 ncurses-devel 5.5 i386 ncurses-devel 5.5 x86_64 readline 5.1 i386 readline 5.1 x86_64 readline-devel 5.1 i386 readline-devel 5.1 x86_64 termcap 5.5 noarch A little testprogram fails with the same error, if I do # gcc -o tt tt.c -lreadline /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: undefined reference to `PC' ... But succeeds if I either add -lcurses/-ltermcap or the linker flags that Samba uses gcc -o tt tt.c -Wl,-z,relro -Wl,--as-needed -Wl,--export-dynamic -lreadline I checked the Makefile and config.log, it correctly determined the linker flags to be TERMLIBS=-lreadline -ltermcap but still, I can't get rid of the above error. I'm a bit lost, any hints? -- CU, Joe From stan at hardwarefreak.com Thu Jan 21 19:58:05 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 21 Jan 2010 20:58:05 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <9210629800.20100122030444@online.ru> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> Message-ID: <4B59143D.9060904@hardwarefreak.com> Igor put forth on 1/21/2010 6:04 PM: > Hello Stan, Hello Igor, > I don't find it strange at all. Your computer is acting as a traffic > proxy between two samba servers. If you have 100Mb network interface > your bandwidth should split exactly in two. Which should be 5.5MB/s instead of 4MB/s for each stream. I included this example for comparison, as an additional data point. It is not the thrust of my post, merely supporting data, as this should in theory be _two_ streams. > FTP is a different protocol. You might find the answer if you look at > the percentage the carrying protocol like SAMBA consumes out of the > traffic to support protocol integrity. You may find out that the rest 2Mb > (you should actually have no more than 10Mb/s at 100Mb interface) are > used by the carrying protocol itself. That somehow "though the protocol > itself allows" but "for the sake of connectivity" the maximum size of > the packet is set to 64?. Which is not surprising as far as Microsoft goes. I don't think you read my post thoroughly, or possibly I didn't state my case thoroughly or eloquently. _Two_ concurrent Windows file copy streams to/from the Samba share peak iftop at 92Mb/s. A single FTP get/put to the same share filesystem peaks iftop at 92Mb/s. A _single_ Windows file copy peaks iftop at 65Mb/s. I've performed these tests over 10 times with the same results. Why will _one_ Windows file copy stream to/from the Samba share not peak the interface? Why do _two_ concurrent streams peak the interface but not _one_? > I'm sure people around here might provide you with some data > about SAMBA efficiency, but just remembering what a big difference > 1000Mb Ethernet produces over 100Mb as far as SAMBA is concerned - > well my best guess it's not more that 80% of all traffic. 20% goes > for protocol support. Protocol efficiency doesn't even come into play here AFAICT. A single stream should easily max a 100Mbit pipe. I'm only able to max the pipe using two or more concurrent streams from the same host. One stream won't do it. I don't know if the problem is with Windows or with Samba, but I'd sure like to find out and fix it. My testing has eliminated both operating systems, their storage, and the raw network performance as degrading factors. The only thing left if the SMB/CFS engines on both systems, which seem to have no trouble at all clogging the pipe with multiple streams, but run along lazily at 65% of peak when only one stream is present. -- Stan From learner.study at gmail.com Thu Jan 21 22:55:30 2010 From: learner.study at gmail.com (Learner Study) Date: Fri, 22 Jan 2010 00:55:30 -0500 Subject: [Samba] Fwd: samba 3.0.25 with Windows 7 or Vista In-Reply-To: <387ee2021001210611n190244bdp6557ff201393782c@mail.gmail.com> References: <7efa8a7d1001202042y6a4f4239x9f3ba6ef40c36a60@mail.gmail.com> <387ee2021001202049o3b498c7ck73d55752999d09c6@mail.gmail.com> <31539a7b1001210554g756337dwb31341c52f580b7a@mail.gmail.com> <387ee2021001210611n190244bdp6557ff201393782c@mail.gmail.com> Message-ID: <7efa8a7d1001212155y5f965257je0092f455a2a631d@mail.gmail.com> Hi John: Which would be easiest way to upgrade from 3.0.25? 3.3.x or 3.4.x? Thanks a lot! On Thu, Jan 21, 2010 at 9:11 AM, John Drescher wrote: > ---------- Forwarded message ---------- > From: Eliel Oliveira > Date: Thu, Jan 21, 2010 at 8:54 AM > Subject: Re: [Samba] samba 3.0.25 with Windows 7 or Vista > To: John Drescher > > > Are you using it as PDC ? > The suport for Win 7 had been added in versions 3.3.X and 3.4.X > improving the perfomance of the shares, and suport for domain. > its all on the release notes. > just take a look at > > regards > -- > To unsubscribe from this list go to the following URL and read the > instructions: ?https://lists.samba.org/mailman/options/samba > From drescherjm at gmail.com Thu Jan 21 23:05:35 2010 From: drescherjm at gmail.com (John Drescher) Date: Fri, 22 Jan 2010 01:05:35 -0500 Subject: [Samba] Fwd: samba 3.0.25 with Windows 7 or Vista In-Reply-To: <7efa8a7d1001212155y5f965257je0092f455a2a631d@mail.gmail.com> References: <7efa8a7d1001202042y6a4f4239x9f3ba6ef40c36a60@mail.gmail.com> <387ee2021001202049o3b498c7ck73d55752999d09c6@mail.gmail.com> <31539a7b1001210554g756337dwb31341c52f580b7a@mail.gmail.com> <387ee2021001210611n190244bdp6557ff201393782c@mail.gmail.com> <7efa8a7d1001212155y5f965257je0092f455a2a631d@mail.gmail.com> Message-ID: <387ee2021001212205v13e9fba9v30501866e5f88bb9@mail.gmail.com> > Which would be easiest way to upgrade from 3.0.25? 3.3.x or 3.4.x? > I would go to 3.4.x if you can find packages for whatever distribution you are using. If they are not in you may be able to get then in sernet. http://enterprisesamba.org/index.php?id=125 Look in the experimental section. http://ftp.sernet.de/pub/samba/experimental/ John From linuxbox at wavenet.at Thu Jan 21 23:54:00 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Fri, 22 Jan 2010 07:54:00 +0100 Subject: [Samba] Samba 3.4.4 & Windows 7 offline folders In-Reply-To: <20100121224232.GA8640@jeremy-laptop> References: <4B54C8A0.7080701@wavenet.at> <20100118223037.GA5569@jeremy-laptop> <4B580928.5020107@wavenet.at> <201001211950.53591.nf-vale@critical-links.com> <20100121224232.GA8640@jeremy-laptop> Message-ID: <4B594B88.2060104@wavenet.at> Am 2010-01-21 23:42, schrieb Jeremy Allison: > On Thu, Jan 21, 2010 at 07:50:53PM +0000, nf-vale wrote: > >> Is this issue only related with Windows 7 clients or does it affect other >> Windows versions too (I'm using Samba 3.4.3 version)? >> > The offline files bug was only reported against > a specific version of Windows Vista, but I wouldn't > be surprised if it affected other versions too. > > Jeremy. > Hi to all! I can only tell report the issue on Windows 7 32 bit only. We don't use vista and Windows XP is still working without problems. As I told you - with 3.4.5 we didn't had any issues yet. regards Martin From Moray.Henderson at ict-software.org Fri Jan 22 04:18:57 2010 From: Moray.Henderson at ict-software.org (Moray Henderson) Date: Fri, 22 Jan 2010 11:18:57 +0000 Subject: [Samba] Tracking down rogue workgroup In-Reply-To: <20100121174041.GB16149@esri.com> References: <20100119224859.GA14169@esri.com> <000c01ca9a7d$5879b080$096d1180$@Henderson@ict-software.org> <20100121155809.GA13528@esri.com> <001601ca9ab4$e5852720$b08f7560$@Henderson@ict-software.org> <20100121165158.GA14488@esri.com> <001701ca9abd$b7c1fa80$2745ef80$@Henderson@ict-software.org> <20100121174041.GB16149@esri.com> Message-ID: <000501ca9b54$b1ca6530$155f2f90$@Henderson@ict-software.org> Ray Van Dolson wrote: >On Thu, Jan 21, 2010 at 09:18:13AM -0800, Moray Henderson wrote: >> Ray Van Dolson wrote: >> >> >This seems to be a decent way to tell right when the workgroup shows >> >> >up, but I don't think it helps us track down which IP address is >> >> >responsible for generating it, or helping us narrow down the subnet >> its >> >> >on even... (if I'm wrong, please correct me on that). >> >> > >> >> >Right now we're sifting through traffic to the domain controller >> >> >looking for announcement packets including the workgroup name, and, >> >> >presumably an IP of a Local Master Browser or subnet... >> >> > >> >> >Ray >> >> >> >> It should do. The nmblookup command should return an IP address; if >> you >> >> add a -S option as well it should give you the node status: >> >> >> >> $ nmblookup -M MSHOME -S >> >> querying MSHOME on 66.255.255.255 >> >> 66.102.9.104 MSHOME<1d> >> >> Looking up status of 66.102.9.104 >> >> MEDIACENTER <00> - B >> >> MEDIACENTER <03> - B >> >> MEDIACENTER <20> - B >> >> ..__MSBROWSE__. <01> - B >> >> MSHOME <1d> - B >> >> MSHOME <1e> - B >> >> MSHOME <00> - B >> >> >> >> MAC Address = 00-00-00-00-00-00 >> > >> >Well, will give it a try. A tcpdump seems to indicate that when I run >> >the above command, my workstation is merely sending out a Name query >> >broadcast on my local subnet for the workgroup in question. >> > >> >Does this query (it does appear to have the recursion bit set) >> >propagate to other subnets via the local master browsers or DC's >> >(assuming my packet reaches them)? >> > >> >Just curious... >> > >> >Thanks! >> >Ray >> >> I'm not sure exactly how it propagates, but if you run it on a subnet >> that can see the rogue workgroup you ought to get an answer. > >Unfortunately, Linux clients can't see it (at least not with nbmlookup >-M -- -), but Windows clients can. The Windows clients emit a unicast >LANMAN NetServerEnum2 request to their browse master, and the browse >master returns a response with a list of workgroups many of which are >not on the local subnet... > >It's not clear to me if the browse master is getting the out of subnet >workgroups in its list from the domain browser (or domain controller, >whatever), or elsewhere... > >Right now we're going to set up a port span on our domain controller >and look for workgroup announcement messages or WINS updates containing >the workgroup name from local master browsers.... > >Good times :) nmblookup can use a unicast query too, with the -U option: -U Do a unicast query to the specified address or host unicast address. This option (along with the -R option) is needed to query a WINS server. Moray. "To err is human.? To purr, feline" From fluca1978 at infinito.it Fri Jan 22 04:52:12 2010 From: fluca1978 at infinito.it (Luca Ferrari) Date: Fri, 22 Jan 2010 12:52:12 +0100 Subject: [Samba] windows 7 share and smbclient Message-ID: <201001221252.12768.fluca1978@infinito.it> Hi, I've tested that samba (smbclient 3.4) cannot connect to a windows 7 share but however it is possible to mount such share with smbmount. When I try to connect specifying username and password I got a success but nothing happens: smbclient //s28/backupinfook -U backup Enter backup's password: session setup failed: SUCCESS - 0 while from another windows machine I can connect to the share. When I mount the share with smbmount I can browse its content. So there is something working different between an smbmount and an smbclient. What can I do if I don't want to mount the share? Thanks, Luca From Dave.Wagg at financialinx.com Fri Jan 22 06:50:40 2010 From: Dave.Wagg at financialinx.com (Wagg, Dave) Date: Fri, 22 Jan 2010 08:50:40 -0500 Subject: [Samba] Samba 2.2.7 Message-ID: Hi, When we first installed SAMBA on our IBM AIX 5.3 server, we created 6 shares. For some reason we have discovered that to access a Samba share we always had to assign one share ahead of all others to a user for that user to gain access. ( i.e. If a user requires access to the "extracts" share, we have to assign the "reports" share first in the user login, and then assign the "extracts" share to gain access to the "extracts" share. We always have to assign the "reports" share first for everyone that will be using SAMBA) Any ideas what we have done wrong in the setup? Thanks Dave From w.jojo at hvcc.edu Fri Jan 22 07:41:35 2010 From: w.jojo at hvcc.edu (William Jojo) Date: Fri, 22 Jan 2010 09:41:35 -0500 Subject: [Samba] Samba 2.2.7 In-Reply-To: References: Message-ID: <4B59B91F.90608@hvcc.edu> Wagg, Dave wrote: > Hi, > > When we first installed SAMBA on our IBM AIX 5.3 server, we created 6 > shares. For some reason we have discovered that to access a Samba share > we always had to assign one share ahead of all others to a user for that > user to gain access. ( i.e. If a user requires access to the "extracts" > share, we have to assign the "reports" share first in the user login, > and then assign the "extracts" share to gain access to the "extracts" > share. We always have to assign the "reports" share first for everyone > that will be using SAMBA) > > Hi Dave, Version 2.2.7 is very old. Is this the IBM provided version from the AIX toolbox? You may want to consider: http://pware.hvcc.edu/downloads.html and download something more recent in the 3.3 (3.3.10) or 3.4 (3.4.5) series. Also, it is helpful to include your smb.conf (minus any security related stuff) so we can view your setup and offer advice. Cheers, Bill > Any ideas what we have done wrong in the setup? > > Thanks > Dave > > From Dave.Wagg at financialinx.com Fri Jan 22 08:38:59 2010 From: Dave.Wagg at financialinx.com (Wagg, Dave) Date: Fri, 22 Jan 2010 10:38:59 -0500 Subject: [Samba] Samba 2.2.7 In-Reply-To: <4B59B91F.90608@hvcc.edu> Message-ID: Hi Bill, Yes, I know it's old. I think at the time of the install, 2.2.7 was the current version. I think the IBM rep downloaded it from the SAMBA site and installed it. Here is my smb.conf file as it stands now. My SWAT output is below that. # Date: 2010/01/06 14:12:53 # Global parameters [global] workgroup = FLINX security = SHARE encrypt passwords = Yes min passwd length = 4 log file = /var/samba/log.%m max log size = 50 local master = No dns proxy = No wins support = Yes hosts allow = 99.999 999.99.99. [homes] comment = Home Directories read only = No create mask = 0750 browseable = No [extracts] comment = Extracts Access path = /opt/info/extracts/flinx username = smbextrt browseable = No [extracts_x] comment = Extracts access with update path = /opt/info/extracts/flinx username = smbappxs read only = No force create mode = 0664 force directory mode = 0775 browseable = No [user_input] comment = Users can drop files onto the server path = /opt/info/extracts/flinx/user_input username = smbinput read only = No force create mode = 0666 force directory mode = 0775 inherit permissions = Yes browseable = No [root_level] comment = User can view the whole system path = / username = smbrootl browseable = No [reports] comment = reports directory path = /opt/info/extracts/flinx/reports username = smbrprts browseable = No This is from SWAT: # Samba config file created using SWAT # from # Date: 2010/01/22 10:08:27 # Global parameters [global] coding system = client code page = 850 code page directory = /etc/codepages workgroup = FLINX netbios name = netbios aliases = netbios scope = server string = Samba 2.2.7 interfaces = bind interfaces only = No security = SHARE encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 4 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 10000 name cache timeout = 660 read size = 16384 socket options = TCP_NODELAY stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/qconfig disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = Auto local master = No domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/locks/samba pid directory = /var/run default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 NIS homedir = No source environment = panic action = hide local users = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = 00 inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow = 99.99. 999.99.99. hosts deny = status = Yes nt acl support = Yes profile acls = No block size = 1024 max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = aix print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = use client driver = No default devmode = No printer driver = printer driver file = /etc/printers.def printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes hide unreadable = No delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes csc policy = manual fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = No share modes = Yes copy = include = exec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filemode = No dos filetimes = No dos filetime resolution = No fake directory create times = No vfs object = vfs options = [homes] comment = Home Directories read only = No create mask = 0750 browseable = No [extracts] comment = Extracts Access path = /opt/info/extracts/flinx username = smbextrt browseable = No [extracts_x] comment = Extracts access with update path = /opt/info/extracts/flinx username = smbappxs read only = No force create mode = 0664 force directory mode = 0775 browseable = No [user_input] comment = Users can drop files onto the server path = /opt/info/extracts/flinx/user_input username = smbinput read only = No force create mode = 0666 force directory mode = 0775 inherit permissions = Yes browseable = No [root_level] comment = User can view the whole system path = / username = smbrootl browseable = No [reports] comment = reports directory path = /opt/info/extracts/flinx/reports username = smbrprts browseable = No Dave -----Original Message----- From: William Jojo [mailto:w.jojo at hvcc.edu] Sent: Friday, January 22, 2010 9:42 AM To: Wagg, Dave Cc: samba at lists.samba.org Subject: Re: [Samba] Samba 2.2.7 Wagg, Dave wrote: > Hi, > > When we first installed SAMBA on our IBM AIX 5.3 server, we created 6 > shares. For some reason we have discovered that to access a Samba > share we always had to assign one share ahead of all others to a user > for that user to gain access. ( i.e. If a user requires access to the > "extracts" share, we have to assign the "reports" share first in the > user login, and then assign the "extracts" share to gain access to the > "extracts" share. We always have to assign the "reports" share first > for everyone that will be using SAMBA) > > Hi Dave, Version 2.2.7 is very old. Is this the IBM provided version from the AIX toolbox? You may want to consider: http://pware.hvcc.edu/downloads.html and download something more recent in the 3.3 (3.3.10) or 3.4 (3.4.5) series. Also, it is helpful to include your smb.conf (minus any security related stuff) so we can view your setup and offer advice. Cheers, Bill > Any ideas what we have done wrong in the setup? > > Thanks > Dave > > From Volker.Lendecke at SerNet.DE Fri Jan 22 08:42:58 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Fri, 22 Jan 2010 16:42:58 +0100 Subject: [Samba] Samba 2.2.7 In-Reply-To: References: <4B59B91F.90608@hvcc.edu> Message-ID: On Fri, Jan 22, 2010 at 10:38:59AM -0500, Wagg, Dave wrote: > # Global parameters > [global] > workgroup = FLINX > security = SHARE security=share is most definitely your problem. You should switch to security=user and provide smbpasswd for every user. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From Dave.Wagg at financialinx.com Fri Jan 22 08:54:05 2010 From: Dave.Wagg at financialinx.com (Wagg, Dave) Date: Fri, 22 Jan 2010 10:54:05 -0500 Subject: [Samba] Samba 2.2.7 In-Reply-To: Message-ID: Hi Volker, Thanks for the info!! Do I have to stop and start Samba for this change to take effect? I made the change thru SWAT and committed the change. Dave -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Sent: Friday, January 22, 2010 10:43 AM To: Wagg, Dave Cc: samba at lists.samba.org Subject: Re: [Samba] Samba 2.2.7 On Fri, Jan 22, 2010 at 10:38:59AM -0500, Wagg, Dave wrote: > # Global parameters > [global] > workgroup = FLINX > security = SHARE security=share is most definitely your problem. You should switch to security=user and provide smbpasswd for every user. Volker From Volker.Lendecke at SerNet.DE Fri Jan 22 08:58:24 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Fri, 22 Jan 2010 16:58:24 +0100 Subject: [Samba] Samba 2.2.7 In-Reply-To: References: Message-ID: On Fri, Jan 22, 2010 at 10:54:05AM -0500, Wagg, Dave wrote: > Hi Volker, > > Thanks for the info!! > > Do I have to stop and start Samba for this change to take effect? I > made the change thru SWAT and committed the change. Yes, a restart is required, and you have to provide passwords for all the users. Please make sure that you do understand the difference between SHARE and USER security, this is a significant change. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From nf-vale at critical-links.com Fri Jan 22 09:52:14 2010 From: nf-vale at critical-links.com (nf-vale) Date: Fri, 22 Jan 2010 16:52:14 +0000 Subject: [Samba] Samba 3.4.4 & Windows 7 offline folders In-Reply-To: <4B594B88.2060104@wavenet.at> References: <4B54C8A0.7080701@wavenet.at> <20100121224232.GA8640@jeremy-laptop> <4B594B88.2060104@wavenet.at> Message-ID: <201001221652.15064.nf-vale@critical-links.com> Just to let you know, I tested this feature with a Windows 7 Ultimate 32 bits and samba 3.4.3 and didn't found any problems :) Nelson Vale On Friday 22 January 2010 06:54:00 Martin Hochreiter wrote: > Am 2010-01-21 23:42, schrieb Jeremy Allison: > > On Thu, Jan 21, 2010 at 07:50:53PM +0000, nf-vale wrote: > >> Is this issue only related with Windows 7 clients or does it affect > >> other Windows versions too (I'm using Samba 3.4.3 version)? > > > > The offline files bug was only reported against > > a specific version of Windows Vista, but I wouldn't > > be surprised if it affected other versions too. > > > > Jeremy. > > Hi to all! > > I can only tell report the issue on Windows 7 32 bit only. We don't use > vista and > Windows XP is still working without problems. > > As I told you - with 3.4.5 we didn't had any issues yet. > > regards > Martin > From akulov-aa at ya.ru Fri Jan 22 07:24:54 2010 From: akulov-aa at ya.ru (=?koi8-r?B?4cvVzM/XIOHMxcvTxco=?=) Date: Fri, 22 Jan 2010 17:24:54 +0300 Subject: [Samba] Samba (problem with "password server = 192.168.0.20 192.168.0.30" line in smb.conf) Message-ID: <154311264170294@webmail24.yandex.ru> Hello, dear developers! We have the several problems with interaction between our Linux and Windows servers. Description of problem: There are three servers in our network: 1). Red Hat Enterprise Linux 5.2 (64-bit) with shared folders for users of network (192.168.0.10); 2). Windows Server 2003 R2 (primary domain controller of AD) (192.168.0.20); 3). Windows Server 2003 R2 (secondary domain controller of AD) (192.168.0.30); Configuration of /etc/samba/smb.conf-file: -------------------------------------------------------------- [global] workgroup = AAA server string = srv-db netbios name = srv-db hosts allow = 192.168.0. security = server password server = 192.168.0.20 192.168.0.30 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 .... --------------------------------------------------------------- When both of Windows domain controllers work successfully Samba-service on RHEL-server work good. If 192.168.0.30 (second server in configuration-file) is failed - Samba-service work good, but when 192.168.0.20 (first server in configuration-file) is failed then the shared directories on RHEL-server will be unavailable for users. There is information in Samba documentation that a "password server" line may be with several servers names or ips. Couldn't you help us with this problem. Thanks very much. Alex. From jon at campbellsci.com Fri Jan 22 10:00:22 2010 From: jon at campbellsci.com (Jon Trauntvein) Date: Fri, 22 Jan 2010 10:00:22 -0700 Subject: [Samba] write list for share is ignored Message-ID: <4B59D9A6.1060903@campbellsci.com> I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The old server had samba version 3.0.11 installed while the newer has samba version 3.0.33 installed. The following file is a simplified version of my smb.conf file: [global] debug level = 5 security = domain workgroup = CSI-INTRANET auth methods = guest, sam, winbind server string = Software Engineering Workgroup Server load printers = yes guest account = nobody log file = /var/log/samba/log.%m max log size = 1024 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no map to guest = bad user winbind separator = \\ idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes [cora] available = yes browseable = yes path = /home/group/cora public = yes guest ok = yes read only = yes write list = @cora force create mode = 0775 As can be seen here, I am using domain based security. With this configuration, my windows XP based machine can connect to the share and can access the files and directories on that share. However, any attempt to add a file or directory gets rebuffed with an access denied. The following is the log from my windows machine's attempt to create a new directory: [2010/01/21 14:27:18, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [CSI-INTRANET]\[jon] from workstation [JON-TRAUNTVEIN] [2010/01/21 14:27:18, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for jon (jon) [2010/01/21 14:27:18, 5] auth/auth_util.c:make_user_info(85) making strings for jon's user_info struct [2010/01/21 14:27:18, 5] auth/auth_util.c:make_user_info(117) making blobs for jon's user_info struct [2010/01/21 14:27:18, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [CSI-INTRANET]\[jon]@[JON-TRAUNTVEIN] with the new password interface [2010/01/21 14:27:18, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [CSI-INTRANET]\[jon]@[JON-TRAUNTVEIN] [2010/01/21 14:27:18, 5] lib/util.c:dump_data(2286) [000] 9C 2D F7 AE 9B AF DD 65 .-.....e [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Finding user CSI-INTRANET\jon [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is csi-intranet\jon [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(83) Trying _Get_Pwnam(), username as given is CSI-INTRANET\jon [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is CSI-INTRANET\JON [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in csi-intranet\jon [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [CSI-INTRANET\jon]! [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user jon [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is jon [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [jon]! [2010/01/21 14:27:18, 5] auth/auth_util.c:fill_sam_account(1744) fill_sam_account: located username was [jon] [2010/01/21 14:27:18, 4] lib/substitute.c:automount_server(407) Home server: engsoft [2010/01/21 14:27:18, 4] lib/substitute.c:automount_server(407) Home server: engsoft [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10006 in cache -> S-1-5-21-744383988-1260094714-854289474-513 [2010/01/21 14:27:18, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: winbind authentication for user [jon] succeeded [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [jon] succeeded [2010/01/21 14:27:18, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [jon] -> [jon] -> [jon] succeeded [2010/01/21 14:27:18, 5] auth/auth_util.c:free_user_info(2108) attempting to free (and zero) a user_info structure [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1107) fetch gid from cache 10000 -> S-1-5-32-544 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1107) fetch gid from cache 10001 -> S-1-5-32-545 [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1228] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1529] [2010/01/21 14:27:18, 5] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-2217] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1518] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1850] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3905] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1389] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3910] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3784] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3843] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3816] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3912] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4618] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3889] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1390] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3684] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4692] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1382] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3863] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4625] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1531] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-513] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3887] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1871] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3886] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4709] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3734] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4708] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4652] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1523] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3797] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3724] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1549] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4148] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3862] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3775] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3908] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1530] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3646] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1536] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3845] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1532] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3847] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3876] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3874] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1378] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1712] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1391] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3817] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1864] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4149] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-4036] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3781] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3888] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1554] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1393] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3834] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-1547] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3632] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-744383988-1260094714-854289474-3658] [2010/01/21 14:27:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-545] [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10007 in cache -> S-1-5-21-744383988-1260094714-854289474-1529 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10008 in cache -> S-1-5-21-744383988-1260094714-854289474-2217 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10071 in cache -> S-1-5-21-744383988-1260094714-854289474-1518 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10009 in cache -> S-1-5-21-744383988-1260094714-854289474-1850 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10011 in cache -> S-1-5-21-744383988-1260094714-854289474-3905 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10012 in cache -> S-1-5-21-744383988-1260094714-854289474-1389 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10013 in cache -> S-1-5-21-744383988-1260094714-854289474-3910 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10014 in cache -> S-1-5-21-744383988-1260094714-854289474-3784 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10015 in cache -> S-1-5-21-744383988-1260094714-854289474-3843 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10016 in cache -> S-1-5-21-744383988-1260094714-854289474-3816 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10017 in cache -> S-1-5-21-744383988-1260094714-854289474-3912 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10018 in cache -> S-1-5-21-744383988-1260094714-854289474-4618 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10019 in cache -> S-1-5-21-744383988-1260094714-854289474-3889 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10072 in cache -> S-1-5-21-744383988-1260094714-854289474-1390 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10020 in cache -> S-1-5-21-744383988-1260094714-854289474-3684 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10021 in cache -> S-1-5-21-744383988-1260094714-854289474-4692 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10022 in cache -> S-1-5-21-744383988-1260094714-854289474-1382 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10062 in cache -> S-1-5-21-744383988-1260094714-854289474-3863 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10024 in cache -> S-1-5-21-744383988-1260094714-854289474-4625 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10059 in cache -> S-1-5-21-744383988-1260094714-854289474-1531 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1107) fetch gid from cache 10006 -> S-1-5-21-744383988-1260094714-854289474-513 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10025 in cache -> S-1-5-21-744383988-1260094714-854289474-3887 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10073 in cache -> S-1-5-21-744383988-1260094714-854289474-1871 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10026 in cache -> S-1-5-21-744383988-1260094714-854289474-3886 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10027 in cache -> S-1-5-21-744383988-1260094714-854289474-4709 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10028 in cache -> S-1-5-21-744383988-1260094714-854289474-3734 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10029 in cache -> S-1-5-21-744383988-1260094714-854289474-4708 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10074 in cache -> S-1-5-21-744383988-1260094714-854289474-4652 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10075 in cache -> S-1-5-21-744383988-1260094714-854289474-1523 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10031 in cache -> S-1-5-21-744383988-1260094714-854289474-3797 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10032 in cache -> S-1-5-21-744383988-1260094714-854289474-3724 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10033 in cache -> S-1-5-21-744383988-1260094714-854289474-1549 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10034 in cache -> S-1-5-21-744383988-1260094714-854289474-4148 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10035 in cache -> S-1-5-21-744383988-1260094714-854289474-3862 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10036 in cache -> S-1-5-21-744383988-1260094714-854289474-3775 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10037 in cache -> S-1-5-21-744383988-1260094714-854289474-3908 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10076 in cache -> S-1-5-21-744383988-1260094714-854289474-1530 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10038 in cache -> S-1-5-21-744383988-1260094714-854289474-3646 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10039 in cache -> S-1-5-21-744383988-1260094714-854289474-1536 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10040 in cache -> S-1-5-21-744383988-1260094714-854289474-3845 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10041 in cache -> S-1-5-21-744383988-1260094714-854289474-1532 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10042 in cache -> S-1-5-21-744383988-1260094714-854289474-3847 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10043 in cache -> S-1-5-21-744383988-1260094714-854289474-3876 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10044 in cache -> S-1-5-21-744383988-1260094714-854289474-3874 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10077 in cache -> S-1-5-21-744383988-1260094714-854289474-1378 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10046 in cache -> S-1-5-21-744383988-1260094714-854289474-1712 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10078 in cache -> S-1-5-21-744383988-1260094714-854289474-1391 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10048 in cache -> S-1-5-21-744383988-1260094714-854289474-3817 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10079 in cache -> S-1-5-21-744383988-1260094714-854289474-1864 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10049 in cache -> S-1-5-21-744383988-1260094714-854289474-4149 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10050 in cache -> S-1-5-21-744383988-1260094714-854289474-4036 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10052 in cache -> S-1-5-21-744383988-1260094714-854289474-3781 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10053 in cache -> S-1-5-21-744383988-1260094714-854289474-3888 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10054 in cache -> S-1-5-21-744383988-1260094714-854289474-1554 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10080 in cache -> S-1-5-21-744383988-1260094714-854289474-1393 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10055 in cache -> S-1-5-21-744383988-1260094714-854289474-3834 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10069 in cache -> S-1-5-21-744383988-1260094714-854289474-1547 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10056 in cache -> S-1-5-21-744383988-1260094714-854289474-3632 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1151) store_gid_sid_cache: gid 10057 in cache -> S-1-5-21-744383988-1260094714-854289474-3658 [2010/01/21 14:27:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1107) fetch gid from cache 10001 -> S-1-5-32-545 [2010/01/21 14:27:18, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2010/01/21 14:27:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2010/01/21 14:27:18, 3] smbd/password.c:register_vuid(304) User name: jon Real name: [2010/01/21 14:27:18, 3] smbd/password.c:register_vuid(325) UNIX uid 500 is UNIX user jon, and will be vuid 101 [2010/01/21 14:27:18, 3] smbd/password.c:register_vuid(356) Adding homes service for user 'jon' using home directory: '/home/jon' UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/21 14:27:18, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/01/21 14:27:18, 4] smbd/reply.c:reply_tcon_and_X(506) Client requested device type [?????] for share [CORA] [2010/01/21 14:27:18, 5] smbd/service.c:make_connection(1214) making a connection to 'normal' service cora [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user jon [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is jon [2010/01/21 14:27:18, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [jon]! [2010/01/21 14:27:18, 3] smbd/service.c:make_connection_snum(815) Connect path is '/home/group/cora' for service [cora] [2010/01/21 14:27:18, 4] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for cora [2010/01/21 14:27:18, 3] lib/util_seaccess.c:se_access_check(250) [2010/01/21 14:27:18, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-744383988-1260094714-854289474-1228 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1529 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-744383988-1260094714-854289474-2217 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1518 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1850 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3905 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1389 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3910 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3784 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3843 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3816 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3912 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4618 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3889 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1390 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3684 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4692 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1382 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3863 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4625 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1531 se_access_check: also S-1-5-21-744383988-1260094714-854289474-513 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3887 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1871 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3886 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4709 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3734 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4708 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4652 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1523 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3797 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3724 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1549 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4148 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3862 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3775 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3908 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1530 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3646 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1536 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3845 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1532 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3847 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3876 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3874 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1378 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1712 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1391 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3817 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1864 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4149 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4036 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3781 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3888 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1554 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1393 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3834 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1547 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3632 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3658 se_access_check: also S-1-5-32-545 [2010/01/21 14:27:18, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2010/01/21 14:27:18, 3] smbd/vfs.c:vfs_init_default(95) Initialising default vfs hooks [2010/01/21 14:27:18, 5] smbd/vfs.c:smb_register_vfs(85) Successfully added vfs backend '/[Default VFS]/' [2010/01/21 14:27:18, 5] smbd/vfs.c:smb_register_vfs(85) Successfully added vfs backend 'posixacl' [2010/01/21 14:27:18, 3] smbd/vfs.c:vfs_init_custom(128) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/vfs.c:vfs_init_custom(174) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2010/01/21 14:27:18, 5] smbd/connection.c:claim_connection(182) claiming cora 0 [2010/01/21 14:27:18, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid jon does not start with 'S-'. [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/21 14:27:18, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(585) getsmbfilepwent: end of file reached. [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 4] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for cora [2010/01/21 14:27:18, 3] lib/util_seaccess.c:se_access_check(250) [2010/01/21 14:27:18, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-744383988-1260094714-854289474-1228 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1529 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-744383988-1260094714-854289474-2217 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1518 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1850 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3905 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1389 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3910 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3784 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3843 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3816 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3912 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4618 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3889 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1390 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3684 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4692 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1382 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3863 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4625 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1531 se_access_check: also S-1-5-21-744383988-1260094714-854289474-513 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3887 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1871 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3886 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4709 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3734 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4708 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4652 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1523 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3797 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3724 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1549 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4148 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3862 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3775 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3908 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1530 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3646 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1536 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3845 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1532 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3847 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3876 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3874 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1378 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1712 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1391 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3817 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1864 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4149 se_access_check: also S-1-5-21-744383988-1260094714-854289474-4036 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3781 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3888 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1554 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1393 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3834 se_access_check: also S-1-5-21-744383988-1260094714-854289474-1547 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3632 se_access_check: also S-1-5-21-744383988-1260094714-854289474-3658 se_access_check: also S-1-5-32-545 [2010/01/21 14:27:18, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (500, 501) - sec_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-744383988-1260094714-854289474-1228 contains 64 SIDs SID[ 0]: S-1-5-21-744383988-1260094714-854289474-1228 SID[ 1]: S-1-5-21-744383988-1260094714-854289474-1529 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-744383988-1260094714-854289474-2217 SID[ 6]: S-1-5-21-744383988-1260094714-854289474-1518 SID[ 7]: S-1-5-21-744383988-1260094714-854289474-1850 SID[ 8]: S-1-5-21-744383988-1260094714-854289474-3905 SID[ 9]: S-1-5-21-744383988-1260094714-854289474-1389 SID[ 10]: S-1-5-21-744383988-1260094714-854289474-3910 SID[ 11]: S-1-5-21-744383988-1260094714-854289474-3784 SID[ 12]: S-1-5-21-744383988-1260094714-854289474-3843 SID[ 13]: S-1-5-21-744383988-1260094714-854289474-3816 SID[ 14]: S-1-5-21-744383988-1260094714-854289474-3912 SID[ 15]: S-1-5-21-744383988-1260094714-854289474-4618 SID[ 16]: S-1-5-21-744383988-1260094714-854289474-3889 SID[ 17]: S-1-5-21-744383988-1260094714-854289474-1390 SID[ 18]: S-1-5-21-744383988-1260094714-854289474-3684 SID[ 19]: S-1-5-21-744383988-1260094714-854289474-4692 SID[ 20]: S-1-5-21-744383988-1260094714-854289474-1382 SID[ 21]: S-1-5-21-744383988-1260094714-854289474-3863 SID[ 22]: S-1-5-21-744383988-1260094714-854289474-4625 SID[ 23]: S-1-5-21-744383988-1260094714-854289474-1531 SID[ 24]: S-1-5-21-744383988-1260094714-854289474-513 SID[ 25]: S-1-5-21-744383988-1260094714-854289474-3887 SID[ 26]: S-1-5-21-744383988-1260094714-854289474-1871 SID[ 27]: S-1-5-21-744383988-1260094714-854289474-3886 SID[ 28]: S-1-5-21-744383988-1260094714-854289474-4709 SID[ 29]: S-1-5-21-744383988-1260094714-854289474-3734 SID[ 30]: S-1-5-21-744383988-1260094714-854289474-4708 SID[ 31]: S-1-5-21-744383988-1260094714-854289474-4652 SID[ 32]: S-1-5-21-744383988-1260094714-854289474-1523 SID[ 33]: S-1-5-21-744383988-1260094714-854289474-3797 SID[ 34]: S-1-5-21-744383988-1260094714-854289474-3724 SID[ 35]: S-1-5-21-744383988-1260094714-854289474-1549 SID[ 36]: S-1-5-21-744383988-1260094714-854289474-4148 SID[ 37]: S-1-5-21-744383988-1260094714-854289474-3862 SID[ 38]: S-1-5-21-744383988-1260094714-854289474-3775 SID[ 39]: S-1-5-21-744383988-1260094714-854289474-3908 SID[ 40]: S-1-5-21-744383988-1260094714-854289474-1530 SID[ 41]: S-1-5-21-744383988-1260094714-854289474-3646 SID[ 42]: S-1-5-21-744383988-1260094714-854289474-1536 SID[ 43]: S-1-5-21-744383988-1260094714-854289474-3845 SID[ 44]: S-1-5-21-744383988-1260094714-854289474-1532 SID[ 45]: S-1-5-21-744383988-1260094714-854289474-3847 SID[ 46]: S-1-5-21-744383988-1260094714-854289474-3876 SID[ 47]: S-1-5-21-744383988-1260094714-854289474-3874 SID[ 48]: S-1-5-21-744383988-1260094714-854289474-1378 SID[ 49]: S-1-5-21-744383988-1260094714-854289474-1712 SID[ 50]: S-1-5-21-744383988-1260094714-854289474-1391 SID[ 51]: S-1-5-21-744383988-1260094714-854289474-3817 SID[ 52]: S-1-5-21-744383988-1260094714-854289474-1864 SID[ 53]: S-1-5-21-744383988-1260094714-854289474-4149 SID[ 54]: S-1-5-21-744383988-1260094714-854289474-4036 SID[ 55]: S-1-5-21-744383988-1260094714-854289474-3781 SID[ 56]: S-1-5-21-744383988-1260094714-854289474-3888 SID[ 57]: S-1-5-21-744383988-1260094714-854289474-1554 SID[ 58]: S-1-5-21-744383988-1260094714-854289474-1393 SID[ 59]: S-1-5-21-744383988-1260094714-854289474-3834 SID[ 60]: S-1-5-21-744383988-1260094714-854289474-1547 SID[ 61]: S-1-5-21-744383988-1260094714-854289474-3632 SID[ 62]: S-1-5-21-744383988-1260094714-854289474-3658 SID[ 63]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 500 Primary group is 501 and contains 60 supplementary groups Group[ 0]: 10007 Group[ 1]: 10008 Group[ 2]: 10071 Group[ 3]: 10009 Group[ 4]: 10011 Group[ 5]: 10012 Group[ 6]: 10013 Group[ 7]: 10014 Group[ 8]: 10015 Group[ 9]: 10016 Group[ 10]: 10017 Group[ 11]: 10018 Group[ 12]: 10019 Group[ 13]: 10072 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10062 Group[ 18]: 10024 Group[ 19]: 10059 Group[ 20]: 10006 Group[ 21]: 10025 Group[ 22]: 10073 Group[ 23]: 10026 Group[ 24]: 10027 Group[ 25]: 10028 Group[ 26]: 10029 Group[ 27]: 10074 Group[ 28]: 10075 Group[ 29]: 10031 Group[ 30]: 10032 Group[ 31]: 10033 Group[ 32]: 10034 Group[ 33]: 10035 Group[ 34]: 10036 Group[ 35]: 10037 Group[ 36]: 10076 Group[ 37]: 10038 Group[ 38]: 10039 Group[ 39]: 10040 Group[ 40]: 10041 Group[ 41]: 10042 Group[ 42]: 10043 Group[ 43]: 10044 Group[ 44]: 10077 Group[ 45]: 10046 Group[ 46]: 10078 Group[ 47]: 10048 Group[ 48]: 10079 Group[ 49]: 10049 Group[ 50]: 10050 Group[ 51]: 10052 Group[ 52]: 10053 Group[ 53]: 10054 Group[ 54]: 10080 Group[ 55]: 10055 Group[ 56]: 10069 Group[ 57]: 10056 Group[ 58]: 10057 Group[ 59]: 10001 [2010/01/21 14:27:18, 5] smbd/uid.c:change_to_user(273) change_to_user uid=(500,500) gid=(0,501) [2010/01/21 14:27:18, 1] smbd/service.c:make_connection_snum(1042) jon-trauntvein (192.168.5.35) connect to service cora initially as user jon (uid=500, gid=501) (pid 3628) [2010/01/21 14:27:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/21 14:27:18, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/01/21 14:27:18, 3] smbd/reply.c:reply_tcon_and_X(574) tconX service=CORA [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-744383988-1260094714-854289474-1228 contains 64 SIDs SID[ 0]: S-1-5-21-744383988-1260094714-854289474-1228 SID[ 1]: S-1-5-21-744383988-1260094714-854289474-1529 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-744383988-1260094714-854289474-2217 SID[ 6]: S-1-5-21-744383988-1260094714-854289474-1518 SID[ 7]: S-1-5-21-744383988-1260094714-854289474-1850 SID[ 8]: S-1-5-21-744383988-1260094714-854289474-3905 SID[ 9]: S-1-5-21-744383988-1260094714-854289474-1389 SID[ 10]: S-1-5-21-744383988-1260094714-854289474-3910 SID[ 11]: S-1-5-21-744383988-1260094714-854289474-3784 SID[ 12]: S-1-5-21-744383988-1260094714-854289474-3843 SID[ 13]: S-1-5-21-744383988-1260094714-854289474-3816 SID[ 14]: S-1-5-21-744383988-1260094714-854289474-3912 SID[ 15]: S-1-5-21-744383988-1260094714-854289474-4618 SID[ 16]: S-1-5-21-744383988-1260094714-854289474-3889 SID[ 17]: S-1-5-21-744383988-1260094714-854289474-1390 SID[ 18]: S-1-5-21-744383988-1260094714-854289474-3684 SID[ 19]: S-1-5-21-744383988-1260094714-854289474-4692 SID[ 20]: S-1-5-21-744383988-1260094714-854289474-1382 SID[ 21]: S-1-5-21-744383988-1260094714-854289474-3863 SID[ 22]: S-1-5-21-744383988-1260094714-854289474-4625 SID[ 23]: S-1-5-21-744383988-1260094714-854289474-1531 SID[ 24]: S-1-5-21-744383988-1260094714-854289474-513 SID[ 25]: S-1-5-21-744383988-1260094714-854289474-3887 SID[ 26]: S-1-5-21-744383988-1260094714-854289474-1871 SID[ 27]: S-1-5-21-744383988-1260094714-854289474-3886 SID[ 28]: S-1-5-21-744383988-1260094714-854289474-4709 SID[ 29]: S-1-5-21-744383988-1260094714-854289474-3734 SID[ 30]: S-1-5-21-744383988-1260094714-854289474-4708 SID[ 31]: S-1-5-21-744383988-1260094714-854289474-4652 SID[ 32]: S-1-5-21-744383988-1260094714-854289474-1523 SID[ 33]: S-1-5-21-744383988-1260094714-854289474-3797 SID[ 34]: S-1-5-21-744383988-1260094714-854289474-3724 SID[ 35]: S-1-5-21-744383988-1260094714-854289474-1549 SID[ 36]: S-1-5-21-744383988-1260094714-854289474-4148 SID[ 37]: S-1-5-21-744383988-1260094714-854289474-3862 SID[ 38]: S-1-5-21-744383988-1260094714-854289474-3775 SID[ 39]: S-1-5-21-744383988-1260094714-854289474-3908 SID[ 40]: S-1-5-21-744383988-1260094714-854289474-1530 SID[ 41]: S-1-5-21-744383988-1260094714-854289474-3646 SID[ 42]: S-1-5-21-744383988-1260094714-854289474-1536 SID[ 43]: S-1-5-21-744383988-1260094714-854289474-3845 SID[ 44]: S-1-5-21-744383988-1260094714-854289474-1532 SID[ 45]: S-1-5-21-744383988-1260094714-854289474-3847 SID[ 46]: S-1-5-21-744383988-1260094714-854289474-3876 SID[ 47]: S-1-5-21-744383988-1260094714-854289474-3874 SID[ 48]: S-1-5-21-744383988-1260094714-854289474-1378 SID[ 49]: S-1-5-21-744383988-1260094714-854289474-1712 SID[ 50]: S-1-5-21-744383988-1260094714-854289474-1391 SID[ 51]: S-1-5-21-744383988-1260094714-854289474-3817 SID[ 52]: S-1-5-21-744383988-1260094714-854289474-1864 SID[ 53]: S-1-5-21-744383988-1260094714-854289474-4149 SID[ 54]: S-1-5-21-744383988-1260094714-854289474-4036 SID[ 55]: S-1-5-21-744383988-1260094714-854289474-3781 SID[ 56]: S-1-5-21-744383988-1260094714-854289474-3888 SID[ 57]: S-1-5-21-744383988-1260094714-854289474-1554 SID[ 58]: S-1-5-21-744383988-1260094714-854289474-1393 SID[ 59]: S-1-5-21-744383988-1260094714-854289474-3834 SID[ 60]: S-1-5-21-744383988-1260094714-854289474-1547 SID[ 61]: S-1-5-21-744383988-1260094714-854289474-3632 SID[ 62]: S-1-5-21-744383988-1260094714-854289474-3658 SID[ 63]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2010/01/21 14:27:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 500 Primary group is 501 and contains 60 supplementary groups Group[ 0]: 10007 Group[ 1]: 10008 Group[ 2]: 10071 Group[ 3]: 10009 Group[ 4]: 10011 Group[ 5]: 10012 Group[ 6]: 10013 Group[ 7]: 10014 Group[ 8]: 10015 Group[ 9]: 10016 Group[ 10]: 10017 Group[ 11]: 10018 Group[ 12]: 10019 Group[ 13]: 10072 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10062 Group[ 18]: 10024 Group[ 19]: 10059 Group[ 20]: 10006 Group[ 21]: 10025 Group[ 22]: 10073 Group[ 23]: 10026 Group[ 24]: 10027 Group[ 25]: 10028 Group[ 26]: 10029 Group[ 27]: 10074 Group[ 28]: 10075 Group[ 29]: 10031 Group[ 30]: 10032 Group[ 31]: 10033 Group[ 32]: 10034 Group[ 33]: 10035 Group[ 34]: 10036 Group[ 35]: 10037 Group[ 36]: 10076 Group[ 37]: 10038 Group[ 38]: 10039 Group[ 39]: 10040 Group[ 40]: 10041 Group[ 41]: 10042 Group[ 42]: 10043 Group[ 43]: 10044 Group[ 44]: 10077 Group[ 45]: 10046 Group[ 46]: 10078 Group[ 47]: 10048 Group[ 48]: 10079 Group[ 49]: 10049 Group[ 50]: 10050 Group[ 51]: 10052 Group[ 52]: 10053 Group[ 53]: 10054 Group[ 54]: 10080 Group[ 55]: 10055 Group[ 56]: 10069 Group[ 57]: 10056 Group[ 58]: 10057 Group[ 59]: 10001 [2010/01/21 14:27:18, 5] smbd/uid.c:change_to_user(273) change_to_user uid=(500,500) gid=(0,501) [2010/01/21 14:27:18, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /home/group/cora [2010/01/21 14:27:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(3304) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/01/21 14:27:18, 5] smbd/filename.c:unix_convert(147) unix_convert called on file "" [2010/01/21 14:27:18, 5] smbd/filename.c:unix_convert(176) conversion finished "" -> . [2010/01/21 14:27:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(3355) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2010/01/21 14:27:18, 5] smbd/trans2.c:call_trans2qfilepathinfo(3600) SMB_QFBI - create: Tue Sep 22 14:27:05 2009 access: Thu Jan 21 14:27:01 2010 write: Tue Sep 22 14:27:05 2009 change: Tue Sep 22 14:27:05 2009 mode: 10 [2010/01/21 14:27:18, 4] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2010/01/21 14:27:18, 3] smbd/trans2.c:call_trans2findfirst(1704) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2010/01/21 14:27:18, 5] smbd/filename.c:unix_convert(147) unix_convert called on file "*" [2010/01/21 14:27:18, 5] smbd/filename.c:unix_convert(246) unix_convert begin: name = *, dirpath = , start = * [2010/01/21 14:27:18, 5] smbd/filename.c:unix_convert(440) New file * [2010/01/21 14:27:18, 5] smbd/trans2.c:call_trans2findfirst(1769) dir=./, mask = * [2010/01/21 14:27:18, 5] smbd/dir.c:dptr_create(392) dptr_create dir=./ [2010/01/21 14:27:18, 3] smbd/dir.c:dptr_create(515) creating new dirptr 256 for path ./, expect_close = 1 [2010/01/21 14:27:18, 4] smbd/trans2.c:call_trans2findfirst(1837) dptr_num is 256, wcard = *, attr = 22 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./. fname=. [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./.. fname=.. [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.7 fname=1.3.7 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./public_html fname=public_html [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.2 fname=1.3.2 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.8 fname=1.3.8 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.9 fname=1.3.9 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.5 fname=1.3.5 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.1.4 fname=1.1.4 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.0.1 fname=1.0.1 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.6 fname=1.3.6 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.3 fname=1.3.3 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.1 fname=1.3.1 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.4 fname=1.3.4 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.12 fname=1.3.12 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.10 fname=1.3.10 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.14 fname=1.3.14 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.13 fname=1.3.13 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.3.11 fname=1.3.11 [2010/01/21 14:27:18, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./1.1.3 fname=1.1.3 [2010/01/21 14:27:18, 5] smbd/trans2.c:call_trans2findfirst(1890) call_trans2findfirst - (2) closing dptr_num 256 [2010/01/21 14:27:18, 4] smbd/dir.c:dptr_close_internal(238) closing dptr key 256 [2010/01/21 14:27:20, 4] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2010/01/21 14:27:20, 3] smbd/trans2.c:call_trans2qfsinfo(2285) call_trans2qfsinfo: level = 261 switch message SMBtrans2 (pid 3628) conn 0x2b927b6ee6c0 [2010/01/21 14:27:21, 4] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2010/01/21 14:27:21, 3] smbd/trans2.c:call_trans2qfsinfo(2285) call_trans2qfsinfo: level = 261 switch message SMBtrans2 (pid 3628) conn 0x2b927b6ee6c0 [2010/01/21 14:27:21, 4] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2010/01/21 14:27:21, 3] smbd/trans2.c:call_trans2qfilepathinfo(3304) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/01/21 14:27:21, 5] smbd/filename.c:unix_convert(147) unix_convert called on file "New Folder" [2010/01/21 14:27:21, 5] smbd/filename.c:unix_convert(246) unix_convert begin: name = New Folder, dirpath = , start = New Folder [2010/01/21 14:27:21, 5] smbd/filename.c:unix_convert(440) New file New Folder [2010/01/21 14:27:21, 3] smbd/trans2.c:call_trans2qfilepathinfo(3340) call_trans2qfilepathinfo: SMB_VFS_STAT of New Folder failed (No such file or directory) [2010/01/21 14:27:21, 3] smbd/error.c:unix_error_packet(56) unix_error_packet: error string = No such file or directory [2010/01/21 14:27:21, 3] smbd/error.c:error_packet_set(106) error packet at smbd/trans2.c(3341) cmd=50 (SMBtrans2) [2010/01/21 14:27:21, 4] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2010/01/21 14:27:21, 5] smbd/filename.c:unix_convert(147) unix_convert called on file "New Folder" [2010/01/21 14:27:21, 5] smbd/filename.c:unix_convert(246) unix_convert begin: name = New Folder, dirpath = , start = New Folder [2010/01/21 14:27:21, 5] smbd/filename.c:unix_convert(440) New file New Folder [2010/01/21 14:27:21, 5] smbd/open.c:open_directory(2057) open_directory: opening directory New Folder, access_mask = 0x100001, share_access = 0x3 create_options = 0x1, create_disposition = 0x2, file_attributes = 0x80 [2010/01/21 14:27:21, 5] smbd/open.c:mkdir_internal(1952) mkdir_internal: failing create on read-only share cora [2010/01/21 14:27:21, 2] smbd/open.c:open_directory(2092) open_directory: unable to create New Folder. Error was NT_STATUS_ACCESS_DENIED [2010/01/21 14:27:21, 3] smbd/error.c:error_packet_set(106) error packet at smbd/nttrans.c(805) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED I'm sorry for the length of the above but I am not sure what might be relevant to understanding the problem. As I interpret the problem, Samba has determined that the share is read only for my client. The unix file permissions are correct in that I can perform the needed operations while logged on under that account and, further, I can see that, at one point, samba had determined to use the correct account and group IDs. I have tried various combinations of options both within smb.conf and within nsswitch.conf. I have tried changing nsswitch.conf so that winbind is used as an option after the files are tried. I have also replaced the @cora group specification with references to my specific unix and domain user names. Each time that I have made these changes, I have faithfully restarted the samba service. However, at no time have I been able to access this share in any but a read-only fashion. If anyone has some suggestions or troubleshooting tips, I would be most grateful. Regards, Jon Trauntvein From akulov-aa at ya.ru Fri Jan 22 07:24:54 2010 From: akulov-aa at ya.ru (=?koi8-r?B?4cvVzM/XIOHMxcvTxco=?=) Date: Fri, 22 Jan 2010 17:24:54 +0300 Subject: [Samba] Samba (problem with "password server = 192.168.0.20 192.168.0.30" line in smb.conf) Message-ID: <154311264170294@webmail24.yandex.ru> Hello, dear developers! We have the several problems with interaction between our Linux and Windows servers. Description of problem: There are three servers in our network: 1). Red Hat Enterprise Linux 5.2 (64-bit) with shared folders for users of network (192.168.0.10); 2). Windows Server 2003 R2 (primary domain controller of AD) (192.168.0.20); 3). Windows Server 2003 R2 (secondary domain controller of AD) (192.168.0.30); Configuration of /etc/samba/smb.conf-file: -------------------------------------------------------------- [global] workgroup = AAA server string = srv-db netbios name = srv-db hosts allow = 192.168.0. security = server password server = 192.168.0.20 192.168.0.30 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 .... --------------------------------------------------------------- When both of Windows domain controllers work successfully Samba-service on RHEL-server work good. If 192.168.0.30 (second server in configuration-file) is failed - Samba-service work good, but when 192.168.0.20 (first server in configuration-file) is failed then the shared directories on RHEL-server will be unavailable for users. There is information in Samba documentation that a "password server" line may be with several servers names or ips. Couldn't you help us with this problem. Thanks very much. Alex. From jon at campbellsci.com Fri Jan 22 11:35:19 2010 From: jon at campbellsci.com (Jon Trauntvein) Date: Fri, 22 Jan 2010 11:35:19 -0700 Subject: [Samba] write list for share is ignored In-Reply-To: <24FD89BFC868FD4A991EDB69EDBE546257F8AF@nvaex01.nuvista.local> References: <4B59D9A6.1060903@campbellsci.com> <24FD89BFC868FD4A991EDB69EDBE546257F8AF@nvaex01.nuvista.local> Message-ID: <4B59EFE7.6090702@campbellsci.com> Andrew Masterson wrote: > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Jon Trauntvein > Sent: Friday, January 22, 2010 10:00 AM > To: samba at lists.samba.org > Subject: [Samba] write list for share is ignored > > I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The > old server had samba version 3.0.11 installed while the newer has samba > version 3.0.33 installed. The following file is a simplified version of > my smb.conf file: > > [global] > debug level = 5 > security = domain > workgroup = CSI-INTRANET > auth methods = guest, sam, winbind > server string = Software Engineering Workgroup Server > load printers = yes > guest account = nobody > log file = /var/log/samba/log.%m > max log size = 1024 > encrypt passwords = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = no > map to guest = bad user > > winbind separator = \\ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > > > [cora] > available = yes > browseable = yes > path = /home/group/cora > public = yes > guest ok = yes > read only = yes > write list = @cora > force create mode = 0775 > > --------------------------- > > Why do you have this set? > > read only = yes > > http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html > > "If this parameter is yes, then users of a service may not create or > modify files in the service's directory." > > The share needs to be read-only for all but authorised users. My understanding of the "write list" setting is that it accomplishes exactly that: "This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the @group syntax. " I have, by the way, attempted to remove and/or change the value of the read only setting and this has had no effect. __________ Information from ESET NOD32 Antivirus, version of virus signature database 4797 (20100122) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com From Andrew.Masterson at nuvistaenergy.com Fri Jan 22 11:31:33 2010 From: Andrew.Masterson at nuvistaenergy.com (Andrew Masterson) Date: Fri, 22 Jan 2010 11:31:33 -0700 Subject: [Samba] write list for share is ignored In-Reply-To: <4B59D9A6.1060903@campbellsci.com> References: <4B59D9A6.1060903@campbellsci.com> Message-ID: <24FD89BFC868FD4A991EDB69EDBE546257F8AF@nvaex01.nuvista.local> -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Jon Trauntvein Sent: Friday, January 22, 2010 10:00 AM To: samba at lists.samba.org Subject: [Samba] write list for share is ignored I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The old server had samba version 3.0.11 installed while the newer has samba version 3.0.33 installed. The following file is a simplified version of my smb.conf file: [global] debug level = 5 security = domain workgroup = CSI-INTRANET auth methods = guest, sam, winbind server string = Software Engineering Workgroup Server load printers = yes guest account = nobody log file = /var/log/samba/log.%m max log size = 1024 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no map to guest = bad user winbind separator = \\ idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes [cora] available = yes browseable = yes path = /home/group/cora public = yes guest ok = yes read only = yes write list = @cora force create mode = 0775 --------------------------- Why do you have this set? read only = yes http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html "If this parameter is yes, then users of a service may not create or modify files in the service's directory." -=Andrew From Dave.Wagg at financialinx.com Fri Jan 22 12:02:08 2010 From: Dave.Wagg at financialinx.com (Wagg, Dave) Date: Fri, 22 Jan 2010 14:02:08 -0500 Subject: [Samba] Samba 2.2.7 In-Reply-To: Message-ID: Hi Volker, My initial test with my own id worked great!! Thank you so much for this fix. Hope you have a great weekend! Dave -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Sent: Friday, January 22, 2010 10:58 AM To: Wagg, Dave Cc: samba at lists.samba.org Subject: Re: [Samba] Samba 2.2.7 On Fri, Jan 22, 2010 at 10:54:05AM -0500, Wagg, Dave wrote: > Hi Volker, > > Thanks for the info!! > > Do I have to stop and start Samba for this change to take effect? I > made the change thru SWAT and committed the change. Yes, a restart is required, and you have to provide passwords for all the users. Please make sure that you do understand the difference between SHARE and USER security, this is a significant change. Volker From edmariano at cca.ufscar.br Fri Jan 22 12:17:41 2010 From: edmariano at cca.ufscar.br (Eduardo D. Mariano) Date: Fri, 22 Jan 2010 17:17:41 -0200 Subject: [Samba] SigmaPlot and Windows Vista In-Reply-To: <5bd535a91001221111yeea9a20v1b324225d3bee9a0@mail.gmail.com> References: <5bd535a91001221111yeea9a20v1b324225d3bee9a0@mail.gmail.com> Message-ID: <5bd535a91001221117m6d18fb2dha5ab3c2f79707649@mail.gmail.com> Dear Colleagues, I've tried to run my SigmaPlot 6.0 in a computer with Windows Vista but have got the message Cannot open or create 'C:\PROGRAM FILES\SPW6\LOCKFILE.SYS' every time I try to start the software. Does anybody know what I should do to overcome this problem? Thank you all in advance. Best regards, Eduardo From dale at BriannasSaladDressing.com Fri Jan 22 12:22:08 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Fri, 22 Jan 2010 13:22:08 -0600 Subject: [Samba] write list for share is ignored In-Reply-To: <4B59D9A6.1060903@campbellsci.com> References: <4B59D9A6.1060903@campbellsci.com> Message-ID: <4B59FAE0.8080601@BriannasSaladDressing.com> On 01/22/2010 11:00 AM, Jon Trauntvein wrote: > I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The > old server had samba version 3.0.11 installed while the newer has samba > version 3.0.33 installed. The following file is a simplified version of > my smb.conf file: > > [global] > debug level = 5 > security = domain > workgroup = CSI-INTRANET > auth methods = guest, sam, winbind > server string = Software Engineering Workgroup Server > load printers = yes > guest account = nobody > log file = /var/log/samba/log.%m > max log size = 1024 > encrypt passwords = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = no > map to guest = bad user > > winbind separator = \\ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > > > [cora] > available = yes > browseable = yes > path = /home/group/cora > public = yes > guest ok = yes > read only = yes > write list = @cora > force create mode = 0775 Assuming "cora" is a domain group and using your separator "\\", try write list = @CSI-INTRANET\\cora Somewhere around 3.0.23 or so, winbind started requiring the domain name be prefixed to domain users and groups Dale > > As can be seen here, I am using domain based security. With this > configuration, my windows XP based machine can connect to the share and > can access the files and directories on that share. However, any > attempt to add a file or directory gets rebuffed with an access denied. > The following is the log from my windows machine's attempt to create a > new directory: > > I'm sorry for the length of the above but I am not sure what might be > relevant to understanding the problem. As I interpret the problem, > Samba has determined that the share is read only for my client. The > unix file permissions are correct in that I can perform the needed > operations while logged on under that account and, further, I can see > that, at one point, samba had determined to use the correct account and > group IDs. > > I have tried various combinations of options both within smb.conf and > within > nsswitch.conf. I have tried changing nsswitch.conf so that winbind is > used as > an option after the files are tried. I have also replaced the @cora > group > specification with references to my specific unix and domain user > names. Each > time that I have made these changes, I have faithfully restarted the > samba service. > However, at no time have I been able to access this share in any but a > read-only > fashion. If anyone has some suggestions or troubleshooting tips, I > would be most > grateful. > > Regards, > > Jon Trauntvein From theands at gmail.com Fri Jan 22 12:29:54 2010 From: theands at gmail.com (Andy) Date: Sat, 23 Jan 2010 06:29:54 +1100 Subject: [Samba] Cannot join domain In-Reply-To: <9fed31651001211456j2b6c3d00scffcd7c07b3eb4df@mail.gmail.com> References: <9fed31651001211456j2b6c3d00scffcd7c07b3eb4df@mail.gmail.com> Message-ID: <52796b1e1001221129lbe29990v3fc4275b7093ad2f@mail.gmail.com> What message do you get when attempting to connect to the domain? On Fri, Jan 22, 2010 at 9:56 AM, Claudia Rodriguez Brasicott wrote: > Hello, I just configured a computer on my local network to work as a PDC > with Samba, although I'm not able to join the Domain from the windows > computer I want to add. I though it was that the server was unreachable, but > I can ping the server from the computer and viceversa. If someone please can > help me, I'll appreciate it. > > The smb.conf file is here: > > ------------------- > [global] > ? workgroup = LGD > ? netbios name = LGD-SERVER > ? server string = %h server (Samba, Ubuntu) > > ? passdb backend = tdbsam > ? security = user > ? username map = /etc/samba/smbusers > ? name resolve order = wins bcast hosts > ? domain logons = yes > ? prefered master = yes > ? wins support = yes > > ? # Set CUPS for printing > ? printcap name = CUPS > ? printing = CUPS > > ? # Default logon > ? logon drive = H: > ? # logon script = scripts/logon.bat > ? logon path = \\%N\profile\%U > > ? # Useradd scripts > ? add user script = /usr/sbin/useradd -m %u > ? delete user script = /usr/sbin/userdel -r %u > ? add group script = /usr/sbin/groupadd %g > ? delete group script = /usr/sbin/groupdel %g > ? add user to group script = /usr/sbin/usermod -G %g %u > ? add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody > %u > ? idmap uid = 15000-20000 > ? idmap gid = 15000-20000 > > > ? # sync smb passwords woth linux passwords > ? passwd program = /usr/bin/passwd %u > ? passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > ? passwd chat debug = yes > ? unix password sync = yes > > ? # set the loglevel > ? log level = 3 > > > [homes] > ? comment = Home > ? valid users = %S > ? read only = no > ? browsable = no > > > [printers] > ? comment = All Printers > ? path = /var/spool/samba > ? printable = yes > ? guest ok = yes > ? browsable = no > > > [netlogon] > ? comment = Network Logon Service > ? path = /home/samba/netlogon > ? admin users = Administrator > ? valid users = %U > ? read only = no > > > [profile] > ? comment = User profiles > ? path = /home/samba/profiles > ? valid users = %U > ? create mode = 0600 > ? directory mode = 0700 > ? writable = yes > ? browsable = no > ------------------------- > -- > To unsubscribe from this list go to the following URL and read the > instructions: ?https://lists.samba.org/mailman/options/samba > From dale at BriannasSaladDressing.com Fri Jan 22 12:32:22 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Fri, 22 Jan 2010 13:32:22 -0600 Subject: [Samba] Samba Permissions Problem In-Reply-To: <4B58C250.6060305@steinmetznet.com> References: <4B58C250.6060305@steinmetznet.com> Message-ID: <4B59FD46.7090803@BriannasSaladDressing.com> On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: > I need help understanding what is happening and trouble shooting. > > I have two servers running Samba 2.3.3, one as a Domain Controller one > as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and > winbindd using the tdb back end are running on both. > > I have two shares on the member server and as far as I can tell they > are identical. [Projects] works as expected but [Windows] always asks > for a login name even though the smb.conf entries for both are are the > same. If I comment out the "force group" in [Windows] users can access > the share but there are errors writing and creating files. If I create > a new share it acts as the [Windows] share. > > Here are the share definitions and a list of the files in the directory; > > [Projects] > Comment = Project Files > path = /files/Lucretia/Projects > writeable = yes > browseable = yes > create mask = 0764 > directory mask = 0775 > force group = "ATLANTA\domain users" > > [Windows] > comment = Atlanta Windows Files > path = /files/Lucretia/Windows > browseable = yes > writeable = yes > create mask = 0764 > directory mask = 0775 > force group = "ATLANTA\domain users" > > > root at louise:/files/Lucretia# ls -l > total 66 > drwxrwsr-x 2 root 10001 48 2008-07-17 03:17 Arris > -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list > drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office > drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig > drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects > drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma > drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old > drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows > > Testparm shows no problems although it does rearrange the share > definitions somewhat. > > The problem must be in windows permissions but I don't know how to > check them, especially since I have only ssh access because the site > is remote. I have to rely on local users for testing. > > How can I get a list of ATLANTA\domain admin group users? > > How can I change the permissions? Any possibility of acl's, especially default acl's? getfacl /files/Lucretia/Projects getfacl /files/Lucretia/Windows From jon at campbellsci.com Fri Jan 22 12:36:03 2010 From: jon at campbellsci.com (Jon Trauntvein) Date: Fri, 22 Jan 2010 12:36:03 -0700 Subject: [Samba] write list for share is ignored In-Reply-To: <4B59FAE0.8080601@BriannasSaladDressing.com> References: <4B59D9A6.1060903@campbellsci.com> <4B59FAE0.8080601@BriannasSaladDressing.com> Message-ID: <4B59FE23.20707@campbellsci.com> Dale Schroeder wrote: > On 01/22/2010 11:00 AM, Jon Trauntvein wrote: >> I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The >> old server had samba version 3.0.11 installed while the newer has samba >> version 3.0.33 installed. The following file is a simplified version of >> my smb.conf file: >> >> [global] >> debug level = 5 >> security = domain >> workgroup = CSI-INTRANET >> auth methods = guest, sam, winbind >> server string = Software Engineering Workgroup Server >> load printers = yes >> guest account = nobody >> log file = /var/log/samba/log.%m >> max log size = 1024 >> encrypt passwords = yes >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> dns proxy = no >> map to guest = bad user >> >> winbind separator = \\ >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> winbind enum users = yes >> winbind enum groups = yes >> >> >> [cora] >> available = yes >> browseable = yes >> path = /home/group/cora >> public = yes >> guest ok = yes >> read only = yes >> write list = @cora >> force create mode = 0775 > Assuming "cora" is a domain group and using your separator "\\", try > write list = @CSI-INTRANET\\cora > > Somewhere around 3.0.23 or so, winbind started requiring the domain > name be prefixed to domain users and groups > "cora" is actually a unix group. My preferred relationship with the domain controller is that it take care of account authentication and that everything else be local. In order to accomplish this, I create unix accounts on the machine whose names match those of the domain logins. Apparently, version 3.0.11 no longer supports this. Further, if I change the "write list" to match the specific domain account (CSI-INTRANET\\jon) that I am using for tests, the share is still reported as read-only. __________ Information from ESET NOD32 Antivirus, version of virus signature database 4797 (20100122) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com From claudiacrb at gmail.com Fri Jan 22 13:10:36 2010 From: claudiacrb at gmail.com (Claudia Rodriguez Brasicott) Date: Fri, 22 Jan 2010 15:40:36 -0430 Subject: [Samba] Cannot join domain In-Reply-To: <52796b1e1001221129lbe29990v3fc4275b7093ad2f@mail.gmail.com> References: <9fed31651001211456j2b6c3d00scffcd7c07b3eb4df@mail.gmail.com> <52796b1e1001221129lbe29990v3fc4275b7093ad2f@mail.gmail.com> Message-ID: <9fed31651001221210o70ed342pf63e18512c637713@mail.gmail.com> I got the following error message: ------------- The domain name LGD-SERVER might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. If you are certain that the name is not a NetBIOS domain name, then the following information can you troubleshoot your DNS configuration. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain US3: The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.LGD-SERVER ------------- I though the server was unreachable, or there was a problem with the server name, but when I do "ping LGD-SERVER" from the client, I receive answer. On Fri, Jan 22, 2010 at 2:59 PM, Andy wrote: > What message do you get when attempting to connect to the domain? > > > > On Fri, Jan 22, 2010 at 9:56 AM, Claudia Rodriguez Brasicott > wrote: > > Hello, I just configured a computer on my local network to work as a PDC > > with Samba, although I'm not able to join the Domain from the windows > > computer I want to add. I though it was that the server was unreachable, > but > > I can ping the server from the computer and viceversa. If someone please > can > > help me, I'll appreciate it. > > > > The smb.conf file is here: > > > > ------------------- > > [global] > > workgroup = LGD > > netbios name = LGD-SERVER > > server string = %h server (Samba, Ubuntu) > > > > passdb backend = tdbsam > > security = user > > username map = /etc/samba/smbusers > > name resolve order = wins bcast hosts > > domain logons = yes > > prefered master = yes > > wins support = yes > > > > # Set CUPS for printing > > printcap name = CUPS > > printing = CUPS > > > > # Default logon > > logon drive = H: > > # logon script = scripts/logon.bat > > logon path = \\%N\profile\%U > > > > # Useradd scripts > > add user script = /usr/sbin/useradd -m %u > > delete user script = /usr/sbin/userdel -r %u > > add group script = /usr/sbin/groupadd %g > > delete group script = /usr/sbin/groupdel %g > > add user to group script = /usr/sbin/usermod -G %g %u > > add machine script = /usr/sbin/useradd -s /bin/false/ -d > /var/lib/nobody > > %u > > idmap uid = 15000-20000 > > idmap gid = 15000-20000 > > > > > > # sync smb passwords woth linux passwords > > passwd program = /usr/bin/passwd %u > > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > > *Retype\snew\sUNIX\spassword:* %n\n . > > passwd chat debug = yes > > unix password sync = yes > > > > # set the loglevel > > log level = 3 > > > > > > [homes] > > comment = Home > > valid users = %S > > read only = no > > browsable = no > > > > > > [printers] > > comment = All Printers > > path = /var/spool/samba > > printable = yes > > guest ok = yes > > browsable = no > > > > > > [netlogon] > > comment = Network Logon Service > > path = /home/samba/netlogon > > admin users = Administrator > > valid users = %U > > read only = no > > > > > > [profile] > > comment = User profiles > > path = /home/samba/profiles > > valid users = %U > > create mode = 0600 > > directory mode = 0700 > > writable = yes > > browsable = no > > ------------------------- > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > From gpowers01junk at gmail.com Fri Jan 22 13:18:27 2010 From: gpowers01junk at gmail.com (g p) Date: Fri, 22 Jan 2010 14:18:27 -0600 Subject: [Samba] force all connections that come from a windows group to be a specific user and problems with net groupmap add Message-ID: <9b43daf1001221218q5560ab7bl8274f13712e986ea@mail.gmail.com> Does anyone know of a simple (share) mechanism that doesn't require setting up a complex ldap, winbind, pdc, etc samba configuration that will allow users connecting to a samba share to always be forced to be a specific unix UID? The idea is to have the linux data owned by a particular linux user, and be able to control write access to that data by adding any arbitrary windows user to a specified windows user group. The reason why ldap, winbind, etc is not a desirable config is that this could be deployed at sites that have stand alone workgroups with a single user to very complex ads or ldap configurations with many thousands of users, and we would like to have a simplistic one size fits all access control method. Note that this doesn't have to conform to ideal security protocols, or what a zealot would consider ideal configurations or IT practices - functional simplicity is preferred. Also - on another related, but separate note, I cannot seem to get the net groupmap add command to work correctly. I have a stand alone samba server, and a windows box that I have local admin permissions to - I add a new windows group and new unix group on the unix side - run the command net group add ntgroup="" unixgroup="", but when I try to actually write to the share with a windows user that is in the supposedly mapped group, I only receive a permission denied error. a net groupmap list shows that the mapping did take, but again, it doesn't appear to actually function as I would have expected. Any hep would be great on either or both of these questions. From theands at gmail.com Fri Jan 22 13:25:52 2010 From: theands at gmail.com (Andy) Date: Sat, 23 Jan 2010 07:25:52 +1100 Subject: [Samba] Cannot join domain In-Reply-To: <9fed31651001221210o70ed342pf63e18512c637713@mail.gmail.com> References: <9fed31651001211456j2b6c3d00scffcd7c07b3eb4df@mail.gmail.com> <52796b1e1001221129lbe29990v3fc4275b7093ad2f@mail.gmail.com> <9fed31651001221210o70ed342pf63e18512c637713@mail.gmail.com> Message-ID: <52796b1e1001221225g24a39806sd0578ae357ad1e3a@mail.gmail.com> Try LGD :D On Sat, Jan 23, 2010 at 7:10 AM, Claudia Rodriguez Brasicott wrote: > I got the following error message: > > ------------- > The domain name LGD-SERVER might be a NetBIOS domain name. If this is the > case, verify that the domain name is properly registered with WINS. > > If you are certain that the name is not a NetBIOS domain name, then > the following information can you troubleshoot your DNS > configuration. > > The following error occurred when DNS was queried for the service > location (SRV) resource record used to locate an Active Directory > Domain Controller for domain US3: > > The error was: "DNS name does not exist." > (error code 0x0000232B RCODE_NAME_ERROR) > > The query was for the SRV record for _ldap._tcp.dc._msdcs.LGD-SERVER > ------------- > > I though the server was unreachable, or there was a problem with the server > name, but when I do "ping LGD-SERVER" from the client, I receive answer. > > > > On Fri, Jan 22, 2010 at 2:59 PM, Andy wrote: >> >> What message do you get when attempting to connect to the domain? >> >> >> >> On Fri, Jan 22, 2010 at 9:56 AM, Claudia Rodriguez Brasicott >> wrote: >> > Hello, I just configured a computer on my local network to work as a PDC >> > with Samba, although I'm not able to join the Domain from the windows >> > computer I want to add. I though it was that the server was unreachable, >> > but >> > I can ping the server from the computer and viceversa. If someone please >> > can >> > help me, I'll appreciate it. >> > >> > The smb.conf file is here: >> > >> > ------------------- >> > [global] >> > ? workgroup = LGD >> > ? netbios name = LGD-SERVER >> > ? server string = %h server (Samba, Ubuntu) >> > >> > ? passdb backend = tdbsam >> > ? security = user >> > ? username map = /etc/samba/smbusers >> > ? name resolve order = wins bcast hosts >> > ? domain logons = yes >> > ? prefered master = yes >> > ? wins support = yes >> > >> > ? # Set CUPS for printing >> > ? printcap name = CUPS >> > ? printing = CUPS >> > >> > ? # Default logon >> > ? logon drive = H: >> > ? # logon script = scripts/logon.bat >> > ? logon path = \\%N\profile\%U >> > >> > ? # Useradd scripts >> > ? add user script = /usr/sbin/useradd -m %u >> > ? delete user script = /usr/sbin/userdel -r %u >> > ? add group script = /usr/sbin/groupadd %g >> > ? delete group script = /usr/sbin/groupdel %g >> > ? add user to group script = /usr/sbin/usermod -G %g %u >> > ? add machine script = /usr/sbin/useradd -s /bin/false/ -d >> > /var/lib/nobody >> > %u >> > ? idmap uid = 15000-20000 >> > ? idmap gid = 15000-20000 >> > >> > >> > ? # sync smb passwords woth linux passwords >> > ? passwd program = /usr/bin/passwd %u >> > ? passwd chat = *Enter\snew\sUNIX\spassword:* %n\n >> > *Retype\snew\sUNIX\spassword:* %n\n . >> > ? passwd chat debug = yes >> > ? unix password sync = yes >> > >> > ? # set the loglevel >> > ? log level = 3 >> > >> > >> > [homes] >> > ? comment = Home >> > ? valid users = %S >> > ? read only = no >> > ? browsable = no >> > >> > >> > [printers] >> > ? comment = All Printers >> > ? path = /var/spool/samba >> > ? printable = yes >> > ? guest ok = yes >> > ? browsable = no >> > >> > >> > [netlogon] >> > ? comment = Network Logon Service >> > ? path = /home/samba/netlogon >> > ? admin users = Administrator >> > ? valid users = %U >> > ? read only = no >> > >> > >> > [profile] >> > ? comment = User profiles >> > ? path = /home/samba/profiles >> > ? valid users = %U >> > ? create mode = 0600 >> > ? directory mode = 0700 >> > ? writable = yes >> > ? browsable = no >> > ------------------------- >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: ?https://lists.samba.org/mailman/options/samba >> > > > -- REGARDS, Andy Z From rob at steinmetznet.com Fri Jan 22 13:49:28 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Fri, 22 Jan 2010 14:49:28 -0600 Subject: [Samba] wbinfo, net, getent and groups Message-ID: <4B5A0F58.8050607@steinmetznet.com> I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I am don't understand the results. As far as I can tell I have everything configured as it should be. The basic globals for the DC [global] workgroup = ATLANTA time server = Yes hostname lookups = Yes domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = Yes winbind enum groups = Yes hide dot files = No The glbals for the Member Server [global] workgroup = ATLANTA security = DOMAIN password server = 192.168.1.24 name resolve order = wins bcast hosts wins proxy = Yes wins server = 192.168.1.24 idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes hosts allow = 192.168.1.0/255.255.255.0 getent does not return the names on any domain groups or users. wbinfo does return the names on domains groups and users. BUILTIN\administrators BUILTIN\users ATLANTA\domain users ATLANTA\domain guests ATLANTA\domain admins net groupmap list on the DC shows mapping to groups Backup Operators (S-1-5-32-551) -> backup Power Users (S-1-5-32-547) -> atlanta Replicators (S-1-5-32-552) -> staff Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) -> samba Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) -> nogroup Administrators (S-1-5-32-544) -> staff Account Operators (S-1-5-32-548) -> account Users (S-1-5-32-545) -> samba Print Operators (S-1-5-32-550) -> print Guests (S-1-5-32-546) -> nogroup System Operators (S-1-5-32-549) -> operator Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) -> staff net groupmap list on the Member Server shows only the builtin in groups Administrators (S-1-5-32-544) -> BUILTIN\administrators Users (S-1-5-32-545) -> BUILTIN\users -- Robert Steinmetz, AIA Principal Steinmetz & Associates From edmariano at gmail.com Fri Jan 22 12:11:44 2010 From: edmariano at gmail.com (Eduardo D. Mariano) Date: Fri, 22 Jan 2010 17:11:44 -0200 Subject: [Samba] SigmaPlot and Windows Vista Message-ID: <5bd535a91001221111yeea9a20v1b324225d3bee9a0@mail.gmail.com> Dear Colleagues, I've tried to run my SigmaPlot 6.0 in a computer with Windows Vista but have got the message Cannot open or create 'C:\PROGRAM FILES\SPW6\LOCKFILE.SYS' every time I try to start the software. Does anybody know what I should do to overcome this problem? Thank you all in advance. Best regards, Eduardo From christoph.beyer at desy.de Fri Jan 22 13:29:56 2010 From: christoph.beyer at desy.de (christoph.beyer at desy.de) Date: Fri, 22 Jan 2010 21:29:56 +0100 (CET) Subject: [Samba] 3.4.5 compile problem on solaris 10 Message-ID: hi, I found some older posts with this issues but no solution for me :( Seems to be a krb related issue: Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function 'get_krb5_smb_session_key': libsmb/clikrb5.c:886: warning: 'krb5_auth_con_getremotesubkey' is deprecated (declared at /global/spool/krb5-1.7/include/krb5/krb5.h:2167) libsmb/clikrb5.c:888: warning: 'krb5_auth_con_getlocalsubkey' is deprecated (declared at /global/spool/krb5-1.7/include/krb5/krb5.h:2162) libsmb/clikrb5.c:1623:2: error: #error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION The following command failed: /opt/gcc/bin/gcc -I/global/spool/krb5-1.7/include -Wl,-R/global/spool/openssl-0.9.8l/lib -Wl,-R/global/spool/krb5-1.7/lib -Wl,-R/opt/csw/lib -I. -I/global/spool/src/samba/samba-3.4.5/source3 -I/global/spool/src/samba/samba-3.4.5/source3/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/talloc -I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. -DHAVE_CONFIG_H -I/global/spool/krb5-1.7/include -I/global/spool/openssl-0.9.8l/include -I/global/spool/krb5-1.7/include -I/opt/csw/include -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED -DSUNOS5 -I/global/spool/src/samba/samba-3.4.5/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -c libsmb/clikrb5.c -o libsmb/clikrb5.o gmake: *** [libsmb/clikrb5.o] Error 1 I use a build script it looks like this: PATH=/usr/bin:/usr/local/bin:/usr/sfw/bin:/opt/sfw/bin:/usr/ccs/bin:/global/spool/openssl-0.9.8l/bin:/global/spool/krb5-1.7/bin export PATH HOSTNAME=`/usr/bin/hostname` DIRPATH="/global/spool/openssl-0.9.8l /global/spool/krb5-1.7 /opt/csw" for dir in $DIRPATH ; do CPPFLAGS="$CPPFLAGS -I$dir/include" CFLAGS="$CFLAGS -Wl,-R$dir/lib" LDFLAGS="$LDFLAGS -L$dir/lib" done LDFLAGS="$LDFLAGS -L$dir/lib -Wl,-R/global/spool/$HOSTNAME/samba-3.4.1/lib" export CPPFLAGS CFLAGS LDFLAGS CC echo "CPPFLAGS=$CPPFLAGS" echo "CFLAGS=$CFLAGS" echo "LDFLAGS=$LDFLAGS" echo "CC=$CC" ## configure && build #./autogen.sh ./configure --prefix=/global/spool/$HOSTNAME/samba-3.4.5 \ --with-ads \ --with-ldap \ --with-krb5=/global/spool/krb5-1.7 if [ $? -ne 0 ]; then echo "configure failed. Exiting...." exit 1 fi make showlayout make Any hints are very much appreciate, if possible also via e-mail to my address as I am not currently on the list THANKS ~christoph -- /* Christoph Beyer | Office: Building 2b / 23 *\ * DESY | Phone: 040-8998-2317 * * - IT - | Fax: 040-8998-4060 * \* 22603 Hamburg | http://www.desy.de */ From rob at steinmetznet.com Fri Jan 22 14:25:28 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Fri, 22 Jan 2010 15:25:28 -0600 Subject: [Samba] Samba Permissions Problem In-Reply-To: <4B59FD46.7090803@BriannasSaladDressing.com> References: <4B58C250.6060305@steinmetznet.com> <4B59FD46.7090803@BriannasSaladDressing.com> Message-ID: <4B5A17C8.4010600@steinmetznet.com> Dale Schroeder wrote: > On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: >> I need help understanding what is happening and trouble shooting. >> >> I have two servers running Samba 2.3.3, one as a Domain Controller >> one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and >> winbindd using the tdb back end are running on both. >> >> I have two shares on the member server and as far as I can tell they >> are identical. [Projects] works as expected but [Windows] always asks >> for a login name even though the smb.conf entries for both are are >> the same. If I comment out the "force group" in [Windows] users can >> access the share but there are errors writing and creating files. If >> I create a new share it acts as the [Windows] share. >> >> Here are the share definitions and a list of the files in the directory; >> >> [Projects] >> Comment = Project Files >> path = /files/Lucretia/Projects >> writeable = yes >> browseable = yes >> create mask = 0764 >> directory mask = 0775 >> force group = "ATLANTA\domain users" >> >> [Windows] >> comment = Atlanta Windows Files >> path = /files/Lucretia/Windows >> browseable = yes >> writeable = yes >> create mask = 0764 >> directory mask = 0775 >> force group = "ATLANTA\domain users" >> >> >> root at louise:/files/Lucretia# ls -l >> total 66 >> drwxrwsr-x 2 root 10001 48 2008-07-17 03:17 Arris >> -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list >> drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office >> drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig >> drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects >> drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma >> drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old >> drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows >> >> Testparm shows no problems although it does rearrange the share >> definitions somewhat. >> >> The problem must be in windows permissions but I don't know how to >> check them, especially since I have only ssh access because the site >> is remote. I have to rely on local users for testing. >> >> How can I get a list of ATLANTA\domain admin group users? >> >> How can I change the permissions? > > Any possibility of acl's, especially default acl's? > > getfacl /files/Lucretia/Projects > getfacl /files/Lucretia/Windows > Looks like not; root at louise:/etc/samba# getfacl /files/Lucretia/Projects getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Projects # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::r-x root at louise:/etc/samba# getfacl /files/Lucretia/Windows getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Windows # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::rwx -- Robert Steinmetz, AIA Principal Steinmetz & Associates From jlforrest at berkeley.edu Fri Jan 22 17:49:33 2010 From: jlforrest at berkeley.edu (Jon Forrest) Date: Fri, 22 Jan 2010 16:49:33 -0800 Subject: [Samba] Samba Serving NFS Mounted Directories Message-ID: I have a Sun 7310 storage server. This is running Solaris 10 but it's self-contained and I can't login to it or run Samba on it. I manage it with a web interface. I have a CentOS 5.3 machine that mounts a bunch of file systems via NFS from the Sun server. This works fine. I installed Samba 3.4.5 on the CentOS machine and configured it to share some of the directories that are actually NFS mounts from the Sun server. I'm able to map these directories from both Windows XP and Windows 7. I'm seeing several problems: 1) Accessing the mapped directories from Windows when running Microsoft Office apps is extremely slow. I don't have any exact numbers but let's say the speed is unusable. Ironically, other programs, such as 'vim' and 'notepad' don't have this speed problem when accessing the same shares. 2) Again, using Microsoft Office apps, Windows XP machines see files as read-only. Windows 7 works fine on the same files. The Sun has a non-Samba CIFS implementation but it's non-intuitive to set up so I haven't tried it. I'm wondering if what I describe should work. Here's the smb.conf configuration for the share: [bgroup] valid users = bgroup path = /home/bgroup public = no writeable = yes browseable = no create mask = 012 create mode = 0660 directory mode = 0770 Any comments or suggestions? Cordially, -- Jon Forrest Research Computing Support College of Chemistry 173 Tan Hall University of California Berkeley Berkeley, CA 94720-1460 510-643-1032 jlforrest at berkeley.edu From rvandolson at esri.com Fri Jan 22 18:00:36 2010 From: rvandolson at esri.com (Ray Van Dolson) Date: Fri, 22 Jan 2010 17:00:36 -0800 Subject: [Samba] Samba Serving NFS Mounted Directories In-Reply-To: References: Message-ID: <20100123010036.GA1859@esri.com> On Fri, Jan 22, 2010 at 04:49:33PM -0800, Jon Forrest wrote: > I have a Sun 7310 storage server. This is > running Solaris 10 but it's self-contained > and I can't login to it or run Samba on it. > I manage it with a web interface. > > I have a CentOS 5.3 machine that mounts > a bunch of file systems via NFS from the > Sun server. This works fine. I installed > Samba 3.4.5 on the CentOS machine and > configured it to share some of the directories > that are actually NFS mounts from the Sun > server. I'm able to map these directories > from both Windows XP and Windows 7. > > I'm seeing several problems: > > 1) Accessing the mapped directories from > Windows when running Microsoft Office apps is > extremely slow. I don't have any exact numbers > but let's say the speed is unusable. Ironically, > other programs, such as 'vim' and 'notepad' > don't have this speed problem when accessing > the same shares. > > 2) Again, using Microsoft Office apps, Windows XP > machines see files as read-only. Windows 7 works > fine on the same files. > > The Sun has a non-Samba CIFS implementation > but it's non-intuitive to set up so I haven't > tried it. I'm wondering if what I describe > should work. > > Here's the smb.conf configuration for the share: > > [bgroup] > > valid users = bgroup > path = /home/bgroup > public = no > writeable = yes > browseable = no > create mask = 012 > create mode = 0660 > directory mode = 0770 > > Any comments or suggestions? > > Cordially, First of all, you really don't want to re-export NFS mounts via Samba. Secondly, if you absolutely must do it, I recommend the following settings: [global] # your other options here... oplocks = No level2 oplocks = No On certain shares, you may want to set: posix locking = No Ray From samba at tlinx.org Sat Jan 23 01:48:20 2010 From: samba at tlinx.org (Linda Walsh) Date: Sat, 23 Jan 2010 00:48:20 -0800 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <9210629800.20100122030444@online.ru> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> Message-ID: <4B5AB7D4.80309@tlinx.org> Igor wrote: > I don't find it strange at all. Your computer is acting as a traffic > proxy between two samba servers. If you have 100Mb network interface > your bandwidth should split exactly in two. ---- But he said he doesn't get a split in two when a win2k server is used (he gets 11Mbps). I.e. Two network streams in two different directions should NOT halve throughput, _unless_ something is operating in half-duplex mode. "100Mbps, full duplex" should, _easily_, allow two 8 MBps streams if they are going in opposite directions. Stan wrote: > Interestingly, if I launch a file copy with the SH> source file being > on one smb share on the server, and the destination being SH> another > smb share (separate filesystem) on the server, the combined throughput > SH> is also 8MB/s, 4 up and 4 down, which is very strange as this > should be two SH> distinct streams. --- I agree. Is it possible your network device isn't running in FULL duplex? Other things to check (to optimize speed compared to ftp): 1) Ensure your communications are using TCP (port 445) and not UDP (port 139). 2) Ensure encryption (Sealing) is off. 3) Ensure packet Signing is off. The overhead of 2 & 3 contribute to around a 15% performance hit according to 1 MS source. (Obviously turning such things off presumes you are on a 'safe' network consistent with FTP usage, vs. SCP/SSH). You need to make sure that, at least, one side has each of Sign and Seal turned off and the other side has it set to 'no' or 'auto'. If one side has 'require' set for the feature, and the other has the same feature turned off, it will prohibit communications. Linda (who's been bummed by the huge drop in networking and disk performance in windows 7). From learner.study at gmail.com Sat Jan 23 02:31:24 2010 From: learner.study at gmail.com (Learner Study) Date: Sat, 23 Jan 2010 01:31:24 -0800 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5AB7D4.80309@tlinx.org> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> Message-ID: <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> Hi Linda: Looking at some internet resources, it appears that both encryption and packet signing are off by default. Can u pls let me know how to disable these on samba server side (on 3.0.x) Thanks. On Sat, Jan 23, 2010 at 12:48 AM, Linda Walsh wrote: > Igor wrote: >> >> I don't find it strange at all. Your computer is acting as a traffic >> proxy between two samba servers. If you have 100Mb network interface >> your bandwidth should split exactly in two. > > ---- But he said he doesn't get a split in two when a win2k server > is used (he gets 11Mbps). I.e. Two network streams in two different > directions should NOT halve throughput, _unless_ something is operating > in half-duplex mode. "100Mbps, full duplex" should, _easily_, > allow two 8 MBps streams if they are going in opposite directions. > > Stan wrote: >> >> Interestingly, if I launch a file copy with the SH> source file being >> on one smb share on the server, and the destination being SH> another >> smb share (separate filesystem) on the server, the combined throughput >> SH> is also 8MB/s, 4 up and 4 down, which is very strange as this >> should be two SH> distinct streams. > > --- > I agree. Is it possible your network device isn't running in FULL > duplex? > Other things to check (to optimize speed compared to ftp): > > 1) Ensure your communications are using TCP (port 445) and not > UDP (port 139). > > 2) Ensure encryption (Sealing) is off. > 3) Ensure packet Signing is off. > The overhead of 2 & 3 contribute to around a 15% performance hit according > to 1 MS source. (Obviously turning such things off presumes you are on > a 'safe' network consistent with FTP usage, vs. SCP/SSH). > > You need to make sure that, at least, one side has each of Sign and > Seal turned off and the other side has it set to 'no' or 'auto'. > If one side has 'require' set for the feature, and the other has the same > feature turned off, it will prohibit communications. > > Linda > (who's been bummed by the huge drop in networking and disk performance > in windows 7). > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > From Volker.Lendecke at SerNet.DE Sat Jan 23 01:48:59 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Sat, 23 Jan 2010 09:48:59 +0100 Subject: [Samba] Samba Serving NFS Mounted Directories In-Reply-To: References: Message-ID: On Fri, Jan 22, 2010 at 04:49:33PM -0800, Jon Forrest wrote: > I have a Sun 7310 storage server. This is > running Solaris 10 but it's self-contained > and I can't login to it or run Samba on it. > I manage it with a web interface. You need to get over that. Running Samba on NFS imports is a really bad idea. At least every month people report strange lockups, timeouts and other weird things on this list that can be attributed to NFS imports. You should really contact SUN for information how to log into that box and install Samba. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From list_samba at bluerosetech.com Sat Jan 23 03:28:05 2010 From: list_samba at bluerosetech.com (list_samba at bluerosetech.com) Date: Sat, 23 Jan 2010 02:28:05 -0800 Subject: [Samba] Samba 3.2.5 not appearing in Windows 7 network browser? Message-ID: <4B5ACF35.6010800@bluerosetech.com> I have a small NAS (called LS1) device running samba 3.2.5. I have two laptops and desktop, all running Windows 7. They can all see each under Network in an exploring window, but not the NAS. They can all connect to and use the NAS just fine and I can browse the NAS if I type \\LS1\ into the address bar. I've searched the archives and Google; however, the only related threads I found were resolved when the questioner started/restarted nmbd. Nmbd is running and I have restarted it multiple times, allowing many hours for LS1 to show up. What additional steps are required to make Samba show up? From Volker.Lendecke at SerNet.DE Sat Jan 23 03:20:45 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Sat, 23 Jan 2010 11:20:45 +0100 Subject: [Samba] possible bug In-Reply-To: <4B572098.7F5ED9D0@zpid.de> References: <4B572098.7F5ED9D0@zpid.de> Message-ID: On Wed, Jan 20, 2010 at 04:26:16PM +0100, Christiane Baier wrote: > don't know if this behavior is a bug, but I want to share this > information. > > samba server version 3.4.3 is installed on solaris10 x86 > compiled with gcc > Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs > Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure > --prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as > --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ > --enable-shared > Thread model: posix > gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath) > > and options > CFLAG=-02 ./configure --with-configdir=/etc/samba --disable-swat > --with-privatedir=/etc/samba/private --with-lockdir=/var/lock > --with-piddir=/var/run --with-logfilebase=/var/log --disable-cups > --without-krb5 --with-utmp --prefix=/export/samba343 > > There have to be some symlinks in /usr/lib > ln -s /export/samba343/lib/libtalloc.so libtalloc.so > ln -s /export/samba343/lib/libtalloc.so.1 libtalloc.so.1 > ln -s /export/samba343/lib/libtdb.so.1 libtdb.so.1 > ln -s /export/samba343/lib/libtdb.so libtdb.so > ln -s /export/samba343/lib/libwbclient.so libwbclient.so > ln -s /export/samba343/lib/libwbclient.so.0 libwbclient.so.0 > otherwise samba won't find the libraries. It's started via inetd and > works fine with linux and windows clients > > But with Mac OS X 10.4.11 mount_smbfs fails with the error message > mount_smbfs: negotiate phase failed: syserr = Connection reset by peer > > smbclient on the same Mac works fine. > > If debugging is enabled for smbd and level set to 10 (nothing else > changed) > # inetadm -m svc:/network/netbios-ssn/tcp:default > exec="/export/samba343/sbin/smbd -d 10" > # svcadm refresh svc:/network/inetd:default > # svcadm restart svc:/network/inetd:default > mount_smbfs works from Mac client > > So why does it not work if debugging level is set to anything below 10? Good question. Can you send a network trace of both cases? http://wiki.samba.org/index.php/Capture_Packets Thanks, Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From nick at brealey.org Sat Jan 23 06:19:04 2010 From: nick at brealey.org (Nicholas Brealey) Date: Sat, 23 Jan 2010 13:19:04 +0000 Subject: [Samba] Samba Serving NFS Mounted Directories In-Reply-To: References: Message-ID: <4B5AF748.5070406@brealey.org> The Sun 7310 is a storage appliance. It is not running Solaris 10 but runs an OS based on Open Solaris with CIFS and Windows style authentication integrated in the kernel. Installing Samba is not an option. You really should be using the integrated CIFs server. It is probably simpler to set up than Samba but is probably not as flexible (has fewer configuration options). There is a simulator you can play with to learn how to set it up. Sun offer courses on setting it up. Sun offer a service to set it up for you. The manual is available on the Internet or from the storage device. There is a forum where these devices are discussed. You almost certainly got a support contract when you bough the device. If you cannot use its CIFS server (ie if you are using a NT 4 style domain or a Samba PDC) perhaps using iSCSI to the Linux box and sharing with Samba is the next best option. See: http://wikis.sun.com/display/FishWorks/Fishworks http://forums.sun.com/forum.jspa?forumID=831 Nick Jon Forrest wrote: > I have a Sun 7310 storage server. This is > running Solaris 10 but it's self-contained > and I can't login to it or run Samba on it. > I manage it with a web interface. > > I have a CentOS 5.3 machine that mounts > a bunch of file systems via NFS from the > Sun server. This works fine. I installed > Samba 3.4.5 on the CentOS machine and > configured it to share some of the directories > that are actually NFS mounts from the Sun > server. I'm able to map these directories > from both Windows XP and Windows 7. > > I'm seeing several problems: > > 1) Accessing the mapped directories from > Windows when running Microsoft Office apps is > extremely slow. I don't have any exact numbers > but let's say the speed is unusable. Ironically, > other programs, such as 'vim' and 'notepad' > don't have this speed problem when accessing > the same shares. > > 2) Again, using Microsoft Office apps, Windows XP > machines see files as read-only. Windows 7 works > fine on the same files. > > The Sun has a non-Samba CIFS implementation > but it's non-intuitive to set up so I haven't > tried it. I'm wondering if what I describe > should work. > > Here's the smb.conf configuration for the share: > > [bgroup] > > valid users = bgroup > path = /home/bgroup > public = no > writeable = yes > browseable = no > create mask = 012 > create mode = 0660 > directory mode = 0770 > > Any comments or suggestions? > > Cordially, > From salatiel.filho at gmail.com Sat Jan 23 10:29:37 2010 From: salatiel.filho at gmail.com (Salatiel Filho) Date: Sat, 23 Jan 2010 14:29:37 -0300 Subject: [Samba] Help to fix the remaining problems when migration from windows to a linux print server Message-ID: Hi, i am trying to migrate my print servers from windows to linux , everything is getting really nice but i still face a few problems , and since i don't know if i need help from cups or samba guys i will post to both lists, so maybe someone can give me some help. Well, i have now cups and samba working just fine, i can authenticate my users in cups from Active Directory using winbind and they can print just fine. The remaining problems/doubts are: 1) Is there a way to run cupsaddsmb when security = ads in smb.conf ? I always have to set security = user before running cupsaddsmb or it will fail. 2) Even though my cups printers are configured to DefaultPage = A4, after a cupsaddsmb all windows clients still default to LETTER. What am i doing wrong? Is there a way to mass set all printer queues in windows to use A4 ? Some rpcclient parameter to change this ? I have over 1k queues, so manually change each one in windows GUI is kinda very time consuming. 3) Why do i always get count page = 1 when printing from windows ? I thought since i was using the right PPD for each printer and adobe postscripts + cups drivers exported from cupsaddsmb , page accounting would work, but apparently not. 4) now the critical problem , sometimes when im trying to print a big job, over 400 hundred pages with lots of pictures to a cups class from Word for example , word starts spooling to the samba spool but after it finishes printing the only thing really printed in cups is the BANNER page, the job itself never gets there. Thanks in advance. -- []'s Salatiel "O maior prazer do inteligente ? bancar o idiota diante de um idiota que banca o inteligente". From learner.study at gmail.com Sat Jan 23 13:07:25 2010 From: learner.study at gmail.com (Learner Study) Date: Sat, 23 Jan 2010 12:07:25 -0800 Subject: [Samba] samba client (cifs) read size Message-ID: <7efa8a7d1001231207t126a6c50pe7fd91f601dca2af@mail.gmail.com> Hi: How can I change the samba client's read size on linux/windows PC? Linux appears to be doing 16k reads no matter the socket buffer size...any ideas? thanks for your help! From learner.study at gmail.com Sat Jan 23 13:07:25 2010 From: learner.study at gmail.com (Learner Study) Date: Sat, 23 Jan 2010 12:07:25 -0800 Subject: [Samba] samba client (cifs) read size Message-ID: <7efa8a7d1001231207t126a6c50pe7fd91f601dca2af@mail.gmail.com> Hi: How can I change the samba client's read size on linux/windows PC? Linux appears to be doing 16k reads no matter the socket buffer size...any ideas? thanks for your help! From stan at hardwarefreak.com Sat Jan 23 13:11:04 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sat, 23 Jan 2010 14:11:04 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> Message-ID: <4B5B57D8.2050503@hardwarefreak.com> Learner Study put forth on 1/23/2010 3:31 AM: > Hi Linda: > > Looking at some internet resources, it appears that both encryption > and packet signing are off by default. Can u pls let me know how to > disable these on samba server side (on 3.0.x) Pretty sure they are both off in my case. I did not enable them in smb.conf. > On Sat, Jan 23, 2010 at 12:48 AM, Linda Walsh wrote: >> Igor wrote: >>> >>> I don't find it strange at all. Your computer is acting as a traffic >>> proxy between two samba servers. If you have 100Mb network interface >>> your bandwidth should split exactly in two. >> >> ---- But he said he doesn't get a split in two when a win2k server >> is used (he gets 11Mbps). I.e. Two network streams in two different >> directions should NOT halve throughput, _unless_ something is operating >> in half-duplex mode. "100Mbps, full duplex" should, _easily_, >> allow two 8 MBps streams if they are going in opposite directions. The 11MB/s was a different test, which I clearly stated. It consisted of two concurrent single stream file copies _from_ the Samba server _to_ a Win2K workstation using standard Windows Explorer as the file copy program. This test saturated one leg of the 100FDX ethernet connection at ~11.5MB/s. >> Stan wrote: >>> >>> Interestingly, if I launch a file copy with the SH> source file being >>> on one smb share on the server, and the destination being SH> another >>> smb share (separate filesystem) on the server, the combined throughput >>> SH> is also 8MB/s, 4 up and 4 down, which is very strange as this >>> should be two SH> distinct streams. >> >> --- >> I agree. Is it possible your network device isn't running in FULL >> duplex? Absolutely not. Both interfaces (Samba server and Win2K workstation) are configured and confirmed to be operating in full duplex mode. I confirmed this by forcing the Win2k box to 100FDX. This broke the switch which wants full autonegotiation, forcing the link to half duplex. It dropped performance by over 60%. I reenabled full autonegotiation, and performed a test which I had not previously. I launched two copy operations of the same ~600MB file, one up, one down, and according to NetMeter, was running ~7.5MB/s up to the Samba server and 6.5MB/s down to the workstation. Combined this is 14MB/s, more than a HDX link can provide. I'm ashamed I can't get that close to the ideal 22MB/s. There are two possibilities for this that I can think of: 1. The two switches involved are soho/consumer class, both unmanaged. One of the two is a $10 Rosewill (no name Chinese) 8 port desktop jobby. The other is a circa 2003/4 SMC rack mount combo 8port 100FDX switch and firewall router, which is a much better piece of gear, ran me about $100 in '03, but still pretty low end. The cost/quality of these two may or may not be a factor, but at this point I assume it might be. 2. The machines themselves may not be up to it, although I would think they should be given their specs, and that we're talking about merely 100FDX with a theoretical max of 12.5MB/s. This is something I'll investigate further, after I figure out the single stream problem. >> Other things to check (to optimize speed compared to ftp): >> >> 1) Ensure your communications are using TCP (port 445) and not >> UDP (port 139). For raw bandwidth maximization, what port and protocol are used won't make much difference, if any. In fact it shouldn't make _any_ difference in raw b/w. Communications between the Samba server and Win2K client appear to be exclusively over TCP 139 at this point according to netstat, instead I'm misreading or looking in the wrong place. Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp 0 0 192.168.100.9:139 192.168.100.53:1128 ESTABLISHED udp 0 0 192.168.100.9:137 0.0.0.0:* udp 0 0 0.0.0.0:137 0.0.0.0:* udp 0 0 192.168.100.9:138 0.0.0.0:* udp 0 0 0.0.0.0:138 0.0.0.0:* >> 2) Ensure encryption (Sealing) is off. >> 3) Ensure packet Signing is off. I assume these are off by default. I didn't enable them in smb.conf. >> The overhead of 2 & 3 contribute to around a 15% performance hit according >> to 1 MS source. (Obviously turning such things off presumes you are on >> a 'safe' network consistent with FTP usage, vs. SCP/SSH). The network is private, thus safe in this context. I'm pretty sure both of my measuring tools are reporting raw bandwidth, iftop on Linux and NetMeter on Windows 2000, so even if there is SMB overhead in the mix, it's irrelevant at this point. My problem is I can't max out single stream _raw_ bandwidth to/from the Samba server. I'm only getting 65Mb/s raw with a single file copy. I get 92Mb/s with two concurrent operations going the same direction, same as with FTP. >> You need to make sure that, at least, one side has each of Sign and >> Seal turned off and the other side has it set to 'no' or 'auto'. >> If one side has 'require' set for the feature, and the other has the same >> feature turned off, it will prohibit communications. Yeah, pretty sure this isn't a factor since I do have communications. ;) Thanks for your interest. Maybe we can actually get this figured out before long. -- Stan From stan at hardwarefreak.com Sat Jan 23 16:01:29 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sat, 23 Jan 2010 17:01:29 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5B57D8.2050503@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> Message-ID: <4B5B7FC9.3000303@hardwarefreak.com> Stan Hoeppner put forth on 1/23/2010 2:11 PM: > Absolutely not. Both interfaces (Samba server and Win2K workstation) are > configured and confirmed to be operating in full duplex mode. I confirmed this > by forcing the Win2k box to 100FDX. This broke the switch which wants full > autonegotiation, forcing the link to half duplex. It dropped performance by > over 60%. I reenabled full autonegotiation, and performed a test which I had > not previously. I launched two copy operations of the same ~600MB file, one up, > one down, and according to NetMeter, was running ~7.5MB/s up to the Samba server > and 6.5MB/s down to the workstation. Combined this is 14MB/s, more than a HDX > link can provide. I'm ashamed I can't get that close to the ideal 22MB/s. > There are two possibilities for this that I can think of: I just did some additional testing to see how FTP would perform with full duplex put/get to/from the xfs filesystem backing the Samba share for comparison to Samba performance. I used two sessions of the Windows 2000 inbuilt FTP command line client with default settings. I used the same 600MB+ file up/down, two copies, different names. full duplex get/put: get ftp: 678624350 bytes received in 65.92Seconds 10294.35Kbytes/sec. put ftp: 678624350 bytes sent in 89.88Seconds 7550.76Kbytes/sec. one way get: get ftp: 678624350 bytes received in 57.84Seconds 11731.97Kbytes/sec. The up/down is very uneven with the concurrent ftp transfers, downloads receiving more b/w than up. ProFTPD doesn't balance or shape traffic by default. I looked into using mod_shaper but it's not compiled into the Debian ProFTP daemon, and frankly I have no use for the traffic shaper beyond this testing. The headache of installing it or another ftp daemon which does shaping is more hassle than it's worth at this point. Anyway, as you can see from the numbers above, one transfer ran considerably longer than the other as it received less b/w during concurrency, about 25 seconds, which artificially inflates its transfer rate a bit as it gets all 11MB/s of the b/w for the remainder of its transfer after the other transfer has completed. With that caveat mentioned, I'll point out that watching the output of NetMeter during concurrency clearly showed a combined total of 16MB/s up+down. I ran the same test, same 600MB+ file, and traffic to/from Samba averages only 13MB/s. Remember, I'm reporting raw numbers, so protocol overhead is irrelevant. This testing demonstrates that due to one or multiple factors, hardware and/or software, my combined maximum full duplex throughput between my Win2K workstation and the Debian Lenny Samba server is approximately 16MB/s with my fastest applications tested to date, those being FTP client and server. Best one-way performance achieved to date is the maximum for switched fast ethernet, just over 11MB/s, obtained with FTP. Full duplex performance maximization would be great, but frankly it doesn't concern me as it is not one of my needs. What is a need is maximizing one-way single stream performance between the Samba server and my workstation. So, again, what can I do to bring my single stream raw transfer Win2K<->Debian Samba server performance up near the level of my FTP performance. FTP performance peaks at 11MB/s with a single stream yet SMB performance peaks at only 8MB/s single stream. Again, this is measuring raw packet performance on the interface, so protocol overhead is already in the numbers. Samba 3.2.5 or Win2K, or the combination of the two, simply will not saturate the interface with a single stream. With two streams going the same direction, they _do_ saturate the interface at 11MB/s. What's the solution to getting that last 3MB/s out of a single stream? Or, put a better way, that last 30% that's being left on the table. From other posts I've read here, people using GigE are also seeing something similar. They can't get that last 30% or so into the interface with a single stream. I don't think this problem is merely affecting me on Fast Ethernet. I guess I really needed the extra performance I could go buy some GigE cards (if they make them in regular PCI) and a GigE switch. However, I'd really just like to maximize what I already have, and not go spending money I don't want to. ;) -- Stan From morgan at tuxedo.darktech.org Sat Jan 23 16:34:17 2010 From: morgan at tuxedo.darktech.org (Rob Shinn) Date: Sat, 23 Jan 2010 18:34:17 -0500 Subject: [Samba] Samba+LDAP + Primary GIDs In-Reply-To: References: <4B54DB80.3040703@tuxedo.darktech.org> Message-ID: <4B5B8779.5070302@tuxedo.darktech.org> What does your 'net getdomainsid' or 'net getlocalsid' output look like? Kris Lou wrote: > Hi Rob, > > Thanks for the quick reply - Here it is (mostly with some cut and paste). > > CentOS 5.4 > Samba 3.2.15 > > dn: cn=Domain Admins,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Administrators > sambaSID: S-1-5-21-957249707-1866601452-441284377-512 > sambaGroupType: 2 > displayName: Domain Admins > structuralObjectClass: posixGroup > entryUUID: 1a60146c-cfad-102d-96b0-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > gidNumber: 512 > cn: Domain Admins > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: > memberUid: > memberUid: > entryCSN: 20091028001757Z#000001#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091028001757Z > > dn: cn=Domain Users,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Users > sambaSID: S-1-5-21-957249707-1866601452-441284377-513 > sambaGroupType: 2 > displayName: Domain Users > structuralObjectClass: posixGroup > entryUUID: 1a7ebb60-cfad-102d-96b1-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > gidNumber: 513 > cn: Domain Users > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: > memberUid: > entryCSN: 20091215225639Z#000001#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091215225639Z > > dn: cn=Domain Guests,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Guests Users > sambaSID: S-1-5-21-957249707-1866601452-441284377-514 > sambaGroupType: 2 > displayName: Domain Guests > structuralObjectClass: posixGroup > entryUUID: 1a845502-cfad-102d-96b2-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > gidNumber: 514 > cn: Domain Guests > userPassword:: e2NyeXB0fXg= > memberUid: design > memberUid: fedex > memberUid: infobox > memberUid: mailbox > memberUid: test > entryCSN: 20090521203023Z#000002#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090521203023Z > > dn: cn=Domain Computers,ou=Group,dc=themusiclink,dc=net > objectClass: top > objectClass: posixGroup > objectClass: sambaGroupMapping > gidNumber: 515 > cn: Domain Computers > description: Netbios Domain Computers accounts > sambaSID: S-1-5-21-957249707-1866601452-441284377-515 > sambaGroupType: 2 > displayName: Domain Computers > structuralObjectClass: posixGroup > entryUUID: 1a8ab492-cfad-102d-96b3-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > entryCSN: 20090507234700Z#000004#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090507234700Z > > dn: cn=Administrators,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Members can fully administer the computer/sambaDom > ainName > sambaSID: S-1-5-32-544 > sambaGroupType: 5 > displayName: Administrators > structuralObjectClass: posixGroup > entryUUID: 1a905d16-cfad-102d-96b4-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > objectClass: top > objectClass: posixGroup > objectClass: sambaGroupMapping > gidNumber: 544 > cn: Administrators > userPassword: > memberUid: administrator > memberUid: root > entryCSN: 20090516003337Z#000001#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090516003337Z > > dn: sambaDomainName=MLC,dc=themusiclink,dc=net > objectClass: top > objectClass: sambaDomain > objectClass: sambaUnixIdPool > sambaDomainName: MLC > sambaSID: S-1-5-21-957249707-1866601452-441284377 > structuralObjectClass: sambaDomain > entryUUID: 1aab5d3c-cfad-102d-96b9-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234701Z > sambaLockoutThreshold: 0 > sambaRefuseMachinePwdChange: 0 > sambaMinPwdLength: 5 > sambaLogonToChgPwd: 0 > sambaForceLogoff: -1 > sambaMinPwdAge: 0 > sambaMaxPwdAge: -1 > sambaPwdHistoryLength: 0 > gidNumber: 1033 > uidNumber: 1043 > sambaNextRid: 1100 > entryCSN: 20100104223853Z#000002#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20100104223853Z > > n: cn=TML.Accounting,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.Accounting > userPassword:: e2NyeXB0fXg= > gidNumber: 1145 > structuralObjectClass: posixGroup > entryUUID: 90185732-cfad-102d-97b9-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1011 > sambaGroupType: 2 > displayName: TML Accounting > description: Domain Unix group > memberUid: mailman > memberUid: mtong > memberUid: psmith > memberUid: spatrino > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193050Z#000003#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193050Z > > dn: cn=TML.CustomerService,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.CustomerService > userPassword:: e2NyeXB0fXg= > gidNumber: 1030 > structuralObjectClass: posixGroup > entryUUID: 901f89bc-cfad-102d-97ba-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1145 > sambaGroupType: 2 > displayName: TML Customer Service > description: Domain Unix group > memberUid: aatz > memberUid: rbrown > memberUid: middenm > memberUid: shipper1 > memberUid: msoyangco > memberUid: psmith > memberUid: loliphant > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193050Z#000004#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193050Z > > dn: cn=TML.Marketing,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > structuralObjectClass: posixGroup > entryUUID: 90270db8-cfad-102d-97bb-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1028 > sambaGroupType: 2 > displayName: TML Marketing > description: Domain Unix group > gidNumber: 1028 > cn: TML.Marketing > userPassword:: e2NyeXB0fXg= > memberUid: aatz > memberUid: cchan > memberUid: grich > memberUid: labels > memberUid: mailman > memberUid: mjohans > memberUid: schen > memberUid: shipper1 > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193050Z#000005#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193050Z > > dn: cn=TML,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > cn: TML > userPassword:: e2NyeXB0fXg= > gidNumber: 1026 > structuralObjectClass: posixGroup > entryUUID: 902c14f2-cfad-102d-97bc-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > memberUid: aatz > memberUid: bjones > memberUid: bsweinberg > memberUid: cchan > memberUid: darguello > memberUid: dbeasley > memberUid: ggrimm > memberUid: grich > memberUid: jbruno > memberUid: jlaplaca > memberUid: jshort > memberUid: kbyrne > memberUid: mtong > memberUid: loliphant > memberUid: mgosnell > memberUid: middenm > memberUid: mjohans > memberUid: mlekas > memberUid: msoyangco > memberUid: psmith > memberUid: schen > memberUid: ship1 > memberUid: slevintow > memberUid: spatrino > memberUid: sthompson > memberUid: tatz > memberUid: tbrownlee > memberUid: tchum > memberUid: training > memberUid: ups > memberUid: mguiffre > memberUid: ship2 > memberUid: ship3 > memberUid: ship4 > memberUid: klou > memberUid: jboron > memberUid: tocampo > memberUid: dhaberman > entryCSN: 20091215225639Z#000002#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091215225639Z > > dn: cn=TML.Sales,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.Sales > userPassword:: e2NyeXB0fXg= > gidNumber: 1029 > structuralObjectClass: posixGroup > entryUUID: 903119c0-cfad-102d-97bd-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1006 > sambaGroupType: 2 > displayName: TML Sales > description: Domain Unix group > memberUid: jbruno > memberUid: bsweinberg > memberUid: loliphant > memberUid: bjones > memberUid: jshort > memberUid: sthompson > memberUid: mlekas > memberUid: jlaplaca > memberUid: mguiffre > memberUid: kbyrne > memberUid: klou > memberUid: tocampo > memberUid: dhaberman > entryCSN: 20091215225530Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091215225530Z > > dn: cn=TML.QA,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > structuralObjectClass: posixGroup > entryUUID: 903729b4-cfad-102d-97be-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1009 > sambaGroupType: 2 > displayName: TML.QA > description: Domain Unix group > gidNumber: 1033 > cn: TML.QA > userPassword:: e2NyeXB0fXg= > memberUid: ggrimm > memberUid: tatz > memberUid: darguello > memberUid: grich > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000001#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=TML.Purchasing,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.Purchasing > userPassword:: e2NyeXB0fXg= > gidNumber: 1034 > structuralObjectClass: posixGroup > entryUUID: 903bc794-cfad-102d-97bf-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1007 > sambaGroupType: 2 > displayName: TML Purchasing > description: Domain Unix group > memberUid: slevintow > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000002#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=TML.Warehouse,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.Warehouse > userPassword:: e2NyeXB0fXg= > gidNumber: 1035 > structuralObjectClass: posixGroup > entryUUID: 90406b28-cfad-102d-97c0-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1008 > sambaGroupType: 2 > displayName: TML Warehouse > description: Domain Unix group > memberUid: tchum > memberUid: dbeasley > memberUid: mgosnell > memberUid: tbrownlee > memberUid: rbrown > memberUid: ups > memberUid: ship1 > memberUid: ship2 > memberUid: ship3 > memberUid: ship4 > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000003#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=TML.RTL,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.RTL > userPassword:: e2NyeXB0fXg= > gidNumber: 1047 > structuralObjectClass: posixGroup > entryUUID: 904504a8-cfad-102d-97c1-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1047 > sambaGroupType: 2 > displayName: TML RTL > description: Domain Unix group > memberUid: middenm > memberUid: loliphant > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000004#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > cn: AXL > userPassword:: e2NyeXB0fXg= > gidNumber: 1036 > structuralObjectClass: posixGroup > entryUUID: 9049a9ae-cfad-102d-97c2-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > memberUid: mhohman > memberUid: btownsend > memberUid: kliu > memberUid: ljiang > memberUid: schen > memberUid: training > memberUid: vsin > memberUid: klou > memberUid: achan > memberUid: hku > memberUid: kyao > memberUid: mlee > memberUid: mmccoy > memberUid: tgao > memberUid: vtomic > memberUid: wkwan > memberUid: ycheng > memberUid: yliu > memberUid: aku > memberUid: mwessner > memberUid: aliu > memberUid: ichen > memberUid: jmagana > memberUid: rhaile > memberUid: vxue > memberUid: jli > memberUid: tbuddingh > memberUid: vhttech > memberUid: tocampo > entryCSN: 20091202193051Z#000005#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Sales,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Sales > userPassword:: e2NyeXB0fXg= > gidNumber: 1037 > structuralObjectClass: posixGroup > entryUUID: 904b9e80-cfad-102d-97c3-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1005 > sambaGroupType: 2 > displayName: AXL Sales > description: Domain Unix group > memberUid: mhohman > memberUid: btownsend > memberUid: ljiang > memberUid: achan > memberUid: mmccoy > memberUid: vtomic > memberUid: aliu > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000006#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Sales.Manager,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 904fa2fa-cfad-102d-97c4-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1038 > sambaGroupType: 2 > displayName: AXL Sales Manager > description: Domain Unix group > gidNumber: 1038 > cn: AXL.Sales.Manager > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: vtomic > memberUid: tocampo > entryCSN: 20091202193051Z#000007#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Purchasing,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Purchasing > userPassword:: e2NyeXB0fXg= > gidNumber: 1039 > structuralObjectClass: posixGroup > entryUUID: 9054d5f4-cfad-102d-97c5-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1039 > sambaGroupType: 2 > displayName: AXL Purchasing > description: Domain Unix group > memberUid: kyao > memberUid: tgao > memberUid: wkwan > memberUid: ycheng > memberUid: aliu > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000008#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Purchasing.Manager,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 9059cc12-cfad-102d-97c6-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1040 > sambaGroupType: 2 > displayName: AXL Purchasing Manager > description: Domain Unix group > gidNumber: 1040 > cn: AXL.Purchasing.Manager > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: wkwan > memberUid: tocampo > entryCSN: 20091202193051Z#000009#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Engineering,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Engineering > userPassword:: e2NyeXB0fXg= > gidNumber: 1041 > structuralObjectClass: posixGroup > entryUUID: 905e6b50-cfad-102d-97c7-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1041 > sambaGroupType: 2 > displayName: AXL Engineering > description: Domain Unix group > memberUid: aku > memberUid: aliu > memberUid: ichen > memberUid: jmagana > memberUid: rhaile > memberUid: klou > memberUid: jli > memberUid: tbuddingh > memberUid: tocampo > entryCSN: 20091202193051Z#00000a#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Engineering.Manager,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 90631006-cfad-102d-97c8-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1042 > sambaGroupType: 2 > displayName: AXL Engineering Manager > description: Domain Unix group > gidNumber: 1042 > cn: AXL.Engineering.Manager > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: jli > memberUid: aku > memberUid: tocampo > memberUid: jmagana > memberUid: tbuddingh > entryCSN: 20091221193322Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091221193322Z > > dn: cn=AXL.CustomerService,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 9067a7c4-cfad-102d-97c9-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1043 > sambaGroupType: 2 > displayName: AXL Customer Service > description: Domain Unix group > gidNumber: 1043 > cn: AXL.CustomerService > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: mmccoy > memberUid: aliu > memberUid: ljiang > memberUid: vsin > memberUid: tocampo > entryCSN: 20091202193051Z#00000c#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.CustomerService.Manager,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 906c48b0-cfad-102d-97ca-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1044 > sambaGroupType: 2 > displayName: AXL Customer Service Manager > description: Domain Unix group > gidNumber: 1044 > cn: AXL.CustomerService.Manager > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: ljiang > memberUid: vsin > memberUid: tocampo > entryCSN: 20091202193051Z#00000d#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Accounting,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Accounting > userPassword:: e2NyeXB0fXg= > gidNumber: 1045 > structuralObjectClass: posixGroup > entryUUID: 9070ec4e-cfad-102d-97cb-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1045 > sambaGroupType: 2 > displayName: AXL Accounting > description: Domain Unix group > memberUid: kliu > memberUid: hku > memberUid: mlee > memberUid: aliu > memberUid: vxue > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#00000e#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Accounting.Manager,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Accounting.Manager > userPassword:: e2NyeXB0fXg= > gidNumber: 1046 > structuralObjectClass: posixGroup > entryUUID: 90758614-cfad-102d-97cc-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1046 > sambaGroupType: 2 > displayName: AXL Accounting Manager > description: Domain Unix group > memberUid: kliu > memberUid: hku > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#00000f#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: uid=inez$,ou=People,dc=themusiclink,dc=net > uid: inez$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2326 > displayName: INEZ$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1233688280 > sambaPwdMustChange: 2147483647 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a4090ae8-cfad-102d-97cf-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235051Z > sambaNTPassword: EB97ADC8AE0B0D345521BA0B4ED10410 > sambaPwdLastSet: 1262646184 > entryCSN: 20100104230304Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20100104230304Z > > dn: uid=mguiffre$,ou=People,dc=themusiclink,dc=net > uid: mguiffre$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2358 > displayName: MGUIFFRE$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1203349442 > sambaPwdMustChange: 2147483647 > sambaNTPassword: B4477BB59E8B04EE0635CEE872F9E3E1 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaPwdLastSet: 1203349442 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a4420226-cfad-102d-97d0-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235051Z > entryCSN: 20090507235051Z#000013#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090507235051Z > > dn: uid=MICHAEL$,ou=People,dc=themusiclink,dc=net > uid: MICHAEL$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2244 > displayName: MICHAEL$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1235874383 > sambaPwdMustChange: 2147483647 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a4749e8e-cfad-102d-97d1-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235052Z > sambaNTPassword: C4FCBF20D7CF3EC3595535D90CCCA660 > sambaPwdLastSet: 1262238476 > entryCSN: 20091231054756Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091231054756Z > > dn: uid=lrrr$,ou=People,dc=themusiclink,dc=net > uid: lrrr$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-1014 > displayName: Computer Acct > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 0 > sambaNTPassword: 01F5F78FF4DC2A00D532520533E2108D > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaPwdLastSet: 0 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a47af162-cfad-102d-97d2-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235052Z > entryCSN: 20090507235052Z#000005#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090507235052Z > > dn: uid=RYAN$,ou=People,dc=themusiclink,dc=net > uid: RYAN$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2260 > displayName: THE-M47RJJ9T53W$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1234524689 > sambaPwdMustChange: 2147483647 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a480f800-cfad-102d-97d3-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235052Z > sambaNTPassword: 9656CE740570EBB847AD131D65E3BBEB > sambaPwdLastSet: 1246490780 > entryCSN: 20090701232620Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090701232620Z > > dn: uid=salesspare$,ou=People,dc=themusiclink,dc=net > uid: salesspare$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2410 > displayName: SALESSPARE$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1233972359 > sambaPwdMustChange: 2147483647 > sambaNTPassword: 75B1501C5F90B5D23F824AB99CA47E14 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaPwdLastSet: 1233972359 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a503c17c-cfad-102d-97d4-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235053Z > entryCSN: 20090507235053Z#000004#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090507235053Z > > > > > Kris Lou > klou at themusiclink.net > > > > On Mon, Jan 18, 2010 at 2:06 PM, Rob Shinn wrote: > >> Kris Lou wrote: >> >>> I've checked my ldif's - the groups exist, the users exists as >>> memberids, but it looks like samba is only checking the gid? >>> >>> >> Can you post the LDIFs of your groups (you can edit out any incriminating >> evidence ;)? Sounds like your groups are lacking correct sambaSID or >> sambaGroupType attributes. >> >> > > From rob at steinmetznet.com Sat Jan 23 17:38:16 2010 From: rob at steinmetznet.com (Robert Steinmetz) Date: Sat, 23 Jan 2010 18:38:16 -0600 Subject: [Samba] Samba Permissions Problem In-Reply-To: <4B5A254F.7030007@BriannasSaladDressing.com> References: <4B58C250.6060305@steinmetznet.com> <4B59FD46.7090803@BriannasSaladDressing.com> <4B5A17C8.4010600@steinmetznet.com> <4B5A254F.7030007@BriannasSaladDressing.com> Message-ID: <4B5B9678.9000108@steinmetznet.com> On 1/22/2010 4:23 PM, Dale Schroeder wrote: > On 01/22/2010 3:25 PM, Robert Steinmetz AIA wrote: >> Dale Schroeder wrote: >>> On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: >>>> I need help understanding what is happening and trouble shooting. >>>> >>>> I have two servers running Samba 2.3.3, one as a Domain Controller >>>> one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd >>>> and winbindd using the tdb back end are running on both. >>>> >>>> I have two shares on the member server and as far as I can tell >>>> they are identical. [Projects] works as expected but [Windows] >>>> always asks for a login name even though the smb.conf entries for >>>> both are are the same. If I comment out the "force group" in >>>> [Windows] users can access the share but there are errors writing >>>> and creating files. If I create a new share it acts as the >>>> [Windows] share. >>>> >>>> Here are the share definitions and a list of the files in the >>>> directory; >>>> >>>> [Projects] >>>> Comment = Project Files >>>> path = /files/Lucretia/Projects >>>> writeable = yes >>>> browseable = yes >>>> create mask = 0764 >>>> directory mask = 0775 >>>> force group = "ATLANTA\domain users" >>>> >>>> [Windows] >>>> comment = Atlanta Windows Files >>>> path = /files/Lucretia/Windows >>>> browseable = yes >>>> writeable = yes >>>> create mask = 0764 >>>> directory mask = 0775 >>>> force group = "ATLANTA\domain users" >>>> >>>> >>>> root at louise:/files/Lucretia# ls -l >>>> total 66 >>>> drwxrwsr-x 2 root 10001 48 2008-07-17 03:17 Arris >>>> -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list >>>> drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office >>>> drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig >>>> drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects >>>> drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma >>>> drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old >>>> drwxrws*r-x* 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows >>>> >>>> Testparm shows no problems although it does rearrange the share >>>> definitions somewhat. >>>> >>>> The problem must be in windows permissions but I don't know how to >>>> check them, especially since I have only ssh access because the >>>> site is remote. I have to rely on local users for testing. >>>> >>>> How can I get a list of ATLANTA\domain admin group users? >>>> >>>> How can I change the permissions? >>> >>> Any possibility of acl's, especially default acl's? >>> >>> getfacl /files/Lucretia/Projects >>> getfacl /files/Lucretia/Windows >>> >> Looks like not; >> >> root at louise:/etc/samba# getfacl /files/Lucretia/Projects >> getfacl: Removing leading '/' from absolute path names >> # file: files/Lucretia/Projects >> # owner: ATLANTA\134trish >> # group: 10001 >> user::rwx >> group::rwx >> other::r-x >> >> root at louise:/etc/samba# getfacl /files/Lucretia/Windows >> getfacl: Removing leading '/' from absolute path names >> # file: files/Lucretia/Windows >> # owner: ATLANTA\134trish >> # group: 10001 >> user::rwx >> group::rwx >> *other::rwx * > If it's not a typo, it is odd that ls and getfacl return different > results for "other" in the "Windows" share > ls = r-x > getfacl = rwx > > Even if it's not a typo, it makes no sense that the share with the > most permissions is the one that's inaccessible. > This is a strange one. > > Dale > > I apparently changed the permissions between the two listings it is rwx for other now when I list the files in the directory. drwxrwsrwx 290 ATLANTA\trish 10001 23576 2010-01-20 15:51 Windows -- *Robert Steinmetz, AIA* Principal *Steinmetz & Associates* From rob at steinmetznet.com Sat Jan 23 17:52:17 2010 From: rob at steinmetznet.com (Robert Steinmetz) Date: Sat, 23 Jan 2010 18:52:17 -0600 Subject: [Samba] wbinfo, net, getent and groups In-Reply-To: <4B5A0F58.8050607@steinmetznet.com> References: <4B5A0F58.8050607@steinmetznet.com> Message-ID: <4B5B99C1.9040902@steinmetznet.com> I've found at least part of the problem. PAM was not properly configured. Apparently I had used a configuration for a previous version of pam which did not work with my setup.. On 1/22/2010 2:49 PM, Robert Steinmetz AIA wrote: > I have two servers running Samba 2.3.3, one as a Domain Controller one > as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and > winbindd using the tdb back end are running on both. > > I am don't understand the results. As far as I can tell I have > everything configured as it should be. > > The basic globals for the DC > > [global] > workgroup = ATLANTA > time server = Yes > hostname lookups = Yes > domain logons = Yes > preferred master = Yes > domain master = Yes > wins support = Yes > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = Yes > winbind enum groups = Yes > hide dot files = No > > > The glbals for the Member Server > > [global] > workgroup = ATLANTA > security = DOMAIN > password server = 192.168.1.24 > name resolve order = wins bcast hosts > wins proxy = Yes > wins server = 192.168.1.24 > idmap uid = 10000-20000 > idmap gid = 10000-20000 > template shell = /bin/bash > winbind enum users = Yes > winbind enum groups = Yes > hosts allow = 192.168.1.0/255.255.255.0 > > getent does not return the names on any domain groups or users. > > wbinfo does return the names on domains groups and users. > > BUILTIN\administrators > BUILTIN\users > ATLANTA\domain users > ATLANTA\domain guests > ATLANTA\domain admins > > net groupmap list on the DC shows mapping to groups > > Backup Operators (S-1-5-32-551) -> backup > Power Users (S-1-5-32-547) -> atlanta > Replicators (S-1-5-32-552) -> staff > Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) -> samba > Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) -> nogroup > Administrators (S-1-5-32-544) -> staff > Account Operators (S-1-5-32-548) -> account > Users (S-1-5-32-545) -> samba > Print Operators (S-1-5-32-550) -> print > Guests (S-1-5-32-546) -> nogroup > System Operators (S-1-5-32-549) -> operator > Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) -> staff > > net groupmap list on the Member Server shows only the builtin in groups > > Administrators (S-1-5-32-544) -> BUILTIN\administrators > Users (S-1-5-32-545) -> BUILTIN\users > -- *Robert Steinmetz, AIA* Principal *Steinmetz & Associates* From Volker.Lendecke at SerNet.DE Sun Jan 24 02:59:46 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Sun, 24 Jan 2010 10:59:46 +0100 Subject: [Samba] Samba Serving NFS Mounted Directories In-Reply-To: <4B5B4100.5010202@berkeley.edu> References: <4B5B4100.5010202@berkeley.edu> Message-ID: On Sat, Jan 23, 2010 at 10:33:36AM -0800, Jon Forrest wrote: > So, I'll restate the question - what is it > about NFS exports that gives Samba trouble > that doesn't occur when serving local files? Mostly it is locking problems. Some daemons not started, daemons not 100% working right, etc. Then it is also a big performance drain. Sending data over the net twice without proper caching is really subobptimal. Then, potentially not all features fully supported (EAs, ACLs, etc). This is just a pain in the neck. And, for us here on this list it is a pain because all those problems show up for the Samba clients, so by definition those bugs appear to be Samba bugs while they are NFS problems. Volker From Volker.Lendecke at SerNet.DE Sun Jan 24 04:04:53 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Sun, 24 Jan 2010 12:04:53 +0100 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5B57D8.2050503@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> Message-ID: On Sat, Jan 23, 2010 at 02:11:04PM -0600, Stan Hoeppner wrote: > The 11MB/s was a different test, which I clearly stated. > It consisted of two concurrent single stream file copies > _from_ the Samba server _to_ a Win2K workstation using > standard Windows Explorer as the file copy program. This > test saturated one leg of the 100FDX ethernet connection > at ~11.5MB/s. Just a quick hint: Single stream performance really heavily depends on the concrete client behaviour. smbclient from 3.2 and higher should give you good performance. And watch out which program on the Windows client you use to do the copy. xcopy, robocopy and the Windows explorer on some OS version give dramatically different results. The difference comes from overlapping requests or their absence. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From esiotrot at gmail.com Sun Jan 24 05:09:51 2010 From: esiotrot at gmail.com (Michael Wood) Date: Sun, 24 Jan 2010 14:09:51 +0200 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> Message-ID: <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> 2010/1/24 Volker Lendecke : > On Sat, Jan 23, 2010 at 02:11:04PM -0600, Stan Hoeppner wrote: >> The 11MB/s was a different test, which I clearly stated. >> It consisted of two concurrent single stream file copies >> _from_ the Samba server _to_ a Win2K workstation using >> standard Windows Explorer as the file copy program. ?This >> test saturated one leg of the 100FDX ethernet connection >> at ~11.5MB/s. > > Just a quick hint: Single stream performance really heavily > depends on the concrete client behaviour. smbclient from 3.2 > and higher should give you good performance. And watch out > which program on the Windows client you use to do the copy. > xcopy, robocopy and the Windows explorer on some OS version > give dramatically different results. The difference comes > from overlapping requests or their absence. Except that he said "I can copy files between the Win2K and WinXP machines at just over 10MB/s in a single stream and max out the 11MB/s with two streams." I am assuming he used the same client in that test as he did with the test against Samba. So from what he's said it seems that he gets more speed with a Windows server than with Samba for the same client. -- Michael Wood From Volker.Lendecke at SerNet.DE Sun Jan 24 05:51:06 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Sun, 24 Jan 2010 13:51:06 +0100 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> Message-ID: On Sun, Jan 24, 2010 at 02:09:51PM +0200, Michael Wood wrote: > Except that he said "I can copy files between the Win2K and WinXP > machines at just over 10MB/s in a single stream and max out the 11MB/s > with two streams." I am assuming he used the same client in that test > as he did with the test against Samba. So from what he's said it > seems that he gets more speed with a Windows server than with Samba > for the same client. So what we need is a full network trace of both cases. Volker From basch at alum.mit.edu Sun Jan 24 09:40:57 2010 From: basch at alum.mit.edu (Richard Basch) Date: Sun, 24 Jan 2010 11:40:57 -0500 Subject: [Samba] Roaming profile problems - XP profiles not being saved (Windows 7 profiles work) Message-ID: <900B935B24A5442C932DACCCCEFD2AF9@IBMRBASCH> Ever since I upgraded Samba from 3.0.x to 3.4.x, and reconfigured it to support Windows 7 clients, I am having issues with roaming profiles on my Windows XP clients. All the machines have been rejoined to the domain, domain authentication appears to be working fine, the home drive is mounted ok, and the profile information is even read, but never updated upon logout. A user with no profile will have an empty profile directory created. I used to have the profile under 'homes', which I changed after reading several articles about not configuring as such, but to no avail. I can't find any obvious errors in the Samba logs, using a variety of debugging levels, but I probably haven't configured logging correctly (so if Samba logs are requested, please let me know the logging I should enable). The key item is Windows 7 profiles DO WORK. It is annoying it requires a separate profile, but c'est le vie. Only my Windows XP clients are failing. I have suspected it may be a registry setting in Windows XP, but I can't seem to identify which parameter. I did change the setting using the Policy Editor of: Do not check for user ownership of Roaming Profile Folders = Enabled (on one computer), to no avail. In my smb.conf, you will see references to LDAP... all the users are configured with: SambaProfilePath = \\\profiles\ (No variables are referenced.) /home/profiles is mode 1777, owned by root. Anyone can write there (and as I previously said, I have seen the profile directory being created, just not populated... and it is the same mountpoint that is also used for my Windows 7 (.V2) profiles, which work properly. Enclosed is my smb.conf... any suggestions would be welcome. This list is full of helpful people. My last issue to get Windows 7 domain joining was great... I had to set StrongKeys = Required in the client's registry (I never imagined Required would have been synonymous with if you don't do this, it won't bother to negotiate the stronger setting). smb.conf ======== [global] ;include = /etc/samba/dhcp.conf workgroup = N2HA realm = INTERNAL.BRIGHT-PROSPECTS.COM security = user map to guest = Bad User usershare allow guests = Yes server string = %h (Samba %v) hosts allow = 192.168.0.0/16 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 139 ;os level = 65 local master = yes domain master = yes preferred master = yes domain logons = yes winbind use default domain = yes netbios aliases = SAMBA ;printing = cups ;printcap name = cups ;printcap cache time = 750 ;cups options = raw name resolve order = wins lmhosts bcast wins support = yes dns proxy = no ea support = yes enable asu support = yes time server = yes deadtime = 10 max log size = 4096 hide dot files = no hide special files = yes hide unreadable = yes template shell = /bin/false veto oplock files = /*.pst/*.nsf/*.doc/*.xls/*.mdb/ client lanman auth = no client ntlmv2 auth = yes client plaintext auth = no encrypt passwords = yes lanman auth = no ntlm auth = yes null passwords = yes server signing = auto server schannel = auto passdb backend = ldapsam:ldaps://ldap.internal.bright-prospects.com/ obey pam restrictions = no ldap ssl = no ldap admin dn = "uid=ntadmin,ou=User,dc=bright-prospects,dc=com" ldap suffix = dc=bright-prospects,dc=com ldap machine suffix = sambaDomainName=N2HA,ou=Network ldap user suffix = ou=User ldap group suffix = ou=Group ldap idmap suffix = ou=IdMap,ou=Network ldap passwd sync = yes ldap delete dn = no ;add user script = /home/admin/bin/smbldap-useradd -m %u ;delete user script = /home/admin/bin/smbldap-userdel %u ;add group script = /home/admin/bin/smbldap-groupadd -p %g ;delete group script = /home/admin/bin/smbldap-groupdel %g add machine script = /home/admin/bin/smbldap-useradd -w %u add user to group script = /home/admin/bin/smbldap-groupmod -m %u %g delete user from group script = /home/admin/bin/smbldap-groupmod -x %u %g set primary group script = /home/admin/bin/smbldap-usermod -g %g %u passwd program = /home/admin/bin/smbldap-passwd %u vfs objects = recycle recycle: directory_mode = 0770 recycle: keeptree = 1 recycle: touch = 1 recycle: minsize = 1 recycle: maxsize = 5000000 recycle: exclude = *.tmp *.temp ~$* *.obj *.~?? recycle: exclude_dir = /RealTimeBackup ;vscan-clamav: config-file = /etc/samba/vscan-clamav.conf ;log level = 3 auth:5 smb:10 [homes] comment = Home Directories ;valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes ; locking = no hide files = /.*/desktop.ini/thumbs.db/*.bitmap/NTUSER.*/ hide unreadable = no path = /home/%S [profiles] comment = Network Profiles Service ;path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 ; path = /home/profiles hide files = guest ok = yes browseable = yes ;writeable = yes ;inherit acls = yes profile acls = yes csc policy = disable force user = %U [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [Profiles.V2] copy = profiles path = /home/profiles/%U.V2 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes browseable = yes write list = root csc policy = disable From stan at hardwarefreak.com Sun Jan 24 12:13:02 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sun, 24 Jan 2010 13:13:02 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> Message-ID: <4B5C9BBE.1040704@hardwarefreak.com> Volker Lendecke put forth on 1/24/2010 5:04 AM: > On Sat, Jan 23, 2010 at 02:11:04PM -0600, Stan Hoeppner wrote: >> The 11MB/s was a different test, which I clearly stated. >> It consisted of two concurrent single stream file copies >> _from_ the Samba server _to_ a Win2K workstation using >> standard Windows Explorer as the file copy program. This >> test saturated one leg of the 100FDX ethernet connection >> at ~11.5MB/s. > > Just a quick hint: Single stream performance really heavily > depends on the concrete client behaviour. smbclient from 3.2 > and higher should give you good performance. And watch out > which program on the Windows client you use to do the copy. > xcopy, robocopy and the Windows explorer on some OS version > give dramatically different results. The difference comes > from overlapping requests or their absence. I just tested xcopy with the previously mentioned 600MB+ file between my Win2K Pro workstation and the WinXP workstation, single stream, both directions. I also did the same xcopy tests between the Win2K Pro workstation and the Samba server. The b/w results are identical to the previous Windows Explorer file copy tests, 8MB/s up/down to Samba, and a little over 10MB/s up/down to the WinXP machine. Are overlapping requests the cause of the single stream performance issue here? If so, are overlapping requests something that is negotiated in the SMB protocol between the hosts or is it statically configured, or something compiled into the client code? I.e. if overlapping requests is the issue, why do the two Windows machines seem to do it correctly between themselves, but the Windows/Samba combination does not? Is there something I can manually configure on Win2K Pro to overlap requests to/from Samba? Thanks for the assistance, insight, and education. -- Stan From stan at hardwarefreak.com Sun Jan 24 12:59:14 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sun, 24 Jan 2010 13:59:14 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> Message-ID: <4B5CA692.7050108@hardwarefreak.com> Michael Wood put forth on 1/24/2010 6:09 AM: > 2010/1/24 Volker Lendecke : >> On Sat, Jan 23, 2010 at 02:11:04PM -0600, Stan Hoeppner wrote: >>> The 11MB/s was a different test, which I clearly stated. >>> It consisted of two concurrent single stream file copies >>> _from_ the Samba server _to_ a Win2K workstation using >>> standard Windows Explorer as the file copy program. This >>> test saturated one leg of the 100FDX ethernet connection >>> at ~11.5MB/s. >> >> Just a quick hint: Single stream performance really heavily >> depends on the concrete client behaviour. smbclient from 3.2 >> and higher should give you good performance. And watch out >> which program on the Windows client you use to do the copy. >> xcopy, robocopy and the Windows explorer on some OS version >> give dramatically different results. The difference comes >> from overlapping requests or their absence. > > Except that he said "I can copy files between the Win2K and WinXP > machines at just over 10MB/s in a single stream and max out the 11MB/s > with two streams." I am assuming he used the same client in that test > as he did with the test against Samba. So from what he's said it > seems that he gets more speed with a Windows server than with Samba > for the same client. This is correct. Except, just to be clear, the two Windows machines are both _client_ versions of MS Windows, not Windows Server. I eliminated my only remaining Windows server box a short wile ago, replacing it with the Samba server on much newer faster hardware. So, the environment consists of two Windows workstations and one Linux/Samba server (although it serves much more than just Samba). Almost all of my testing has been performed at the console of the Windows 2000 Professional workstation. The two remote test systems are Samba 3.2.5 on Debian Lenny and a Windows XP Home machine. I'm sure when you said Windows "server" you meant server in the SMB client/server relationship sense, but just in case I thought I'd clarify exactly what systems are involved to prevent possible confusion. So, ironically, these two Windows clients serve single stream SMB to one another faster than either of them to/from Samba. I'm glad more people are getting involved in this thread because it's making me look at things I previously had not (though should have). I just checked and found that the two Windows clients are talking to each other over TCP 445 which is SMB over TCP/IP without NETBIOS. Until just a few minutes ago, my Windows 2000 Pro machine had NETBIOS over TCP/IP enabled, and was only talking to the Samba server over TCP 139. Thinking this might make a slight difference, and to make my testing as close to apples-apples as I can, I disabled NETBIOS over TCP/IP, and now the Win2K workstation is connecting to Samba over only TCP 445. However, I ran the file transfer tests again, and there was no change in single stream performance--still 8MB/s up and down. I hope that whatever the cause of this 3MB/s performance loss is that the solution is user configurable, in the Windows registry or in smb.conf. I've been trying to wean myself off Windows for years but so far only for server duties. I can't stand the thought that two Windows workstations will be faster xferring files between each other than to my sleek Debian Samba file server. I've spent hundreds of hours tweaking the performance of my Debian server, and it's fast as greased lightning for most everything except single stream Samba performance. I really want to remedy this situation. ;) -- Stan From stan at hardwarefreak.com Sun Jan 24 13:02:22 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sun, 24 Jan 2010 14:02:22 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> Message-ID: <4B5CA74E.6030606@hardwarefreak.com> Volker Lendecke put forth on 1/24/2010 6:51 AM: > On Sun, Jan 24, 2010 at 02:09:51PM +0200, Michael Wood wrote: >> Except that he said "I can copy files between the Win2K and WinXP >> machines at just over 10MB/s in a single stream and max out the 11MB/s >> with two streams." I am assuming he used the same client in that test >> as he did with the test against Samba. So from what he's said it >> seems that he gets more speed with a Windows server than with Samba >> for the same client. > > So what we need is a full network trace of both cases. Exactly how would I perform such a task? With what utilities? Do you mean something like tcpdump on the Linux side? I'm not familiar with a Windows tool for the same. Can the Windows network monitor do this? I've never really used it. -- Stan From michaell at dazzit.com Sun Jan 24 14:33:00 2010 From: michaell at dazzit.com (Michael Lenaghan) Date: Sun, 24 Jan 2010 16:33:00 -0500 Subject: [Samba] Problem authenticating from standalone servers via Samba 3.0.34 domain member servers to Samba 3.2.5 domain controller Message-ID: <51a924f61001241333wbcc4087o33b01e783632edb4@mail.gmail.com> We recently upgraded our PDC from Debian 4 to Debian 5. That entailed an upgrade of Samba from 3.0.24 to 3.2.5. Since the upgrade we've had a very specific problem connecting to shares on a commercial NAS running Samba 3.0.34. The problem happens when users try to connect to shares from standalone servers--e.g., Windows XP Pro boxes that we use for testing. From those boxes users should be able to expand the domain in My Network Places\Entire Network\Microsoft Windows Network, navigate to the NAS, click on it and then get a login dialog where they can supply domain credentials. What instead happens is that they're told "There are currently no logon servers available?". I have run across problems connecting one version of Samba to another in the past. In those cases I've been able to track down a bug report. In this case I haven't been able to find a report that matches my test case so I'm looking for a possible mis-configuration that may have lain dormant until the PDC was upgraded. (Of course, it's possible that I just missed a bug report; I'm still looking.) In order to investigate this problem I configured two Debian boxes as domain member servers--one with Debian 4 (Samba 3.0.24) and one with Debian 5 (Samba 3.2.5). On each box I installed nothing but samba and winbind. I copied the smb.conf [global] section from the NAS and just did the essential configuration: smbpsswd -a root, net rpc join, winbind in nsswitch.conf. (Actually, I'm not sure winbind has anything to do with this--but I was trying to replicate the NAS setup.) After those steps I selected both boxes in Explorer from a standalone server. The Debian 4 box showed the same problem as the NAS while the Debian 5 box worked as expected. (In both cases the PDC was the newly upgraded box running Samba 3.2.5.) Everything I've tried seems to indicate that things are properly configured--with the exception of "wbinfo --getdcname HQ" which returns "Could not get dc name for HQ" and "wbinfo -a ..." which also fails. Those two things are probably related--but as you can see below all other wbinfo commands work correctly. Is this a known issue that I missed? Any thoughts on where to look further? Thanks. === smb.conf from Debian 5 domain controller (partial): [global] security = user workgroup = HQ domain logons = yes domain master = yes local master = yes preferred master = yes os level = 65 wins support = yes dns proxy = no name resolve order = lmhosts wins host bcast smb ports = 139 time server = yes panic action = /usr/share/samba/panic-action %d log file = /var/log/samba/log.%m log level = 2 passdb backend = ldapsam:ldap://srv.... ldapsam:trusted = yes ldap ssl = start_tls ldap suffix = ... ... username map = /etc/samba/smbusers ...scripts... logon path = logon drive = H: logon home = \\nas\%U logon script = logon.bat encrypt passwords = yes admin users = root guest account = Guest map to guest = bad user ...printing... idmap alloc backend = ldap ... idmap config HQ:default = yes idmap config HQ:backend = ldap ... winbind enum groups = yes winbind enum users = yes winbind use default domain = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no read only = yes guest ok = yes [printers] ... === smb.conf from Debian 4 domain member server: [global] allow trusted domains = 1 delete readonly = 1 delete veto files = 1 dos charset = CP437 encrypt passwords = 1 follow symlinks = 1 force unknown acl user = 1 force writeback = 1 guest account = nobody hostname lookups = 1 idmap gid = 35000-65000 idmap uid = 35000-65000 level2 oplocks = 0 load printers = 1 log level = 2 auth:10 lanman:10 smb:10 rpc_parse_:10 rpc_srv:10 rpc_cli:10 passdb:10 sam: 10 winbind:10 idmap:10 map acl inherit = 1 max log size = 256 name resolve order = lmhosts host wins bcast null passwords = 1 obey pam restrictions = 1 oplocks = 0 orgunit = passwd program = "/usr/bin/passwd %u" password server = 192.168.10.10 preserve case = 1 security = domain server string = %h short preserve case = 1 store dos attributes = 1 syslog = 0 syslog only = 0 template homedir = /c/home/%D/%U unix charset = UTF-8 unix password sync = 1 veto files = "/.AppleDouble/.AppleDB/.AppleDesktop/:2eDS_Store/:2eTemporaryItem winbind enum groups = 1 winbind enum users = 1 winbind use default domain = 1 wins server = 192.168.10.10 workgroup = HQ === tests run from Debian 4 domain member server: # wbinfo --getdcname=HQ Could not get dc name for HQ # wbinfo -t checking the trust secret via RPC calls succeeded # wbinfo --own-domain HQ # wbinfo --trusted-domains # wbinfo --all-domains HQ # wbinfo -u michaell ... # wbinfo -g BUILTIN\administrators BUILTIN\users domain admins domain users domain guests domain computers ... # wbinfo -N srv 192.168.10.10 srv # wbinfo -I 192.168.10.10 192.168.10.10 SRV # wbinfo -n michaell S-1-5-21-675904651-409210946-1000085797-1004 User (1) # wbinfo -s S-1-5-21-675904651-409210946-1000085797-1004 HQ\michaell 1 # wbinfo -i michaell michaell:*:6004:5513:...:/c/home/HQ/michaell:/bin/false # wbinfo -S S-1-5-21-675904651-409210946-1000085797-1004 6004 # wbinfo -U 6004 S-1-5-21-675904651-409210946-1000085797-1004 # wbinfo -r michaell 5513 10001 10003 35001 # wbinfo -G 5513 S-1-5-21-675904651-409210946-1000085797-513 # wbinfo -Y S-1-5-21-675904651-409210946-1000085797-513 5513 # net lookup dc 192.168.10.10 # net lookup master 192.168.10.10 # net lookup srv 192.168.10.10 # net cache list Key: SAF/DOMAIN/HQ Timeout: 10:19:31 Value: SRV Key: NBT/HQ#1D Timeout: 10:23:12 Value: 192.168.10.10:0 Key: NBT/SRV#20 Timeout: 10:13:04 Value: 192.168.10.10:0 (expired) Key: NBT/HQ#1C Timeout: 10:23:03 Value: 192.168.10.10:0 Key: NBT/HQ#1B Timeout: 10:23:03 Value: 192.168.10.10:0 # nmblookup -M HQ added interface ip=192.168.10.120 bcast=192.168.10.255 nmask=255.255.255.0 querying HQ on 192.168.10.255 Got a positive name query response from 192.168.10.10 ( 192.168.10.10 ) 192.168.10.10 HQ<1d> # nmblookup -A 192.168.10.10 added interface ip=192.168.10.120 bcast=192.168.10.255 nmask=255.255.255.0 Looking up status of 192.168.10.10 SRV <00> - H SRV <03> - H SRV <20> - H ..__MSBROWSE__. <01> - H HQ <1d> - H HQ <1b> - H HQ <1c> - H HQ <1e> - H HQ <00> - H MAC Address = 00-00-00-00-00-00 # nmblookup -S SRV added interface ip=192.168.10.120 bcast=192.168.10.255 nmask=255.255.255.0 querying SRV on 192.168.10.255 Got a positive name query response from 192.168.10.10 ( 192.168.10.10 ) 192.168.10.10 SRV<00> Looking up status of 192.168.10.10 SRV <00> - H SRV <03> - H SRV <20> - H ..__MSBROWSE__. <01> - H HQ <1d> - H HQ <1b> - H HQ <1c> - H HQ <1e> - H HQ <00> - H MAC Address = 00-00-00-00-00-00 === selected log excerpts from Debian 4 domain member server when user selects the box in Explorer: ==> log.smbd <== [2010/01/24 10:50:23, 2] smbd/reply.c:reply_special(496) netbios connect: name1=DEBIAN4TEST name2=ML-WINXP ... [2010/01/24 10:50:23, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [ML-WINXP]\[Administrator] from workstation [ML-WINXP] ... [2010/01/24 10:50:23, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [ML-WINXP]\[Administrator]@[ML-WINXP] with the new password interface [2010/01/24 10:50:23, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [HQ]\[Administrator]@[ML-WINXP] [2010/01/24 10:50:23, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2010/01/24 10:50:23, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2010/01/24 10:50:23, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2010/01/24 10:50:23, 6] auth/auth_sam.c:check_samstrict_security(414) check_samstrict_security: HQ is not one of my local names (ROLE_DOMAIN_MEMBER) [2010/01/24 10:50:23, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: sam had nothing to say [2010/01/24 10:50:23, 5] auth/auth.c:check_ntlm_password(273) check_ntlm_password: winbind authentication for user [Administrator] FAILED with error NT_STATUS_NO_LOGON_SERVERS [2010/01/24 10:50:23, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_LOGON_SERVERS *** Note: The above login *should* fail, but it's failing for the wrong reason. I'm logged into a non-domain member server as Administrator. That account has a different password than the Administrator on the domain. Presumably the failure should be an invalid password, which would then bring up the login dialog on the client; instead NT_STATUS_NO_LOGON_SERVERS is being passed to the client, preventing any login attempt. *** === # wbinfo -a HQ\\michaell%... plaintext password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error messsage was: No logon servers Could not authenticate user HQ\michaell%... with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error messsage was: No logon servers Could not authenticate user HQ\michaell with challenge/response log for above: [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) add_schannel_auth_footer: SCHANNEL seq_num=41 [2010/01/24 11:10:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SRV pipe \NETLOGON fnum 0x72b4 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 304, data_len 236, ss_len 4 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 304 at offset 0 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SRV pipe \NETLOGON fnum 0x72b4 returned 472 bytes. [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) add_schannel_auth_footer: SCHANNEL seq_num=43 [2010/01/24 11:10:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SRV pipe \NETLOGON fnum 0x72b4 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 304, data_len 236, ss_len 4 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 304 at offset 0 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SRV pipe \NETLOGON fnum 0x72b4 returned 472 bytes. [2010/01/24 11:10:57, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1290) Plain-text authentication for user HQ\michaell returned NT_STATUS_NO_LOGON_SERVERS (PAM: 4) [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) add_schannel_auth_footer: SCHANNEL seq_num=45 [2010/01/24 11:10:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SRV pipe \NETLOGON fnum 0x72b4 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 304, data_len 236, ss_len 4 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 304 at offset 0 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SRV pipe \NETLOGON fnum 0x72b4 returned 472 bytes. [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) add_schannel_auth_footer: SCHANNEL seq_num=47 [2010/01/24 11:10:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SRV pipe \NETLOGON fnum 0x72b4 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 304, data_len 236, ss_len 4 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 304 at offset 0 [2010/01/24 11:10:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SRV pipe \NETLOGON fnum 0x72b4 returned 472 bytes. [2010/01/24 11:10:57, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1635) NTLM CRAP authentication for user [HQ]\[michaell] returned NT_STATUS_NO_LOGON_SERVERS (PAM: 4) From michaell at dazzit.com Sun Jan 24 16:39:57 2010 From: michaell at dazzit.com (Michael Lenaghan) Date: Sun, 24 Jan 2010 18:39:57 -0500 Subject: [Samba] Winbind confused or corrupt Message-ID: <51a924f61001241539n7328cd6ewdac8b08fde2e9082@mail.gmail.com> While investigating an unrelated issue I discovered that winbind is completely confused or corrupt on one machine, a domain member server running Samba 3.0.34: # wbinfo -u NAS\backup-private NAS\backup-public ... administrator guest michaell ... administrator administrator michaell ... administrator administrator guest Segmentation fault NAS is the name of the domain member server; the name of the domain, HQ, isn't shown for the other accounts. ("winbind use default domain" is "yes".) Accounts from the domain controller are obviously and incorrectly repeated several times. I noticed this a day or two ago; at the time there was no segmentation fault, but there were blank lines between some users. Hmmm. (I'll include the NAS smb.conf file below. You might notice that it's using the smbpasswd backend. This is a commercial product; it came configured that way.) No other machines on the network show anything like this, so I'm assuming the problem is local to the one computer. Is it mis-configuration or corruption or both? (tdbdump doesn't complain about any tdb files, so perhaps any corruption would be logical rather than physical?) I have forced the following files to be re-created: /var/lib/samba/idmap_cache.tdb /var/lib/samba/winbind_cache.tdb /var/lib/samba/winbind_idmap.tdb Many files in that dir haven't been modified since 2007; the ones that have been are: /var/lib/samba/brlock.tdb /var/lib/samba/browse.dat /var/lib/samba/locking.tdb /var/lib/samba/messages.tdb /var/lib/samba/notify.tdb /var/lib/samba/registry.tdb /var/lib/samba/sessionid.tdb /var/lib/samba/unexpected.tdb Any ideas about where I might go looking? What would cause wbinfo to process a domain more than once? Thanks! === [global] allow trusted domains = 1 delete readonly = 1 delete veto files = 1 dos charset = CP437 encrypt passwords = 1 follow symlinks = 1 force unknown acl user = 1 force writeback = 1 guest account = nobody hostname lookups = 1 idmap gid = 35000-65000 idmap uid = 35000-65000 level2 oplocks = 0 load printers = 1 log level = 0 auth:2 map acl inherit = 1 max log size = 256 name resolve order = "lmhosts host wins bcast" null passwords = 1 obey pam restrictions = 1 oplocks = 0 orgunit = passwd program = "/usr/bin/passwd %u" password server = * preserve case = 1 security = domain server string = short preserve case = 1 store dos attributes = 1 syslog = 0 syslog only = 0 template homedir = /c/home/%D/%U unix charset = UTF-8 unix password sync = 1 veto files = "/.AppleDouble/.AppleDB/.AppleDesktop/:2eDS_Store/:2eTemporaryItems/TheVolumeSettingsFolder/TheFindByContentFolder/Network Trash Folder/Temporary Items/" winbind use default domain = 1 wins server = 192.168.10.10 workgroup = HQ From esiotrot at gmail.com Sun Jan 24 17:28:29 2010 From: esiotrot at gmail.com (Michael Wood) Date: Mon, 25 Jan 2010 02:28:29 +0200 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5CA692.7050108@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> <4B5CA692.7050108@hardwarefreak.com> Message-ID: <5a8aa6681001241628g2962d601g281c9cc199388cd1@mail.gmail.com> 2010/1/24 Stan Hoeppner : > Michael Wood put forth on 1/24/2010 6:09 AM: [...] >> Except that he said "I can copy files between the Win2K and WinXP >> machines at just over 10MB/s in a single stream and max out the 11MB/s >> with two streams." ?I am assuming he used the same client in that test >> as he did with the test against Samba. ?So from what he's said it >> seems that he gets more speed with a Windows server than with Samba >> for the same client. > > This is correct. ?Except, just to be clear, the two Windows machines are both > _client_ versions of MS Windows, not Windows Server. ?I eliminated my only I meant "server" in the sense that you connect to it from a client rather in the "Windows Server 200x" sense. > remaining Windows server box a short wile ago, replacing it with the Samba > server on much newer faster hardware. ?So, the environment consists of two > Windows workstations and one Linux/Samba server (although it serves much more > than just Samba). > > Almost all of my testing has been performed at the console of the Windows 2000 > Professional workstation. ?The two remote test systems are Samba 3.2.5 on Debian > Lenny and a Windows XP Home machine. ?I'm sure when you said Windows "server" > you meant server in the SMB client/server relationship sense, but just in case I Yes, that's what I meant :) > thought I'd clarify exactly what systems are involved to prevent possible > confusion. ?So, ironically, these two Windows clients serve single stream SMB to > one another faster than either of them to/from Samba. [...] -- Michael Wood From esiotrot at gmail.com Sun Jan 24 17:31:14 2010 From: esiotrot at gmail.com (Michael Wood) Date: Mon, 25 Jan 2010 02:31:14 +0200 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5CA74E.6030606@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> <4B5CA74E.6030606@hardwarefreak.com> Message-ID: <5a8aa6681001241631p63baf685wb6d15f8eaf960b49@mail.gmail.com> 2010/1/24 Stan Hoeppner : > Volker Lendecke put forth on 1/24/2010 6:51 AM: >> On Sun, Jan 24, 2010 at 02:09:51PM +0200, Michael Wood wrote: >>> Except that he said "I can copy files between the Win2K and WinXP >>> machines at just over 10MB/s in a single stream and max out the 11MB/s >>> with two streams." ?I am assuming he used the same client in that test >>> as he did with the test against Samba. ?So from what he's said it >>> seems that he gets more speed with a Windows server than with Samba >>> for the same client. >> >> So what we need is a full network trace of both cases. > > Exactly how would I perform such a task? ?With what utilities? ?Do you mean > something like tcpdump on the Linux side? ?I'm not familiar with a Windows tool > for the same. ?Can the Windows network monitor do this? ?I've never really used it. Start here: http://wiki.samba.org/index.php/Capture_Packets wireshark runs on Windows too or you can use windump which is the equivalent of tcpdump. -- Michael Wood From cguzmana at gmail.com Sun Jan 24 19:28:31 2010 From: cguzmana at gmail.com (Claudio Guzman) Date: Sun, 24 Jan 2010 23:28:31 -0300 Subject: [Samba] NEED HELP WINBIND Message-ID: <604595c11001241828u1bce8decp2474421a8a0bcac@mail.gmail.com> The problem I have is I can not enter the EXAMPLE domain with winbind winbind-u-g, I can see all domain users. You have the problem that I can not create home /% u My Samba architecture is SRV1: PDC-LDAP-SAMBA SRV2: SAMBA-winbind and that is what I use for the shares DOMAIN: EXAMPLE so far the users can enter, but complain that there are problems with permissions on some folders # Global settings [global] display charset = LOCALE passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* idmap gid = 1000-33554431 passwd program = /usr/bin/passwd %u netbios name = srvsamba idmap uid = 1000-33554431 dos charset = CP850 local master = no workgroup = EXAMPLE debug level = 9 os level = 0 security = domain log file = /var/log/samba/%m.log guest account = nobody smb passwd file = /etc/samba/smbpasswd load printers = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = 192.168.1.252 map to guest = Bad User domain master = no encrypt passwords = yes realm = template shell = /bin/false server string = srvsamba winbind enum users = Yes password server = 192.168.1.252 template homedir = /mnt/samba/home/%u winbind enum groups = Yes unix charset = UTF-8 preferred master = no pam password change = yes winbind use default domain = no ; interfaces = 192.168.12.2/24 192.168.13.2/24 ; remote announce = 92.168.1.255 192.168.2.44 ; domain logons = yes ; hosts deny = all username map = /etc/samba/smbusers obey pam restrictions = yes ; winbind separator = \ [A] comment = A path = /mnt/samba/a read only = No create mask = 0770 directory mask = 02770 hosts allow = 192.168.1.0/24, 192.168.0.0/24, 192.168.2.0/24 map acl inherit = Yes veto files = /*:Zone.Identifier:*/ veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/ store dos attributes = Yes dos filemode = Yes dos filetime resolution = Yes [B] comment = B path = /mnt/samba/B read only = No create mask = 0777 directory mask = 02770 hosts allow = 192.168.1.0/24 map acl inherit = Yes veto files = /*:Zone.Identifier:*/ veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/ store dos attributes = Yes dos filemode = Yes dos filetime resolution = Yes fake directory create times = Yes [C] comment = C path = /mnt/samba/C read only = No create mask = 0777 directory mask = 02775 hosts allow = 192.168.1.0/24 map acl inherit = Yes veto files = /*:Zone.Identifier:*/ veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/ store dos attributes = Yes dos filemode = Yes dos filetime resolution = Yes fake directory create times = Yes [homes] path = /mnt/samba/home/%U read only = No create mask = 0777 directory mask = 0777 hosts allow = 192.168.1.0/24, 192.168.0.0/24, 192.168.2.0/24 map acl inherit = Yes store dos attributes = Yes dos filemode = Yes dos filetime resolution = Yes --------------------- ERROR :/etc/samba# net rpc join -S pdc -U administrador Enter administrador's password: [2010/01/24 23:08:33, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(349) error setting trust account password: NT_STATUS_ACCESS_DENIED Unable to join domain LYD. From stan at hardwarefreak.com Sun Jan 24 23:14:36 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 25 Jan 2010 00:14:36 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> Message-ID: <4B5D36CC.1010103@hardwarefreak.com> Volker Lendecke put forth on 1/24/2010 6:51 AM: > On Sun, Jan 24, 2010 at 02:09:51PM +0200, Michael Wood wrote: >> Except that he said "I can copy files between the Win2K and WinXP >> machines at just over 10MB/s in a single stream and max out the 11MB/s >> with two streams." I am assuming he used the same client in that test >> as he did with the test against Samba. So from what he's said it >> seems that he gets more speed with a Windows server than with Samba >> for the same client. > > So what we need is a full network trace of both cases. Actually I'll give you something slightly different, and more to the original question. I've taken two tcp captures on the Samba server machine. Both transfers were performed using the Windows 2000 cli "copy" command pulling a 36MB avi file from a share on the Samba server. The first test was a single stream copy. The second test was a dual stream copy of the same file concurrently to two different destination directories. I also had iftop running during the tests. The single stream transfer maxed out at just over 64Mb/s. The dual stream test maxed out at 92Mb/s. Following are the two tcpdump output files using "tcpdump -p -s 0 -w FILE port 445": http://www.hardwarefreak.com/smb_single_stream http://www.hardwarefreak.com/smb_dual_stream The file sizes are 38MB and 76MB respectively. The raw outbound link speed behind which my web server sits is only 512Kb/s so it'll take a few minutes to pull the files, probably about 30-35 minutes or so for both files. My apologies for any inconvenience this may cause. -- Stan From andreas.moroder at sb-brixen.it Mon Jan 25 00:14:05 2010 From: andreas.moroder at sb-brixen.it (Andreas Moroder) Date: Mon, 25 Jan 2010 08:14:05 +0100 Subject: [Samba] valid charcters in trust password Message-ID: Hello, we tried to create a trust between a samba 3.4.3 and win 2008. It did not work an we lost two days before we discovered that it did not work because we had a $ in the password. Is there documentation about what characters are valid in a password for a trust account ? Thanks Andreas From Volker.Lendecke at SerNet.DE Mon Jan 25 00:28:38 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 25 Jan 2010 08:28:38 +0100 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5D36CC.1010103@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> <4B5D36CC.1010103@hardwarefreak.com> Message-ID: On Mon, Jan 25, 2010 at 12:14:36AM -0600, Stan Hoeppner wrote: > Volker Lendecke put forth on 1/24/2010 6:51 AM: > > On Sun, Jan 24, 2010 at 02:09:51PM +0200, Michael Wood wrote: > >> Except that he said "I can copy files between the Win2K and WinXP > >> machines at just over 10MB/s in a single stream and max out the 11MB/s > >> with two streams." I am assuming he used the same client in that test > >> as he did with the test against Samba. So from what he's said it > >> seems that he gets more speed with a Windows server than with Samba > >> for the same client. > > > > So what we need is a full network trace of both cases. > > Actually I'll give you something slightly different, and more to the original > question. I've taken two tcp captures on the Samba server machine. Both > transfers were performed using the Windows 2000 cli "copy" command pulling a > 36MB avi file from a share on the Samba server. The first test was a single > stream copy. The second test was a dual stream copy of the same file > concurrently to two different destination directories. I also had iftop running > during the tests. The single stream transfer maxed out at just over 64Mb/s. > The dual stream test maxed out at 92Mb/s. Following are the two tcpdump output > files using "tcpdump -p -s 0 -w FILE port 445": > > http://www.hardwarefreak.com/smb_single_stream > http://www.hardwarefreak.com/smb_dual_stream The dual-stream one is kindof limited help. The interesting piece is how Win->Win does its thing faster, so we need to see that one. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From fluca1978 at infinito.it Mon Jan 25 04:30:51 2010 From: fluca1978 at infinito.it (Luca Ferrari) Date: Mon, 25 Jan 2010 12:30:51 +0100 Subject: [Samba] windows 7 share and smbclient In-Reply-To: <201001221252.12768.fluca1978@infinito.it> References: <201001221252.12768.fluca1978@infinito.it> Message-ID: <201001251230.51985.fluca1978@infinito.it> In the case it can be useful, this is a debug trace of the session to the windows 7 share (maybe the final message "SPNEGO login failed: Invalid parameter" can lead to a solution): smbclient -d 7 //s28/backupinfook -U backup INFO: Current debug levels: all: True/7 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 lp_load_ex: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = WORKGROUP doing parameter server string = %h server (Samba, Ubuntu) doing parameter dns proxy = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter encrypt passwords = true doing parameter passdb backend = tdbsam doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes lp_servicenumber: couldn't find homes Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE added interface eth0 ip=fe80::2a0:d1ff:feae:cfa6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.1.201 bcast=192.168.1.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="FLUCA-LAPTOP" Client started (version 3.4.0). Enter backup's password: Opening cache file at /var/run/samba/gencache.tdb tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: No such file or directory Attempt to open gencache.tdb has failed. Opening cache file at /var/run/samba/gencache.tdb tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: No such file or directory Attempt to open gencache.tdb has failed. resolve_lmhosts: Attempting lmhosts lookup for name s28<0x20> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory resolve_wins: Attempting wins lookup for name s28<0x20> resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name s28<0x20> resolve_hosts: getaddrinfo failed for name s28 [No address associated with hostname] name_resolve_bcast: Attempting broadcast lookup for name s28<0x20> Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 1 SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 129024 SO_RCVBUF = 129024 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Sending a packet of len 50 to (192.168.1.255) on port 137 Received a packet of len 62 from (192.168.1.241) port 137 nmb packet from 192.168.1.241(137) header: id=4756 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=S28<20> rr_type=32 rr_class=1 ttl=300000 answers 0 char ...... hex 0000C0A801F1 Got a positive name query response from 192.168.1.241 ( 192.168.1.241 ) tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory Opening cache file at /var/run/samba/gencache.tdb tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: No such file or directory Attempt to open gencache.tdb has failed. Connecting to 192.168.1.241 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 session request ok Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Doing spnego session setup (blob length=336) SPNEGO login failed: Invalid parameter session setup failed: SUCCESS - 0 On Friday 22 January 2010 12:52:12 pm Luca Ferrari's cat walking on the keyboard wrote: > Hi, > I've tested that samba (smbclient 3.4) cannot connect to a windows 7 share > but however it is possible to mount such share with smbmount. > When I try to connect specifying username and password I got a success but > nothing happens: > > smbclient //s28/backupinfook -U backup > Enter backup's password: > session setup failed: SUCCESS - 0 > > while from another windows machine I can connect to the share. When I mount > the share with smbmount I can browse its content. So there is something > working different between an smbmount and an smbclient. What can I do if I > don't want to mount the share? > > Thanks, > Luca > From miguelmedalha at sapo.pt Mon Jan 25 04:44:03 2010 From: miguelmedalha at sapo.pt (Miguel Medalha) Date: Mon, 25 Jan 2010 11:44:03 +0000 Subject: [Samba] Testparm: "rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)" Message-ID: <4B5D8403.6060406@sapo.pt> I just installed samba on a new server, 3.4.5-42, 64 bit version from Sernet, over CentOS 5.4. When running testparm, I get the following warning: rlimit_max: rlimit_max (8192) below minimum Windows limit (16384) I searched Google for some answer but I couldn't find a satisfactory one. What should I do to solve this? Can someone from the Samba team enlighten me on this? Thank you! From seven at seven.dorksville.net Mon Jan 25 04:37:56 2010 From: seven at seven.dorksville.net (Anthony Giggins) Date: Mon, 25 Jan 2010 22:37:56 +1100 Subject: [Samba] Vista clients having Issues Copying files from SambaServer In-Reply-To: <000a01ca7d67$f709d280$e51d7780$@Henderson@ict-software.org> References: <59771.125.168.254.15.1257473117.squirrel@seven.dorksville.net> <5F00CA063E7F4B6CAB40676F43492AA4@seven><4B24D590.7070800@samba.org><1505.172.16.107.244.1260792345.squirrel@seven.dorksville.net> <000a01ca7d67$f709d280$e51d7780$@Henderson@ict-software.org> Message-ID: > -----Original Message----- > From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] > On Behalf Of Moray Henderson > Sent: Tuesday, 15 December 2009 8:21 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Vista clients having Issues Copying files from > SambaServer > > Anthony wrote: > >> Please update to Samba 3.4.3 or later. Many Vista and Windows 7 > support > >> related issues have been addressed during the 3.4.x series. > >> > >> Firstly, if the Samba logs note an invalid function all, that may > mean > >> an upgrade to a more recent version of Samba is needed. When a > Windows > >> client notes an invalid function call or an invalid file handle the > >> cause may be problems in the network transport layer. > >> > >> Secondly, note what the Samba server log message says. Short > translation > >> is: "I was taking to the client, but the client went away and did not > >> respond!" The client dropped the connection. In all likeliness > this > >> is not a Samba problem and may actually be a network problem. It is > a > >> problem regularly seen with low-cost ethernet interfaces and cheap > >> ether-switches. > >> > >> Kindest, > >> John T. > >> > >> > > > >I think I already know the answer to this but do you know of any 3rd > party > >repos that would have packages for samba 3.4.x on Centos 5.4? > > > >Cheers, > > > >Anthony > > ftp://ftp.sernet.de/pub/samba/experimental/centos/5/ > > The 3.4 series should make its way into their recent and tested > repositories eventually. Finally got around to upgrading this to 3.4.5 from the sernet repo above, but I'm still seeing the same issues, I'm guessing this is pointing to a Switch issue? But is there anything else it could be before going down this route? Cheers, Anthony From matt-samba at alpha345.com Mon Jan 25 06:55:59 2010 From: matt-samba at alpha345.com (Matthew Dickinson) Date: Mon, 25 Jan 2010 07:55:59 -0600 Subject: [Samba] Documents in home folder 'Read Only' In-Reply-To: <4cba5adc1001140428l39a07ff3p188dda09032496ab@mail.gmail.com> Message-ID: On 1/14/10 6:28 AM, "Dave Coventry" wrote: > The user seems to be logging on okay (I can't check that she's using > her own login because I'm off-site). > > However, I'm still getting this in the /var/log/samba/log.reception > > > server:~# tail /var/log/samba/log.reception > [2010/01/14 14:23:40, 0] param/loadparm.c:process_usershare_file(8287) > process_usershare_file: stat of /var/lib/samba/usershares/patienc > failed. Permission denied > [2010/01/14 14:23:40, 0] param/loadparm.c:process_usershare_file(8287) > process_usershare_file: stat of /var/lib/samba/usershares/patienc > failed. No such file or directory > [2010/01/14 14:23:40, 0] smbd/service.c:make_connection(1370) > reception (::ffff:192.168.1.7) couldn't find service patienc > [2010/01/14 14:23:40, 0] param/loadparm.c:process_usershare_file(8287) > process_usershare_file: stat of /var/lib/samba/usershares/patienc > failed. No such file or directory > [2010/01/14 14:23:40, 0] smbd/service.c:make_connection(1370) > reception (::ffff:192.168.1.7) couldn't find service patienc Notice how the last character of the lines are truncated? Shouldn't there be an 'e' on the end the username? I'm seeing a lot of that the truncation too (see https://bugzilla.samba.org/show_bug.cgi?id=6782) Matthew From linuxbox at wavenet.at Mon Jan 25 07:22:30 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Mon, 25 Jan 2010 15:22:30 +0100 Subject: [Samba] Testparm: "rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)" In-Reply-To: <4B5D8403.6060406@sapo.pt> References: <4B5D8403.6060406@sapo.pt> Message-ID: <4B5DA926.9010606@wavenet.at> Am 2010-01-25 12:44, schrieb Miguel Medalha: > > I just installed samba on a new server, 3.4.5-42, 64 bit version from > Sernet, over CentOS 5.4. > > When running testparm, I get the following warning: > > rlimit_max: rlimit_max (8192) below minimum Windows limit (16384) > > I searched Google for some answer but I couldn't find a satisfactory > one. What should I do to solve this? > Can someone from the Samba team enlighten me on this? > > Thank you! > Hi, I am not from the samba team but I stepped into the same situation: you have to set the ulimit -n to the windows limit " ulimit -n 16384 " (Max open files) That is valid for the console you are in regards From linuxbox at wavenet.at Mon Jan 25 07:25:46 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Mon, 25 Jan 2010 15:25:46 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps Message-ID: <4B5DA9EA.8080408@wavenet.at> I recently installed Samba 3.4.5 on Ubuntu 8.04 64 bit and had to downgrad again because of massive core panics: I can't really tell you what caused that (maybe while printing via samba-cups) - can somebody give me a hint or tell me what information you need to analyze that please? [2010/01/25 13:46:52, 0] lib/fault.c:46(fault_report) =============================================================== [2010/01/25 13:46:52, 0] lib/fault.c:47(fault_report) INTERNAL ERROR: Signal 11 in pid 7553 (3.4.5) Please read the Trouble-Shooting section of the Samba3-HOWTO [2010/01/25 13:46:52, 0] lib/fault.c:49(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2010/01/25 13:46:52, 0] lib/fault.c:50(fault_report) =============================================================== [2010/01/25 13:46:52, 0] lib/util.c:1480(smb_panic) PANIC (pid 7553): internal error [2010/01/25 13:46:52, 0] lib/util.c:1584(log_stack_trace) BACKTRACE: 25 stack frames: #0 /opt/samba345/sbin/smbd(log_stack_trace+0x1a) [0x6bc42b] #1 /opt/samba345/sbin/smbd(smb_panic+0x55) [0x6bc52a] #2 /opt/samba345/sbin/smbd [0x6ad1ae] #3 /lib/libpthread.so.0 [0x7fa381cb77d0] #4 /etc/samba/libtalloc.so.1 [0x7fa380da9761] #5 /etc/samba/libtalloc.so.1(talloc_free+0x1cc) [0x7fa380dab92e] #6 /opt/samba345/sbin/smbd [0x6249ca] #7 /opt/samba345/sbin/smbd(api_pipe_request+0x3ac) [0x656ef5] #8 /opt/samba345/sbin/smbd [0x650b46] #9 /opt/samba345/sbin/smbd(np_write_send+0x912) [0x651a13] #10 /opt/samba345/sbin/smbd [0x4a7456] #11 /opt/samba345/sbin/smbd [0x4a79d9] #12 /opt/samba345/sbin/smbd(reply_trans+0x6b7) [0x4a85af] #13 /opt/samba345/sbin/smbd [0x4fee33] #14 /opt/samba345/sbin/smbd [0x5012e8] #15 /opt/samba345/sbin/smbd [0x501a6c] #16 /opt/samba345/sbin/smbd(run_events+0x131) [0x6cb350] #17 /opt/samba345/sbin/smbd(smbd_process+0x790) [0x500cb7] #18 /opt/samba345/sbin/smbd [0x947e15] #19 /opt/samba345/sbin/smbd(run_events+0x131) [0x6cb350] #20 /opt/samba345/sbin/smbd [0x6cb5b0] #21 /opt/samba345/sbin/smbd(_tevent_loop_once+0x84) [0x6cb929] #22 /opt/samba345/sbin/smbd(main+0xf17) [0x947b99] #23 /lib/libc.so.6(__libc_start_main+0xf4) [0x7fa3806481c4] #24 /opt/samba345/sbin/smbd [0x48e629] [2010/01/25 13:46:52, 0] lib/fault.c:326(dump_core) dumping core in /var/log/samba/cores/smbd From Volker.Lendecke at SerNet.DE Mon Jan 25 07:41:23 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 25 Jan 2010 15:41:23 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <4B5DA9EA.8080408@wavenet.at> References: <4B5DA9EA.8080408@wavenet.at> Message-ID: On Mon, Jan 25, 2010 at 03:25:46PM +0100, Martin Hochreiter wrote: > I recently installed Samba 3.4.5 on Ubuntu 8.04 64 bit and > had to downgrad again because of massive core panics: Can you try to reproduce that under valgrind? Thanks, Volker From linuxbox at wavenet.at Mon Jan 25 07:53:07 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Mon, 25 Jan 2010 15:53:07 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: References: <4B5DA9EA.8080408@wavenet.at> Message-ID: <4B5DB053.4080308@wavenet.at> Am 2010-01-25 15:41, schrieb Volker Lendecke: > On Mon, Jan 25, 2010 at 03:25:46PM +0100, Martin Hochreiter wrote: > >> I recently installed Samba 3.4.5 on Ubuntu 8.04 64 bit and >> had to downgrad again because of massive core panics: >> > Can you try to reproduce that under valgrind? > > Volker, I am afraid I don't have any clue what valgrind is .... :-[ From Volker.Lendecke at SerNet.DE Mon Jan 25 08:36:25 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Mon, 25 Jan 2010 16:36:25 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <4B5DB053.4080308@wavenet.at> References: <4B5DA9EA.8080408@wavenet.at> <4B5DB053.4080308@wavenet.at> Message-ID: On Mon, Jan 25, 2010 at 03:53:07PM +0100, Martin Hochreiter wrote: > Am 2010-01-25 15:41, schrieb Volker Lendecke: > >On Mon, Jan 25, 2010 at 03:25:46PM +0100, Martin Hochreiter wrote: > > > >>I recently installed Samba 3.4.5 on Ubuntu 8.04 64 bit and > >>had to downgrad again because of massive core panics: > >> > >Can you try to reproduce that under valgrind? > > > > > Volker, I am afraid I don't have any clue what valgrind is .... :-[ Look under www.valgrind.org. It's a memory check tool. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jlforrest at berkeley.edu Sat Jan 23 11:46:19 2010 From: jlforrest at berkeley.edu (Jon Forrest) Date: Sat, 23 Jan 2010 10:46:19 -0800 Subject: [Samba] Samba Serving NFS Mounted Directories In-Reply-To: <4B5AF748.5070406@brealey.org> References: <4B5AF748.5070406@brealey.org> Message-ID: <4B5B43FB.5030504@berkeley.edu> On 1/23/2010 5:19 AM, Nicholas Brealey wrote: > The Sun 7310 is a storage appliance. It is not running Solaris 10 but > runs an OS based on Open Solaris with CIFS and Windows style > authentication integrated in the kernel. I lied a little. I do know how to login to this box, but that's only because a Sun support person told me how. This was necessary to fix a non-Samba related problem. It sure looks like Solaris to me. In any case, I had to promise I wouldn't make any changes that weren't authorized by Sun. I intend on keeping this promise. > Installing Samba is not an option. I agree 100%. > You really should be using the integrated CIFs server. > It is probably simpler to set up than Samba but is probably not as > flexible (has fewer configuration options). I'm not sure how simple it is to setup. For example, I couldn't even figure out what share name it generates. Although the performance and price of the 7310 are excellent, its documentation is not. > There is a simulator you can play with to learn how to set it up. I know. I used it when I was deciding whether to buy the 7310. > The manual is available on the Internet or from the storage device. The "manual" is just the help system on the device, as you say. It says very little about how to set up CIFS shares. > There is a forum where these devices are discussed. You almost certainly > got a support contract when you bough the device. I didn't know about a support forum. I'll check into that. I do have a support contract but if it's necessary to call support for something as simple as this, then somebody has blown it - either Sun or me. > If you cannot use its CIFS server (ie if you are using a NT 4 style > domain or a Samba PDC) perhaps using iSCSI to the Linux box and sharing > with Samba is the next best option. None of these apply. Besides, I'd still like to understand the fundamental issue, which is why Samba behaves differently when it server NFS mounts than it does when it serves local files. > http://forums.sun.com/forum.jspa?forumID=831 I'll check there. Thanks. Cordially, -- Jon Forrest Research Computing Support College of Chemistry 173 Tan Hall University of California Berkeley Berkeley, CA 94720-1460 510-643-1032 jlforrest at berkeley.edu From jlforrest at berkeley.edu Sat Jan 23 11:33:36 2010 From: jlforrest at berkeley.edu (Jon Forrest) Date: Sat, 23 Jan 2010 10:33:36 -0800 Subject: [Samba] Samba Serving NFS Mounted Directories In-Reply-To: References: Message-ID: <4B5B4100.5010202@berkeley.edu> On 1/23/2010 12:48 AM, Volker Lendecke wrote: > You need to get over that. Running Samba on NFS imports is a > really bad idea. At least every month people report strange > lockups, timeouts and other weird things on this list that > can be attributed to NFS imports. I'm not doubting that what you say is true, since I've seen it myself, but whenever possible I try to get deeper understanding of what causes these strange problems. That's one of the reasons why I posted my question. So, I'll restate the question - what is it about NFS exports that gives Samba trouble that doesn't occur when serving local files? Cordially, -- Jon Forrest Research Computing Support College of Chemistry 173 Tan Hall University of California Berkeley Berkeley, CA 94720-1460 510-643-1032 jlforrest at berkeley.edu From b at wiggert.it Sun Jan 24 18:25:31 2010 From: b at wiggert.it (B.Wiggert) Date: Mon, 25 Jan 2010 02:25:31 +0100 Subject: [Samba] problems with "cp -a" to a samba share Message-ID: <4B5CF30B.6060709@wiggert.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi @ samba, I have running two machines: PC1 Samba Server @ ubuntu v9.10 PC2 Samba Client @ ubuntu v9.10 Anything works well and as expected, but... when I copy files from PC2 to a share on PC1 for backup, i.e. cp -a /home/user1 /media/share/backup/user1 then all data get copied but the file-permissons wouldnt be set cp reports an error on each file it copies: cp: preserving permissions for `/media/share/backup/user1/file1': Permission denied The samba-share DATEN of PC2 is mounted at /media/share How can _i setup the samba-server that a user can "cp -a" files to a share? The samba server runs in secuirty-mode=user looking forward for any help regards Bjoern -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktc8wsACgkQhLA53l6XA/3FtgCfUprWqpABcZUBmOLg8PMWwsO9 xKAAn225uy5EwFJKhTpPPvPaPVaO0pZa =zFrY -----END PGP SIGNATURE----- From dmagda at ee.ryerson.ca Mon Jan 25 09:46:42 2010 From: dmagda at ee.ryerson.ca (David Magda) Date: Mon, 25 Jan 2010 11:46:42 -0500 (EST) Subject: [Samba] smbd not talking to winbindd? Message-ID: <4105.207.61.230.154.1264438002.squirrel@webmail.ee.ryerson.ca> Hello, I'm running a compiled-from-source instance of Samba 3.4.5 on RHEL AS 4u2, and am having some flakiness with AD-Unix mappings. We're talking to a Windows 2008R2 server, with AD in "2003 mode" I believe. What the issue appears to be is that smbd does not seem to want to talk with winbindd. One moment my account worked: [2010/01/25 08:13:07, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[dmagda] domain=[ADS] workstation=[TOR123] len1=24 len2=24 [2010/01/25 08:13:07, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [ADS]\[dmagda]@[TOR123] with the new password interface [2010/01/25 08:13:07, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [ADS]\[dmagda]@[TOR123] [...] [2010/01/25 08:13:07, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [ADS]\[dmagda]@[TOR123] [2010/01/25 08:13:07, 3] auth/auth.c:271(check_ntlm_password) check_ntlm_password: winbind authentication for user [dmagda] succeeded [2010/01/25 08:13:07, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [dmagda] -> [dmagda] -> [ADS+dmagda] succeeded [2010/01/25 08:13:07, 3] smbd/password.c:269(register_existing_vuid) register_existing_vuid: User name: ADS+dmagda Real name: [2010/01/25 08:13:07, 3] smbd/password.c:279(register_existing_vuid) register_existing_vuid: UNIX uid 16777216 is UNIX user ADS+dmagda, and will be vuid 100 [2010/01/25 08:13:07, 3] smbd/password.c:211(register_homes_share) Adding homes service for user 'ADS+dmagda' using home directory: '/var/empty/sshd' [2010/01/25 08:13:07, 3] smbd/service.c:1047(make_connection_snum) tor123 (::ffff:10.aaa.bbb.ccc) connect to service IPC$ initially as user ADS+dmagda (uid=16777216, gid=16777218) (pid 22758) I then uncommented a share in "smb.conf" and restarted smbd: [2010/01/25 08:13:54, 3] param/loadparm.c:9040(lp_load_ex) lp_load_ex: refreshing parameters Initialising global parameters [2010/01/25 08:13:54, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samb/smb.conf" [2010/01/25 08:13:54, 3] param/loadparm.c:7727(do_section) Processing section "[global]" [...] And suddenly I no longer get a mapping: [2010/01/25 08:14:08, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/01/25 08:14:08, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2010/01/25 08:14:08, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[dmagda] domain=[ADS] workstation=[TOR123] len1=24 len2=24 [2010/01/25 08:14:08, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [ADS]\[dmagda]@[TOR123] with the new password interface [2010/01/25 08:14:08, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [ADS]\[dmagda]@[TOR123] [...] [2010/01/25 08:14:08, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [dmagda] -> [dmagda] FAILED with error NT_STATUS_NO_SUCH_USER [2010/01/25 08:14:08, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Reverting the change (i.e., re-commenting out that the share and restarting) didn't work: things still stayed broken. If I try putting my account into /etc/passwd, then all of a sudden things work again. Also, if I add a "username map" entry to my smb.conf (and comment out all the uidmap/winbind stuff), and have the following line in /etc/samba/smbusers: nobody = * Things generally work again as well. Is there any particular reason why smbd would stop talking with winbindd? I don't necessarily mind using a generic 'smbusers' file, as access is read-only, but are there any real differences between mapping to the Unix "nobody" account and getting a random UID from winbind? My sanitized smb.conf file: [global] server string = fileserv (File Server) netbios name = FILESERV workgroup = ADS security = domain password server = adchost1, adchost2, adshost3 wins server = 111.222.333.444, 222.333.444.555 domain master = no local master = no unix password sync = false lock directory = /var/spool/locks max log size = 0 log level = 1 socket options = SO_KEEPALIVE deadtime = 15 kernel oplocks = yes aio read size = 1 disable spoolss = yes show add printer wizard = no printing = bsd client schannel = no # doesn't help, with or without this line passdb backend = tdbsam idmap backend = tdb idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false template homedir = /var/empty/sshd winbind separator = + winbind nested groups = yes winbind enum users = yes winbind use default domain = yes # also tried "no" winbind trusted domains only = no allow trusted domains = yes # share below this line From dale at BriannasSaladDressing.com Mon Jan 25 10:14:31 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Mon, 25 Jan 2010 11:14:31 -0600 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <4B547B59.8050404@debian.org> References: <4B015BF6.9060002@BriannasSaladDressing.com> <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> Message-ID: <4B5DD177.1000705@BriannasSaladDressing.com> On 01/18/2010 9:16 AM, Christian Perrier wrote: > Dale Schroeder a ?crit : > > >> I've suspected that ever since reading Karolin's release notes for >> 3.4.4. Debian has not yet released 3.4.4 >> to "testing", but I'll gladly try it as soon as it's available. For the >> > That should happen in about one week, assuming that no dependency chain > is blocking it. > > (roughly speaking, "releasing to testing" is automated and happens after > 10 days in unstable, if no RC bug appeared *and* if the dependecies can > be satisfied in testing) > > >> interim, all winbind systems are reverted >> back to "stable" (3.2.5-4lenny7). The ldap and standalone systems run >> perfectly well under 3.4.3. >> > I think you can anyway safely (but manually) install 3.4.4 packages on > testing systems with dpkg (better try it with "--dry-run" before). > Things got worse today, as winbind on stable (3.2.5) now ceases to work. It appears the join is no longer valid, and a testjoin yields errors concerning encryption (as does net ads join): 0] libads/sasl.c:ads_sasl_spnego_bind(819) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type Upgrade to unstable (3.4.5) yields the same error message. To cover all the bases, I also tried testing 3.4.3, and it also has the same error, although the order of the 1st line is slightly different: 0] libads/sasl.c:819 (ads_sasl_spegno_bind) This time, it seems to be an ADS specific winbind error. I have attempted with the current kernel - 2.6.32-trunk-686 and the previous kernel - 2.6.30-2-686. What kind of encryption change has occurred, and which program is it referring to as lacking the encryption type - samba or krb5? From jra at samba.org Mon Jan 25 10:50:26 2010 From: jra at samba.org (Jeremy Allison) Date: Mon, 25 Jan 2010 09:50:26 -0800 Subject: [Samba] Testparm: "rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)" In-Reply-To: <4B5D8403.6060406@sapo.pt> References: <4B5D8403.6060406@sapo.pt> Message-ID: <20100125175026.GC23333@samba1> On Mon, Jan 25, 2010 at 11:44:03AM +0000, Miguel Medalha wrote: > > I just installed samba on a new server, 3.4.5-42, 64 bit version from > Sernet, over CentOS 5.4. > > When running testparm, I get the following warning: > > rlimit_max: rlimit_max (8192) below minimum Windows limit (16384) > > I searched Google for some answer but I couldn't find a satisfactory > one. What should I do to solve this? > Can someone from the Samba team enlighten me on this? It's a warning, you can safely ignore it. Windows 7 clients need to have exactly the same number of open handles available as Windows servers, else it fails in some file copy situations with a "out of handles" message. Samba has taken care of it for you, but it's just letting you know your fd limit is set a bit low. Jeremy From jlforrest at berkeley.edu Mon Jan 25 10:57:42 2010 From: jlforrest at berkeley.edu (Jon Forrest) Date: Mon, 25 Jan 2010 09:57:42 -0800 Subject: [Samba] Samba Serving NFS Mounted Directories In-Reply-To: <20100123010036.GA1859@esri.com> References: <20100123010036.GA1859@esri.com> Message-ID: On 1/22/2010 5:00 PM, Ray Van Dolson wrote: > First of all, you really don't want to re-export NFS mounts via Samba. I can't argue with this since I've felt the pain. However, I still can't say that I understand its fundamental cause. Here's my current understanding. Assuming that network bandwidth isn't an issue, which it isn't in my case, then, the "lockups, timeouts, and other weird things" that occur must be because related to how Samba emulates Windows' locking behavior on top of NFS mounts, which have their own locking semantics. Although I'd be the first to admit that what I'm doing isn't very common, and probably doesn't deserve much, if any, attention from the Samba developers, I think that this should work - at least it should work better than it currently does. > Secondly, if you absolutely must do it, I recommend the following > settings: > [global] > # your other options here... > oplocks = No > level2 oplocks = No > > On certain shares, you may want to set: > > posix locking = No These settings seem to do the trick. I sincerely appreciate the comments that I received on this issue. I hope bring this up helps other people facing this problem, if any. Cordially, -- Jon Forrest Research Computing Support College of Chemistry 173 Tan Hall University of California Berkeley Berkeley, CA 94720-1460 510-643-1032 jlforrest at berkeley.edu From stan at hardwarefreak.com Mon Jan 25 11:07:53 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 25 Jan 2010 12:07:53 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> <4B5D36CC.1010103@hardwarefreak.com> Message-ID: <4B5DDDF9.6080902@hardwarefreak.com> Volker Lendecke put forth on 1/25/2010 1:28 AM: > On Mon, Jan 25, 2010 at 12:14:36AM -0600, Stan Hoeppner wrote: >> Volker Lendecke put forth on 1/24/2010 6:51 AM: >>> On Sun, Jan 24, 2010 at 02:09:51PM +0200, Michael Wood wrote: >>>> Except that he said "I can copy files between the Win2K and WinXP >>>> machines at just over 10MB/s in a single stream and max out the 11MB/s >>>> with two streams." I am assuming he used the same client in that test >>>> as he did with the test against Samba. So from what he's said it >>>> seems that he gets more speed with a Windows server than with Samba >>>> for the same client. >>> >>> So what we need is a full network trace of both cases. >> >> Actually I'll give you something slightly different, and more to the original >> question. I've taken two tcp captures on the Samba server machine. Both >> transfers were performed using the Windows 2000 cli "copy" command pulling a >> 36MB avi file from a share on the Samba server. The first test was a single >> stream copy. The second test was a dual stream copy of the same file >> concurrently to two different destination directories. I also had iftop running >> during the tests. The single stream transfer maxed out at just over 64Mb/s. >> The dual stream test maxed out at 92Mb/s. Following are the two tcpdump output >> files using "tcpdump -p -s 0 -w FILE port 445": >> >> http://www.hardwarefreak.com/smb_single_stream >> http://www.hardwarefreak.com/smb_dual_stream > > The dual-stream one is kindof limited help. The interesting > piece is how Win->Win does its thing faster, so we need to > see that one. I think something is wrong. I downloaded Wireshark Win32. When running tshark -p -w smb-winwin-single-stream port 445 the transfer rate is half what it is without Wireshark running. What am I doing wrong? Thanks. -- Stan From joe at freakyacres.com Mon Jan 25 11:03:30 2010 From: joe at freakyacres.com (Joe) Date: Mon, 25 Jan 2010 13:03:30 -0500 Subject: [Samba] Upgrade from 3.0.4 to 3.4.5 gotchas? Message-ID: <4B5DDCF2.7050102@freakyacres.com> I'm about to install 3.4.5 over 3.0.4 on an old FreeBSD 5.2.1 server from source. The server is backed up to tape. Could I make life easier by backing up some files by hand to another directory? In theory should "make install" be all I have to do? (yes I ran configure and make) Will the old smb.conf need modified? Anything else to watch out for? From drescherjm at gmail.com Mon Jan 25 11:53:37 2010 From: drescherjm at gmail.com (John Drescher) Date: Mon, 25 Jan 2010 13:53:37 -0500 Subject: [Samba] Upgrade from 3.0.4 to 3.4.5 gotchas? In-Reply-To: <4B5DDCF2.7050102@freakyacres.com> References: <4B5DDCF2.7050102@freakyacres.com> Message-ID: <387ee2021001251053n723bd9d0qd116acaf9d52832e@mail.gmail.com> On Mon, Jan 25, 2010 at 1:03 PM, Joe wrote: > I'm about to install 3.4.5 over 3.0.4 on an old FreeBSD 5.2.1 server from > source. ?The server is backed up to tape. > > Could I make life easier by backing up some files by hand to another > directory? > > In theory should "make install" be all I have to do? ?(yes I ran configure > and make) > > Will the old smb.conf need modified? > Yes definitely. You are going ahead 6 years of development. Normally you are supposed to take a look at the change logs between versions to determine what parameters have been changed or removed but that would be very painful for that type of move. I would run testparm before starting samba and fix any thing it complains about. John From Hullen at t-online.de Mon Jan 25 11:46:00 2010 From: Hullen at t-online.de (Helmut Hullen) Date: 25 Jan 2010 19:46:00 +0100 Subject: [Samba] Samba Serving NFS Mounted Directories In-Reply-To: Message-ID: Hallo, Jon, Du meintest am 25.01.10: >> First of all, you really don't want to re-export NFS mounts via >> Samba. > I can't argue with this since I've felt the pain. I have tried it (NFS mount as share). Sometimes it run, sometimes it creeped, sometimes it was dead. All oplocks were set as recommended - wasn't enough to cure the system. Mounting per cifs: no more problems. Viele Gruesse! Helmut From Hullen at t-online.de Mon Jan 25 11:49:00 2010 From: Hullen at t-online.de (Helmut Hullen) Date: 25 Jan 2010 19:49:00 +0100 Subject: [Samba] problems with "cp -a" to a samba share In-Reply-To: <4B5CF30B.6060709@wiggert.it> Message-ID: Hallo, B.Wiggert, Du meintest am 25.01.10: > I have running two machines: > PC1 Samba Server @ ubuntu v9.10 > PC2 Samba Client @ ubuntu v9.10 > Anything works well and as expected, but... > when I copy files from PC2 to a share on PC1 for backup, i.e. > cp -a /home/user1 /media/share/backup/user1 > then all data get copied but the file-permissons wouldnt be set > cp reports an error on each file it copies: > cp: preserving permissions for `/media/share/backup/user1/file1': > Permission denied I see this message most times when I try to copy from e2fs oder e3fs to vfat (from Linux to DOS/Windows). What kind of filesystem is on /media/share/backup/user1 ? Viele Gruesse! Helmut From klou at themusiclink.net Mon Jan 25 12:18:36 2010 From: klou at themusiclink.net (Kris Lou) Date: Mon, 25 Jan 2010 11:18:36 -0800 Subject: [Samba] Samba+LDAP + Primary GIDs In-Reply-To: <4B5B8779.5070302@tuxedo.darktech.org> References: <4B54DB80.3040703@tuxedo.darktech.org> <4B5B8779.5070302@tuxedo.darktech.org> Message-ID: PDC Results: SID for local machine KIF is: S-1-5-21-1297059763-2273326489-1660943333 SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 Openfiler Results: SID for local machine VADER is: S-1-5-21-2859034502-3981372097-2611941478 SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 As you can see, the domain SIDs match. Also, here's the global portion of the Openfiler smb.conf and an example share (portions edited). About this - I can obviously edit the smb.conf, but it gets overwritten by the Openfiler gui whenever changes are made. Looking at the file, I'm not understanding where the group security settings are being placed. It looks like Openfiler runs with Samba 3.2.13 # Global settings [global] workgroup = MLC server string = Openfiler NAS netbios name = VADER wins server = pdc.ip.add.ress //edited password server = pdc.ip.add.ress //edited realm = ; interfaces = 192.168.12.2/24 192.168.13.2/24 ; remote announce = 92.168.1.255 192.168.2.44 ; domain logons = yes log file = /var/log/samba/%m.log max log size = 0 ; hosts deny = all map to guest = Bad User guest account = ofguest display charset = LOCALE unix charset = UTF-8 dos charset = CP850 ldap ssl = no ldap admin dn = //edited ldap suffix = //edited encrypt passwords = yes security = user passdb backend = ldapsam:ldap://pdc.ip.add.ress //edited ldap user suffix = ou=People ldap group suffix = ou=Group smb passwd file = /etc/samba/smbpasswd unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes ; username map = /etc/samba/smbusers obey pam restrictions = yes load printers = no domain master = no local master = no preferred master = no os level = 0 [Purchasing] comment = Purchasing Share path = /mnt/fileshare/Purchasing/Purchasing read only = no writeable = yes oplocks = yes level2 oplocks = yes force security mode = 0 dos filemode = yes dos filetime resolution = yes dos filetimes = yes fake directory create times = yes browseable = yes csc policy = manual share modes = yes veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/ veto files = /*:Zone.Identifier:*/ create mode = 0770 directory mode = 2770 printable = no guest ok = no hosts allow = 23.23.23.0/24 hosts readonly allow = store dos attributes = yes map acl inherit = yes vfs objects = shadow_copy Kris Lou klou at themusiclink.net On Sat, Jan 23, 2010 at 3:34 PM, Rob Shinn wrote: > What does your 'net getdomainsid' or 'net getlocalsid' output look like? > > > Kris Lou wrote: > > Hi Rob, > > Thanks for the quick reply - Here it is (mostly with some cut and paste). > > CentOS 5.4 > Samba 3.2.15 > > dn: cn=Domain Admins,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Administrators > sambaSID: S-1-5-21-957249707-1866601452-441284377-512 > sambaGroupType: 2 > displayName: Domain Admins > structuralObjectClass: posixGroup > entryUUID: 1a60146c-cfad-102d-96b0-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > gidNumber: 512 > cn: Domain Admins > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: > memberUid: > memberUid: > entryCSN: 20091028001757Z#000001#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091028001757Z > > dn: cn=Domain Users,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Users > sambaSID: S-1-5-21-957249707-1866601452-441284377-513 > sambaGroupType: 2 > displayName: Domain Users > structuralObjectClass: posixGroup > entryUUID: 1a7ebb60-cfad-102d-96b1-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > gidNumber: 513 > cn: Domain Users > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: > memberUid: > entryCSN: 20091215225639Z#000001#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091215225639Z > > dn: cn=Domain Guests,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Guests Users > sambaSID: S-1-5-21-957249707-1866601452-441284377-514 > sambaGroupType: 2 > displayName: Domain Guests > structuralObjectClass: posixGroup > entryUUID: 1a845502-cfad-102d-96b2-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > gidNumber: 514 > cn: Domain Guests > userPassword:: e2NyeXB0fXg= > memberUid: design > memberUid: fedex > memberUid: infobox > memberUid: mailbox > memberUid: test > entryCSN: 20090521203023Z#000002#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090521203023Z > > dn: cn=Domain Computers,ou=Group,dc=themusiclink,dc=net > objectClass: top > objectClass: posixGroup > objectClass: sambaGroupMapping > gidNumber: 515 > cn: Domain Computers > description: Netbios Domain Computers accounts > sambaSID: S-1-5-21-957249707-1866601452-441284377-515 > sambaGroupType: 2 > displayName: Domain Computers > structuralObjectClass: posixGroup > entryUUID: 1a8ab492-cfad-102d-96b3-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > entryCSN: 20090507234700Z#000004#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090507234700Z > > dn: cn=Administrators,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Members can fully administer the computer/sambaDom > ainName > sambaSID: S-1-5-32-544 > sambaGroupType: 5 > displayName: Administrators > structuralObjectClass: posixGroup > entryUUID: 1a905d16-cfad-102d-96b4-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > objectClass: top > objectClass: posixGroup > objectClass: sambaGroupMapping > gidNumber: 544 > cn: Administrators > userPassword: > memberUid: administrator > memberUid: root > entryCSN: 20090516003337Z#000001#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090516003337Z > > dn: sambaDomainName=MLC,dc=themusiclink,dc=net > objectClass: top > objectClass: sambaDomain > objectClass: sambaUnixIdPool > sambaDomainName: MLC > sambaSID: S-1-5-21-957249707-1866601452-441284377 > structuralObjectClass: sambaDomain > entryUUID: 1aab5d3c-cfad-102d-96b9-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234701Z > sambaLockoutThreshold: 0 > sambaRefuseMachinePwdChange: 0 > sambaMinPwdLength: 5 > sambaLogonToChgPwd: 0 > sambaForceLogoff: -1 > sambaMinPwdAge: 0 > sambaMaxPwdAge: -1 > sambaPwdHistoryLength: 0 > gidNumber: 1033 > uidNumber: 1043 > sambaNextRid: 1100 > entryCSN: 20100104223853Z#000002#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20100104223853Z > > n: cn=TML.Accounting,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.Accounting > userPassword:: e2NyeXB0fXg= > gidNumber: 1145 > structuralObjectClass: posixGroup > entryUUID: 90185732-cfad-102d-97b9-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1011 > sambaGroupType: 2 > displayName: TML Accounting > description: Domain Unix group > memberUid: mailman > memberUid: mtong > memberUid: psmith > memberUid: spatrino > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193050Z#000003#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193050Z > > dn: cn=TML.CustomerService,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.CustomerService > userPassword:: e2NyeXB0fXg= > gidNumber: 1030 > structuralObjectClass: posixGroup > entryUUID: 901f89bc-cfad-102d-97ba-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1145 > sambaGroupType: 2 > displayName: TML Customer Service > description: Domain Unix group > memberUid: aatz > memberUid: rbrown > memberUid: middenm > memberUid: shipper1 > memberUid: msoyangco > memberUid: psmith > memberUid: loliphant > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193050Z#000004#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193050Z > > dn: cn=TML.Marketing,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > structuralObjectClass: posixGroup > entryUUID: 90270db8-cfad-102d-97bb-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1028 > sambaGroupType: 2 > displayName: TML Marketing > description: Domain Unix group > gidNumber: 1028 > cn: TML.Marketing > userPassword:: e2NyeXB0fXg= > memberUid: aatz > memberUid: cchan > memberUid: grich > memberUid: labels > memberUid: mailman > memberUid: mjohans > memberUid: schen > memberUid: shipper1 > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193050Z#000005#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193050Z > > dn: cn=TML,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > cn: TML > userPassword:: e2NyeXB0fXg= > gidNumber: 1026 > structuralObjectClass: posixGroup > entryUUID: 902c14f2-cfad-102d-97bc-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > memberUid: aatz > memberUid: bjones > memberUid: bsweinberg > memberUid: cchan > memberUid: darguello > memberUid: dbeasley > memberUid: ggrimm > memberUid: grich > memberUid: jbruno > memberUid: jlaplaca > memberUid: jshort > memberUid: kbyrne > memberUid: mtong > memberUid: loliphant > memberUid: mgosnell > memberUid: middenm > memberUid: mjohans > memberUid: mlekas > memberUid: msoyangco > memberUid: psmith > memberUid: schen > memberUid: ship1 > memberUid: slevintow > memberUid: spatrino > memberUid: sthompson > memberUid: tatz > memberUid: tbrownlee > memberUid: tchum > memberUid: training > memberUid: ups > memberUid: mguiffre > memberUid: ship2 > memberUid: ship3 > memberUid: ship4 > memberUid: klou > memberUid: jboron > memberUid: tocampo > memberUid: dhaberman > entryCSN: 20091215225639Z#000002#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091215225639Z > > dn: cn=TML.Sales,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.Sales > userPassword:: e2NyeXB0fXg= > gidNumber: 1029 > structuralObjectClass: posixGroup > entryUUID: 903119c0-cfad-102d-97bd-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1006 > sambaGroupType: 2 > displayName: TML Sales > description: Domain Unix group > memberUid: jbruno > memberUid: bsweinberg > memberUid: loliphant > memberUid: bjones > memberUid: jshort > memberUid: sthompson > memberUid: mlekas > memberUid: jlaplaca > memberUid: mguiffre > memberUid: kbyrne > memberUid: klou > memberUid: tocampo > memberUid: dhaberman > entryCSN: 20091215225530Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091215225530Z > > dn: cn=TML.QA,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > structuralObjectClass: posixGroup > entryUUID: 903729b4-cfad-102d-97be-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1009 > sambaGroupType: 2 > displayName: TML.QA > description: Domain Unix group > gidNumber: 1033 > cn: TML.QA > userPassword:: e2NyeXB0fXg= > memberUid: ggrimm > memberUid: tatz > memberUid: darguello > memberUid: grich > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000001#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=TML.Purchasing,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.Purchasing > userPassword:: e2NyeXB0fXg= > gidNumber: 1034 > structuralObjectClass: posixGroup > entryUUID: 903bc794-cfad-102d-97bf-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1007 > sambaGroupType: 2 > displayName: TML Purchasing > description: Domain Unix group > memberUid: slevintow > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000002#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=TML.Warehouse,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.Warehouse > userPassword:: e2NyeXB0fXg= > gidNumber: 1035 > structuralObjectClass: posixGroup > entryUUID: 90406b28-cfad-102d-97c0-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1008 > sambaGroupType: 2 > displayName: TML Warehouse > description: Domain Unix group > memberUid: tchum > memberUid: dbeasley > memberUid: mgosnell > memberUid: tbrownlee > memberUid: rbrown > memberUid: ups > memberUid: ship1 > memberUid: ship2 > memberUid: ship3 > memberUid: ship4 > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000003#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=TML.RTL,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: TML.RTL > userPassword:: e2NyeXB0fXg= > gidNumber: 1047 > structuralObjectClass: posixGroup > entryUUID: 904504a8-cfad-102d-97c1-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1047 > sambaGroupType: 2 > displayName: TML RTL > description: Domain Unix group > memberUid: middenm > memberUid: loliphant > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000004#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > cn: AXL > userPassword:: e2NyeXB0fXg= > gidNumber: 1036 > structuralObjectClass: posixGroup > entryUUID: 9049a9ae-cfad-102d-97c2-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > memberUid: mhohman > memberUid: btownsend > memberUid: kliu > memberUid: ljiang > memberUid: schen > memberUid: training > memberUid: vsin > memberUid: klou > memberUid: achan > memberUid: hku > memberUid: kyao > memberUid: mlee > memberUid: mmccoy > memberUid: tgao > memberUid: vtomic > memberUid: wkwan > memberUid: ycheng > memberUid: yliu > memberUid: aku > memberUid: mwessner > memberUid: aliu > memberUid: ichen > memberUid: jmagana > memberUid: rhaile > memberUid: vxue > memberUid: jli > memberUid: tbuddingh > memberUid: vhttech > memberUid: tocampo > entryCSN: 20091202193051Z#000005#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Sales,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Sales > userPassword:: e2NyeXB0fXg= > gidNumber: 1037 > structuralObjectClass: posixGroup > entryUUID: 904b9e80-cfad-102d-97c3-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1005 > sambaGroupType: 2 > displayName: AXL Sales > description: Domain Unix group > memberUid: mhohman > memberUid: btownsend > memberUid: ljiang > memberUid: achan > memberUid: mmccoy > memberUid: vtomic > memberUid: aliu > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000006#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Sales.Manager,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 904fa2fa-cfad-102d-97c4-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1038 > sambaGroupType: 2 > displayName: AXL Sales Manager > description: Domain Unix group > gidNumber: 1038 > cn: AXL.Sales.Manager > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: vtomic > memberUid: tocampo > entryCSN: 20091202193051Z#000007#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Purchasing,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Purchasing > userPassword:: e2NyeXB0fXg= > gidNumber: 1039 > structuralObjectClass: posixGroup > entryUUID: 9054d5f4-cfad-102d-97c5-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1039 > sambaGroupType: 2 > displayName: AXL Purchasing > description: Domain Unix group > memberUid: kyao > memberUid: tgao > memberUid: wkwan > memberUid: ycheng > memberUid: aliu > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#000008#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Purchasing.Manager,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 9059cc12-cfad-102d-97c6-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1040 > sambaGroupType: 2 > displayName: AXL Purchasing Manager > description: Domain Unix group > gidNumber: 1040 > cn: AXL.Purchasing.Manager > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: wkwan > memberUid: tocampo > entryCSN: 20091202193051Z#000009#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Engineering,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Engineering > userPassword:: e2NyeXB0fXg= > gidNumber: 1041 > structuralObjectClass: posixGroup > entryUUID: 905e6b50-cfad-102d-97c7-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1041 > sambaGroupType: 2 > displayName: AXL Engineering > description: Domain Unix group > memberUid: aku > memberUid: aliu > memberUid: ichen > memberUid: jmagana > memberUid: rhaile > memberUid: klou > memberUid: jli > memberUid: tbuddingh > memberUid: tocampo > entryCSN: 20091202193051Z#00000a#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Engineering.Manager,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 90631006-cfad-102d-97c8-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1042 > sambaGroupType: 2 > displayName: AXL Engineering Manager > description: Domain Unix group > gidNumber: 1042 > cn: AXL.Engineering.Manager > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: jli > memberUid: aku > memberUid: tocampo > memberUid: jmagana > memberUid: tbuddingh > entryCSN: 20091221193322Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091221193322Z > > dn: cn=AXL.CustomerService,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 9067a7c4-cfad-102d-97c9-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1043 > sambaGroupType: 2 > displayName: AXL Customer Service > description: Domain Unix group > gidNumber: 1043 > cn: AXL.CustomerService > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: mmccoy > memberUid: aliu > memberUid: ljiang > memberUid: vsin > memberUid: tocampo > entryCSN: 20091202193051Z#00000c#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.CustomerService.Manager,ou=Group,dc=themusiclink,dc=net > structuralObjectClass: posixGroup > entryUUID: 906c48b0-cfad-102d-97ca-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1044 > sambaGroupType: 2 > displayName: AXL Customer Service Manager > description: Domain Unix group > gidNumber: 1044 > cn: AXL.CustomerService.Manager > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: ljiang > memberUid: vsin > memberUid: tocampo > entryCSN: 20091202193051Z#00000d#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Accounting,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Accounting > userPassword:: e2NyeXB0fXg= > gidNumber: 1045 > structuralObjectClass: posixGroup > entryUUID: 9070ec4e-cfad-102d-97cb-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1045 > sambaGroupType: 2 > displayName: AXL Accounting > description: Domain Unix group > memberUid: kliu > memberUid: hku > memberUid: mlee > memberUid: aliu > memberUid: vxue > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#00000e#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: cn=AXL.Accounting.Manager,ou=Group,dc=themusiclink,dc=net > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > cn: AXL.Accounting.Manager > userPassword:: e2NyeXB0fXg= > gidNumber: 1046 > structuralObjectClass: posixGroup > entryUUID: 90758614-cfad-102d-97cc-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235018Z > sambaSID: S-1-5-21-957249707-1866601452-441284377-1046 > sambaGroupType: 2 > displayName: AXL Accounting Manager > description: Domain Unix group > memberUid: kliu > memberUid: hku > memberUid: klou > memberUid: tocampo > entryCSN: 20091202193051Z#00000f#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091202193051Z > > dn: uid=inez$,ou=People,dc=themusiclink,dc=net > uid: inez$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2326 > displayName: INEZ$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1233688280 > sambaPwdMustChange: 2147483647 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a4090ae8-cfad-102d-97cf-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235051Z > sambaNTPassword: EB97ADC8AE0B0D345521BA0B4ED10410 > sambaPwdLastSet: 1262646184 > entryCSN: 20100104230304Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20100104230304Z > > dn: uid=mguiffre$,ou=People,dc=themusiclink,dc=net > uid: mguiffre$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2358 > displayName: MGUIFFRE$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1203349442 > sambaPwdMustChange: 2147483647 > sambaNTPassword: B4477BB59E8B04EE0635CEE872F9E3E1 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaPwdLastSet: 1203349442 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a4420226-cfad-102d-97d0-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235051Z > entryCSN: 20090507235051Z#000013#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090507235051Z > > dn: uid=MICHAEL$,ou=People,dc=themusiclink,dc=net > uid: MICHAEL$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2244 > displayName: MICHAEL$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1235874383 > sambaPwdMustChange: 2147483647 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a4749e8e-cfad-102d-97d1-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235052Z > sambaNTPassword: C4FCBF20D7CF3EC3595535D90CCCA660 > sambaPwdLastSet: 1262238476 > entryCSN: 20091231054756Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091231054756Z > > dn: uid=lrrr$,ou=People,dc=themusiclink,dc=net > uid: lrrr$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-1014 > displayName: Computer Acct > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 0 > sambaNTPassword: 01F5F78FF4DC2A00D532520533E2108D > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaPwdLastSet: 0 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a47af162-cfad-102d-97d2-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235052Z > entryCSN: 20090507235052Z#000005#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090507235052Z > > dn: uid=RYAN$,ou=People,dc=themusiclink,dc=net > uid: RYAN$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2260 > displayName: THE-M47RJJ9T53W$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1234524689 > sambaPwdMustChange: 2147483647 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a480f800-cfad-102d-97d3-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235052Z > sambaNTPassword: 9656CE740570EBB847AD131D65E3BBEB > sambaPwdLastSet: 1246490780 > entryCSN: 20090701232620Z#000000#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090701232620Z > > dn: uid=salesspare$,ou=People,dc=themusiclink,dc=net > uid: salesspare$ > sambaSID: S-1-5-21-957249707-1866601452-441284377-2410 > displayName: SALESSPARE$ > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 1233972359 > sambaPwdMustChange: 2147483647 > sambaNTPassword: 75B1501C5F90B5D23F824AB99CA47E14 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaPwdLastSet: 1233972359 > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > sambaAcctFlags: [W ] > sambaBadPasswordCount: 0 > sambaBadPasswordTime: 0 > objectClass: sambaSamAccount > objectClass: account > structuralObjectClass: account > entryUUID: a503c17c-cfad-102d-97d4-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507235053Z > entryCSN: 20090507235053Z#000004#00#000000 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20090507235053Z > > > > > Kris Louklou at themusiclink.net > > > > On Mon, Jan 18, 2010 at 2:06 PM, Rob Shinn wrote: > > > Kris Lou wrote: > > > I've checked my ldif's - the groups exist, the users exists as > memberids, but it looks like samba is only checking the gid? > > > > Can you post the LDIFs of your groups (you can edit out any incriminating > evidence ;)? Sounds like your groups are lacking correct sambaSID or > sambaGroupType attributes. > > > > > From moshe010 at gmail.com Mon Jan 25 12:37:59 2010 From: moshe010 at gmail.com (moshe levi) Date: Mon, 25 Jan 2010 21:37:59 +0200 Subject: [Samba] don't show "Wrong Password" message Message-ID: <7398fc721001251137x4b8cf154n5f12dcc014a080f@mail.gmail.com> Hi all, I notice that when a user is entering a wrong password on a domain user. I get a message Wrong Password Incorrect Login. Is there a way to configure pam_winbind.so not to show Wrong Password message? I tried pam_winbind.so silent but is didn't work. From ganju420 at gmail.com Mon Jan 25 12:41:26 2010 From: ganju420 at gmail.com (Ganju Yadav) Date: Mon, 25 Jan 2010 14:41:26 -0500 Subject: [Samba] Getting Error "More data is available" Message-ID: <9a5b64241001251141m2e9c465n2340a82c73e9d711@mail.gmail.com> All, I am not sure if this has already been discussed, as I can;t find any searchable archive for this list. I recently added a new Samba server running 3.4.5 on RedHat AS 5.4. However when I try to map shares on my Windows XP client, I get error "More data is available". - I can browse the Samba server fine, but can;r map to them. - Same smb.conf file works just fine on another Solaris 8 Samba server running version 3.0.27. Any help will be appreciated. Regards. From stan at hardwarefreak.com Mon Jan 25 12:54:11 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 25 Jan 2010 13:54:11 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5DDDF9.6080902@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> <4B5D36CC.1010103@hardwarefreak.com> <4B5DDDF9.6080902@hardwarefreak.com> Message-ID: <4B5DF6E3.7060503@hardwarefreak.com> Stan Hoeppner put forth on 1/25/2010 12:07 PM: > Volker Lendecke put forth on 1/25/2010 1:28 AM: >> On Mon, Jan 25, 2010 at 12:14:36AM -0600, Stan Hoeppner wrote: >>> Volker Lendecke put forth on 1/24/2010 6:51 AM: >>>> On Sun, Jan 24, 2010 at 02:09:51PM +0200, Michael Wood wrote: >>>>> Except that he said "I can copy files between the Win2K and WinXP >>>>> machines at just over 10MB/s in a single stream and max out the 11MB/s >>>>> with two streams." I am assuming he used the same client in that test >>>>> as he did with the test against Samba. So from what he's said it >>>>> seems that he gets more speed with a Windows server than with Samba >>>>> for the same client. >>>> >>>> So what we need is a full network trace of both cases. >>> >>> Actually I'll give you something slightly different, and more to the original >>> question. I've taken two tcp captures on the Samba server machine. Both >>> transfers were performed using the Windows 2000 cli "copy" command pulling a >>> 36MB avi file from a share on the Samba server. The first test was a single >>> stream copy. The second test was a dual stream copy of the same file >>> concurrently to two different destination directories. I also had iftop running >>> during the tests. The single stream transfer maxed out at just over 64Mb/s. >>> The dual stream test maxed out at 92Mb/s. Following are the two tcpdump output >>> files using "tcpdump -p -s 0 -w FILE port 445": >>> >>> http://www.hardwarefreak.com/smb_single_stream >>> http://www.hardwarefreak.com/smb_dual_stream >> >> The dual-stream one is kindof limited help. The interesting >> piece is how Win->Win does its thing faster, so we need to >> see that one. > > I think something is wrong. I downloaded Wireshark Win32. When running > > tshark -p -w smb-winwin-single-stream port 445 > > the transfer rate is half what it is without Wireshark running. What am I doing > wrong? This is rather interesting, and disheartening. I've just spent 30 minutes playing with tshark and windump. For small file transfers, the presence of the capture tools running cuts the network interface performance in half. If I copy a 600MB file, the rate gradually increases to 10MB/s but only after about 45 seconds. Given my limited outbound, I doubt anyone wishes to try to download a 600MB file from my server, nor analyze the contents of such a behemoth. What Windows capture tool is available that does not itself *cause* a further performance problem in the act of capturing the data to solve one? This is a ridiculous situation. This machine has a 2GHz AthlonXP CPU, 1GB RAM, and a 120GB 7200RPM IDE disk. CPU for tshark or windump never exceeds 25%. Why are these capture tools doing this? They've created a catch 22. I can't report the data without the capture, but the capture ruins the data. This is very, very frustrating. tcpdump on Debian has no such problems, and that machine is a lowly dual 550 with only 384MB of PC100. However, it's Linux instead of Windows, which helps tremendously. And, it's got an Intel Pro 100 server adapter in it whereas the workstation has an integrated nVidia nForce2 MCP 10/100 motherboard down NIC. Please help alleviate the frustration here and get me back on the path to solving this performance issue. Thanks. -- Stan From miguelmedalha at sapo.pt Mon Jan 25 13:10:38 2010 From: miguelmedalha at sapo.pt (Miguel Medalha) Date: Mon, 25 Jan 2010 20:10:38 +0000 Subject: [Samba] Testparm: "rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)" - SOLVED In-Reply-To: <4B5D8403.6060406@sapo.pt> References: <4B5D8403.6060406@sapo.pt> Message-ID: <4B5DFABE.6050609@sapo.pt> > I just installed samba on a new server, 3.4.5-42, 64 bit version from > Sernet, over CentOS 5.4. > > When running testparm, I get the following warning: > > rlimit_max: rlimit_max (8192) below minimum Windows limit (16384) > In order to make the necessary change permanent, I entered the following line in "/etc/security/limits.conf": * - nofile 16384 The warning previously given by "testparm" is now gone. From "limits.conf"'s header: ?Quote: - the wildcard *, for default entry - nofile - max number of open files End of quote? Thanks to those who answered my question. From ganju420 at gmail.com Mon Jan 25 14:10:20 2010 From: ganju420 at gmail.com (Ganju Yadav) Date: Mon, 25 Jan 2010 16:10:20 -0500 Subject: [Samba] Getting Error "More data is available" In-Reply-To: <9a5b64241001251141m2e9c465n2340a82c73e9d711@mail.gmail.com> References: <9a5b64241001251141m2e9c465n2340a82c73e9d711@mail.gmail.com> Message-ID: <9a5b64241001251310y6fa9a166vfa46b8cb20bb34d3@mail.gmail.com> One more thing to add, test parm does not return any error message. Here is Global section of smb.conf: [global] workgroup = SAMBASERVERS netbios name = TSTSMB security = SHARE encrypt passwords = No guest account = EMCNT username map = /opt/samba-3.4.5/lib/test-username-map password level = 4 log level = 1 log file = /opt/samba-3.4.5/log/%m.%a max log size = 20 max xmit = 65535 name resolve order = hosts wins bcast lmhosts deadtime = 30 socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No os level = 40 As I said earlier, same smb.conf works just fine on another Samba server running older version 3.0.27 on a Solaris 8 server. Any help will be appreciated. Regards. On Mon, Jan 25, 2010 at 2:41 PM, Ganju Yadav wrote: > All, I am not sure if this has already been discussed, as I can;t find any > searchable archive for this list. > > I recently added a new Samba server running 3.4.5 on RedHat AS 5.4. However > when I try to map shares on my Windows XP client, I get error "More data is > available". > > - I can browse the Samba server fine, but can;r map to them. > - Same smb.conf file works just fine on another Solaris 8 Samba server > running version 3.0.27. > > Any help will be appreciated. > > Regards. > From esiotrot at gmail.com Mon Jan 25 14:23:42 2010 From: esiotrot at gmail.com (Michael Wood) Date: Mon, 25 Jan 2010 23:23:42 +0200 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5DF6E3.7060503@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> <4B5D36CC.1010103@hardwarefreak.com> <4B5DDDF9.6080902@hardwarefreak.com> <4B5DF6E3.7060503@hardwarefreak.com> Message-ID: <5a8aa6681001251323w3db3d203yf541a6eb24a4a11f@mail.gmail.com> 2010/1/25 Stan Hoeppner : [...] > This is rather interesting, and disheartening. ?I've just spent 30 minutes > playing with tshark and windump. ?For small file transfers, the presence of the > capture tools running cuts the network interface performance in half. ?If I copy > a 600MB file, the rate gradually increases to 10MB/s but only after about 45 > seconds. ?Given my limited outbound, I doubt anyone wishes to try to download a > 600MB file from my server, nor analyze the contents of such a behemoth. > > What Windows capture tool is available that does not itself *cause* a further > performance problem in the act of capturing the data to solve one? ?This is a > ridiculous situation. ?This machine has a 2GHz AthlonXP CPU, 1GB RAM, and a > 120GB 7200RPM IDE disk. ?CPU for tshark or windump never exceeds 25%. ?Why are > these capture tools doing this? ?They've created a catch 22. ?I can't report the > data without the capture, but the capture ruins the data. [...] If you can find a spare box with two NICs in it, you could set up a Linux box as a bridge (even running from a live CD) and run tcpdump on that. Otherwise, maybe this helps: http://support.microsoft.com/kb/812953 Wireshark seems to be able to load Microsoft NetMon captures, so I think that should work too and might not cause the performance drop that tshark/windump (winpcap) do. -- Michael Wood From esiotrot at gmail.com Mon Jan 25 14:29:32 2010 From: esiotrot at gmail.com (Michael Wood) Date: Mon, 25 Jan 2010 23:29:32 +0200 Subject: [Samba] Upgrade from 3.0.4 to 3.4.5 gotchas? In-Reply-To: <387ee2021001251053n723bd9d0qd116acaf9d52832e@mail.gmail.com> References: <4B5DDCF2.7050102@freakyacres.com> <387ee2021001251053n723bd9d0qd116acaf9d52832e@mail.gmail.com> Message-ID: <5a8aa6681001251329h6e8804e7p3d4b018fa1e4fffb@mail.gmail.com> 2010/1/25 John Drescher : > On Mon, Jan 25, 2010 at 1:03 PM, Joe wrote: >> I'm about to install 3.4.5 over 3.0.4 on an old FreeBSD 5.2.1 server from >> source. ?The server is backed up to tape. >> >> Could I make life easier by backing up some files by hand to another >> directory? >> >> In theory should "make install" be all I have to do? ?(yes I ran configure >> and make) >> >> Will the old smb.conf need modified? >> > > Yes definitely. You are going ahead 6 years of development. > > Normally you are supposed to take a look at the change logs between > versions to determine what parameters have been changed or removed but > that would be very painful for that type of move. > > I would run > > testparm > > before starting samba and fix any thing it complains about. Would it also help to run "testparm -sv" with the old version and then again after the upgrade to see what defaults have changed? Or would there be too many differences? -- Michael Wood From drescherjm at gmail.com Mon Jan 25 14:47:16 2010 From: drescherjm at gmail.com (John Drescher) Date: Mon, 25 Jan 2010 16:47:16 -0500 Subject: [Samba] Upgrade from 3.0.4 to 3.4.5 gotchas? In-Reply-To: <4B5E0F6F.6040703@freakyacres.com> References: <4B5DDCF2.7050102@freakyacres.com> <387ee2021001251053n723bd9d0qd116acaf9d52832e@mail.gmail.com> <4B5E0F6F.6040703@freakyacres.com> Message-ID: <387ee2021001251347m3fd07fc4weaf43581c6693723@mail.gmail.com> On Mon, Jan 25, 2010 at 4:38 PM, Joe wrote: > On 1/25/2010 1:53 PM, John Drescher wrote: >> >> On Mon, Jan 25, 2010 at 1:03 PM, Joe ?wrote: >>> >>> I'm about to install 3.4.5 over 3.0.4 on an old FreeBSD 5.2.1 server from >>> source. ?The server is backed up to tape. >>> >>> Could I make life easier by backing up some files by hand to another >>> directory? >>> >>> In theory should "make install" be all I have to do? ?(yes I ran >>> configure >>> and make) >>> >>> Will the old smb.conf need modified? >>> >> >> Yes definitely. You are going ahead 6 years of development. >> >> Normally you are supposed to take a look at the change logs between >> versions to determine what parameters have been changed or removed but >> that would be very painful for that type of move. >> >> I would run >> >> testparm >> >> before starting samba and fix any thing it complains about. >> >> John >> > > I didn't make install yet but ran testparm from the compile directory. > > It complains... > > /libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found > > So I expect samba may have trouble starting also. ?Any tips? libtalloc.so.1 is part of samba John From hds at semark.dk Mon Jan 25 14:23:26 2010 From: hds at semark.dk (Henrik Dige Semark) Date: Mon, 25 Jan 2010 22:23:26 +0100 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 Message-ID: <4B5E0BCE.9080300@semark.dk> I have a serous problem. I have for some time now tried to get an SAMBA based Domain Controller working. I have tried with OpenLDAP and tdbsam as backend, but I get the same error every time. I wood prefer to use LDAP as my backend. I have read tons of how-to SAMBA + LDAP, but non of the seams to work for my, is there someone that maybe can see what I have done rung in my config.? I have attached my samba conf and LDAP conf. Samba is connected to OpenLDAP, and LDAP is running fine. But when I try to join my Windows XP Pro SP3 I takes about one Min and it tells my that Username and/or Password maybe rung, ore not existing. There is no doubt that Samba and Ldap is talking together (samba have updated the SID and RID's), cause when I try to join the domain LDAP is activated, but the return value is somehow disappearing on the way back to my client I have some wireshark dump that I can provide if its necessary. I can provide LOGS, DUMPS, and everything needed if its necessary. System info: Clean installed Debian Lenny (5.0.3) Clean installed Samba 3.2.5 + Winbind 3.2.5 Clean installed OpenLDAP 2.4.11 (slapd) Debian default smbldap-tools (smbldap-populate is working and have populated LDAP without problems) if there is something I have forgotten please just ask for it, I'm close to be desperate.! --- Med Venlig Hilsen / Best regards Henrik Dige Semark -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: smb.conf URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: schema.conf URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: slapd.conf URL: From joe at freakyacres.com Mon Jan 25 14:54:54 2010 From: joe at freakyacres.com (Joe) Date: Mon, 25 Jan 2010 16:54:54 -0500 Subject: [Samba] Upgrade from 3.0.4 to 3.4.5 gotchas? In-Reply-To: <387ee2021001251347m3fd07fc4weaf43581c6693723@mail.gmail.com> References: <4B5DDCF2.7050102@freakyacres.com> <387ee2021001251053n723bd9d0qd116acaf9d52832e@mail.gmail.com> <4B5E0F6F.6040703@freakyacres.com> <387ee2021001251347m3fd07fc4weaf43581c6693723@mail.gmail.com> Message-ID: <4B5E132E.80502@freakyacres.com> On 1/25/2010 4:47 PM, John Drescher wrote: > On Mon, Jan 25, 2010 at 4:38 PM, Joe wrote: >> On 1/25/2010 1:53 PM, John Drescher wrote: >>> >>> On Mon, Jan 25, 2010 at 1:03 PM, Joe wrote: >>>> >>>> I'm about to install 3.4.5 over 3.0.4 on an old FreeBSD 5.2.1 server from >>>> source. The server is backed up to tape. >>>> >>>> Could I make life easier by backing up some files by hand to another >>>> directory? >>>> >>>> In theory should "make install" be all I have to do? (yes I ran >>>> configure >>>> and make) >>>> >>>> Will the old smb.conf need modified? >>>> >>> >>> Yes definitely. You are going ahead 6 years of development. >>> >>> Normally you are supposed to take a look at the change logs between >>> versions to determine what parameters have been changed or removed but >>> that would be very painful for that type of move. >>> >>> I would run >>> >>> testparm >>> >>> before starting samba and fix any thing it complains about. >>> >>> John >>> >> >> I didn't make install yet but ran testparm from the compile directory. >> >> It complains... >> >> /libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found >> >> So I expect samba may have trouble starting also. Any tips? > > > libtalloc.so.1 is part of samba > > John > So is there any way to run the new version of testparm before the actual installation? From drescherjm at gmail.com Mon Jan 25 14:56:44 2010 From: drescherjm at gmail.com (John Drescher) Date: Mon, 25 Jan 2010 16:56:44 -0500 Subject: [Samba] Upgrade from 3.0.4 to 3.4.5 gotchas? In-Reply-To: <4B5E132E.80502@freakyacres.com> References: <4B5DDCF2.7050102@freakyacres.com> <387ee2021001251053n723bd9d0qd116acaf9d52832e@mail.gmail.com> <4B5E0F6F.6040703@freakyacres.com> <387ee2021001251347m3fd07fc4weaf43581c6693723@mail.gmail.com> <4B5E132E.80502@freakyacres.com> Message-ID: <387ee2021001251356w44b8bbfbyf4dc0025eed0627f@mail.gmail.com> On Mon, Jan 25, 2010 at 4:54 PM, Joe wrote: > On 1/25/2010 4:47 PM, John Drescher wrote: >> >> On Mon, Jan 25, 2010 at 4:38 PM, Joe ?wrote: >>> >>> On 1/25/2010 1:53 PM, John Drescher wrote: >>>> >>>> On Mon, Jan 25, 2010 at 1:03 PM, Joe ? ?wrote: >>>>> >>>>> I'm about to install 3.4.5 over 3.0.4 on an old FreeBSD 5.2.1 server >>>>> from >>>>> source. ?The server is backed up to tape. >>>>> >>>>> Could I make life easier by backing up some files by hand to another >>>>> directory? >>>>> >>>>> In theory should "make install" be all I have to do? ?(yes I ran >>>>> configure >>>>> and make) >>>>> >>>>> Will the old smb.conf need modified? >>>>> >>>> >>>> Yes definitely. You are going ahead 6 years of development. >>>> >>>> Normally you are supposed to take a look at the change logs between >>>> versions to determine what parameters have been changed or removed but >>>> that would be very painful for that type of move. >>>> >>>> I would run >>>> >>>> testparm >>>> >>>> before starting samba and fix any thing it complains about. >>>> >>>> John >>>> >>> >>> I didn't make install yet but ran testparm from the compile directory. >>> >>> It complains... >>> >>> /libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found >>> >>> So I expect samba may have trouble starting also. ?Any tips? >> >> >> libtalloc.so.1 is part of samba >> >> John >> > > So is there any way to run the new version of testparm before the > actual installation? > Possibly by running ldconfig for the folder that contains libtalloc.so.1 -- John M. Drescher From joe at freakyacres.com Mon Jan 25 14:38:55 2010 From: joe at freakyacres.com (Joe) Date: Mon, 25 Jan 2010 16:38:55 -0500 Subject: [Samba] Upgrade from 3.0.4 to 3.4.5 gotchas? In-Reply-To: <387ee2021001251053n723bd9d0qd116acaf9d52832e@mail.gmail.com> References: <4B5DDCF2.7050102@freakyacres.com> <387ee2021001251053n723bd9d0qd116acaf9d52832e@mail.gmail.com> Message-ID: <4B5E0F6F.6040703@freakyacres.com> On 1/25/2010 1:53 PM, John Drescher wrote: > On Mon, Jan 25, 2010 at 1:03 PM, Joe wrote: >> I'm about to install 3.4.5 over 3.0.4 on an old FreeBSD 5.2.1 server from >> source. The server is backed up to tape. >> >> Could I make life easier by backing up some files by hand to another >> directory? >> >> In theory should "make install" be all I have to do? (yes I ran configure >> and make) >> >> Will the old smb.conf need modified? >> > > Yes definitely. You are going ahead 6 years of development. > > Normally you are supposed to take a look at the change logs between > versions to determine what parameters have been changed or removed but > that would be very painful for that type of move. > > I would run > > testparm > > before starting samba and fix any thing it complains about. > > John > I didn't make install yet but ran testparm from the compile directory. It complains... /libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found So I expect samba may have trouble starting also. Any tips? From brian.gregorcy at utah.edu Mon Jan 25 15:02:10 2010 From: brian.gregorcy at utah.edu (gregorcy) Date: Mon, 25 Jan 2010 15:02:10 -0700 Subject: [Samba] Fwd: Re: Change AD user password from Linux Message-ID: <4B5E14E2.5070206@utah.edu> whoops should have also sent to list. -------- Original Message -------- Subject: Re: [Samba] Change AD user password from Linux Date: Mon, 25 Jan 2010 15:00:59 -0700 From: gregorcy To: Masao Garcia On 01/20/10 16:25, Masao Garcia wrote: > John, > > Still no go on the password change. I'm going to set up a fresh Ubuntu 8.04 > install....I'm thinking maybe because my test LTSP server was set up to > authenticate to a SambaPDC, maybe something is "tainted" and is causing the > problem. Thank you for your help. Hi Masao, Hey if you figure out how to get it too work will you post it to the list. I have also been trying for a bit to get passwd to work. --Brian From rob at steinmetznet.com Mon Jan 25 16:02:09 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Mon, 25 Jan 2010 17:02:09 -0600 Subject: [Samba] Problem Samba Share Message-ID: <4B5E22F1.1070602@steinmetznet.com> I'm running out of things to check. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. On the Member Server when I access the [Projects] share everything works as expected. When I access the [Windows] share I get prompted for a user name and password but no combination works If I comment out the "force group" then [Windows] mostly works but not there are issues with one application which will gives error indication it cant create files. I have worked through a number of issues eventually finding that pam was not configured correctly, now it seems to be correct, getent now includes the domain users and groups. I can find no difference between the two shares but one works as expected and one doesn't. The only significant apparent difference is that [Windows] is much larger. > [Projects] > comment = Project Specific Data > path = /files/Lucretia/Projects > force group = "ATLANTA\domain users" > read only = No > create mask = 0764 > directory mask = 0775 > > [Windows] > comment = Atlanta Windows Files > path = /files/Lucretia/Windows > force group = "ATLANTA\domain users" > read only = No > create mask = 0764 > directory mask = 0775 A list of the directory > root at louise:/files/Lucretia# > drwxrwsr-x 36 trish domain users 1608 2010-01-20 15:53 Projects > drwxrwsrwx 291 trish domain users 23600 2010-01-25 15:15 Windows There are no acl's set on either directory. -- Robert Steinmetz, AIA Principal Steinmetz & Associates From lists.john at gmail.com Mon Jan 25 16:02:34 2010 From: lists.john at gmail.com (john) Date: Mon, 25 Jan 2010 15:02:34 -0800 Subject: [Samba] Fwd: Re: Change AD user password from Linux In-Reply-To: <4B5E14E2.5070206@utah.edu> References: <4B5E14E2.5070206@utah.edu> Message-ID: <2be970b51001251502o3aa579c2hc8005175abaf6c07@mail.gmail.com> Hi Gregorcy, Here's what I sent along to Masao. I didn't cc the list either :-( So here it comes now. Hope it may be useful. On Thu, Jan 21, 2010 at 12:05 PM, Masao Garcia wrote: > John, > > Yes, with my config, I can see all the domain users and groups with both > wbinfo and getent. I can log in via SSH and also from an LTSP terminal (I > had to chown the test user's home directory because the user IDs didn't > match from the old system) but when it comes to password changes, it just > won't work. Did you have a legacy /var/lib/samba/winbindd_idmap.tdb lying around from a previous active directory membership? If this computer had a windows user called jdoe whos uid->sid mapping was stored in that account, and you rejoined AD later on, you might cause yourself problems when trying to change the "new" jdoe's passwd (e.g. his unix uid would be mapped to a different windows SID as I understand it). I am a bit fuzzy on this, others could be of more help. I get around this because I use a static rid mapping (e.g. idmap backend = rid:VANGUARD=10000-200000) so that I can scale AD accross servers and uid->sid mappings stay consistent. > > I tried changing my pam.d config files with your settings and I can't SSH in > with AD accounts. wbinfo and getent still works. Here's what my ssh entry in /etc/pam.d looks like (note the entry for winbind) auth required pam_env.so # [1] auth required pam_env.so envfile=/etc/default/locale auth sufficient /lib/security/pam_winbind.so @include common-auth account required pam_nologin.so account sufficient /lib/security/pam_winbind.so @include common-account @include common-session session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] session required pam_limits.so @include common-password > > I use krb5 because according to the guide, Kerberos and Winbind are required > for authentication and session information when interfacing with AD. I believe you need krb5 to join AD but you don't need entries in pam.d/common-* unless you are trying to refresh kerberos tickets for various domain services. Again, others would know more. I messed around with automatically refreshing users kerberos tickets, but I couldn't get it working well, so users just have to present credentials when they want to get a windows share for example. I really should revisit this. :-) > > Can I ask what version of Samba you're running and what your domain > functional level is? winbind 3.0.28a-1ubuntu4.9 samba-common 3.0.28a-1ubuntu4.9 Our functional level is "windows 2003" > Did you install the Unix services on the DCs? No I decided I didn't want to mess with the DC's in any way. > tried both with and without the Unix services and I get the same errors > about the users not being in /etc/passwd in both cases. It's got to be a > pam.d or nsswitch configuration problem, but I can't find any answers on > Google. Somehow I have to tell the client to look for the users in AD when > changing passwords, but from my understanding that's handled by > nsswitch.conf, which looks right. I think you are on the right track. Have you tried turning up the verbosity on the logging? You can do that in the smb.conf file and then try your transaction and check for messages in /var/log/samba Here's a little blurb from O'reilly http://oreilly.com/catalog/samba/chapter/book/ch09_01.html > > Anyway, I just got word from management that I need to raise the domain and > forest functional levels to 2008R2, and from what I've read, you need Samba > 3.2 for AD authentication to work right in that environment so now I'm > messing with Ubuntu 9.10. I appreciate your help. I'll let you know how > things turn out in the new environment. I'll be interested to hear what you find out. I'm planning on migrating to Lucid (the next LTS) sometime in the next 6 months, and I would guess Karmic (9.10) and Lucid will be very similar with regards to winbind and samba. Btw, as an aside, I found out as long as I am only joining my servers to AD and not actually hosting shares via samba on my Linux server, I only need the winbind package on LTSP. Winbind installs a minimal subset of the samba packages and doesn't run the samba daemon. Good luck! John On Mon, Jan 25, 2010 at 2:02 PM, gregorcy wrote: > whoops should have also sent to list. > > Hi Masao, > > Hey if you figure out how to get it too work will you post it to the list. ?I have also been trying for a bit to get > passwd to work. > > --Brian > -- > To unsubscribe from this list go to the following URL and read the > instructions: ?https://lists.samba.org/mailman/options/samba > From stan at hardwarefreak.com Mon Jan 25 16:30:34 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 25 Jan 2010 17:30:34 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> <4B5D36CC.1010103@hardwarefreak.com> Message-ID: <4B5E299A.7020908@hardwarefreak.com> Volker Lendecke put forth on 1/25/2010 1:28 AM: > On Mon, Jan 25, 2010 at 12:14:36AM -0600, Stan Hoeppner wrote: >> Volker Lendecke put forth on 1/24/2010 6:51 AM: >>> On Sun, Jan 24, 2010 at 02:09:51PM +0200, Michael Wood wrote: >>>> Except that he said "I can copy files between the Win2K and WinXP >>>> machines at just over 10MB/s in a single stream and max out the 11MB/s >>>> with two streams." I am assuming he used the same client in that test >>>> as he did with the test against Samba. So from what he's said it >>>> seems that he gets more speed with a Windows server than with Samba >>>> for the same client. >>> >>> So what we need is a full network trace of both cases. >> >> Actually I'll give you something slightly different, and more to the original >> question. I've taken two tcp captures on the Samba server machine. Both >> transfers were performed using the Windows 2000 cli "copy" command pulling a >> 36MB avi file from a share on the Samba server. The first test was a single >> stream copy. The second test was a dual stream copy of the same file >> concurrently to two different destination directories. I also had iftop running >> during the tests. The single stream transfer maxed out at just over 64Mb/s. >> The dual stream test maxed out at 92Mb/s. Following are the two tcpdump output >> files using "tcpdump -p -s 0 -w FILE port 445": >> >> http://www.hardwarefreak.com/smb_single_stream >> http://www.hardwarefreak.com/smb_dual_stream > > The dual-stream one is kindof limited help. The interesting > piece is how Win->Win does its thing faster, so we need to > see that one. I've been busting my but trying to get you something meaningful. This dump is less than optimal for two reasons, but it's the best I can get you thus far. 1. Running tshark on Win2K creates a huge network performance hit and thus b/w numbers for small file (<250MB) transfers don't come close to accurately describing the real world. With tshark running the b/w is less than half of normal with small files. 2. Because of this I had to do a huge file copy to allow time for the client to level off at peak performance, which is still ~500KB/s lower than normal due to tshark overhead. Anyway, the file is over 400MB. It'll take quite a while to grab off my server. http://www.hardwarefreak.com/smb-winwin-single-stream Hope you are able to glean something meaningful from it. -- Stan From masaog at fshac.com Mon Jan 25 15:54:38 2010 From: masaog at fshac.com (Masao Garcia) Date: Mon, 25 Jan 2010 16:54:38 -0600 Subject: [Samba] Fwd: Re: Change AD user password from Linux In-Reply-To: <4B5E14E2.5070206@utah.edu> References: <4B5E14E2.5070206@utah.edu> Message-ID: Gregorcy, I ended up installing Ubuntu 9.10 and using Likewise-open and that worked without issue. I'm able to change passwords on my LTSP server (which I still need to rebuild) but initial testing shows I can change my password on first logon (though if I don't meet the password complexity, I get a generic token error). The only thing I don't like about Likewise-open is that I seem to need to include the domain with the username (i.e. domain\username or username at domain). I'm not sure if that's configurable, but it's also not a show stopper for me if it's not. I still have my old 8.04 setup and John was kind enough to give me some more settings I could check that I have not followed up on. If I get the chance, I'll go back and check and post an update if I get it working. -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of gregorcy Sent: Monday, January 25, 2010 4:02 PM To: samba Subject: [Samba] Fwd: Re: Change AD user password from Linux Hi Masao, Hey if you figure out how to get it too work will you post it to the list. I have also been trying for a bit to get passwd to work. --Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From Didier.Brison at ibis.ulaval.ca Mon Jan 25 17:46:56 2010 From: Didier.Brison at ibis.ulaval.ca (Didier Brison) Date: Mon, 25 Jan 2010 19:46:56 -0500 Subject: [Samba] Pb using printer share with Vista Message-ID: <9A7DDD68D4FF1F45A586DB20DAA5678B5807E477F9@EXCH-MBX-A.ulaval.ca> Hi, On a Debian Lenny I try to make working samba 3.4.3-1 backports printer drivers auto install for Vista and of course it doesn't work. It start install the driver on the server, but stop and tell "_spoolss_AddPrinterDriverEx: level 8 not yet implemented" Someone can help me? Here is a part of my Syslog Jan 25 19:27:57 toto smbd[13437]: [2010/01/25 19:27:57, 0] rpc_server/srv_spoolss_nt.c:7646(_spoolss_AddPrinterDriver) Jan 25 19:27:57 toto smbd[13437]: _spoolss_AddPrinterDriverEx: level 8 not yet implemented Jan 25 19:28:11 toto smbd[13437]: [2010/01/25 19:28:11, 1] smbd/service.c:1226(close_cnum) Jan 25 19:28:11 toto smbd[13437]: ibis-inf-2 (::ffff:132.203.160.8) closed connection to service print$ Regards. Didier From jra at samba.org Mon Jan 25 18:26:15 2010 From: jra at samba.org (Jeremy Allison) Date: Mon, 25 Jan 2010 17:26:15 -0800 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <4B5DA9EA.8080408@wavenet.at> References: <4B5DA9EA.8080408@wavenet.at> Message-ID: <20100126012615.GC8066@samba1> On Mon, Jan 25, 2010 at 03:25:46PM +0100, Martin Hochreiter wrote: > I recently installed Samba 3.4.5 on Ubuntu 8.04 64 bit and > had to downgrad again because of massive core panics: > > I can't really tell you what caused that (maybe while printing via > samba-cups) - can > somebody give me a hint or tell me what information you need to analyze > that please? > > [2010/01/25 13:46:52, 0] lib/fault.c:46(fault_report) > =============================================================== > [2010/01/25 13:46:52, 0] lib/fault.c:47(fault_report) > INTERNAL ERROR: Signal 11 in pid 7553 (3.4.5) > Please read the Trouble-Shooting section of the Samba3-HOWTO > [2010/01/25 13:46:52, 0] lib/fault.c:49(fault_report) > > From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > [2010/01/25 13:46:52, 0] lib/fault.c:50(fault_report) > =============================================================== > [2010/01/25 13:46:52, 0] lib/util.c:1480(smb_panic) > PANIC (pid 7553): internal error > [2010/01/25 13:46:52, 0] lib/util.c:1584(log_stack_trace) > BACKTRACE: 25 stack frames: > #0 /opt/samba345/sbin/smbd(log_stack_trace+0x1a) [0x6bc42b] > #1 /opt/samba345/sbin/smbd(smb_panic+0x55) [0x6bc52a] > #2 /opt/samba345/sbin/smbd [0x6ad1ae] > #3 /lib/libpthread.so.0 [0x7fa381cb77d0] > #4 /etc/samba/libtalloc.so.1 [0x7fa380da9761] > #5 /etc/samba/libtalloc.so.1(talloc_free+0x1cc) [0x7fa380dab92e] > #6 /opt/samba345/sbin/smbd [0x6249ca] > #7 /opt/samba345/sbin/smbd(api_pipe_request+0x3ac) [0x656ef5] > #8 /opt/samba345/sbin/smbd [0x650b46] > #9 /opt/samba345/sbin/smbd(np_write_send+0x912) [0x651a13] > #10 /opt/samba345/sbin/smbd [0x4a7456] > #11 /opt/samba345/sbin/smbd [0x4a79d9] > #12 /opt/samba345/sbin/smbd(reply_trans+0x6b7) [0x4a85af] > #13 /opt/samba345/sbin/smbd [0x4fee33] > #14 /opt/samba345/sbin/smbd [0x5012e8] > #15 /opt/samba345/sbin/smbd [0x501a6c] > #16 /opt/samba345/sbin/smbd(run_events+0x131) [0x6cb350] > #17 /opt/samba345/sbin/smbd(smbd_process+0x790) [0x500cb7] > #18 /opt/samba345/sbin/smbd [0x947e15] > #19 /opt/samba345/sbin/smbd(run_events+0x131) [0x6cb350] > #20 /opt/samba345/sbin/smbd [0x6cb5b0] > #21 /opt/samba345/sbin/smbd(_tevent_loop_once+0x84) [0x6cb929] > #22 /opt/samba345/sbin/smbd(main+0xf17) [0x947b99] > #23 /lib/libc.so.6(__libc_start_main+0xf4) [0x7fa3806481c4] > #24 /opt/samba345/sbin/smbd [0x48e629] > [2010/01/25 13:46:52, 0] lib/fault.c:326(dump_core) > dumping core in /var/log/samba/cores/smbd Can you install the debug symbols, and try and reproduce the problem please ? Open a bug at bugzilla.samba.org and add the line: panic action = "/bin/sleep 99999" to the [global] section of your smb.conf. Once the crash re-occurs, attach to the parent process of the sleep using gdb, and then type "bt" to get a full backtrace with symbols. Attach this to the bug report please. Thanks ! Jeremy. From jra at samba.org Mon Jan 25 18:43:45 2010 From: jra at samba.org (Jeremy Allison) Date: Mon, 25 Jan 2010 17:43:45 -0800 Subject: [Samba] Pb using printer share with Vista In-Reply-To: <9A7DDD68D4FF1F45A586DB20DAA5678B5807E477F9@EXCH-MBX-A.ulaval.ca> References: <9A7DDD68D4FF1F45A586DB20DAA5678B5807E477F9@EXCH-MBX-A.ulaval.ca> Message-ID: <20100126014345.GE8066@samba1> On Mon, Jan 25, 2010 at 07:46:56PM -0500, Didier Brison wrote: > Hi, > > On a Debian Lenny > I try to make working samba 3.4.3-1 backports printer drivers auto install for Vista and of course it doesn't work. > It start install the driver on the server, but stop and tell "_spoolss_AddPrinterDriverEx: level 8 not yet implemented" > > Someone can help me? > > Here is a part of my Syslog > > Jan 25 19:27:57 toto smbd[13437]: [2010/01/25 19:27:57, 0] rpc_server/srv_spoolss_nt.c:7646(_spoolss_AddPrinterDriver) > Jan 25 19:27:57 toto smbd[13437]: _spoolss_AddPrinterDriverEx: level 8 not yet implemented > Jan 25 19:28:11 toto smbd[13437]: [2010/01/25 19:28:11, 1] smbd/service.c:1226(close_cnum) > Jan 25 19:28:11 toto smbd[13437]: ibis-inf-2 (::ffff:132.203.160.8) closed connection to service print$ Can you log a bug at bugzilla.samba.org. We have an explicit comment in the code that assumes that returning WERR_UNKNOWN_LEVEL causes the client to silently downgrade to a supported level. If this isn't working, we need to track the issue. Thanks, Jeremy. From jra at samba.org Mon Jan 25 18:45:14 2010 From: jra at samba.org (Jeremy Allison) Date: Mon, 25 Jan 2010 17:45:14 -0800 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <4B5DD177.1000705@BriannasSaladDressing.com> References: <4B015BF6.9060002@BriannasSaladDressing.com> <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> Message-ID: <20100126014514.GF8066@samba1> On Mon, Jan 25, 2010 at 11:14:31AM -0600, Dale Schroeder wrote: > > This time, it seems to be an ADS specific winbind error. > > I have attempted with the current kernel - 2.6.32-trunk-686 and the > previous kernel - 2.6.30-2-686. > > What kind of encryption change has occurred, and which program is it > referring to as lacking the encryption type - samba or krb5? This is a krb5 error. Try upgrading the krb5 libraries ? From samba at tlinx.org Mon Jan 25 23:34:09 2010 From: samba at tlinx.org (Linda Walsh) Date: Mon, 25 Jan 2010 22:34:09 -0800 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5B57D8.2050503@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> Message-ID: <4B5E8CE1.7040308@tlinx.org> Stan Hoeppner wrote: > For raw bandwidth maximization, what port and protocol are used won't > make much difference, if any. In fact it shouldn't make _any_ > difference in raw b/w. Communications between the Samba server and > Win2K client appear to be exclusively over TCP 139 at this point > according to netstat, instead I'm misreading or looking in the wrong > place. --- I haven't read the rest of the thread yet, so forgive me if I am covering things that have already been covered. 139 AFAIK, uses UDP, that means one packet up, it gets ACKED, (packet send back to sender) then another packet goes up. 445 uses TCP, which can have multiple packets sent without waiting for an ACK. Suppose round trip for an 'empty packet is 2 ms. For round numbers use 1000B/packet. So you send 1000B on a 1MB/s line (yeah, it's an odd flaver of ethernet). But for each 1000 bytes sent, it takes 1000/10^6(B/s) = 1ms. So it would take 2 seconds to send. Now the other side could wait for the response to come back and that would take another 1ms for an empty packet (which can include an 'ACK'. So round trip time for 1000 bytes would be 3m. Now your 1MB line has dropped to 1000B / 3ms. Instead of nearly 1000 packets/second, you only see a throughput of 300k on our 1MB line : 33%. Yuck! Now tcp doesn't require nearly the overhead for single packets. Opening the TCP connection takes extra long -- maybe in our example it would take 5ms. But then further packets can be sent with .05ms overhead instead of 1ms. (these figures are illustrative, not accurate!) But now you send 30 packets at 1ms+.5 each, and they all travel and are received in 30.30 ms. The ack back takes another .5 (as it's within the TCP stream, where you only need send packet# and ack -- no addressing or port or security info. That 'intro stuff' is only done once at the begining of each stream open (which in Samba is only once/ session -- not once/connection). Additonally, the Ack back takes place AS the next packet is being sent. Most implementations will allow the next one-to-several packets to be sent WITHOUT having heard back. That's important. So the total wait time -- is 1.5*30 or 45ms+ + the last ack has to waited for -- so 45.5 ms. to send your 30,000 bytes. Now we're talking 659k on our 1MB line. Not perfect, but maybe as perfect as less than ideal hardware allows due to overhead (or maybe OS overhead/packet...whatever). But in this *bogus*, (but representative in a relative sense) example TCP bought over 100% more throughput. In real life, might add 10-30%. Depends on hardward and OS implementation. Do you see why TCP=better? (for large packet sizes). For small, sparse amounts of data, UDP might be better. The penalty of per-packet overhead RTT times goes *up* with the faster networking equipment you use. At 1GB, 1ms is a loss of a million bits! That make sense? So a UDP connection is much more inefficient and may show as busy but some of that is spent constructing/sending headers while other parts are waiting on ACKS. -linda From esiotrot at gmail.com Mon Jan 25 23:53:24 2010 From: esiotrot at gmail.com (Michael Wood) Date: Tue, 26 Jan 2010 08:53:24 +0200 Subject: [Samba] Problem Samba Share In-Reply-To: <4B5E22F1.1070602@steinmetznet.com> References: <4B5E22F1.1070602@steinmetznet.com> Message-ID: <5a8aa6681001252253m63e808d3x6ce3fd53a47a1ded@mail.gmail.com> 2010/1/26 Robert Steinmetz AIA : > I'm running out of things to check. > > I have two servers running Samba 2.3.3, one as a Domain Controller one as a Sorry, I don't know what's causing your problems, but I suspect you mean version 3.2.3, which is what Ubuntu 8.10 ships with. http://packages.ubuntu.com/intrepid/samba The "2:" is not part of the Samba version number. It's an "epoch", which is explained in Debian's policy manual as follows: "It is provided to allow mistakes in the version numbers of older versions of a package, and also a package's previous version numbering schemes, to be left behind." http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Version -- Michael Wood From esiotrot at gmail.com Tue Jan 26 00:02:27 2010 From: esiotrot at gmail.com (Michael Wood) Date: Tue, 26 Jan 2010 09:02:27 +0200 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5E8CE1.7040308@tlinx.org> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <4B5E8CE1.7040308@tlinx.org> Message-ID: <5a8aa6681001252302g1ab9c329lc3c58640eb2f0d39@mail.gmail.com> Hi 2010/1/26 Linda Walsh : > Stan Hoeppner wrote: >> >> For raw bandwidth maximization, what port and protocol are used won't >> make much difference, if any. ?In fact it shouldn't make _any_ >> difference in raw b/w. ?Communications between the Samba server and >> Win2K client appear to be exclusively over TCP 139 at this point >> according to netstat, instead I'm misreading or looking in the wrong >> place. > > --- I haven't read the rest of the thread yet, so forgive me if I am > ?covering things that have already been covered. > > ?139 AFAIK, uses UDP, that means one packet up, it gets ACKED, (packet > send back to sender) then another packet goes up. I'm pretty sure you're wrong about port 139 necessarily using UDP, and Stan said further up the thread that he was using TCP on port 139. He later changed to port 445 anyway and was still having the same problem. -- Michael Wood From bubulle at debian.org Mon Jan 25 23:44:31 2010 From: bubulle at debian.org (Christian PERRIER) Date: Tue, 26 Jan 2010 07:44:31 +0100 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <20100126014514.GF8066@samba1> References: <4B015BF6.9060002@BriannasSaladDressing.com> <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> Message-ID: <20100126064431.GF15807@cc-mykerinos.onera> Quoting Jeremy Allison (jra at samba.org): > On Mon, Jan 25, 2010 at 11:14:31AM -0600, Dale Schroeder wrote: > > > > This time, it seems to be an ADS specific winbind error. > > > > I have attempted with the current kernel - 2.6.32-trunk-686 and the > > previous kernel - 2.6.30-2-686. > > > > What kind of encryption change has occurred, and which program is it > > referring to as lacking the encryption type - samba or krb5? > > This is a krb5 error. Try upgrading the krb5 libraries ? Dale, can you send the output of "dpkg -s libkrb5-3" Sam Hartman is working hardly on krb5 these days. I can't check right now but it's highly probable that Debian testing hasn't the same version than unstable (1.7 in testing, 1.8 in unstable). So, Jeremy's advice is probably worth it if you have 1.7 version of krb5 and if that solves your problems, then we might need to update dependencies in samba packages. From linuxbox at wavenet.at Tue Jan 26 00:58:12 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Tue, 26 Jan 2010 08:58:12 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <20100126012615.GC8066@samba1> References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> Message-ID: <4B5EA094.7040202@wavenet.at> > Can you install the debug symbols, and try and > reproduce the problem please ? Open a bug at bugzilla.samba.org > and add the line: > > panic action = "/bin/sleep 99999" > > to the [global] section of your smb.conf. Once the crash > re-occurs, attach to the parent process of the sleep using > gdb, and then type "bt" to get a full backtrace with symbols. > > Attach this to the bug report please. > > Thanks ! > > Jeremy. > > Unfortunately it is a production system I did the upgrade (I compiled 3.4.5 in parallel to 3.0.28 did the necessary changes and tried to run in it during lunchtime) I'll try to reproduce it during lunchtime again ... BUT I read the "3.4 Panic in Debian" thread and Ubuntu 8.04 is shipped with libkrb53 - 1.6.dfsg.3~beta1-2ubuntu1.3 May that hit my problem too? From gustavo.tonello at gmail.com Tue Jan 26 02:53:12 2010 From: gustavo.tonello at gmail.com (Luiz Gustavo P Tonello) Date: Tue, 26 Jan 2010 07:53:12 -0200 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <20100126012615.GC8066@samba1> References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> Message-ID: <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> I've had the same problem with Debian Lenny, when I compile latest Samba packet (3.4.5). But, I've resolved this adding repositories "testing" in my sources.list. After, I install Samba with apt-get. -- Luiz Gustavo P Tonello. On Jan 25, 2010, at 11:26 PM, Jeremy Allison wrote: > On Mon, Jan 25, 2010 at 03:25:46PM +0100, Martin Hochreiter wrote: >> I recently installed Samba 3.4.5 on Ubuntu 8.04 64 bit and >> had to downgrad again because of massive core panics: >> >> I can't really tell you what caused that (maybe while printing via >> samba-cups) - can >> somebody give me a hint or tell me what information you need to analyze >> that please? >> >> [2010/01/25 13:46:52, 0] lib/fault.c:46(fault_report) >> =============================================================== >> [2010/01/25 13:46:52, 0] lib/fault.c:47(fault_report) >> INTERNAL ERROR: Signal 11 in pid 7553 (3.4.5) >> Please read the Trouble-Shooting section of the Samba3-HOWTO >> [2010/01/25 13:46:52, 0] lib/fault.c:49(fault_report) >> >> From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf >> [2010/01/25 13:46:52, 0] lib/fault.c:50(fault_report) >> =============================================================== >> [2010/01/25 13:46:52, 0] lib/util.c:1480(smb_panic) >> PANIC (pid 7553): internal error >> [2010/01/25 13:46:52, 0] lib/util.c:1584(log_stack_trace) >> BACKTRACE: 25 stack frames: >> #0 /opt/samba345/sbin/smbd(log_stack_trace+0x1a) [0x6bc42b] >> #1 /opt/samba345/sbin/smbd(smb_panic+0x55) [0x6bc52a] >> #2 /opt/samba345/sbin/smbd [0x6ad1ae] >> #3 /lib/libpthread.so.0 [0x7fa381cb77d0] >> #4 /etc/samba/libtalloc.so.1 [0x7fa380da9761] >> #5 /etc/samba/libtalloc.so.1(talloc_free+0x1cc) [0x7fa380dab92e] >> #6 /opt/samba345/sbin/smbd [0x6249ca] >> #7 /opt/samba345/sbin/smbd(api_pipe_request+0x3ac) [0x656ef5] >> #8 /opt/samba345/sbin/smbd [0x650b46] >> #9 /opt/samba345/sbin/smbd(np_write_send+0x912) [0x651a13] >> #10 /opt/samba345/sbin/smbd [0x4a7456] >> #11 /opt/samba345/sbin/smbd [0x4a79d9] >> #12 /opt/samba345/sbin/smbd(reply_trans+0x6b7) [0x4a85af] >> #13 /opt/samba345/sbin/smbd [0x4fee33] >> #14 /opt/samba345/sbin/smbd [0x5012e8] >> #15 /opt/samba345/sbin/smbd [0x501a6c] >> #16 /opt/samba345/sbin/smbd(run_events+0x131) [0x6cb350] >> #17 /opt/samba345/sbin/smbd(smbd_process+0x790) [0x500cb7] >> #18 /opt/samba345/sbin/smbd [0x947e15] >> #19 /opt/samba345/sbin/smbd(run_events+0x131) [0x6cb350] >> #20 /opt/samba345/sbin/smbd [0x6cb5b0] >> #21 /opt/samba345/sbin/smbd(_tevent_loop_once+0x84) [0x6cb929] >> #22 /opt/samba345/sbin/smbd(main+0xf17) [0x947b99] >> #23 /lib/libc.so.6(__libc_start_main+0xf4) [0x7fa3806481c4] >> #24 /opt/samba345/sbin/smbd [0x48e629] >> [2010/01/25 13:46:52, 0] lib/fault.c:326(dump_core) >> dumping core in /var/log/samba/cores/smbd > > Can you install the debug symbols, and try and > reproduce the problem please ? Open a bug at bugzilla.samba.org > and add the line: > > panic action = "/bin/sleep 99999" > > to the [global] section of your smb.conf. Once the crash > re-occurs, attach to the parent process of the sleep using > gdb, and then type "bt" to get a full backtrace with symbols. > > Attach this to the bug report please. > > Thanks ! > > Jeremy. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba From francesco.malvezzi at unimore.it Tue Jan 26 02:17:17 2010 From: francesco.malvezzi at unimore.it (Francesco Malvezzi) Date: Tue, 26 Jan 2010 10:17:17 +0100 Subject: [Samba] samba4 HEAD: unable to provision Message-ID: <4B5EB31D.7020907@unimore.it> I'm trying to install samba4 with openldap, as from http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP, I have got the yesterday realease, last git commit: commit 2024d4fb27514869d78e9bb39085f98e80413529 Date: Mon Jan 25 12:41:48 2010 +0100 My system is GNU/Debian Linux Lenny. ./configure --prefix=/opt/samba4 make sudo make install all worked ./setup/provision from the source4 dir fails with: ./setup/provision --realm=test.it --ldapadminpass=secret --ldap-backend-type=openldap --server-role='domain controller' --domain=test Administrator password will be set randomly! Traceback (most recent call last): File "./setup/provision", line 244, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb) File "bin/python/samba/provision.py", line 1182, in provision targetdir, sid_generator,useeadb) File "bin/python/samba/provision.py", line 471, in make_smbconf posixeadb_line = "posix:eadb = " + os.path.abspath(os.path.join(os.path.join(targetdir, "private"),"eadb.tdb")) File "/usr/lib/python2.5/posixpath.py", line 62, in join elif path == '' or path.endswith('/'): AttributeError: 'NoneType' object has no attribute 'endswith' What does it mean? What I did wrong? Just for the records, what is eadb? Is related to extended filesystem attributest? Server filesystem is xfs, so xattr is supported. Thank you for your help, Francesco From linuxbox at wavenet.at Tue Jan 26 02:58:05 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Tue, 26 Jan 2010 10:58:05 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> Message-ID: <4B5EBCAD.2040402@wavenet.at> Am 2010-01-26 10:53, schrieb Luiz Gustavo P Tonello: > I've had the same problem with Debian Lenny, when I compile latest Samba packet (3.4.5). > > But, I've resolved this adding repositories "testing" in my sources.list. > > After, I install Samba with apt-get. > > > -- > Luiz Gustavo P Tonello. > > > > Mhmm, I worry about that this would not work on Ubuntu - I don't want to mix up the distributions thats why I compiled samba from the sources ... What would be interesting - what krblib Version do you have on lenny? regards Martin From ptmusta at utu.fi Tue Jan 26 03:00:49 2010 From: ptmusta at utu.fi (mistofeles) Date: Tue, 26 Jan 2010 02:00:49 -0800 (PST) Subject: [Samba] User permissions, simple doc ? Message-ID: <27320256.post@talk.nabble.com> Is there some simple documentation about how to set the user permissons in a Samba server ? In my server I have the permissions like this: drwxrwx--- 3 mydemo domain users 4096 2009-12-29 08:19 mydemo Now the other users can not read nor write to this directory. If I copy this directory anywhere, anybody can read and write there. (I have my reasons to make a copy) Is there any way to make these directories PRIVATE to the owner only ? I have tried chmod and chown with various values . In smb.conf I have: [%U] comment = Own home dir path = /home/%U writeable = yes valid users = %U [BCK] comment = Here I copy the home dirs path = /BACKUP/backup browseable = yes read only = yes -- View this message in context: http://old.nabble.com/User-permissions%2C-simple-doc---tp27320256p27320256.html Sent from the Samba - General mailing list archive at Nabble.com. From Volker.Lendecke at SerNet.DE Tue Jan 26 03:07:09 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue, 26 Jan 2010 11:07:09 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <4B5EBCAD.2040402@wavenet.at> References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> <4B5EBCAD.2040402@wavenet.at> Message-ID: On Tue, Jan 26, 2010 at 10:58:05AM +0100, Martin Hochreiter wrote: > Am 2010-01-26 10:53, schrieb Luiz Gustavo P Tonello: > >I've had the same problem with Debian Lenny, when I compile latest Samba > >packet (3.4.5). > > > >But, I've resolved this adding repositories "testing" in my sources.list. > > > >After, I install Samba with apt-get. > > > > > >-- > >Luiz Gustavo P Tonello. > > > > > > > > > Mhmm, I worry about that this would not work on Ubuntu - > I don't want to mix up the distributions thats why I compiled > samba from the sources ... > > What would be interesting - what krblib Version do you have on lenny? BTW, can you upload a debug level 10 log for this crash? Maybe we can figure out what is happening from there, if valgrind or a gdb backtrace are impossible. Thanks, Volker From gustavo.tonello at gmail.com Tue Jan 26 03:12:04 2010 From: gustavo.tonello at gmail.com (Luiz Gustavo P Tonello) Date: Tue, 26 Jan 2010 08:12:04 -0200 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <4B5EBCAD.2040402@wavenet.at> References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> <4B5EBCAD.2040402@wavenet.at> Message-ID: <38AC994E-F6A2-41A0-9539-87C9729473CB@gmail.com> I have libkerb53 and libkerb5-dev (V. 1.6) -- Luiz Gustavo P Tonello. On Jan 26, 2010, at 7:58 AM, Martin Hochreiter wrote: > Am 2010-01-26 10:53, schrieb Luiz Gustavo P Tonello: >> I've had the same problem with Debian Lenny, when I compile latest Samba packet (3.4.5). >> >> But, I've resolved this adding repositories "testing" in my sources.list. >> >> After, I install Samba with apt-get. >> >> >> -- >> Luiz Gustavo P Tonello. >> >> >> >> > Mhmm, I worry about that this would not work on Ubuntu - > I don't want to mix up the distributions thats why I compiled > samba from the sources ... > > What would be interesting - what krblib Version do you have on lenny? > > > > regards > Martin From linuxbox at wavenet.at Tue Jan 26 03:18:32 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Tue, 26 Jan 2010 11:18:32 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> <4B5EBCAD.2040402@wavenet.at> Message-ID: <4B5EC178.3060705@wavenet.at> > BTW, can you upload a debug level 10 log for this crash? > Maybe we can figure out what is happening from there, if > valgrind or a gdb backtrace are impossible. > > Thanks, > > Volker > > Yes, I will do that around lunchtime - valgrind and debug symbols are complete new worlds for a simple sysadmin like me ... :) regards From eero.volotinen at iki.fi Tue Jan 26 03:37:57 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Tue, 26 Jan 2010 12:37:57 +0200 Subject: [Samba] User permissions, simple doc ? In-Reply-To: <27320256.post@talk.nabble.com> References: <27320256.post@talk.nabble.com> Message-ID: <385fe02c1001260237h1750c6adnf48b548c5fe3c09e@mail.gmail.com> 2010/1/26 mistofeles : > > Is there some simple documentation about how to set the user permissons in a > Samba server ? > > In my server I have the permissions like this: > drwxrwx--- 3 mydemo domain users 4096 2009-12-29 08:19 mydemo > Now the other users can not read nor write to this directory. > > If I copy this directory anywhere, anybody can read and write there. (I have > my reasons to make a copy) > Is there any way to make these directories PRIVATE to the owner only ? > I have tried chmod and chown with various values . > > In smb.conf I have: > [%U] > comment = Own home dir > path = /home/%U > writeable = yes > valid users = %U > [BCK] > comment = Here I copy the home dirs > path = /BACKUP/backup > browseable = yes > read only = yes Use acl on filesystem, see examples at: http://www.vanemery.com/Linux/ACL/linux-acl.html -- Eero, RHCE From linuxbox at wavenet.at Tue Jan 26 05:15:05 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Tue, 26 Jan 2010 13:15:05 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <4B5EC178.3060705@wavenet.at> References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> <4B5EBCAD.2040402@wavenet.at> <4B5EC178.3060705@wavenet.at> Message-ID: <4B5EDCC9.7000206@wavenet.at> > BTW, can you upload a debug level 10 log for this crash? > Maybe we can figure out what is happening from there, if > valgrind or a gdb backtrace are impossible. > > Thanks, > > Volker > Shame on me, but I don't get along with that - I let the 3.4.5 samba running for 5 minutes on debug level 1 and had a few smb_panic's in there. But If i run it on debug level 10 I don't find any words like "smb_panic" or "internal_error" - how do I know if a smb panic occured? regards Martin From Volker.Lendecke at SerNet.DE Tue Jan 26 05:49:11 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue, 26 Jan 2010 13:49:11 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: <4B5EDCC9.7000206@wavenet.at> References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> <4B5EBCAD.2040402@wavenet.at> <4B5EC178.3060705@wavenet.at> <4B5EDCC9.7000206@wavenet.at> Message-ID: On Tue, Jan 26, 2010 at 01:15:05PM +0100, Martin Hochreiter wrote: > > >BTW, can you upload a debug level 10 log for this crash? > >Maybe we can figure out what is happening from there, if > >valgrind or a gdb backtrace are impossible. > > > >Thanks, > > > >Volker > > > Shame on me, but I don't get along with that - > I let the 3.4.5 samba running for 5 minutes on debug level 1 > and had a few smb_panic's in there. > > But If i run it on debug level 10 I don't find any words like > "smb_panic" or "internal_error" - how do I know if a smb panic > occured? Maybe they just did not happen? Or maybe they are rotated away quickly? Maybe you want to set "max log size" larger for a while? Volker From linuxbox at wavenet.at Tue Jan 26 07:11:53 2010 From: linuxbox at wavenet.at (Martin Hochreiter) Date: Tue, 26 Jan 2010 15:11:53 +0100 Subject: [Samba] Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps In-Reply-To: References: <4B5DA9EA.8080408@wavenet.at> <20100126012615.GC8066@samba1> <1E15FFC1-CDC5-4F55-A41A-FFF06DE1DE11@gmail.com> <4B5EBCAD.2040402@wavenet.at> <4B5EC178.3060705@wavenet.at> <4B5EDCC9.7000206@wavenet.at> Message-ID: <4B5EF829.8070007@wavenet.at> Am 2010-01-26 13:49, schrieb Volker Lendecke: > > Maybe they just did not happen? Or maybe they are rotated > away quickly? Maybe you want to set "max log size" larger > for a while? > > Volker > > quick and simple - you where soo right! I let samba run for about an hour and have the information - I openend Bug 7063 and hopping for any hint to solve that :) regards From dale at BriannasSaladDressing.com Tue Jan 26 07:56:00 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Tue, 26 Jan 2010 08:56:00 -0600 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <20100126064431.GF15807@cc-mykerinos.onera> References: <4B015BF6.9060002@BriannasSaladDressing.com> <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> Message-ID: <4B5F0280.4070102@BriannasSaladDressing.com> On 01/26/2010 12:44 AM, Christian PERRIER wrote: > Quoting Jeremy Allison (jra at samba.org): > >> On Mon, Jan 25, 2010 at 11:14:31AM -0600, Dale Schroeder wrote: >> >>> This time, it seems to be an ADS specific winbind error. >>> >>> I have attempted with the current kernel - 2.6.32-trunk-686 and the >>> previous kernel - 2.6.30-2-686. >>> >>> What kind of encryption change has occurred, and which program is it >>> referring to as lacking the encryption type - samba or krb5? >>> >> This is a krb5 error. Try upgrading the krb5 libraries ? >> > Dale, can you send the output of "dpkg -s libkrb5-3" > > Sam Hartman is working hardly on krb5 these days. I can't check right > now but it's highly probable that Debian testing hasn't the same > version than unstable (1.7 in testing, 1.8 in unstable). > > So, Jeremy's advice is probably worth it if you have 1.7 version of > krb5 and if that solves your problems, then we might need to update > dependencies in samba packages. > Actually, I think it was the upgrade to 1.8 that caused the problem. Steve Langasek informed me that DES is disabled by default in 1.8 and gave me a link to documentation that indicated I need this in krb5.conf under [libdefaults]: allow_weak_crypto=true __________________________________________________________________ dpks -s libkrb5-3 Package: libkrb5-3 Status: install ok installed Priority: standard Section: libs Installed-Size: 888 Maintainer: Sam Hartman Architecture: i386 Source: krb5 Version: 1.8+dfsg~alpha1-4 Replaces: libkrb53 (<< 1.6.dfsg.4~beta1-7) Depends: libc6 (>= 2.9), libcomerr2 (>= 1.34), libk5crypto3 (>= 1.8+dfsg~alpha1), libkeyutils1, libkrb5support0 (= 1.8+dfsg~alpha1-4) Suggests: krb5-doc, krb5-user Conflicts: libapache-mod-auth-kerb (<= 4.996-5.0-rc6-2), libapache2-mod-auth-kerb (<= 4.996-5.0-rc6-2), ssh-krb5 (<< 3.8.1p1-10) Description: MIT Kerberos runtime libraries Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the Kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos V5. . This package contains the runtime library for the main Kerberos v5 API used by applications and Kerberos clients. Homepage:http://web.mit.edu/kerberos/ _____________________________________________________________________ Enabling DES has only been mostly successful. One system running stable (3.2.5) could now rejoin the domain, shares are accessible, but getent and wbinfo give no output. The other system running testing (3.4.3) still gives the encryption error on a testjoin, shows correct info with getent and wbinfo (now minus the panics), and allows access to shares based on user permissions, but fails with group permissions. An attempt to rejoin the domain still fails. However, winbind has never worked for me in testing, so this doesn't really mean much. I see that libkrb5-3 is being updated again today to 1.8+dfsg~alpha1-5 and will try it as soon as apt-get update quits throwing "Hash sum mismatch" errors. Additionally, I will attempt Samba unstable (3.4.5). There are still errors, but things are improving. Advice is very welcome. Thanks, Dale From rob at steinmetznet.com Tue Jan 26 08:06:00 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Tue, 26 Jan 2010 09:06:00 -0600 Subject: [Samba] Problem Samba Share In-Reply-To: <5a8aa6681001252253m63e808d3x6ce3fd53a47a1ded@mail.gmail.com> References: <4B5E22F1.1070602@steinmetznet.com> <5a8aa6681001252253m63e808d3x6ce3fd53a47a1ded@mail.gmail.com> Message-ID: <4B5F04D8.60607@steinmetznet.com> You are correct! Thank you for catching that. I hope someone can help with the problem. I should learn to type. I wonder why this list is not set up to insert a "Reply To" header. I imagine a lot of stuff gets lost because of that. I don't use this list much so I'm always forgetting. Michael Wood wrote: > 2010/1/26 Robert Steinmetz AIA: > >> I'm running out of things to check. >> >> I have two servers running Samba 2.3.3, one as a Domain Controller one as a >> > Sorry, I don't know what's causing your problems, but I suspect you > mean version 3.2.3, which is what Ubuntu 8.10 ships with. > > http://packages.ubuntu.com/intrepid/samba > > The "2:" is not part of the Samba version number. It's an "epoch", > which is explained in Debian's policy manual as follows: > > "It is provided to allow mistakes in the version numbers of older > versions of a package, and also a package's previous version numbering > schemes, to be left behind." > > http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Version > > -- Robert Steinmetz, AIA Principal Steinmetz & Associates From kseeger at samba.org Tue Jan 26 08:43:51 2010 From: kseeger at samba.org (Karolin Seeger) Date: Tue, 26 Jan 2010 16:43:51 +0100 Subject: [Samba] [Announce] Samba 3.5.0rc2 Available for Download Message-ID: Release Announcements ===================== This is the second release candidate of Samba 3.5. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.5.0 include: General changes: o Add support for full Windows timestamp resolution o The Using Samba HTML book has been removed. o 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind. Protocol changes: o Experimental implementation of SMB2 Printing Changes: o Add encryption support for connections to a CUPS server Winbind changes: o Major refactoring o Asynchronous VFS modules: o New vfs_scannedonly module has been added. General changes: ================ Support for full Windows timestamp resolution has been added. This effectively makes us use Windows' full 100ns timestamp resolution if supported by the kernel (2.6.22 and higher) and the glibc (2.6 and higher). The Using Samba HTML book has been removed from the Samba tarball. It is still available at http://www.samba.org/samba/docs/using_samba/toc.html. Samba client tools like 'net', 'smbclient' and libsmbclient can use the user credentials cached by Winbind at logon time. This is very useful e.g. when connecting to a Samba server using Nautilus without re-entering username and password. This feature is enabled by default and can be disabled per application by setting the LIBSMBCLIENT_NO_CCACHE environment variable. Protocol changes ================ An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be enabled by setting "max protocol = smb2". SMB2 is a new implementation of the SMB protocol used by Windows Vista and higher. Printing Changes ================ A new parameter "cups encrypt" has been added to control whether connections to CUPS servers will be encrypted or not. The default is to use unencrypted connections. Winbind changes =============== The Winbind daemon has been refactored internally to be asynchronous. The new Winbind will not be blocked by running 'getent group' or 'getent passwd'. VFS modules =========== A new VFS module "scannedonly" has been added. This is a filter that talks to an antivirus-engine and stores whether a file is clean or not. Users do only see clean files on their filesystem. ###################################################################### Changes ####### smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------- create krb5 conf New yes ctdb timeout New 0 cups encrypt New no debug hires timestamp Changed Default yes ldap deref New auto ldap follow referral New auto New configure options --------------------- --enable-external-libtdb Enable external tdb --enable-netapi Turn on netapi support --enable-pthreadpool Enable pthreads pool helper support --with-cifsumount Include umount.cifs (Linux only) support --with-codepagedir=DIR Where to put codepages Commit Highlights ================= o Bj?rn Jacke * Add support for full Windows timestamp resolution. * Add encryption support for connections to a CUPS server. o Volker Lendecke * Major internal refactoring of the Winbind daemon. * Make Winbind asynchronous. * Make 'net', 'smbclient' and libsmbclient use the logon credentials cached by Winbind. o Stefan Metzmacher * Implement the new SMB2 protocol (experimental). Changes since 3.5.0rc1 ---------------------- o Michael Adam * BUG 4347: Check password history before increasing "badPasswordCount". o Jeremy Allison * BUG 5202: Fix changing of ACLs on writable file with "dos filemode=yes". * BUG 6876: Fix deletion of an object whose parent folder does not have delete rights fails even if the delete right is set on the object in vfs_acl_xattr and vfs_acl_tdb. * BUG 7033: Fix SMBrmdir error message when deleting a directory fails. * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. * BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. o Giovanni Bajo * BUG 7029: Disable sanity check in NetShareEnum for better compatibility with Windows. o Kai Blin * BUG 7039: Fix compile error with WITH_DNS_UPDATE. Update .po files. o G?nther Deschner * BUG 7043: Fix crash bug in libsmbclient. o Andr? Hentschel * BUG 7039: Complete German translation of 'net'. o Bj?rn Jacke * BUG 7039: Improve some German translations in 'net'. o William Jojo * BUG 7052: Fix DFS on AIX. o Volker Lendecke * BUG 6981: Fix large paged search with DirX LDAP servers. * BUG 7027: Fix a segfault in winbindd_dual_ccache_ntlm_auth(). * BUG 7037: Fix a Winbind segfault in "trusted_domains". * BUG 7046: Fix libsmbclient crash against OpenSolaris CIFS server. * BUG 7062: Make 'net', 'smbclient' and libsmbclient use the logon credentials cached by Winbind. * Lock down some srvsvc calls according to what w2k3 seems to do. o Stefan Metzmacher * BUG 6157: Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap. o SASAJIMA Toshihiro * BUG 7034: Fix segfault in vfs_cap. o Olivier Sessink * BUG 7028: Add new scannedonly VFS module. Changes since 3.5.0pre2 ----------------------- o Jeremy Allison * BUG 6837: Fix "Too many open files" when trying to access large number of files with Windows 7. * BUG 6939: Fix long filenames when "mangling method" is set to "hash". * BUG 7020: Fix smbd using 2G memory. * Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. * Vector correctly through reply_openerror() (which uses the same logic). * Fix bugs with the full Windows ACL support. o Kai Blin * Add a few missing gettext calls to the 'net' command. * Fix up a share type translation and translate some more strings in 'net'. o G?nther Deschner * Allow to call "pdbedit -N description -u user" without specifiyng "-r". * Add spoolss_DriverInfo7. * Fix rpcclient after setprinter IDL fixes. * Use generated krb5.conf in 'net ads testjoin'. o Jonas Gorski * BUG 6992: make test for getgrouplist cacheable. o Andr? Hentschel * Add some German translations for the 'net' command. o Suresh Jayaraman * Update mount.cifs man page with nounix option. o Volker Lendecke * Fix _samr_GetAliasMembership for results with 0 rids. * Fix an error case in cli_negprot. * Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. * Restore correct timeouts for SMB requests. * Fix a 64-bit error in libsmb. * Replace IS_DOMAIN_OFFLINE by a function in Winbind. * Simplify/cleanup Winbind code. o Kamen Mazdrashki * Fix write behind memory block in libtalloc. * Fix result check for getaddrinfo(). o Jim McDonough * BUG 7014: Fix Winbind crash when retrieving empty group members. o Brian Lu * BUG 6991: Create symbol links to shared libraries. o Stefan Metzmacher * Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. * Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. * Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. * Fix standalone 'make installdocs'. o Peter Rosin * Output %p as unsigned in snprintf replacement. o Ronnie Sahlberg * New attempt at TDB transaction nesting allow/disallow. o Kirill Smelkov * Remove swig stuff from libtdb. * Reset tdb->fd to -1 in tdb_close() in libtdb. o Simo Sorce * Change the way mksysms work in libtalloc. o Jelmer Vernooij * Also build and install tdb manpages from standalone tdb. o Bo Yang * Fix infinite loop in NCACN_IP_TCP as there is no timeout. * Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. * List trusted domains from wcache when domain is offline. Changes since 3.5.0pre1 ----------------------- o Michael Adam * Fix the build when no external talloc and tdb are installed. * Fix detection of CTDB headers on systems without system-libtalloc. o Jeremy Allison * BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. * BUG 6837: "Too many open files" when trying to access large number of files from Windows 7. * BUG 6938 : No hook exists to check creation rights when using acl_xattr module. * Fix vfs_acl_xattr which was failing to call the NEXT connect function. * Restructure the ACL code. * Refactor reply_rmdir to use handle based code. o Dan Cox * BUG 2350: Add LDAP Alias Dereferencing support. o G?nther Deschner * BUG 6929: Fix build with recent heimdal. * Fix several printing issues. * Fix the build on Mac OS X 10.6.2. * Fix net and rpcclient after setprinterdataex changes. * Add full support for level 8 printer drivers. * Add more spoolss architectures to IDL. * Fix enumprinter key client and server. * Fix crash in EnumPrinterDataEx. o Bj?rn Jacke * Prefer posix_fallocate for doing "strict allocate". o Matt Kraai * BUG 6860: Fix shared library build on QNX. o Volker Lendecke * BUG 6288: SWAT adds a second share when changing parameters of an existing share. * BUG 6435: Fix minor memory corruption. * Restore "fake directory create times" as a share parameter. * Fix explicit stat64 support. * Add support for NetWkstaGetInfo 101 and 102. * Add rpcclient wkssvc_enumerateusers. * De-deprecate "write cache size" to prevent its removal without a proper alternative. * Allow more than 1000 users in BUILTIN\Users. o Jim McDonough * BUG 6967: Prevent glibc error on 'net ads join'. o Lars M?ller * BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. o Ian Puleston * Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. o Karolin Seeger * Fix the build of the example VFS modules. o Bo Yang * BUG 6879: Fix crash in Winbind. * Fix crash in free_file_list(). * Give the user a chance to change password when password will expire soon. ###################################################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From rob at steinmetznet.com Tue Jan 26 08:59:35 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Tue, 26 Jan 2010 09:59:35 -0600 Subject: [Samba] Missing record in share-info.tdb Message-ID: <4B5F1167.1060402@steinmetznet.com> I may have a clue. I have two servers running Samba 3.2.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. On the Member Server when I access the [Projects] share everything works as expected. When I access the [Windows] share I get prompted for a user name and password but no combination works If I comment out the "force group" then [Windows] mostly works but not there are issues with one application which will gives error indication it cant create files. I have begun looking in the various .tdb files and have found that there is no entry for the [Windows] share in share_info.tdb root at louise:/var/lib/samba# tdbtool tdb> open share_info.tdb tdb> keys key 15 bytes: SECDESC/Hamlet key 18 bytes: SECDESC/Recovered key 14 bytes: SECDESC/Sigma key 14 bytes: SECDESC/Vault key 15 bytes: SECDESC/Office key 16 bytes: SECDESC/Testing key 13 bytes: INFO/version key 17 bytes: SECDESC/Projects tdb> The question now is how do I add a record and why isn't it there? I did discover that tdb-tools package was missing from this server (or had been removed or disables). I had to add it back. -- Robert Steinmetz, AIA Principal Steinmetz & Associates From rob at steinmetznet.com Tue Jan 26 09:35:18 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Tue, 26 Jan 2010 10:35:18 -0600 Subject: [Samba] Missing record in share-info.tdb - More information and testing In-Reply-To: <4B5F1167.1060402@steinmetznet.com> References: <4B5F1167.1060402@steinmetznet.com> Message-ID: <4B5F19C6.8040502@steinmetznet.com> From testparm notice the [Windows] share is listed. Processing section "[printers]" Processing section "[print$]" Processing section "[Hamlet]" Processing section "[Projects]" Processing section "[Office]" Processing section "[Sigma]" Processing section "[Windows]" Processing section "[Recovered]" Processing section "[Vault]" Processing section "[Testing]" It appears that share-info.tdb is not being properly updated. To test I added a new share and it showed up in testparm with no error but after restarting Samba nothing was added to share-info.tdb. None of the .tdb files seem to have been updated in several months, which isn't surprising since the Samba configuration of this server hasn't changed in months. Robert Steinmetz AIA wrote: > I may have a clue. > > I have two servers running Samba 3.2.3, one as a Domain Controller one > as a Member Server. > Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb > back end are running on both. > > On the Member Server when I access the [Projects] share everything > works as expected. When I access the [Windows] share I get prompted > for a user name and password but no combination works > If I comment out the "force group" then [Windows] mostly works but not > there are issues with one application which will gives error > indication it cant create files. > > I have begun looking in the various .tdb files and have found that > there is no entry for the [Windows] share in share_info.tdb > > root at louise:/var/lib/samba# tdbtool > tdb> open share_info.tdb > tdb> keys > key 15 bytes: SECDESC/Hamlet > key 18 bytes: SECDESC/Recovered > key 14 bytes: SECDESC/Sigma > key 14 bytes: SECDESC/Vault > key 15 bytes: SECDESC/Office > key 16 bytes: SECDESC/Testing > key 13 bytes: INFO/version > key 17 bytes: SECDESC/Projects > tdb> > > The question now is how do I add a record and why isn't it there? > I did discover that tdb-tools package was missing from this server (or > had been removed or disables). I had to add it back. Robert Steinmetz AIA wrote: > I may have a clue. > > I have two servers running Samba 3.2.3, one as a Domain Controller one > as a Member Server. > Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb > back end are running on both. > > On the Member Server when I access the [Projects] share everything > works as expected. When I access the [Windows] share I get prompted > for a user name and password but no combination works > If I comment out the "force group" then [Windows] mostly works but not > there are issues with one application which will gives error > indication it cant create files. > > I have begun looking in the various .tdb files and have found that > there is no entry for the [Windows] share in share_info.tdb > > root at louise:/var/lib/samba# tdbtool > tdb> open share_info.tdb > tdb> keys > key 15 bytes: SECDESC/Hamlet > key 18 bytes: SECDESC/Recovered > key 14 bytes: SECDESC/Sigma > key 14 bytes: SECDESC/Vault > key 15 bytes: SECDESC/Office > key 16 bytes: SECDESC/Testing > key 13 bytes: INFO/version > key 17 bytes: SECDESC/Projects > tdb> > > The question now is how do I add a record and why isn't it there? > I did discover that tdb-tools package was missing from this server (or > had been removed or disables). I had to add it back. -- Robert Steinmetz, AIA Principal Steinmetz & Associates From esiotrot at gmail.com Tue Jan 26 10:08:17 2010 From: esiotrot at gmail.com (Michael Wood) Date: Tue, 26 Jan 2010 19:08:17 +0200 Subject: [Samba] samba4 HEAD: unable to provision In-Reply-To: <4B5EB31D.7020907@unimore.it> References: <4B5EB31D.7020907@unimore.it> Message-ID: <5a8aa6681001260908mdd195feob617b719da3ea8a3@mail.gmail.com> 2010/1/26 Francesco Malvezzi : > I'm trying to install samba4 with openldap, as from > http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP, > > I have got the yesterday realease, last git commit: > commit 2024d4fb27514869d78e9bb39085f98e80413529 > Date: ? Mon Jan 25 12:41:48 2010 +0100 > > My system is GNU/Debian Linux Lenny. > > ./configure --prefix=/opt/samba4 > make > sudo make install > > all worked > > ./setup/provision from the source4 dir fails with: > > ./setup/provision --realm=test.it --ldapadminpass=secret > --ldap-backend-type=openldap --server-role='domain controller' --domain=test > > Administrator password will be set randomly! > Traceback (most recent call last): > ?File "./setup/provision", line 244, in > ? ?nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb) > ?File "bin/python/samba/provision.py", line 1182, in provision > ? ?targetdir, sid_generator,useeadb) > ?File "bin/python/samba/provision.py", line 471, in make_smbconf > ? ?posixeadb_line = "posix:eadb = " + > os.path.abspath(os.path.join(os.path.join(targetdir, "private"),"eadb.tdb")) > ?File "/usr/lib/python2.5/posixpath.py", line 62, in join > ? ?elif path == '' or path.endswith('/'): > AttributeError: 'NoneType' object has no attribute 'endswith' > > What does it mean? What I did wrong? targetdir was None when that part of the code ran and os.path.join() didn't like that. I think you might be able to use --targetdir=... on the command line, but the help text ("Set target directory") is as helpful as a comment like: x++; /* increment x */ > Just for the records, what is ?eadb? Is related to extended filesystem > attributest? Server filesystem is xfs, so xattr is supported. > > Thank you for your help, -- Michael Wood From rob at steinmetznet.com Tue Jan 26 10:14:47 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Tue, 26 Jan 2010 11:14:47 -0600 Subject: [Samba] Missing record in share-info.tdb - More information and testing - Error log In-Reply-To: <4B5F19C6.8040502@steinmetznet.com> References: <4B5F1167.1060402@steinmetznet.com> <4B5F19C6.8040502@steinmetznet.com> Message-ID: <4B5F2307.60602@steinmetznet.com> Error in log files; log.wb-BUILTIN.old:[2010/01/12 09:51:37, 2] lib/util_tdb.c:tdb_log(682) log.wb-BUILTIN.old: tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory This error occurs many times and is present is other wb- logs. root at louise:/var/run/samba# ls -l total 544 -rw-r--r-- 1 root root 40200 2010-01-26 11:22 brlock.tdb -rw-r--r-- 1 root root 90112 2010-01-26 11:34 connections.tdb -rw-r--r-- 1 root root 12288 2010-01-22 09:03 gencache.tdb -rw-r--r-- 1 root root 61440 2010-01-26 11:33 locking.tdb -rw------- 1 root root 94208 2010-01-25 17:12 messages.tdb -rw------- 1 root root 696 2010-01-22 09:03 mutex.tdb -rw-r--r-- 1 root root 6989 2010-01-24 07:44 namelist.debug -rw-r--r-- 1 root root 6 2010-01-26 11:22 nmbd.pid -rw-r--r-- 1 root root 16384 2010-01-26 11:33 notify.tdb -rw-r--r-- 1 root root 163840 2010-01-26 11:34 sessionid.tdb -rw-r--r-- 1 root root 6 2010-01-26 11:22 smbd.pid -rw-r--r-- 1 root root 28672 2010-01-26 11:22 unexpected.tdb -rw-r--r-- 1 root root 5 2010-01-25 15:00 winbindd.pid drwxr-x--- 2 root winbindd_priv 60 2010-01-25 15:00 winbindd_privileged root at louise:/var/run/samba# tdbtool tdb> open unexpected.tdb tdb> keys tdb> dump tdb> info 0 records totalling 0 bytes tdb> Robert Steinmetz AIA wrote: > From testparm notice the [Windows] share is listed. > > Processing section "[printers]" > Processing section "[print$]" > Processing section "[Hamlet]" > Processing section "[Projects]" > Processing section "[Office]" > Processing section "[Sigma]" > Processing section "[Windows]" > Processing section "[Recovered]" > Processing section "[Vault]" > Processing section "[Testing]" > > It appears that share-info.tdb is not being properly updated. > > To test I added a new share and it showed up in testparm with no error > but after restarting Samba nothing was added to share-info.tdb. None > of the .tdb files seem to have been updated in several months, which > isn't surprising since the Samba configuration of this server hasn't > changed in months. > > Robert Steinmetz AIA wrote: >> I may have a clue. >> >> I have two servers running Samba 3.2.3, one as a Domain Controller >> one as a Member Server. >> Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb >> back end are running on both. >> >> On the Member Server when I access the [Projects] share everything >> works as expected. When I access the [Windows] share I get prompted >> for a user name and password but no combination works >> If I comment out the "force group" then [Windows] mostly works but >> not there are issues with one application which will gives error >> indication it cant create files. >> >> I have begun looking in the various .tdb files and have found that >> there is no entry for the [Windows] share in share_info.tdb >> >> root at louise:/var/lib/samba# tdbtool >> tdb> open share_info.tdb >> tdb> keys >> key 15 bytes: SECDESC/Hamlet >> key 18 bytes: SECDESC/Recovered >> key 14 bytes: SECDESC/Sigma >> key 14 bytes: SECDESC/Vault >> key 15 bytes: SECDESC/Office >> key 16 bytes: SECDESC/Testing >> key 13 bytes: INFO/version >> key 17 bytes: SECDESC/Projects >> tdb> >> >> The question now is how do I add a record and why isn't it there? >> I did discover that tdb-tools package was missing from this server >> (or had been removed or disables). I had to add it back. > Robert Steinmetz AIA wrote: >> I may have a clue. >> >> I have two servers running Samba 3.2.3, one as a Domain Controller >> one as a Member Server. >> Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb >> back end are running on both. >> >> On the Member Server when I access the [Projects] share everything >> works as expected. When I access the [Windows] share I get prompted >> for a user name and password but no combination works >> If I comment out the "force group" then [Windows] mostly works but >> not there are issues with one application which will gives error >> indication it cant create files. >> >> I have begun looking in the various .tdb files and have found that >> there is no entry for the [Windows] share in share_info.tdb >> >> root at louise:/var/lib/samba# tdbtool >> tdb> open share_info.tdb >> tdb> keys >> key 15 bytes: SECDESC/Hamlet >> key 18 bytes: SECDESC/Recovered >> key 14 bytes: SECDESC/Sigma >> key 14 bytes: SECDESC/Vault >> key 15 bytes: SECDESC/Office >> key 16 bytes: SECDESC/Testing >> key 13 bytes: INFO/version >> key 17 bytes: SECDESC/Projects >> tdb> >> >> The question now is how do I add a record and why isn't it there? >> I did discover that tdb-tools package was missing from this server >> (or had been removed or disables). I had to add it back. > > -- Robert Steinmetz, AIA Principal Steinmetz & Associates From holm at informatik.umu.se Tue Jan 26 10:01:14 2010 From: holm at informatik.umu.se (=?iso-8859-1?b?xWtl?= Holmlund) Date: Tue, 26 Jan 2010 17:01:14 +0000 (UTC) Subject: [Samba] Can't connect to printers from Win 2008 and Win 7 Message-ID: Hello! We have problems connecting to printers (spoolss) from Windows Server 2008 (64-bit, domain member) and Windows 7 (64-bit, NOT domain member). When trying to connect to the printers we get an error message saying "Windows cannot connect to the printer. Operation could not be completed (error 0x0000000d)". Connecting as a "standard" user or a domain administrator makes no difference. If I try to add a printer on the server from Windows 2008, there are no ports to choose from in the "Choose a printer port" dialog. Connecting to the printers is no problem from Win XP, Win Vista and Win 2003 (all 32-bit). When trying to add a printer from Windows 2003, the "Samba Printer Port" shows up in the "Choose a printer port" dialog. The Samba (domain) server is 3.4.4 running on Solaris 10 (Sparc). Any ideas what the problem can be or where to start looking? --- ?ke Holmlund Ume? University Dept of Informatics Ume? SWEDEN From gaiseric.vandal at gmail.com Tue Jan 26 10:41:15 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Tue, 26 Jan 2010 12:41:15 -0500 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <4B5E0BCE.9080300@semark.dk> References: <4B5E0BCE.9080300@semark.dk> Message-ID: <4B5F293B.6020909@gmail.com> On 01/25/10 16:23, Henrik Dige Semark wrote: > I have a serous problem. > > I have for some time now tried to get an SAMBA based Domain Controller > working. > I have tried with OpenLDAP and tdbsam as backend, but I get the same > error every time. > > I wood prefer to use LDAP as my backend. > I have read tons of how-to SAMBA + LDAP, but non of the seams to work > for my, is there someone that maybe can see what I have done rung in > my config.? > > I have attached my samba conf and LDAP conf. > > Samba is connected to OpenLDAP, and LDAP is running fine. > But when I try to join my Windows XP Pro SP3 I takes about one Min and > it tells my that Username and/or Password maybe rung, ore not existing. > > There is no doubt that Samba and Ldap is talking together (samba have > updated the SID and RID's), cause when I try to join the domain LDAP > is activated, but the return value is somehow disappearing on the way > back to my client > > I have some wireshark dump that I can provide if its necessary. > I can provide LOGS, DUMPS, and everything needed if its necessary. > > System info: > Clean installed Debian Lenny (5.0.3) > Clean installed Samba 3.2.5 + Winbind 3.2.5 > Clean installed OpenLDAP 2.4.11 (slapd)Did you > > > Debian default smbldap-tools (smbldap-populate is working and have > populated LDAP without problems) > if there is something I have forgotten please just ask for it, I'm > close to be desperate.! > > --- > Med Venlig Hilsen / Best regards > Henrik Dige Semark > > Did you join the PDC to the domain (not sure of the exact syntax from memory, but something along the lines of "net join" ..) With an LDAP backend you should see an ldap entry created for the DOMAIN. I also found under LDAP on solaris that syncing passwords between windows and unix was a little tricky, so you may want to also temp try disabling the unix password sync until you have at least got machines joining the domain. From Progman2000 at usa.net Tue Jan 26 11:44:22 2010 From: Progman2000 at usa.net (Daniel Johnson) Date: Tue, 26 Jan 2010 12:44:22 -0600 (CST) Subject: [Samba] Printer sharing with 64-bit Windows clients Message-ID: <32030.65.118.50.246.1264531462.squirrel@mail.progman.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a problem accessing a CUPS/Samba shared printer on a Windows XP x64 Professional system (WinNT5.2 kernel). It seems from my searching that this is a problem affecting only 64-bit Windows clients, but perhaps not all 64-bit Windows clients. See also: https://bugs.launchpad.net/fedora/+bug/482836 http://ubuntuforums.org/showthread.php?p=8263192 I'm running Samba v3.4.5 on a 32-bit Slackware v13 virtual machine, Linux kernel v2.6.29.6. CUPS is v1.3.11. I have produced a log level 5 output showing two clients connecting to the Samba system and trying to view properties on the printer. The 32-bit client "Manager2b" succeeds, the 64-bit client "MasterIm64VM" does not. The logs (and config) are in http://thor.chguernsey.com/temp/samba3.4.5logs-0.tgz (116kb, MD5SUM 04672e49116c4596820812db5cb8cdfb). Detailed steps: Both clients can browse to \\PrintA\ and see the printer "LJ2200-A" and the "Printers and Faxes" icon. Double-clicking the "Printers and Faxes" icon works and shows the printer again (now with "Add Printer" above it) BUT the 64-bit system shows the printer name as a box now. Copying and pasting that box gives the non-ASCII hex values "e3 a0 88". Right-clicking the entry and selecting Properties gives a box with a red X saying "Printer properties cannot be displayed. Either the printer name was typed incorrectly, or the specified printer has lost its connection to the server. For more information, click Help." The first obvious issue I see in the log occurs at line 14,505 in s.masterim64vm: [2010/01/26 11:39:01, 4] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \\PrintA\? <88> For what it's worth, another server running Samba v3.4.3 with CUPS v1.3.7 has no problems with 64-bit clients (so far). I have been unable install Samba v3.4.3 on the first server...Neither 32-bit nor 64-bit systems are able to connect at all with v3.4.3 running on the server. Daniel Johnson Progman2000 at usa.net / djohnson at progman.us -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFLXzdF6vGcUBY+ge8RAkc3AKCTOwImjekcpqaQTGgls5G+2dbFswCfRQlZ TqPNESxDbqko2KvL8mi50k4= =TUjQ -----END PGP SIGNATURE----- From dgcoventry at gmail.com Tue Jan 26 11:50:01 2010 From: dgcoventry at gmail.com (Dave Coventry) Date: Tue, 26 Jan 2010 20:50:01 +0200 Subject: [Samba] Permissions Message-ID: <4cba5adc1001261050i7820523en8f39c926ca839348@mail.gmail.com> I have user who have access to their home directories on the samba server. The supervisor has access to these home directories. When the supervisor creates a file the ownership of the file is in his name and the user cannot access it. (well, she can access it, but cannot write to it) Is there any way to get around this? From drescherjm at gmail.com Tue Jan 26 11:53:36 2010 From: drescherjm at gmail.com (John Drescher) Date: Tue, 26 Jan 2010 13:53:36 -0500 Subject: [Samba] Permissions In-Reply-To: <4cba5adc1001261050i7820523en8f39c926ca839348@mail.gmail.com> References: <4cba5adc1001261050i7820523en8f39c926ca839348@mail.gmail.com> Message-ID: <387ee2021001261053m6ff696e6r87b470118f3dca5d@mail.gmail.com> > I have user who have access to their home directories on the samba server. > > The supervisor has access to these home directories. > > When the supervisor creates a file the ownership of the file is in his > name and the user cannot access it. (well, she can access it, but > cannot write to it) > > Is there any way to get around this? Yes. You need to configure samba properly and configure your posix file system properly. However, without any information about your setup no one can help. -- John M. Drescher From eero.volotinen at iki.fi Tue Jan 26 11:58:45 2010 From: eero.volotinen at iki.fi (Eero Volotinen) Date: Tue, 26 Jan 2010 20:58:45 +0200 Subject: [Samba] Permissions In-Reply-To: <387ee2021001261053m6ff696e6r87b470118f3dca5d@mail.gmail.com> References: <4cba5adc1001261050i7820523en8f39c926ca839348@mail.gmail.com> <387ee2021001261053m6ff696e6r87b470118f3dca5d@mail.gmail.com> Message-ID: <385fe02c1001261058h46872054g7e952bd2400d0ab1@mail.gmail.com> 2010/1/26 John Drescher : >> I have user who have access to their home directories on the samba server. >> >> The supervisor has access to these home directories. >> >> When the supervisor creates a file the ownership of the file is in his >> name and the user cannot access it. (well, she can access it, but >> cannot write to it) >> >> Is there any way to get around this? > > Yes. You need to configure samba properly and configure your posix > file system properly. Just use filesystem acls correctly on filesystem. -- Eero From smb23wc at gmail.com Tue Jan 26 12:06:19 2010 From: smb23wc at gmail.com (smb23wc at gmail.com) Date: Tue, 26 Jan 2010 14:06:19 -0500 Subject: [Samba] Windows printer driver setup - editing .TDB files Message-ID: <4B5F3D2B.5040704@gmail.com> Hi Everyone, I'm running Samba 3.3.4 on FreeBSD with Windows XP clients. Short version of question: How do I get Samba to "forget" about a printer and its drivers, so I can install a fresh version? A while back, I set up a few printer shares, and used the "add printer wizard" to upload the windows drivers to Samba (just like it's spelled out in the HOWTO book, "Chapter 21. Classical Printing Support") and everything went well. Now I'm trying to add another printer, and I can not get the thing to go into the "add printer wizard". It acts like it already has a driver for this printer. Per the instructions, I browse to the Samba "Printers and faxes" folder, and enter "properties" for the printer share, but no APW comes up. I've tried renaming the share; same thing. I figured out tdbtool and have gone through the files trying to remove any references to the share name, but no luck. What am I missing here? -Thanks, Wayne From dale at BriannasSaladDressing.com Tue Jan 26 14:13:20 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Tue, 26 Jan 2010 15:13:20 -0600 Subject: [Samba] Permissions In-Reply-To: <4cba5adc1001261050i7820523en8f39c926ca839348@mail.gmail.com> References: <4cba5adc1001261050i7820523en8f39c926ca839348@mail.gmail.com> Message-ID: <4B5F5AF0.3090901@BriannasSaladDressing.com> On 01/26/2010 12:50 PM, Dave Coventry wrote: > I have user who have access to their home directories on the samba server. > > The supervisor has access to these home directories. > > When the supervisor creates a file the ownership of the file is in his > name and the user cannot access it. (well, she can access it, but > cannot write to it) > > Is there any way to get around this? > Ensure that the directory has the correct permissions, then add this to the share definition: inherit owner = Yes From cguzmana at gmail.com Tue Jan 26 14:22:38 2010 From: cguzmana at gmail.com (Claudio Guzman) Date: Tue, 26 Jan 2010 18:22:38 -0300 Subject: [Samba] Samba access Windows Vista and Seven Message-ID: <604595c11001261322v60480a9dm6bc7cbe4553b761f@mail.gmail.com> need to update some settings or install any special protocol? best regards From martin_thomas at mcafee.com Tue Jan 26 15:37:36 2010 From: martin_thomas at mcafee.com (Martin Thomas) Date: Tue, 26 Jan 2010 22:37:36 +0000 (UTC) Subject: [Samba] Net command address resolution Message-ID: Running samba3.4.3, I notice the net command has address resolution problems but not for all sub-commands. Bad: bin/net -s /home/martin/smb.conf -I172.21.0.156 -Ulab/dev%dev rpc share list Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED) Good: bin/net -s /home/martin/smb.conf -I172.21.0.156 -Ulab/dev%dev rpc group None boinc_admins boinc_projects boinc_users Debugger Users ... If I repeat the first command after changing -I (explicit IP address) to -S (servername) then I get success: bin/net -s /home/martin/smb.conf -S172.21.0.156 -Ulab/dev%dev rpc share list IPC$ D$ ADMIN$ H$ C$ Should I go ahead and submit a bug? Thanks // Martin From paul at dugasenterprises.com Tue Jan 26 16:26:20 2010 From: paul at dugasenterprises.com (Paul Dugas) Date: Tue, 26 Jan 2010 23:26:20 +0000 Subject: [Samba] Disable Share Message-ID: <543757189-1264548376-cardhu_decombobulator_blackberry.rim.net-1632723656-@bda615.bisx.prod.on.blackberry> Can anyone help me get "net rap session close" or something like it to close the session for a given user without needing to run as root? I can disable the user but it doesn't terminate active sessions. Thx in advance for any suggestions. Paul __ Paul Dugas -- 404.932.1355 -- paul at dugasenterprises.com From prynhart at gmail.com Tue Jan 26 18:59:38 2010 From: prynhart at gmail.com (Patrick Rynhart) Date: Wed, 27 Jan 2010 14:59:38 +1300 Subject: [Samba] Users from trusted domains get "Your Password expires today" in 3.4.3 In-Reply-To: <4B3B872B.7000807@ru.acad.bg> References: <4B3B872B.7000807@ru.acad.bg> Message-ID: Hi Deyan, We have noticed this issue also. I have opened a bug report regarding this at: https://bugzilla.samba.org/show_bug.cgi?id=7066 Regards, Patrick -- Dr Patrick Rynhart Linux Systems Administrator / Team Leader IT Support Group School of Engineering and Advanced Technology AgHort A Room 3.61 Turitea Campus Massey University NEW ZEALAND Phone +64 6 356 9099 extn 2444 From francesco.malvezzi at unimore.it Wed Jan 27 01:30:01 2010 From: francesco.malvezzi at unimore.it (Francesco Malvezzi) Date: Wed, 27 Jan 2010 09:30:01 +0100 Subject: [Samba] samba4 HEAD: unable to provision In-Reply-To: <5a8aa6681001260908mdd195feob617b719da3ea8a3@mail.gmail.com> References: <4B5EB31D.7020907@unimore.it> <5a8aa6681001260908mdd195feob617b719da3ea8a3@mail.gmail.com> Message-ID: <4B5FF989.3050603@unimore.it> > targetdir was None when that part of the code ran and os.path.join() > didn't like that. I think you might be able to use --targetdir=... on > the command line, but the help text ("Set target directory") is as > helpful as a comment like: > > x++; /* increment x */ > Thank you! It fixed it, well, actually it fixed that issue. Now I'm stuck with "samba.provisionexceptions.ProvisioningError: slapd died before we could make a connection to it" because slapd_provision_command: "/usr/local/libexec/slapd -F/opt/src/samba-master/source4/setup/private/ldap/slapd.d -h ldapi://%2Fopt%2Fsrc%2Fsamba-master%2Fsource4%2Fsetup%2Fprivate%2Fldap%2Fldapi -d-1" fails in locating ldif_read_file: no entry file "/opt/src/samba-master/source4/setup/private/ldap/slapd.d/cn=config.ldif" I should investigate more, but again thank you for your help. Francesco From azzouz at hymedia.univ-paris8.fr Wed Jan 27 05:16:11 2010 From: azzouz at hymedia.univ-paris8.fr (azzouz) Date: Wed, 27 Jan 2010 13:16:11 +0100 Subject: [Samba] create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Message-ID: <4B602E8B.9000405@hymedia.univ-paris8.fr> Hi! I have a lot of those log line : smbd[3604]: [2010/01/27 13:22:32, 1, effective(0, 0), real(0, 0)] smbd/service.c:make_connection_snum(744) smbd[3604]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED smbd[3604]: [2010/01/27 13:22:32, 1, effective(0, 0), real(0, 0)] smbd/service.c:make_connection_snum(744) smbd[3604]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED smbd[3604]: [2010/01/27 13:22:32, 1, effective(0, 0), real(0, 0)] smbd/service.c:make_connection_snum(744) it occur when i write in a samba user directory through a redirection from a windows XP client. thus for instance when i download a file from internet and copy it from a windows client in the u:\My documents which is a redirection to samba home directory a have a lot of those l logs. i don't why. An idea ? thanks. Y. From takayama123 at hotmail.com Wed Jan 27 06:16:22 2010 From: takayama123 at hotmail.com (=?iso-8859-1?B?QW50b24gTPZ0aG1hbg==?=) Date: Wed, 27 Jan 2010 14:16:22 +0100 Subject: [Samba] Samba4 AD joining Message-ID: Hello Im trying to join my own samba4 (latest installed from rsync) Ad from a ubuntu client with domainjoin, and the client complains about the following udp ports being closed: 88, 389, 464 and 123. _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969 From martin.schmidt at uni-wuerzburg.de Tue Jan 26 08:37:28 2010 From: martin.schmidt at uni-wuerzburg.de (maddin911) Date: Tue, 26 Jan 2010 07:37:28 -0800 (PST) Subject: [Samba] user passwords expired every domain-login from xp-workstation Message-ID: <27324591.post@talk.nabble.com> Hi, I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-account were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/ http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/ . When user now login to the domain from a xp-workstation following message appears at every login: "Windows password expired and has to be changed. You have to change your password now!" The user can change the password and everything works fine. At next login the same story. This happens only to some of the old users and to all users created after migration. Any idea what could be the reason for this? I already searched a lot but didn't find something like this. Regards, maddin911 Here my http://old.nabble.com/file/p27324591/smb.conf smb.conf -- View this message in context: http://old.nabble.com/user-passwords-expired-every-domain-login-from-xp-workstation-tp27324591p27324591.html Sent from the Samba - General mailing list archive at Nabble.com. From evas at joutubes.nl Tue Jan 26 09:41:27 2010 From: evas at joutubes.nl (Evas Hofmans) Date: Tue, 26 Jan 2010 17:41:27 +0100 Subject: [Samba] samba veto files: underscore Message-ID: <10D6EADA-4898-4000-88AD-C98AD68B4586@joutubes.nl> Hello all, I'm trying to hide files beginning with a underscore ( "_" ) and hidden files from my samba share's so i added this to my smb.conf: veto files = /_*/.*/ The section with the dot works, but the one with the underscore doesn't. I also tried /\_*/.*/ but this has the same result. Any ideas how to hide the files beginning with a underscore? Thanks, Evas Hofmans From hartmans at debian.org Tue Jan 26 11:29:08 2010 From: hartmans at debian.org (Sam Hartman) Date: Tue, 26 Jan 2010 13:29:08 -0500 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <4B5F0280.4070102@BriannasSaladDressing.com> (Dale Schroeder's message of "Tue, 26 Jan 2010 08:56:00 -0600") References: <4B015BF6.9060002@BriannasSaladDressing.com> <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> Message-ID: OK. Can someone on the Samba side confirm that the Linux kernel only supports DES for some Samba related Kerberos operation? Specific details on what is going on would be useful. --Sam From vorlon at debian.org Tue Jan 26 14:18:42 2010 From: vorlon at debian.org (Steve Langasek) Date: Tue, 26 Jan 2010 13:18:42 -0800 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: References: <4B015BF6.9060002@BriannasSaladDressing.com> <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> Message-ID: <20100126211842.GA6643@dario.dodds.net> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote: > OK. Can someone on the Samba side confirm that the Linux kernel only > supports DES for some Samba related Kerberos operation? Specific > details on what is going on would be useful. The kernel is only involved when one is using CIFS mounts, which aren't relevant to winbind and domain joining; so this shouldn't be a kernel issue. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek at ubuntu.com vorlon at debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 828 bytes Desc: Digital signature URL: From hartmans at debian.org Tue Jan 26 15:03:51 2010 From: hartmans at debian.org (Sam Hartman) Date: Tue, 26 Jan 2010 17:03:51 -0500 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <20100126211842.GA6643@dario.dodds.net> (Steve Langasek's message of "Tue, 26 Jan 2010 13:18:42 -0800") References: <4B015BF6.9060002@BriannasSaladDressing.com> <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> <20100126211842.GA6643@dario.dodds.net> Message-ID: >>>>> "Steve" == Steve Langasek writes: Steve> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote: >> OK. Can someone on the Samba side confirm that the Linux kernel >> only supports DES for some Samba related Kerberos operation? >> Specific details on what is going on would be useful. Steve> The kernel is only involved when one is using CIFS mounts, Steve> which aren't relevant to winbind and domain joining; so this Steve> shouldn't be a kernel issue. OK. Then I currently have no idea why allow_weak_crypto would be desirable for Samba. From vorlon at debian.org Tue Jan 26 15:22:36 2010 From: vorlon at debian.org (Steve Langasek) Date: Tue, 26 Jan 2010 14:22:36 -0800 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: References: <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> <20100126211842.GA6643@dario.dodds.net> Message-ID: <20100126222236.GA9310@dario.dodds.net> On Tue, Jan 26, 2010 at 05:03:51PM -0500, Sam Hartman wrote: > >>>>> "Steve" == Steve Langasek writes: > Steve> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote: > >> OK. Can someone on the Samba side confirm that the Linux kernel > >> only supports DES for some Samba related Kerberos operation? > >> Specific details on what is going on would be useful. > Steve> The kernel is only involved when one is using CIFS mounts, > Steve> which aren't relevant to winbind and domain joining; so this > Steve> shouldn't be a kernel issue. > OK. Then I currently have no idea why allow_weak_crypto would be > desirable for Samba. In the case of AD realms that were continuously upgraded from NT4 domains, you may have accounts only using RC4 as an enctype for backwards-compatibility with pre-AD systems. I don't know if this is the reason these users are seeing problems, but it's the only case I can think of why allow_weak_crypto should be needed. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek at ubuntu.com vorlon at debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 828 bytes Desc: Digital signature URL: From vorlon at debian.org Wed Jan 27 05:05:46 2010 From: vorlon at debian.org (Steve Langasek) Date: Wed, 27 Jan 2010 04:05:46 -0800 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <20100126222236.GA9310@dario.dodds.net> References: <4B5479BF.7000500@BriannasSaladDressing.com> <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> <20100126211842.GA6643@dario.dodds.net> <20100126222236.GA9310@dario.dodds.net> Message-ID: <20100127120546.GC26727@dario.dodds.net> On Tue, Jan 26, 2010 at 02:22:36PM -0800, Steve Langasek wrote: > On Tue, Jan 26, 2010 at 05:03:51PM -0500, Sam Hartman wrote: > > >>>>> "Steve" == Steve Langasek writes: > > Steve> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote: > > >> OK. Can someone on the Samba side confirm that the Linux kernel > > >> only supports DES for some Samba related Kerberos operation? > > >> Specific details on what is going on would be useful. > > Steve> The kernel is only involved when one is using CIFS mounts, > > Steve> which aren't relevant to winbind and domain joining; so this > > Steve> shouldn't be a kernel issue. > > OK. Then I currently have no idea why allow_weak_crypto would be > > desirable for Samba. > In the case of AD realms that were continuously upgraded from NT4 domains, > you may have accounts only using RC4 as an enctype for > backwards-compatibility with pre-AD systems. I don't know if this is the > reason these users are seeing problems, but it's the only case I can think > of why allow_weak_crypto should be needed. Sorry, having looked at the source now, I see that the weak crypto handling is specific to DES, not RC4; and if Samba were *only* using RC4, this error would not happen. However, Samba requests both RC4 and DES, a historical remnant of the time when DES was the only enctype in common between all Kerberos implementations. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek at ubuntu.com vorlon at debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 828 bytes Desc: Digital signature URL: From Volker.Lendecke at SerNet.DE Wed Jan 27 09:13:37 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Wed, 27 Jan 2010 17:13:37 +0100 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <20100127120546.GC26727@dario.dodds.net> References: <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> <20100126211842.GA6643@dario.dodds.net> <20100126222236.GA9310@dario.dodds.net> <20100127120546.GC26727@dario.dodds.net> Message-ID: On Wed, Jan 27, 2010 at 04:05:46AM -0800, Steve Langasek wrote: > On Tue, Jan 26, 2010 at 02:22:36PM -0800, Steve Langasek wrote: > > On Tue, Jan 26, 2010 at 05:03:51PM -0500, Sam Hartman wrote: > > > >>>>> "Steve" == Steve Langasek writes: > > > > Steve> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote: > > > >> OK. Can someone on the Samba side confirm that the Linux kernel > > > >> only supports DES for some Samba related Kerberos operation? > > > >> Specific details on what is going on would be useful. > > > > Steve> The kernel is only involved when one is using CIFS mounts, > > > Steve> which aren't relevant to winbind and domain joining; so this > > > Steve> shouldn't be a kernel issue. > > > > OK. Then I currently have no idea why allow_weak_crypto would be > > > desirable for Samba. > > > In the case of AD realms that were continuously upgraded from NT4 domains, > > you may have accounts only using RC4 as an enctype for > > backwards-compatibility with pre-AD systems. I don't know if this is the > > reason these users are seeing problems, but it's the only case I can think > > of why allow_weak_crypto should be needed. > > Sorry, having looked at the source now, I see that the weak crypto handling > is specific to DES, not RC4; and if Samba were *only* using RC4, this error > would not happen. > > However, Samba requests both RC4 and DES, a historical remnant of the time > when DES was the only enctype in common between all Kerberos > implementations. Referring to the SUBJECT: Where is this leading to a panic in Samba 3.4, I got lost in the meantime. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From dale at BriannasSaladDressing.com Wed Jan 27 10:45:44 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Wed, 27 Jan 2010 11:45:44 -0600 Subject: [Samba] winbind failure with libkrb5-3 1.8 in Debian *RENAMED* In-Reply-To: References: <4B547B59.8050404@debian.org> <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> <20100126211842.GA6643@dario.dodds.net> <20100126222236.GA9310@dario.dodds.net> <20100127120546.GC26727@dario.dodds.net> Message-ID: <4B607BC8.5030809@BriannasSaladDressing.com> I have renamed this thread as the panics stopped when libkrb5-3, et.al. were upgraded to 1.8. However, bigger problems are now occurring. See below. On 01/27/2010 10:13 AM, Volker Lendecke wrote: > On Wed, Jan 27, 2010 at 04:05:46AM -0800, Steve Langasek wrote: > >> On Tue, Jan 26, 2010 at 02:22:36PM -0800, Steve Langasek wrote: >> >>> On Tue, Jan 26, 2010 at 05:03:51PM -0500, Sam Hartman wrote: >>> >>>>>>>>> "Steve" == Steve Langasek writes: >>>>>>>>> >> >>>> Steve> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote: >>>> >> OK. Can someone on the Samba side confirm that the Linux kernel >>>> >> only supports DES for some Samba related Kerberos operation? >>>> >> Specific details on what is going on would be useful. >>>> >> >>>> Steve> The kernel is only involved when one is using CIFS mounts, >>>> Steve> which aren't relevant to winbind and domain joining; so this >>>> Steve> shouldn't be a kernel issue. >>>> >> >>>> OK. Then I currently have no idea why allow_weak_crypto would be >>>> desirable for Samba. >>>> >> >>> In the case of AD realms that were continuously upgraded from NT4 domains, >>> you may have accounts only using RC4 as an enctype for >>> backwards-compatibility with pre-AD systems. I don't know if this is the >>> reason these users are seeing problems, but it's the only case I can think >>> of why allow_weak_crypto should be needed. >>> >> Sorry, having looked at the source now, I see that the weak crypto handling >> is specific to DES, not RC4; and if Samba were *only* using RC4, this error >> would not happen. >> >> However, Samba requests both RC4 and DES, a historical remnant of the time >> when DES was the only enctype in common between all Kerberos >> implementations. >> > Referring to the SUBJECT: Where is this leading to a panic > in Samba 3.4, I got lost in the meantime. > > Volker > Now, winbind simply doesn't work in 3.4.3 nor in 3.4.5, the latter which I tested this morning. The 3.4.5 testing was done with libkrb5-3 1.8+dsfg~alpha1-5, upgraded from alpha1-4. This also includes setting allow_weak_crypto=true in krb5.conf; however, the encryption error message returns when testing the join or doing kinit. [date time, 0] libads/sasl.c:819(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type. [repeat above two lines] Join to domain is not valid: Undetermined error I guess I should retest stable to see what that yields. Dale From mlokowich at compellent.com Wed Jan 27 11:55:46 2010 From: mlokowich at compellent.com (Mark Lokowich) Date: Wed, 27 Jan 2010 12:55:46 -0600 Subject: [Samba] Samba write bits being set incorrectly on FreeBSD 7.2 Message-ID: <4B608C32.2050609@compellent.com> I've found that read-only files become writable when copied from Windows XP to my Samba 3.3.3 mount on FreeBSD 7.2. I have the "map archive = no" option. If I change this option to "yes" then the write bits are cleared (and execute bits set), as expected. Shouldn't the read-only permissions be maintained regardless of the map archive option? I've never seen this on Linux version of Samba. Could it be ext3 vs. ufs? Thanks, Mark Lokowich Compellent Technologies From hds at semark.dk Wed Jan 27 12:23:15 2010 From: hds at semark.dk (Henrik Dige Semark) Date: Wed, 27 Jan 2010 20:23:15 +0100 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <4B5F61CE.7050908@BriannasSaladDressing.com> References: <4B5E0BCE.9080300@semark.dk> <4B5F61CE.7050908@BriannasSaladDressing.com> Message-ID: <4B6092A3.9000704@semark.dk> Dos the PDC have to join the domain also? When I try to join my PDC to its domain with "net join" I get the following error. Enter root's password: Could not connect to server PDC The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE The netbios name for my PDC is pdc.semarktest.dk I guess that way it tells my that is can't connect to server PDC I have checked that pdc is in the name server (nameserver is on 127.0.0.1) # host pdc pdc.semarktest.dk has address 192.168.1.182 Is there something I'm missing? Log dump from net join command: # tail -200 /var/log/syslog | grep slapd Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15 Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: Jan 27 20:21:53 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: , Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest)) Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: Jan 27 20:21:53 hds-debian-virt slapd[1868]: Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990) Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=2 p=3 Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text="" Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=3 tag=101 err=32 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15 Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: Jan 27 20:21:53 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: , Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "dc=semark-testing,dc=dk" 2 0 Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: (&(uid=root)(objectClass=sambaSamAccount)) Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath Jan 27 20:21:53 hds-debian-virt slapd[1868]: description Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber Jan 27 20:21:53 hds-debian-virt slapd[1868]: Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_dn2entry("dc=semark-testing,dc=dk") Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: base="dc=semark-testing,dc=dk" (0x00000001) scope=2 Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_dn2idl("dc=semark-testing,dc=dk") Jan 27 20:21:53 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990) Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0 Jan 27 20:21:53 hds-debian-virt slapd[1868]: => bdb_equality_candidates (uid) Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [15f2129b] Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990) Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0 Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=1 last=0 Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=3 p=3 Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 tag=101 err=0 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15 Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed errno=0 (Success) Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: readying conn=15 sd=22 for close Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: conn=15 sd=22 --- Med Venlig Hilsen / Best regards Henrik Dige Semark On 26-01-2010 22:42, Dale Schroeder wrote: > Henrik, > > I saw that another user wanted you to make sure that the PDC was added > to the domain, and he is correct. > If it is still not working after adding the PDC to the domain, > consider changing the add machine script to this: > > add machine script = /usr/sbin/smbldap-useradd -i -w '%u' > > I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that > is what fixed the issue. > > Dale > > > On 01/25/2010 3:23 PM, Henrik Dige Semark wrote: >> I have a serous problem. >> >> I have for some time now tried to get an SAMBA based Domain Controller >> working. >> I have tried with OpenLDAP and tdbsam as backend, but I get the same >> error every time. >> >> I wood prefer to use LDAP as my backend. >> I have read tons of how-to SAMBA + LDAP, but non of the seams to work >> for my, is there someone that maybe can see what I have done rung in >> my config.? >> >> I have attached my samba conf and LDAP conf. >> >> Samba is connected to OpenLDAP, and LDAP is running fine. >> But when I try to join my Windows XP Pro SP3 I takes about one Min and >> it tells my that Username and/or Password maybe rung, ore not existing. >> >> There is no doubt that Samba and Ldap is talking together (samba have >> updated the SID and RID's), cause when I try to join the domain LDAP >> is activated, but the return value is somehow disappearing on the way >> back to my client >> >> I have some wireshark dump that I can provide if its necessary. >> I can provide LOGS, DUMPS, and everything needed if its necessary. >> >> System info: >> Clean installed Debian Lenny (5.0.3) >> Clean installed Samba 3.2.5 + Winbind 3.2.5 >> Clean installed OpenLDAP 2.4.11 (slapd) >> Debian default smbldap-tools (smbldap-populate is working and have >> populated LDAP without problems) >> if there is something I have forgotten please just ask for it, I'm >> close to be desperate.! >> >> --- >> Med Venlig Hilsen / Best regards >> Henrik Dige Semark >> >> From cj.keist at colostate.edu Wed Jan 27 12:29:46 2010 From: cj.keist at colostate.edu (CJ Keist) Date: Wed, 27 Jan 2010 12:29:46 -0700 Subject: [Samba] Compiling zfsacl support Message-ID: <4B60942A.30801@colostate.edu> For 3.4.5 how do you get zfsacl support compiled in? I do not see any flags in configure for this. -- C. J. Keist Email: cj.keist at colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' From gaiseric.vandal at gmail.com Wed Jan 27 13:06:44 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Wed, 27 Jan 2010 15:06:44 -0500 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <4B6092A3.9000704@semark.dk> References: <4B5E0BCE.9080300@semark.dk> <4B5F61CE.7050908@BriannasSaladDressing.com> <4B6092A3.9000704@semark.dk> Message-ID: <4B609CD4.1040205@gmail.com> Try using "net ... -U Administrator" instead, since "root" is not by default a member of the domain admin group. This presumes you have created the Administrator account in samba, created the "domain admins" group and setup the approp group mapping for key groups (domain admins, domain users etc.) On 01/27/10 14:23, Henrik Dige Semark wrote: > Dos the PDC have to join the domain also? > > When I try to join my PDC to its domain with "net join" I get the > following error. > > Enter root's password: > Could not connect to server PDC > The username or password was not correct. > Connection failed: NT_STATUS_LOGON_FAILURE > > > The netbios name for my PDC is pdc.semarktest.dk I guess that way it > tells my that is can't connect to server PDC > I have checked that pdc is in the name server (nameserver is on 127.0.0.1) > > # host pdc > pdc.semarktest.dk has address 192.168.1.182 > > Is there something I'm missing? > > Log dump from net join command: > > # tail -200 /var/log/syslog | grep slapd > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search > Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest)) > Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: > Jan 27 20:21:53 hds-debian-virt slapd[1868]: > Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990) > Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=2 p=3 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text="" > Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=3 tag=101 err=32 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search > Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "dc=semark-testing,dc=dk" 2 0 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: (&(uid=root)(objectClass=sambaSamAccount)) > Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: > Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid > Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber > Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber > Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime > Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn > Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath > Jan 27 20:21:53 hds-debian-virt slapd[1868]: description > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName > Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory > Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp > Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours > Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp > Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber > Jan 27 20:21:53 hds-debian-virt slapd[1868]: > Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_dn2entry("dc=semark-testing,dc=dk") > Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: base="dc=semark-testing,dc=dk" (0x00000001) scope=2 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_dn2idl("dc=semark-testing,dc=dk") > Jan 27 20:21:53 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read > Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] > Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: => bdb_equality_candidates (uid) > Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read > Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [15f2129b] > Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=1 last=0 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates > Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=3 p=3 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 tag=101 err=0 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15 > Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed errno=0 (Success) > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: readying conn=15 sd=22 for close > Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: conn=15 sd=22 > > --- > Med Venlig Hilsen / Best regards > Henrik Dige Semark > > > On 26-01-2010 22:42, Dale Schroeder wrote: > >> Henrik, >> >> I saw that another user wanted you to make sure that the PDC was added >> to the domain, and he is correct. >> If it is still not working after adding the PDC to the domain, >> consider changing the add machine script to this: >> >> add machine script = /usr/sbin/smbldap-useradd -i -w '%u' >> >> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that >> is what fixed the issue. >> >> Dale >> >> >> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote: >> >>> I have a serous problem. >>> >>> I have for some time now tried to get an SAMBA based Domain Controller >>> working. >>> I have tried with OpenLDAP and tdbsam as backend, but I get the same >>> error every time. >>> >>> I wood prefer to use LDAP as my backend. >>> I have read tons of how-to SAMBA + LDAP, but non of the seams to work >>> for my, is there someone that maybe can see what I have done rung in >>> my config.? >>> >>> I have attached my samba conf and LDAP conf. >>> >>> Samba is connected to OpenLDAP, and LDAP is running fine. >>> But when I try to join my Windows XP Pro SP3 I takes about one Min and >>> it tells my that Username and/or Password maybe rung, ore not existing. >>> >>> There is no doubt that Samba and Ldap is talking together (samba have >>> updated the SID and RID's), cause when I try to join the domain LDAP >>> is activated, but the return value is somehow disappearing on the way >>> back to my client >>> >>> I have some wireshark dump that I can provide if its necessary. >>> I can provide LOGS, DUMPS, and everything needed if its necessary. >>> >>> System info: >>> Clean installed Debian Lenny (5.0.3) >>> Clean installed Samba 3.2.5 + Winbind 3.2.5 >>> Clean installed OpenLDAP 2.4.11 (slapd) >>> Debian default smbldap-tools (smbldap-populate is working and have >>> populated LDAP without problems) >>> if there is something I have forgotten please just ask for it, I'm >>> close to be desperate.! >>> >>> --- >>> Med Venlig Hilsen / Best regards >>> Henrik Dige Semark >>> >>> >>> From hds at semark.dk Wed Jan 27 13:33:45 2010 From: hds at semark.dk (Henrik Dige Semark) Date: Wed, 27 Jan 2010 21:33:45 +0100 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <4B609CD4.1040205@gmail.com> References: <4B5E0BCE.9080300@semark.dk> <4B5F61CE.7050908@BriannasSaladDressing.com> <4B6092A3.9000704@semark.dk> <4B609CD4.1040205@gmail.com> Message-ID: <4B60A329.2040804@semark.dk> I have just tried with "net join -U Admin" and I get the same error as before. # net join -U Admin Enter admin's password: Could not connect to server PDC The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE Ldap search for Admin: # ldapsearch -x -h 127.0.0.1 -p 389 # Admin, Users, semark-testing.dk dn: uid=Admin,ou=Users,dc=semark-testing,dc=dk cn: Admin sn: Admin objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 0 uid: Admin uidNumber: 0 homeDirectory: /home/Admin sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaHomePath: \\192.168.1.182\Admin sambaHomeDrive: H: sambaProfilePath: \\192.168.1.182\profiles\Admin sambaPrimaryGroupSID: S-1-5-21-860714184-2299130787-2886737959-512 sambaSID: S-1-5-21-860714184-2299130787-2886737959-500 loginShell: /bin/false gecos: Netbios Domain Administrator sambaLMPassword: my-pass sambaAcctFlags: [U] sambaNTPassword: my-pass sambaPwdLastSet: 1264374249 sambaPwdMustChange: 1268262249 shadowMax: 45 Log dump from net join command: Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=3 do_search Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: Jan 27 21:31:11 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: , Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "dc=semark-testing,dc=dk" 2 0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (&(uid=admin)(objectClass=sambaSamAccount)) Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: Jan 27 21:31:11 hds-debian-virt slapd[1868]: uid Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber Jan 27 21:31:11 hds-debian-virt slapd[1868]: gidNumber Jan 27 21:31:11 hds-debian-virt slapd[1868]: homeDirectory Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdLastSet Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdCanChange Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdMustChange Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonTime Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogoffTime Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaKickoffTime Jan 27 21:31:11 hds-debian-virt slapd[1868]: cn Jan 27 21:31:11 hds-debian-virt slapd[1868]: sn Jan 27 21:31:11 hds-debian-virt slapd[1868]: displayName Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomeDrive Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomePath Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonScript Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaProfilePath Jan 27 21:31:11 hds-debian-virt slapd[1868]: description Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaUserWorkstations Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaSID Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLMPassword Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaNTPassword Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaDomainName Jan 27 21:31:11 hds-debian-virt slapd[1868]: objectClass Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaAcctFlags Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMungedDial Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordCount Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordTime Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPasswordHistory Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonHours Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber Jan 27 21:31:11 hds-debian-virt slapd[1868]: Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("dc=semark-testing,dc=dk") Jan 27 21:31:11 hds-debian-virt slapd[1868]: search_candidates: base="dc=semark-testing,dc=dk" (0x00000001) scope=2 Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_dn2idl("dc=semark-testing,dc=dk") Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990) Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (uid) Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [f67dad88] Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= bdb_index_read 1 candidates Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=1, first=6, last=6 Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [f937ce0f] Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= bdb_index_read 3 candidates Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=3, first=6, last=18 Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_search_candidates: id=1 first=6 last=6 Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="uid=Admin,ou=Users,dc=semark-testing,dc=dk" Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= send_search_entry: conn 22 exit. Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=3 p=3 Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 tag=101 err=0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=4 do_search Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: Jan 27 21:31:11 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: , Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMaxPwdAge Jan 27 21:31:11 hds-debian-virt slapd[1868]: Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= send_search_entry: conn 22 exit. Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=4 p=3 Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=5 tag=101 err=0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=5 do_search Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: Jan 27 21:31:11 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: , Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLockoutThreshold Jan 27 21:31:11 hds-debian-virt slapd[1868]: Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" Jan 27 21:31:11 hds-debian-virt slapd[1868]: <= send_search_entry: conn 22 exit. Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=5 p=3 Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=6 tag=101 err=0 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 Jan 27 21:31:11 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed errno=0 (Success) Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_closing: readying conn=22 sd=22 for close Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_close: conn=22 sd=22 Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14) Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14): got connid=5 Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_read(14): checking for input on id=5 Jan 27 21:31:41 hds-debian-virt slapd[1868]: conn=5 op=1145 do_search Jan 27 21:31:41 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: Jan 27 21:31:41 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: , Jan 27 21:31:41 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 Jan 27 21:31:41 hds-debian-virt slapd[1868]: 0 15 0 Jan 27 21:31:41 hds-debian-virt slapd[1868]: filter: (objectClass=sambaTrustedDomainPassword) Jan 27 21:31:41 hds-debian-virt slapd[1868]: attrs: Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaDomainName Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaSID Jan 27 21:31:41 hds-debian-virt slapd[1868]: Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_search Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") Jan 27 21:31:41 hds-debian-virt slapd[1868]: search_candidates: base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) scope=2 Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") Jan 27 21:31:41 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] Jan 27 21:31:41 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990) Jan 27 21:31:41 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0 Jan 27 21:31:41 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [633a0e9d] Jan 27 21:31:41 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990) Jan 27 21:31:41 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0 Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=17 last=0 Jan 27 21:31:41 hds-debian-virt slapd[1868]: hdb_search: no candidates Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 op=1145 p=3 Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_response: msgid=1146 tag=101 err=0 Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14) Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14): got connid=5 Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_read(14): checking for input on id=5 Jan 27 21:32:11 hds-debian-virt slapd[1868]: conn=5 op=1146 do_search Jan 27 21:32:11 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: Jan 27 21:32:11 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: , Jan 27 21:32:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 Jan 27 21:32:11 hds-debian-virt slapd[1868]: 0 15 0 Jan 27 21:32:11 hds-debian-virt slapd[1868]: filter: (objectClass=sambaTrustedDomainPassword) Jan 27 21:32:11 hds-debian-virt slapd[1868]: attrs: Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaDomainName Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaSID Jan 27 21:32:11 hds-debian-virt slapd[1868]: Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_search Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") Jan 27 21:32:11 hds-debian-virt slapd[1868]: search_candidates: base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) scope=2 Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") Jan 27 21:32:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] Jan 27 21:32:11 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990) Jan 27 21:32:11 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0 Jan 27 21:32:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [633a0e9d] Jan 27 21:32:11 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990) Jan 27 21:32:11 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0 Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=17 last=0 Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 op=1146 p=3 Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=1147 tag=101 err=0 --- Med Venlig Hilsen / Best regards Henrik Dige Semark On 27-01-2010 21:06, Gaiseric Vandal wrote: > Try using "net ... -U Administrator" instead, since "root" is not > by default a member of the domain admin group. This presumes you have > created the Administrator account in samba, created the "domain > admins" group and setup the approp group mapping for key groups > (domain admins, domain users etc.) > > > > > On 01/27/10 14:23, Henrik Dige Semark wrote: >> Dos the PDC have to join the domain also? >> >> When I try to join my PDC to its domain with "net join" I get the >> following error. >> >> Enter root's password: >> Could not connect to server PDC >> The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> >> The netbios name for my PDC is pdc.semarktest.dk I guess that way it >> tells my that is can't connect to server PDC >> I have checked that pdc is in the name server (nameserver is on >> 127.0.0.1) >> >> # host pdc >> pdc.semarktest.dk has address 192.168.1.182 >> >> Is there something I'm missing? >> >> Log dump from net join command: >> >> # tail -200 /var/log/syslog | grep slapd >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >> connid=15 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >> checking for input on id=15 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >> dnPrettyNormal: >> >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >> dnPrettyNormal:, >> >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >> "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" >> 2 0 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >> (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest)) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >> bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >> >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >> hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >> >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed: >> DB_NOTFOUND: No matching key/data pair found (-30990) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >> conn=15 op=2 p=3 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 >> matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text="" >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >> msgid=3 tag=101 err=32 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >> connid=15 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >> checking for input on id=15 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >> dnPrettyNormal: >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >> dnPrettyNormal:, >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >> "dc=semark-testing,dc=dk" 2 0 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >> (&(uid=root)(objectClass=sambaSamAccount)) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: description >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >> bdb_dn2entry("dc=semark-testing,dc=dk") >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: >> base="dc=semark-testing,dc=dk" (0x00000001) scope=2 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >> hdb_dn2idl("dc=semark-testing,dc=dk") >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (objectClass) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [b49d1940] >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >> (-30990) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=0, first=0, last=0 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (uid) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [15f2129b] >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >> (-30990) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=0, first=0, last=0 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: >> id=0 first=1 last=0 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >> conn=15 op=3 p=3 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >> matched="" text="" >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >> msgid=4 tag=101 err=0 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >> connid=15 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >> checking for input on id=15 >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 >> failed errno=0 (Success) >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: >> readying conn=15 sd=22 for close >> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: >> conn=15 sd=22 >> >> --- >> Med Venlig Hilsen / Best regards >> Henrik Dige Semark >> >> >> On 26-01-2010 22:42, Dale Schroeder wrote: >> >>> Henrik, >>> >>> I saw that another user wanted you to make sure that the PDC was added >>> to the domain, and he is correct. >>> If it is still not working after adding the PDC to the domain, >>> consider changing the add machine script to this: >>> >>> add machine script = /usr/sbin/smbldap-useradd -i -w '%u' >>> >>> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that >>> is what fixed the issue. >>> >>> Dale >>> >>> >>> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote: >>> >>>> I have a serous problem. >>>> >>>> I have for some time now tried to get an SAMBA based Domain Controller >>>> working. >>>> I have tried with OpenLDAP and tdbsam as backend, but I get the same >>>> error every time. >>>> >>>> I wood prefer to use LDAP as my backend. >>>> I have read tons of how-to SAMBA + LDAP, but non of the seams to work >>>> for my, is there someone that maybe can see what I have done rung in >>>> my config.? >>>> >>>> I have attached my samba conf and LDAP conf. >>>> >>>> Samba is connected to OpenLDAP, and LDAP is running fine. >>>> But when I try to join my Windows XP Pro SP3 I takes about one Min and >>>> it tells my that Username and/or Password maybe rung, ore not >>>> existing. >>>> >>>> There is no doubt that Samba and Ldap is talking together (samba have >>>> updated the SID and RID's), cause when I try to join the domain LDAP >>>> is activated, but the return value is somehow disappearing on the way >>>> back to my client >>>> >>>> I have some wireshark dump that I can provide if its necessary. >>>> I can provide LOGS, DUMPS, and everything needed if its necessary. >>>> >>>> System info: >>>> Clean installed Debian Lenny (5.0.3) >>>> Clean installed Samba 3.2.5 + Winbind 3.2.5 >>>> Clean installed OpenLDAP 2.4.11 (slapd) >>>> Debian default smbldap-tools (smbldap-populate is working and have >>>> populated LDAP without problems) >>>> if there is something I have forgotten please just ask for it, I'm >>>> close to be desperate.! >>>> >>>> --- >>>> Med Venlig Hilsen / Best regards >>>> Henrik Dige Semark >>>> >>>> >>>> > From dale at BriannasSaladDressing.com Wed Jan 27 13:56:16 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Wed, 27 Jan 2010 14:56:16 -0600 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <4B60A329.2040804@semark.dk> References: <4B5E0BCE.9080300@semark.dk> <4B5F61CE.7050908@BriannasSaladDressing.com> <4B6092A3.9000704@semark.dk> <4B609CD4.1040205@gmail.com> <4B60A329.2040804@semark.dk> Message-ID: <4B60A870.3090805@BriannasSaladDressing.com> Did you remember to run "smbpasswd -W"? Sometimes you have to add the -S switch for the join to work. net rpc join -S pdc -U root Dale On 01/27/2010 2:33 PM, Henrik Dige Semark wrote: > I have just tried with "net join -U Admin" and I get the same error as > before. > > # net join -U Admin > Enter admin's password: > Could not connect to server PDC > The username or password was not correct. > Connection failed: NT_STATUS_LOGON_FAILURE > > Ldap search for Admin: > > # ldapsearch -x -h 127.0.0.1 -p 389 > > # Admin, Users, semark-testing.dk > dn: uid=Admin,ou=Users,dc=semark-testing,dc=dk > cn: Admin > sn: Admin > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: sambaSamAccount > objectClass: posixAccount > objectClass: shadowAccount > gidNumber: 0 > uid: Admin > uidNumber: 0 > homeDirectory: /home/Admin > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaHomePath: \\192.168.1.182\Admin > sambaHomeDrive: H: > sambaProfilePath: \\192.168.1.182\profiles\Admin > sambaPrimaryGroupSID: S-1-5-21-860714184-2299130787-2886737959-512 > sambaSID: S-1-5-21-860714184-2299130787-2886737959-500 > loginShell: /bin/false > gecos: Netbios Domain Administrator > sambaLMPassword: my-pass > sambaAcctFlags: [U] > sambaNTPassword: my-pass > sambaPwdLastSet: 1264374249 > sambaPwdMustChange: 1268262249 > shadowMax: 45 > > Log dump from net join command: > > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=3 do_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "dc=semark-testing,dc=dk" 2 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (&(uid=admin)(objectClass=sambaSamAccount)) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: uid > Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber > Jan 27 21:31:11 hds-debian-virt slapd[1868]: gidNumber > Jan 27 21:31:11 hds-debian-virt slapd[1868]: homeDirectory > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdLastSet > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdCanChange > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdMustChange > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonTime > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogoffTime > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaKickoffTime > Jan 27 21:31:11 hds-debian-virt slapd[1868]: cn > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sn > Jan 27 21:31:11 hds-debian-virt slapd[1868]: displayName > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomeDrive > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomePath > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonScript > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaProfilePath > Jan 27 21:31:11 hds-debian-virt slapd[1868]: description > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaUserWorkstations > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaSID > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLMPassword > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaNTPassword > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaDomainName > Jan 27 21:31:11 hds-debian-virt slapd[1868]: objectClass > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaAcctFlags > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMungedDial > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordCount > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordTime > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPasswordHistory > Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonHours > Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp > Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber > Jan 27 21:31:11 hds-debian-virt slapd[1868]: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("dc=semark-testing,dc=dk") > Jan 27 21:31:11 hds-debian-virt slapd[1868]: search_candidates: base="dc=semark-testing,dc=dk" (0x00000001) scope=2 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_dn2idl("dc=semark-testing,dc=dk") > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (uid) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [f67dad88] > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 1 candidates > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=1, first=6, last=6 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [f937ce0f] > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 3 candidates > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=3, first=6, last=18 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_search_candidates: id=1 first=6 last=6 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="uid=Admin,ou=Users,dc=semark-testing,dc=dk" > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: conn 22 exit. > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=3 p=3 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 tag=101 err=0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=4 do_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMaxPwdAge > Jan 27 21:31:11 hds-debian-virt slapd[1868]: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: conn 22 exit. > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=4 p=3 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=5 tag=101 err=0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=5 do_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLockoutThreshold > Jan 27 21:31:11 hds-debian-virt slapd[1868]: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: conn 22 exit. > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=5 p=3 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=6 tag=101 err=0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed errno=0 (Success) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_closing: readying conn=22 sd=22 for close > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_close: conn=22 sd=22 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14) > Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14): got connid=5 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_read(14): checking for input on id=5 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: conn=5 op=1145 do_search > Jan 27 21:31:41 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:31:41 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: filter: (objectClass=sambaTrustedDomainPassword) > Jan 27 21:31:41 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaDomainName > Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaSID > Jan 27 21:31:41 hds-debian-virt slapd[1868]: > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:31:41 hds-debian-virt slapd[1868]: search_candidates: base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) scope=2 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [633a0e9d] > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=17 last=0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: hdb_search: no candidates > Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 op=1145 p=3 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_response: msgid=1146 tag=101 err=0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14) > Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14): got connid=5 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_read(14): checking for input on id=5 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: conn=5 op=1146 do_search > Jan 27 21:32:11 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:32:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: filter: (objectClass=sambaTrustedDomainPassword) > Jan 27 21:32:11 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaDomainName > Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaSID > Jan 27 21:32:11 hds-debian-virt slapd[1868]: > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:32:11 hds-debian-virt slapd[1868]: search_candidates: base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) scope=2 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [633a0e9d] > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=17 last=0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates > Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 op=1146 p=3 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=1147 tag=101 err=0 > > --- > Med Venlig Hilsen / Best regards > Henrik Dige Semark > > > On 27-01-2010 21:06, Gaiseric Vandal wrote: > >> Try using "net ... -U Administrator" instead, since "root" is not >> by default a member of the domain admin group. This presumes you have >> created the Administrator account in samba, created the "domain >> admins" group and setup the approp group mapping for key groups >> (domain admins, domain users etc.) >> >> >> >> >> On 01/27/10 14:23, Henrik Dige Semark wrote: >> >>> Dos the PDC have to join the domain also? >>> >>> When I try to join my PDC to its domain with "net join" I get the >>> following error. >>> >>> Enter root's password: >>> Could not connect to server PDC >>> The username or password was not correct. >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> >>> The netbios name for my PDC is pdc.semarktest.dk I guess that way it >>> tells my that is can't connect to server PDC >>> I have checked that pdc is in the name server (nameserver is on >>> 127.0.0.1) >>> >>> # host pdc >>> pdc.semarktest.dk has address 192.168.1.182 >>> >>> Is there something I'm missing? >>> >>> Log dump from net join command: >>> >>> # tail -200 /var/log/syslog | grep slapd >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>> connid=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>> checking for input on id=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>> dnPrettyNormal: >>> >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >>> dnPrettyNormal:, >>> >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >>> "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" >>> 2 0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >>> (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest)) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>> >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>> hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>> >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed: >>> DB_NOTFOUND: No matching key/data pair found (-30990) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >>> conn=15 op=2 p=3 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 >>> matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text="" >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >>> msgid=3 tag=101 err=32 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>> connid=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>> checking for input on id=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>> dnPrettyNormal: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >>> dnPrettyNormal:, >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >>> "dc=semark-testing,dc=dk" 2 0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >>> (&(uid=root)(objectClass=sambaSamAccount)) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: description >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> bdb_dn2entry("dc=semark-testing,dc=dk") >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: >>> base="dc=semark-testing,dc=dk" (0x00000001) scope=2 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>> hdb_dn2idl("dc=semark-testing,dc=dk") >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>> bdb_equality_candidates (objectClass) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>> [b49d1940] >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>> (-30990) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >>> bdb_equality_candidates: id=0, first=0, last=0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>> bdb_equality_candidates (uid) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>> [15f2129b] >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>> (-30990) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >>> bdb_equality_candidates: id=0, first=0, last=0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: >>> id=0 first=1 last=0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >>> conn=15 op=3 p=3 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>> matched="" text="" >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >>> msgid=4 tag=101 err=0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>> connid=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>> checking for input on id=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 >>> failed errno=0 (Success) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: >>> readying conn=15 sd=22 for close >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: >>> conn=15 sd=22 >>> >>> --- >>> Med Venlig Hilsen / Best regards >>> Henrik Dige Semark >>> >>> >>> On 26-01-2010 22:42, Dale Schroeder wrote: >>> >>> >>>> Henrik, >>>> >>>> I saw that another user wanted you to make sure that the PDC was added >>>> to the domain, and he is correct. >>>> If it is still not working after adding the PDC to the domain, >>>> consider changing the add machine script to this: >>>> >>>> add machine script = /usr/sbin/smbldap-useradd -i -w '%u' >>>> >>>> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that >>>> is what fixed the issue. >>>> >>>> Dale >>>> >>>> >>>> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote: >>>> >>>> >>>>> I have a serous problem. >>>>> >>>>> I have for some time now tried to get an SAMBA based Domain Controller >>>>> working. >>>>> I have tried with OpenLDAP and tdbsam as backend, but I get the same >>>>> error every time. >>>>> >>>>> I wood prefer to use LDAP as my backend. >>>>> I have read tons of how-to SAMBA + LDAP, but non of the seams to work >>>>> for my, is there someone that maybe can see what I have done rung in >>>>> my config.? >>>>> >>>>> I have attached my samba conf and LDAP conf. >>>>> >>>>> Samba is connected to OpenLDAP, and LDAP is running fine. >>>>> But when I try to join my Windows XP Pro SP3 I takes about one Min and >>>>> it tells my that Username and/or Password maybe rung, ore not >>>>> existing. >>>>> >>>>> There is no doubt that Samba and Ldap is talking together (samba have >>>>> updated the SID and RID's), cause when I try to join the domain LDAP >>>>> is activated, but the return value is somehow disappearing on the way >>>>> back to my client >>>>> >>>>> I have some wireshark dump that I can provide if its necessary. >>>>> I can provide LOGS, DUMPS, and everything needed if its necessary. >>>>> >>>>> System info: >>>>> Clean installed Debian Lenny (5.0.3) >>>>> Clean installed Samba 3.2.5 + Winbind 3.2.5 >>>>> Clean installed OpenLDAP 2.4.11 (slapd) >>>>> Debian default smbldap-tools (smbldap-populate is working and have >>>>> populated LDAP without problems) >>>>> if there is something I have forgotten please just ask for it, I'm >>>>> close to be desperate.! >>>>> >>>>> --- >>>>> Med Venlig Hilsen / Best regards >>>>> Henrik Dige Semark >>>>> >>>>> >>>>> >>>>> >> > From holm at informatik.umu.se Wed Jan 27 14:01:11 2010 From: holm at informatik.umu.se (=?iso-8859-1?b?xWtl?= Holmlund) Date: Wed, 27 Jan 2010 21:01:11 +0000 (UTC) Subject: [Samba] Problem installing print driver to Samba print$ share Message-ID: Hello! I'm trying to install (using the "Add printer" wizard on a client) a Postscript driver for a Sharp MX-5001N multifunction copier/printer/etc machine to a Samba print$ share. The installation seems go ok but when I try to access the printer properties I get a dialog box stating that "... printer driver is not installed on this computer... Do You want to install the driver now?" The same thing happens when I try to install the drivers from the server on another client. I do NOT want to install the drivers locally on all the clients... Is there a way around this problem? We are using Samba 3.4.4 on Sun Solaris 10. We are not using Cups. I have tried to install the driver from Win 2003 server and Win XP. Thank You! --- ?ke Holmlund Ume? University Dept of Informatics Ume? SWEDEN From hds at semark.dk Wed Jan 27 14:16:35 2010 From: hds at semark.dk (Henrik Dige Semark) Date: Wed, 27 Jan 2010 22:16:35 +0100 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <4B60A870.3090805@BriannasSaladDressing.com> References: <4B5E0BCE.9080300@semark.dk> <4B5F61CE.7050908@BriannasSaladDressing.com> <4B6092A3.9000704@semark.dk> <4B609CD4.1040205@gmail.com> <4B60A329.2040804@semark.dk> <4B60A870.3090805@BriannasSaladDressing.com> Message-ID: <4B60AD33.9040701@semark.dk> I have remembered to run smbpassd -W, and I still get the same error when I try with -S pdc on net join command. I can see that LDAP is activated, and that samba is doing something, but it seams like the answer is disappear on the way back. Samba have initialised my LDAP with its SID and RID's, when it can do this way is it not possible to lookup users? Is it necessary to join my PDC to its own domain btw.? cause the new server here is going to be PDC and replace my old Win2k DC (its not a member it a separate test-domain) --- Med Venlig Hilsen / Best regards Henrik Dige Semark On 27-01-2010 21:56, Dale Schroeder wrote: > Did you remember to run "smbpasswd -W"? > > Sometimes you have to add the -S switch for the join to work. > net rpc join -S pdc -U root > > Dale > > > On 01/27/2010 2:33 PM, Henrik Dige Semark wrote: >> I have just tried with "net join -U Admin" and I get the same error as >> before. >> >> # net join -U Admin >> Enter admin's password: >> Could not connect to server PDC >> The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> Ldap search for Admin: >> >> # ldapsearch -x -h 127.0.0.1 -p 389 >> >> # Admin, Users, semark-testing.dk >> dn: uid=Admin,ou=Users,dc=semark-testing,dc=dk >> cn: Admin >> sn: Admin >> objectClass: top >> objectClass: person >> objectClass: organizationalPerson >> objectClass: inetOrgPerson >> objectClass: sambaSamAccount >> objectClass: posixAccount >> objectClass: shadowAccount >> gidNumber: 0 >> uid: Admin >> uidNumber: 0 >> homeDirectory: /home/Admin >> sambaLogonTime: 0 >> sambaLogoffTime: 2147483647 >> sambaKickoffTime: 2147483647 >> sambaPwdCanChange: 0 >> sambaHomePath: \\192.168.1.182\Admin >> sambaHomeDrive: H: >> sambaProfilePath: \\192.168.1.182\profiles\Admin >> sambaPrimaryGroupSID: S-1-5-21-860714184-2299130787-2886737959-512 >> sambaSID: S-1-5-21-860714184-2299130787-2886737959-500 >> loginShell: /bin/false >> gecos: Netbios Domain Administrator >> sambaLMPassword: my-pass >> sambaAcctFlags: [U] >> sambaNTPassword: my-pass >> sambaPwdLastSet: 1264374249 >> sambaPwdMustChange: 1268262249 >> shadowMax: 45 >> >> Log dump from net join command: >> >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got >> connid=22 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): >> checking for input on id=22 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=3 do_search >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> >> dnPrettyNormal: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< >> dnPrettyNormal:, >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH >> "dc=semark-testing,dc=dk" 2 0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: >> (&(uid=admin)(objectClass=sambaSamAccount)) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uid >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: gidNumber >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: homeDirectory >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdLastSet >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdCanChange >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdMustChange >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonTime >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogoffTime >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaKickoffTime >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: cn >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sn >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: displayName >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomeDrive >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomePath >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonScript >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaProfilePath >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: description >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaUserWorkstations >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaSID >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLMPassword >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaNTPassword >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaDomainName >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: objectClass >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaAcctFlags >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMungedDial >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordCount >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordTime >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPasswordHistory >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonHours >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >> bdb_dn2entry("dc=semark-testing,dc=dk") >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: search_candidates: >> base="dc=semark-testing,dc=dk" (0x00000001) scope=2 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => >> hdb_dn2idl("dc=semark-testing,dc=dk") >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (objectClass) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [b49d1940] >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >> (-30990) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=0, first=0, last=0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (uid) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [f67dad88] >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 1 >> candidates >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=1, first=6, last=6 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (objectClass) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [f937ce0f] >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 3 >> candidates >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=3, first=6, last=18 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_search_candidates: >> id=1 first=6 last=6 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: >> conn 22 dn="uid=Admin,ou=Users,dc=semark-testing,dc=dk" >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: >> conn 22 exit. >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: >> conn=22 op=3 p=3 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >> matched="" text="" >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: >> msgid=4 tag=101 err=0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got >> connid=22 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): >> checking for input on id=22 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=4 do_search >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> >> dnPrettyNormal: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< >> dnPrettyNormal:, >> >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH >> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMaxPwdAge >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: >> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: >> conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: >> conn 22 exit. >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: >> conn=22 op=4 p=3 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >> matched="" text="" >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: >> msgid=5 tag=101 err=0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got >> connid=22 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): >> checking for input on id=22 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=5 do_search >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> >> dnPrettyNormal: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< >> dnPrettyNormal:, >> >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH >> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLockoutThreshold >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: >> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: >> conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" >> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: >> conn 22 exit. >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: >> conn=22 op=5 p=3 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >> matched="" text="" >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: >> msgid=6 tag=101 err=0 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got >> connid=22 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): >> checking for input on id=22 >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: ber_get_next on fd 22 >> failed errno=0 (Success) >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_closing: >> readying conn=22 sd=22 for close >> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_close: >> conn=22 sd=22 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14) >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14): got >> connid=5 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_read(14): >> checking for input on id=5 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: conn=5 op=1145 do_search >> Jan 27 21:31:41 hds-debian-virt slapd[1868]:>>> >> dnPrettyNormal: >> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<<< >> dnPrettyNormal:, >> >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: SRCH >> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: 0 15 0 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: filter: >> (objectClass=sambaTrustedDomainPassword) >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: attrs: >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaDomainName >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaSID >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_search >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: >> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: search_candidates: >> base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" >> (0x00000011) scope=2 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => >> hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (objectClass) >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [b49d1940] >> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >> (-30990) >> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=0, first=0, last=0 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (objectClass) >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [633a0e9d] >> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >> (-30990) >> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=0, first=0, last=0 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_search_candidates: >> id=0 first=17 last=0 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: hdb_search: no candidates >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 >> op=1145 p=3 >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >> matched="" text="" >> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_response: >> msgid=1146 tag=101 err=0 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14) >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14): got >> connid=5 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_read(14): >> checking for input on id=5 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: conn=5 op=1146 do_search >> Jan 27 21:32:11 hds-debian-virt slapd[1868]:>>> >> dnPrettyNormal: >> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<<< >> dnPrettyNormal:, >> >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: SRCH >> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: 0 15 0 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: filter: >> (objectClass=sambaTrustedDomainPassword) >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: attrs: >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaDomainName >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaSID >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_search >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: >> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: search_candidates: >> base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" >> (0x00000011) scope=2 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => >> hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (objectClass) >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [b49d1940] >> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >> (-30990) >> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=0, first=0, last=0 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => >> bdb_equality_candidates (objectClass) >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >> [633a0e9d] >> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >> (-30990) >> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= >> bdb_equality_candidates: id=0, first=0, last=0 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates: >> id=0 first=17 last=0 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 >> op=1146 p=3 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >> matched="" text="" >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response: >> msgid=1147 tag=101 err=0 >> >> --- >> Med Venlig Hilsen / Best regards >> Henrik Dige Semark >> >> >> On 27-01-2010 21:06, Gaiseric Vandal wrote: >> >>> Try using "net ... -U Administrator" instead, since "root" is not >>> by default a member of the domain admin group. This presumes you have >>> created the Administrator account in samba, created the "domain >>> admins" group and setup the approp group mapping for key groups >>> (domain admins, domain users etc.) >>> >>> >>> >>> >>> On 01/27/10 14:23, Henrik Dige Semark wrote: >>> >>>> Dos the PDC have to join the domain also? >>>> >>>> When I try to join my PDC to its domain with "net join" I get the >>>> following error. >>>> >>>> Enter root's password: >>>> Could not connect to server PDC >>>> The username or password was not correct. >>>> Connection failed: NT_STATUS_LOGON_FAILURE >>>> >>>> >>>> The netbios name for my PDC is pdc.semarktest.dk I guess that way it >>>> tells my that is can't connect to server PDC >>>> I have checked that pdc is in the name server (nameserver is on >>>> 127.0.0.1) >>>> >>>> # host pdc >>>> pdc.semarktest.dk has address 192.168.1.182 >>>> >>>> Is there something I'm missing? >>>> >>>> Log dump from net join command: >>>> >>>> # tail -200 /var/log/syslog | grep slapd >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>>> connid=15 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>>> checking for input on id=15 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>>> dnPrettyNormal: >>>> >>>> >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >>>> dnPrettyNormal:, >>>> >>>> >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >>>> "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" >>>> >>>> 2 0 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >>>> (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest)) >>>> >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>>> bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>> >>>> >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>>> hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>> >>>> >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed: >>>> DB_NOTFOUND: No matching key/data pair found (-30990) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >>>> conn=15 op=2 p=3 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 >>>> matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text="" >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >>>> msgid=3 tag=101 err=32 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>>> connid=15 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>>> checking for input on id=15 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>>> dnPrettyNormal: >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >>>> dnPrettyNormal:, >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >>>> "dc=semark-testing,dc=dk" 2 0 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >>>> (&(uid=root)(objectClass=sambaSamAccount)) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: description >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>>> bdb_dn2entry("dc=semark-testing,dc=dk") >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: >>>> base="dc=semark-testing,dc=dk" (0x00000001) scope=2 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>>> hdb_dn2idl("dc=semark-testing,dc=dk") >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>>> bdb_equality_candidates (objectClass) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>> [b49d1940] >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>> (-30990) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >>>> bdb_equality_candidates: id=0, first=0, last=0 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>>> bdb_equality_candidates (uid) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>> [15f2129b] >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>> (-30990) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >>>> bdb_equality_candidates: id=0, first=0, last=0 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: >>>> id=0 first=1 last=0 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >>>> conn=15 op=3 p=3 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>>> matched="" text="" >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >>>> msgid=4 tag=101 err=0 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>>> connid=15 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>>> checking for input on id=15 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 >>>> failed errno=0 (Success) >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: >>>> readying conn=15 sd=22 for close >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: >>>> conn=15 sd=22 >>>> >>>> --- >>>> Med Venlig Hilsen / Best regards >>>> Henrik Dige Semark >>>> >>>> >>>> On 26-01-2010 22:42, Dale Schroeder wrote: >>>> >>>> >>>>> Henrik, >>>>> >>>>> I saw that another user wanted you to make sure that the PDC was >>>>> added >>>>> to the domain, and he is correct. >>>>> If it is still not working after adding the PDC to the domain, >>>>> consider changing the add machine script to this: >>>>> >>>>> add machine script = /usr/sbin/smbldap-useradd -i -w '%u' >>>>> >>>>> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that >>>>> is what fixed the issue. >>>>> >>>>> Dale >>>>> >>>>> >>>>> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote: >>>>> >>>>> >>>>>> I have a serous problem. >>>>>> >>>>>> I have for some time now tried to get an SAMBA based Domain >>>>>> Controller >>>>>> working. >>>>>> I have tried with OpenLDAP and tdbsam as backend, but I get the same >>>>>> error every time. >>>>>> >>>>>> I wood prefer to use LDAP as my backend. >>>>>> I have read tons of how-to SAMBA + LDAP, but non of the seams to >>>>>> work >>>>>> for my, is there someone that maybe can see what I have done rung in >>>>>> my config.? >>>>>> >>>>>> I have attached my samba conf and LDAP conf. >>>>>> >>>>>> Samba is connected to OpenLDAP, and LDAP is running fine. >>>>>> But when I try to join my Windows XP Pro SP3 I takes about one >>>>>> Min and >>>>>> it tells my that Username and/or Password maybe rung, ore not >>>>>> existing. >>>>>> >>>>>> There is no doubt that Samba and Ldap is talking together (samba >>>>>> have >>>>>> updated the SID and RID's), cause when I try to join the domain LDAP >>>>>> is activated, but the return value is somehow disappearing on the >>>>>> way >>>>>> back to my client >>>>>> >>>>>> I have some wireshark dump that I can provide if its necessary. >>>>>> I can provide LOGS, DUMPS, and everything needed if its necessary. >>>>>> >>>>>> System info: >>>>>> Clean installed Debian Lenny (5.0.3) >>>>>> Clean installed Samba 3.2.5 + Winbind 3.2.5 >>>>>> Clean installed OpenLDAP 2.4.11 (slapd) >>>>>> Debian default smbldap-tools (smbldap-populate is working and have >>>>>> populated LDAP without problems) >>>>>> if there is something I have forgotten please just ask for it, I'm >>>>>> close to be desperate.! >>>>>> >>>>>> --- >>>>>> Med Venlig Hilsen / Best regards >>>>>> Henrik Dige Semark >>>>>> >>>>>> >>>>>> >>>>>> >>> >> From gaiseric.vandal at gmail.com Wed Jan 27 14:22:57 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Wed, 27 Jan 2010 16:22:57 -0500 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <4B60A329.2040804@semark.dk> References: <4B5E0BCE.9080300@semark.dk> <4B5F61CE.7050908@BriannasSaladDressing.com> <4B6092A3.9000704@semark.dk> <4B609CD4.1040205@gmail.com> <4B60A329.2040804@semark.dk> Message-ID: <4B60AEB1.8050605@gmail.com> Sorry, should be "Administrator" Verify the user exists in samba with " pdbedit -Lv Administrator" and that group mapping is setup. # net groupmap list | grep "Domain Admins" Domain Admins (S-1-5-21-xxxxx-512) -> Domain Admins # The unix group name (on the right side of the mapping) may not exactly match the windows name. You might have # net groupmap list | grep "Domain Admins" Domain Admins (S-1-5-21-xxxxx-512) -> Samba_Domain_Admins # Also verify that the Administrator is the correct groups #groups Administrator Domain Admins Domain Users .... I also had mappings for Domain Users Domain Computers Domain Guests Domain Controllers On 01/27/10 15:33, Henrik Dige Semark wrote: > I have just tried with "net join -U Admin" and I get the same error as > before. > > # net join -U Admin > Enter admin's password: > Could not connect to server PDC > The username or password was not correct. > Connection failed: NT_STATUS_LOGON_FAILURE > > Ldap search for Admin: > > # ldapsearch -x -h 127.0.0.1 -p 389 > > # Admin, Users, semark-testing.dk > dn: uid=Admin,ou=Users,dc=semark-testing,dc=dk > cn: Admin > sn: Admin > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: sambaSamAccount > objectClass: posixAccount > objectClass: shadowAccount > gidNumber: 0 > uid: Admin > uidNumber: 0 > homeDirectory: /home/Admin > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaHomePath: \\192.168.1.182\Admin > sambaHomeDrive: H: > sambaProfilePath: \\192.168.1.182\profiles\Admin > sambaPrimaryGroupSID: S-1-5-21-860714184-2299130787-2886737959-512 > sambaSID: S-1-5-21-860714184-2299130787-2886737959-500 > loginShell: /bin/false > gecos: Netbios Domain Administrator > sambaLMPassword: my-pass > sambaAcctFlags: [U] > sambaNTPassword: my-pass > sambaPwdLastSet: 1264374249 > sambaPwdMustChange: 1268262249 > shadowMax: 45 > > Log dump from net join command: > > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=3 do_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "dc=semark-testing,dc=dk" 2 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (&(uid=admin)(objectClass=sambaSamAccount)) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: uid > Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber > Jan 27 21:31:11 hds-debian-virt slapd[1868]: gidNumber > Jan 27 21:31:11 hds-debian-virt slapd[1868]: homeDirectory > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdLastSet > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdCanChange > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdMustChange > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonTime > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogoffTime > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaKickoffTime > Jan 27 21:31:11 hds-debian-virt slapd[1868]: cn > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sn > Jan 27 21:31:11 hds-debian-virt slapd[1868]: displayName > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomeDrive > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomePath > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonScript > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaProfilePath > Jan 27 21:31:11 hds-debian-virt slapd[1868]: description > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaUserWorkstations > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaSID > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLMPassword > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaNTPassword > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaDomainName > Jan 27 21:31:11 hds-debian-virt slapd[1868]: objectClass > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaAcctFlags > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMungedDial > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordCount > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordTime > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPasswordHistory > Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonHours > Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp > Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber > Jan 27 21:31:11 hds-debian-virt slapd[1868]: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("dc=semark-testing,dc=dk") > Jan 27 21:31:11 hds-debian-virt slapd[1868]: search_candidates: base="dc=semark-testing,dc=dk" (0x00000001) scope=2 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_dn2idl("dc=semark-testing,dc=dk") > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (uid) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [f67dad88] > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 1 candidates > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=1, first=6, last=6 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [f937ce0f] > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 3 candidates > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=3, first=6, last=18 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_search_candidates: id=1 first=6 last=6 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="uid=Admin,ou=Users,dc=semark-testing,dc=dk" > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: conn 22 exit. > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=3 p=3 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 tag=101 err=0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=4 do_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMaxPwdAge > Jan 27 21:31:11 hds-debian-virt slapd[1868]: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: conn 22 exit. > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=4 p=3 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=5 tag=101 err=0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=5 do_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLockoutThreshold > Jan 27 21:31:11 hds-debian-virt slapd[1868]: > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" > Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: conn 22 exit. > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=22 op=5 p=3 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=6 tag=101 err=0 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got connid=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=22 > Jan 27 21:31:11 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed errno=0 (Success) > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_closing: readying conn=22 sd=22 for close > Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_close: conn=22 sd=22 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14) > Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14): got connid=5 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_read(14): checking for input on id=5 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: conn=5 op=1145 do_search > Jan 27 21:31:41 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:31:41 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: filter: (objectClass=sambaTrustedDomainPassword) > Jan 27 21:31:41 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaDomainName > Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaSID > Jan 27 21:31:41 hds-debian-virt slapd[1868]: > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:31:41 hds-debian-virt slapd[1868]: search_candidates: base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) scope=2 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [633a0e9d] > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=17 last=0 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: hdb_search: no candidates > Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 op=1145 p=3 > Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_response: msgid=1146 tag=101 err=0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14) > Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14): got connid=5 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_read(14): checking for input on id=5 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: conn=5 op=1146 do_search > Jan 27 21:32:11 hds-debian-virt slapd[1868]:>>> dnPrettyNormal: > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:, > Jan 27 21:32:11 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: 0 15 0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: filter: (objectClass=sambaTrustedDomainPassword) > Jan 27 21:32:11 hds-debian-virt slapd[1868]: attrs: > Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaDomainName > Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaSID > Jan 27 21:32:11 hds-debian-virt slapd[1868]: > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_search > Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:32:11 hds-debian-virt slapd[1868]: search_candidates: base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) scope=2 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940] > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass) > Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read > Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [633a0e9d] > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990) > Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=17 last=0 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates > Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 op=1146 p=3 > Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text="" > Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=1147 tag=101 err=0 > > --- > Med Venlig Hilsen / Best regards > Henrik Dige Semark > > > On 27-01-2010 21:06, Gaiseric Vandal wrote: > >> Try using "net ... -U Administrator" instead, since "root" is not >> by default a member of the domain admin group. This presumes you have >> created the Administrator account in samba, created the "domain >> admins" group and setup the approp group mapping for key groups >> (domain admins, domain users etc.) >> >> >> >> >> On 01/27/10 14:23, Henrik Dige Semark wrote: >> >>> Dos the PDC have to join the domain also? >>> >>> When I try to join my PDC to its domain with "net join" I get the >>> following error. >>> >>> Enter root's password: >>> Could not connect to server PDC >>> The username or password was not correct. >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> >>> The netbios name for my PDC is pdc.semarktest.dk I guess that way it >>> tells my that is can't connect to server PDC >>> I have checked that pdc is in the name server (nameserver is on >>> 127.0.0.1) >>> >>> # host pdc >>> pdc.semarktest.dk has address 192.168.1.182 >>> >>> Is there something I'm missing? >>> >>> Log dump from net join command: >>> >>> # tail -200 /var/log/syslog | grep slapd >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>> connid=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>> checking for input on id=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>> dnPrettyNormal: >>> >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >>> dnPrettyNormal:, >>> >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >>> "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" >>> 2 0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >>> (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest)) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>> >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>> hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>> >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed: >>> DB_NOTFOUND: No matching key/data pair found (-30990) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >>> conn=15 op=2 p=3 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 >>> matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text="" >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >>> msgid=3 tag=101 err=32 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>> connid=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>> checking for input on id=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>> dnPrettyNormal: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >>> dnPrettyNormal:, >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >>> "dc=semark-testing,dc=dk" 2 0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >>> (&(uid=root)(objectClass=sambaSamAccount)) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: description >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> bdb_dn2entry("dc=semark-testing,dc=dk") >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: >>> base="dc=semark-testing,dc=dk" (0x00000001) scope=2 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>> hdb_dn2idl("dc=semark-testing,dc=dk") >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>> bdb_equality_candidates (objectClass) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>> [b49d1940] >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>> (-30990) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >>> bdb_equality_candidates: id=0, first=0, last=0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>> bdb_equality_candidates (uid) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>> [15f2129b] >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>> (-30990) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >>> bdb_equality_candidates: id=0, first=0, last=0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: >>> id=0 first=1 last=0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >>> conn=15 op=3 p=3 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>> matched="" text="" >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >>> msgid=4 tag=101 err=0 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>> connid=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>> checking for input on id=15 >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 >>> failed errno=0 (Success) >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: >>> readying conn=15 sd=22 for close >>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: >>> conn=15 sd=22 >>> >>> --- >>> Med Venlig Hilsen / Best regards >>> Henrik Dige Semark >>> >>> >>> On 26-01-2010 22:42, Dale Schroeder wrote: >>> >>> >>>> Henrik, >>>> >>>> I saw that another user wanted you to make sure that the PDC was added >>>> to the domain, and he is correct. >>>> If it is still not working after adding the PDC to the domain, >>>> consider changing the add machine script to this: >>>> >>>> add machine script = /usr/sbin/smbldap-useradd -i -w '%u' >>>> >>>> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that >>>> is what fixed the issue. >>>> >>>> Dale >>>> >>>> >>>> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote: >>>> >>>> >>>>> I have a serous problem. >>>>> >>>>> I have for some time now tried to get an SAMBA based Domain Controller >>>>> working. >>>>> I have tried with OpenLDAP and tdbsam as backend, but I get the same >>>>> error every time. >>>>> >>>>> I wood prefer to use LDAP as my backend. >>>>> I have read tons of how-to SAMBA + LDAP, but non of the seams to work >>>>> for my, is there someone that maybe can see what I have done rung in >>>>> my config.? >>>>> >>>>> I have attached my samba conf and LDAP conf. >>>>> >>>>> Samba is connected to OpenLDAP, and LDAP is running fine. >>>>> But when I try to join my Windows XP Pro SP3 I takes about one Min and >>>>> it tells my that Username and/or Password maybe rung, ore not >>>>> existing. >>>>> >>>>> There is no doubt that Samba and Ldap is talking together (samba have >>>>> updated the SID and RID's), cause when I try to join the domain LDAP >>>>> is activated, but the return value is somehow disappearing on the way >>>>> back to my client >>>>> >>>>> I have some wireshark dump that I can provide if its necessary. >>>>> I can provide LOGS, DUMPS, and everything needed if its necessary. >>>>> >>>>> System info: >>>>> Clean installed Debian Lenny (5.0.3) >>>>> Clean installed Samba 3.2.5 + Winbind 3.2.5 >>>>> Clean installed OpenLDAP 2.4.11 (slapd) >>>>> Debian default smbldap-tools (smbldap-populate is working and have >>>>> populated LDAP without problems) >>>>> if there is something I have forgotten please just ask for it, I'm >>>>> close to be desperate.! >>>>> >>>>> --- >>>>> Med Venlig Hilsen / Best regards >>>>> Henrik Dige Semark >>>>> >>>>> >>>>> >>>>> >> From Andrew.Masterson at nuvistaenergy.com Wed Jan 27 14:16:42 2010 From: Andrew.Masterson at nuvistaenergy.com (Andrew Masterson) Date: Wed, 27 Jan 2010 14:16:42 -0700 Subject: [Samba] Help with samba implementation In-Reply-To: References: Message-ID: <24FD89BFC868FD4A991EDB69EDBE546257F8E2@nvaex01.nuvista.local> If you are doing anything samba related on AIX, I highly suggest that you look at the pware site. http://pware.hvcc.edu/ there are some docs on setting up Bill's pWare compile of samba on AIX here: http://pware.hvcc.edu/documentation.html And you can join the pWare mailing list here: http://lists.hvcc.edu/mailman/listinfo/pware Bill is usually very helpful in getting people's difficulties ironed out, and has the most current, stable versions of samba compiled and working for 6.1. -=Andrew From vorlon at debian.org Wed Jan 27 13:45:11 2010 From: vorlon at debian.org (Steve Langasek) Date: Wed, 27 Jan 2010 12:45:11 -0800 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: References: <4B5DD177.1000705@BriannasSaladDressing.com> <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> <20100126211842.GA6643@dario.dodds.net> <20100126222236.GA9310@dario.dodds.net> <20100127120546.GC26727@dario.dodds.net> Message-ID: <20100127204511.GA8779@dario.dodds.net> On Wed, Jan 27, 2010 at 05:13:37PM +0100, Volker Lendecke wrote: > > > > OK. Then I currently have no idea why allow_weak_crypto would be > > > > desirable for Samba. > > > In the case of AD realms that were continuously upgraded from NT4 domains, > > > you may have accounts only using RC4 as an enctype for > > > backwards-compatibility with pre-AD systems. I don't know if this is the > > > reason these users are seeing problems, but it's the only case I can think > > > of why allow_weak_crypto should be needed. > > Sorry, having looked at the source now, I see that the weak crypto handling > > is specific to DES, not RC4; and if Samba were *only* using RC4, this error > > would not happen. > > However, Samba requests both RC4 and DES, a historical remnant of the time > > when DES was the only enctype in common between all Kerberos > > implementations. > Referring to the SUBJECT: Where is this leading to a panic > in Samba 3.4, I got lost in the meantime. I'm afraid I don't know. I was cc:ed on this somewhat mid-thread, and haven't seen any panics; what I know about is http://bugs.debian.org/566977, which reports that after upgrade to MIT Kerberos 1.8alpha1, samba domain joins are failing because of the need for allow_weak_crypto to be set before setting DES tgs enctypes is permitted. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek at ubuntu.com vorlon at debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 828 bytes Desc: Digital signature URL: From hds at semark.dk Wed Jan 27 14:32:28 2010 From: hds at semark.dk (Henrik Dige Semark) Date: Wed, 27 Jan 2010 22:32:28 +0100 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <4B60AEB1.8050605@gmail.com> References: <4B5E0BCE.9080300@semark.dk> <4B5F61CE.7050908@BriannasSaladDressing.com> <4B6092A3.9000704@semark.dk> <4B609CD4.1040205@gmail.com> <4B60A329.2040804@semark.dk> <4B60AEB1.8050605@gmail.com> Message-ID: <4B60B0EC.4040407@semark.dk> My admin account is called Admin: # pdbedit -Lv Admin INFO: Current debug levels: all: True/256 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter log file = /var/log/samba/%m.log doing parameter panic action = /usr/share/samba/panic-action %d doing parameter security = user doing parameter encrypt passwords = true doing parameter unix password sync = yes doing parameter pam password change = yes doing parameter obey pam restrictions = no doing parameter passwd program = /usr/sbin/smbldap-passwd %u doing parameter passwd chat = *Nyt kodeord* \n *Det nye kodeord skal v?re minimum 6 karaktere lange, og kan indeholde [0-9], [a-z] og [A-Z]* \n *Ny kode* %n\n *Tast koden igen* %n\n * Koden skiftet korrekt* doing parameter printing = cups doing parameter load printers = Yes doing parameter printcap name = cups doing parameter socket options = TCP_NODELAY pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_PDC Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1 (ldapsam) Found pdb backend ldapsam smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SEMARKTEST))] smbldap_search_ext: base => [dc=semark-testing,dc=dk], filter => [(&(objectClass=sambaDomain)(sambaDomainName=SEMARKTEST))], scope => [2] Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE The connection to the LDAP server was closed smb_ldap_setup_connection: ldap://127.0.0.1 smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://127.0.0.1 as "cn=admin,dc=semark-testing,dc=dk" ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results The LDAP server is successfully connected attribute sambaAlgorithmicRidBase does not exist pdb backend ldapsam:ldap://127.0.0.1 has a valid init Netbios name list:- my_netbios_names[0]="PDC" Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1 (ldapsam) Found pdb backend ldapsam smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SEMARKTEST))] smbldap_search_ext: base => [dc=semark-testing,dc=dk], filter => [(&(objectClass=sambaDomain)(sambaDomainName=SEMARKTEST))], scope => [2] The connection to the LDAP server was closed smb_ldap_setup_connection: ldap://127.0.0.1 smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://127.0.0.1 as "cn=admin,dc=semark-testing,dc=dk" ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results The LDAP server is successfully connected attribute sambaAlgorithmicRidBase does not exist pdb backend ldapsam:ldap://127.0.0.1 has a valid init smbldap_search_ext: base => [dc=semark-testing,dc=dk], filter => [(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2] smbldap_open: already connected to the LDAP server init_sam_from_ldap: Entry found for user: Admin pdb_set_username: setting username Admin, was element 12 -> now SET pdb_set_domain: setting domain SEMARKTEST, was element 14 -> now DEFAULT pdb_set_nt_username: setting nt username Admin, was element 15 -> now SET pdb_set_user_sid_from_string: setting user sid S-1-5-21-860714184-2299130787-2886737959-500 pdb_set_user_sid: setting user sid S-1-5-21-860714184-2299130787-2886737959-500 element 18 -> now SET element 18: SET element 21 -> now SET element 5 -> now SET element 6 -> now SET element 7 -> now SET element 9 -> now SET element 10 -> now SET attribute displayName does not exist pdb_set_full_name: setting full name Admin, was element 13 -> now SET pdb_set_dir_drive: setting dir drive H:, was NULL element 3 -> now SET pdb_set_homedir: setting home dir \\192.168.1.182\Admin, was element 1 -> now SET attribute sambaLogonScript does not exist pdb_set_logon_script: setting logon script scripts/logon.bat, was element 4 -> now DEFAULT pdb_set_profile_path: setting profile path \\192.168.1.182\profiles\Admin, was element 2 -> now SET attribute description does not exist attribute sambaUserWorkstations does not exist attribute sambaMungedDial does not exist element 32 -> now SET element 33 -> now SET Opening cache file at /var/run/samba/gencache.tdb Returning expired cache entry: key = ACCT_POL/password history, value = 0 , timeout = Wed Jan 27 22:26:56 2010 ldapsam_get_account_policy_from_ldap smbldap_search_ext: base => [sambaDomainName=semarktest,dc=semark-testing,dc=dk], filter => [(objectclass=*)], scope => [0] smbldap_open: already connected to the LDAP server cache_account_policy_set: updating account pol cache Adding cache entry with key = ACCT_POL/password history; value = 0 and timeout = Wed Jan 27 22:28:14 2010 (60 seconds ahead) element 20 -> now SET element 16 -> now SET element 17 -> now SET attribute sambaBadPasswordCount does not exist attribute sambaBadPasswordTime does not exist attribute sambaLogonHours does not exist Opening cache file at /var/cache/samba/login_cache.tdb Looking up login cache for user Admin No cache entry found No cache entry, bad count = 0, bad time = 0 element 35 -> now CHANGED Unix username: Admin NT username: Admin Account Flags: [U ] User SID: S-1-5-21-860714184-2299130787-2886737959-500 Finding user Admin Trying _Get_Pwnam(), username as lowercase is admin Trying _Get_Pwnam(), username as given is Admin Trying _Get_Pwnam(), username as uppercase is ADMIN Checking combinations of 0 uppercase letters in admin Get_Pwnam_internals didn't find user [Admin]! pdb_get_group_sid: Failed to find Unix account for Admin Primary Group SID: (NULL SID) Full Name: Admin Home Directory: \\192.168.1.182\Admin HomeDir Drive: H: Logon Script: scripts/logon.bat Profile Path: \\192.168.1.182\profiles\Admin Domain: SEMARKTEST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: man, 25 jan 2010 00:04:09 CET Returning expired cache entry: key = ACCT_POL/minimum password age, value = 0 , timeout = Wed Jan 27 22:26:56 2010 ldapsam_get_account_policy_from_ldap smbldap_search_ext: base => [sambaDomainName=semarktest,dc=semark-testing,dc=dk], filter => [(objectclass=*)], scope => [0] smbldap_open: already connected to the LDAP server cache_account_policy_set: updating account pol cache Adding cache entry with key = ACCT_POL/minimum password age; value = 0 and timeout = Wed Jan 27 22:28:14 2010 (60 seconds ahead) Password can change: man, 25 jan 2010 00:04:09 CET Returning expired cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Wed Jan 27 22:26:56 2010 ldapsam_get_account_policy_from_ldap smbldap_search_ext: base => [sambaDomainName=semarktest,dc=semark-testing,dc=dk], filter => [(objectclass=*)], scope => [0] smbldap_open: already connected to the LDAP server cache_account_policy_set: updating account pol cache Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295 and timeout = Wed Jan 27 22:28:14 2010 (60 seconds ahead) Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF # net groupmap list | grep "Domain Admins" Domain Admins (S-1-5-21-860714184-2299130787-2886737959-512) -> 512 My system is still not authorising against LDAP for UNIX login so not sure that I can check groups --- Med Venlig Hilsen / Best regards Henrik Dige Semark On 27-01-2010 22:22, Gaiseric Vandal wrote: > Sorry, should be "Administrator" > > > Verify the user exists in samba with " pdbedit -Lv Administrator" > > and that group mapping is setup. > > # net groupmap list | grep "Domain Admins" > Domain Admins (S-1-5-21-xxxxx-512) -> Domain Admins > # > > The unix group name (on the right side of the mapping) may not > exactly match the windows name. > You might have > > # net groupmap list | grep "Domain Admins" > Domain Admins (S-1-5-21-xxxxx-512) -> Samba_Domain_Admins > # > > > Also verify that the Administrator is the correct groups > > #groups Administrator > Domain Admins Domain Users .... > > > > I also had mappings for > Domain Users > Domain Computers > Domain Guests > Domain Controllers > > > > On 01/27/10 15:33, Henrik Dige Semark wrote: >> I have just tried with "net join -U Admin" and I get the same error as >> before. >> >> # net join -U Admin >> Enter admin's password: >> Could not connect to server PDC >> The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> [ ... ] >> quality_candidates: id=0, first=0, last=0 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates: >> id=0 first=17 last=0 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 >> op=1146 p=3 >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >> matched="" text="" >> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response: >> msgid=1147 tag=101 err=0 >> >> --- >> Med Venlig Hilsen / Best regards >> Henrik Dige Semark >> >> >> On 27-01-2010 21:06, Gaiseric Vandal wrote: >> >>> Try using "net ... -U Administrator" instead, since "root" is not >>> by default a member of the domain admin group. This presumes you have >>> created the Administrator account in samba, created the "domain >>> admins" group and setup the approp group mapping for key groups >>> (domain admins, domain users etc.) >>> >>> >>> >>> >>> On 01/27/10 14:23, Henrik Dige Semark wrote: >>> >>>> Dos the PDC have to join the domain also? >>>> >>>> When I try to join my PDC to its domain with "net join" I get the >>>> following error. >>>> >>>> Enter root's password: >>>> Could not connect to server PDC >>>> The username or password was not correct. >>>> Connection failed: NT_STATUS_LOGON_FAILURE >>>> >>>> >>>> The netbios name for my PDC is pdc.semarktest.dk I guess that way it >>>> tells my that is can't connect to server PDC >>>> I have checked that pdc is in the name server (nameserver is on >>>> 127.0.0.1) >>>> >>>> # host pdc >>>> pdc.semarktest.dk has address 192.168.1.182 >>>> >>>> Is there something I'm missing? >>>> >>>> Log dump from net join command: >>>> >>>> # tail -200 /var/log/syslog | grep slapd >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>>> connid=15 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>>> checking for input on id=15 >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>>> dnPrettyNormal: >>>> >>>> [ ... ] >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: >>>> readying conn=15 sd=22 for close >>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: >>>> conn=15 sd=22 >>>> >>>> --- >>>> Med Venlig Hilsen / Best regards >>>> Henrik Dige Semark >>>> >>>> >>>> On 26-01-2010 22:42, Dale Schroeder wrote: >>>> >>>> >>>>> Henrik, >>>>> >>>>> I saw that another user wanted you to make sure that the PDC was >>>>> added >>>>> to the domain, and he is correct. >>>>> If it is still not working after adding the PDC to the domain, >>>>> consider changing the add machine script to this: >>>>> >>>>> add machine script = /usr/sbin/smbldap-useradd -i -w '%u' >>>>> >>>>> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that >>>>> is what fixed the issue. >>>>> >>>>> Dale >>>>> >>>>> >>>>> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote: >>>>> >>>>> >>>>>> I have a serous problem. >>>>>> >>>>>> I have for some time now tried to get an SAMBA based Domain >>>>>> Controller >>>>>> working. >>>>>> I have tried with OpenLDAP and tdbsam as backend, but I get the same >>>>>> error every time. >>>>>> >>>>>> I wood prefer to use LDAP as my backend. >>>>>> I have read tons of how-to SAMBA + LDAP, but non of the seams to >>>>>> work >>>>>> for my, is there someone that maybe can see what I have done rung in >>>>>> my config.? >>>>>> >>>>>> I have attached my samba conf and LDAP conf. >>>>>> >>>>>> Samba is connected to OpenLDAP, and LDAP is running fine. >>>>>> But when I try to join my Windows XP Pro SP3 I takes about one >>>>>> Min and >>>>>> it tells my that Username and/or Password maybe rung, ore not >>>>>> existing. >>>>>> >>>>>> There is no doubt that Samba and Ldap is talking together (samba >>>>>> have >>>>>> updated the SID and RID's), cause when I try to join the domain LDAP >>>>>> is activated, but the return value is somehow disappearing on the >>>>>> way >>>>>> back to my client >>>>>> >>>>>> I have some wireshark dump that I can provide if its necessary. >>>>>> I can provide LOGS, DUMPS, and everything needed if its necessary. >>>>>> >>>>>> System info: >>>>>> Clean installed Debian Lenny (5.0.3) >>>>>> Clean installed Samba 3.2.5 + Winbind 3.2.5 >>>>>> Clean installed OpenLDAP 2.4.11 (slapd) >>>>>> Debian default smbldap-tools (smbldap-populate is working and have >>>>>> populated LDAP without problems) >>>>>> if there is something I have forgotten please just ask for it, I'm >>>>>> close to be desperate.! >>>>>> >>>>>> --- >>>>>> Med Venlig Hilsen / Best regards >>>>>> Henrik Dige Semark >>>>>> >>>>>> >>>>>> >>>>>> >>> > From hds at semark.dk Wed Jan 27 14:43:00 2010 From: hds at semark.dk (Henrik Dige Semark) Date: Wed, 27 Jan 2010 22:43:00 +0100 Subject: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11 In-Reply-To: <31539a7b1001271331y67e29076u79cbbc530ebd44c1@mail.gmail.com> References: <4B5E0BCE.9080300@semark.dk> <4B5F61CE.7050908@BriannasSaladDressing.com> <4B6092A3.9000704@semark.dk> <4B609CD4.1040205@gmail.com> <4B60A329.2040804@semark.dk> <4B60A870.3090805@BriannasSaladDressing.com> <4B60AD33.9040701@semark.dk> <31539a7b1001271321j19f402d3j72af7e6e56ed7bec@mail.gmail.com> <4B60AEEB.3000806@semark.dk> <31539a7b1001271331y67e29076u79cbbc530ebd44c1@mail.gmail.com> Message-ID: <4B60B364.6000705@semark.dk> I have changes the order to: name resolve order = host lmhosts wins bcast # cat ldap.conf host 127.0.0.1 BASE dc=semark-testing,dc=dk URI ldap://localhost:389 rootbindn cn=admin,dc=semark-testing,dc=dk bind_policy soft # tail -f /var/log/samba/hds-virtbox1.log [ ... ] Yielding connection to IPC$ [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key B21000000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xa10c910 [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key B21000000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2010/01/27 22:40:36, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/01/27 22:40:36, 5] lib/util.c:show_msg(642) [2010/01/27 22:40:36, 5] lib/util.c:show_msg(652) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=0 smb_bcc=0 [2010/01/27 22:40:36, 11] lib/events.c:run_events(257) run_events: Nothing to do [2010/01/27 22:40:36, 11] lib/events.c:run_events(257) run_events: Nothing to do [2010/01/27 22:40:36, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2010/01/27 22:40:36, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2010/01/27 22:40:36, 3] smbd/process.c:smbd_process(2056) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2010/01/27 22:40:36, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2010/01/27 22:40:36, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/01/27 22:40:36, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key B2100000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xa10c910 [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key B2100000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2010/01/27 22:40:36, 3] smbd/server.c:exit_server_common(949) Server exit (normal exit) [2010/01/27 22:40:36, 6] param/loadparm.c:lp_file_list_changed(6729) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Tue Dec 29 20:59:38 2009 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jan 27 22:35:01 2010 [2010/01/27 22:40:36, 5] auth/auth_util.c:make_user_info_map(206) make_user_info_map: Mapping user [semarktest]\[Admin] from workstation [HDS-VIRTBOX1] [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [semarktest] [2010/01/27 22:40:36, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823) ldapsam_get_trusteddom_pw called for domain semarktest [2010/01/27 22:40:36, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest))], scope => [2] [2010/01/27 22:40:36, 5] lib/smbldap.c:smbldap_close(1110) The connection to the LDAP server was closed [2010/01/27 22:40:36, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldap://127.0.0.1 [2010/01/27 22:40:36, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_connect_system(961) ldap_connect_system: Binding to ldap server ldap://127.0.0.1 as "cn=admin,dc=semark-testing,dc=dk" [2010/01/27 22:40:36, 3] lib/smbldap.c:smbldap_connect_system(1007) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2010/01/27 22:40:36, 10] lib/events.c:event_add_timed(128) Added timed event "smbldap_idle_fn": a140580 [2010/01/27 22:40:36, 4] lib/smbldap.c:smbldap_open(1090) The LDAP server is successfully connected [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_search_ext(1271) Failed search for base: sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk, error: 32 (No such object) (unknown) [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/SEMARKTEST couldn't be found [2010/01/27 22:40:36, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain semarktest found. [2010/01/27 22:40:36, 5] auth/auth_util.c:make_user_info(120) attempting to make a user_info for Admin (Admin) [2010/01/27 22:40:36, 5] auth/auth_util.c:make_user_info(130) making strings for Admin's user_info struct [2010/01/27 22:40:36, 5] auth/auth_util.c:make_user_info(162) making blobs for Admin's user_info struct [2010/01/27 22:40:36, 10] auth/auth_util.c:make_user_info(180) made an encrypted user_info for Admin (Admin) [2010/01/27 22:40:36, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [semarktest]\[Admin]@[HDS-VIRTBOX1] with the new password interface [2010/01/27 22:40:36, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [semarktest]\[Admin]@[HDS-VIRTBOX1] [2010/01/27 22:40:36, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2010/01/27 22:40:36, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2010/01/27 22:40:36, 5] lib/util.c:dump_data(2223) [000] 80 1F 1E 9F 66 AF 90 5D ....f..] [2010/01/27 22:40:36, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: guest had nothing to say [2010/01/27 22:40:36, 8] lib/util.c:is_myname(2098) is_myname("semarktest") returns 0 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=semark-testing,dc=dk], filter => [(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2] [2010/01/27 22:40:36, 11] lib/smbldap.c:smbldap_open(1063) smbldap_open: already connected to the LDAP server [2010/01/27 22:40:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: Admin [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 12 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain SEMARKTEST, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494) element 14 -> now DEFAULT [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 15 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-860714184-2299130787-2886737959-500 [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-860714184-2299130787-2886737959-500 [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 18 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263) element 18: SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 21 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 5 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 6 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 7 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 9 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 10 -> now SET [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute displayName does not exist [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 13 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 3 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\192.168.1.182\Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 1 -> now SET [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts/logon.bat, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494) element 4 -> now DEFAULT [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\192.168.1.182\profiles\Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 2 -> now SET [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 32 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 33 -> now SET [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/01/27 22:40:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Wed Jan 27 22:41:36 2010 [2010/01/27 22:40:36, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914) ldapsam_get_account_policy: got valid value from cache [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 20 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 16 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 17 -> now SET [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2010/01/27 22:40:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2010/01/27 22:40:36, 5] passdb/login_cache.c:login_cache_init(40) Opening cache file at /var/cache/samba/login_cache.tdb [2010/01/27 22:40:36, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user Admin [2010/01/27 22:40:36, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2010/01/27 22:40:36, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(471) element 35 -> now CHANGED [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/01/27 22:40:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Wed Jan 27 22:41:36 2010 [2010/01/27 22:40:36, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914) ldapsam_get_account_policy: got valid value from cache [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user Admin [2010/01/27 22:40:36, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is admin [2010/01/27 22:40:36, 5] lib/username.c:Get_Pwnam_internals(85) Trying _Get_Pwnam(), username as given is Admin [2010/01/27 22:40:36, 5] lib/username.c:Get_Pwnam_internals(95) Trying _Get_Pwnam(), username as uppercase is ADMIN [2010/01/27 22:40:36, 5] lib/username.c:Get_Pwnam_internals(104) Checking combinations of 0 uppercase letters in admin [2010/01/27 22:40:36, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals didn't find user [Admin]! [2010/01/27 22:40:36, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for Admin [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263) element 3: SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263) element 1: SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273) element 4: DEFAULT [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263) element 2: SET [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/01/27 22:40:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Wed Jan 27 22:41:36 2010 [2010/01/27 22:40:36, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914) ldapsam_get_account_policy: got valid value from cache [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 18] lib/util_tdb.c:tdb_pack_va(501) tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 254 [2010/01/27 22:40:36, 18] lib/util_tdb.c:tdb_pack_va(501) tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 254) -> 254 [2010/01/27 22:40:36, 18] lib/util_tdb.c:tdb_unpack(655) tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 254) -> 254 [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 5 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 6 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 7 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 8 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 9 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 10 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 21 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 12 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain SEMARKTEST, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 14 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 15 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 13 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\192.168.1.182\Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 1 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 3 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts/logon.bat, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494) element 4 -> now DEFAULT [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\192.168.1.182\profiles\Admin, was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 2 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 23 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 24 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 26 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 33 -> now SET [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/01/27 22:40:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Wed Jan 27 22:41:36 2010 [2010/01/27 22:40:36, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914) ldapsam_get_account_policy: got valid value from cache [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 34 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-860714184-2299130787-2886737959-500 [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 18 -> now SET [2010/01/27 22:40:36, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-860714184-2299130787-2886737959-500 from rid 500 [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 16 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 29 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 30 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 31 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 20 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 17 -> now SET [2010/01/27 22:40:36, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 27 -> now SET [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 9] passdb/passdb.c:pdb_update_autolock_flag(1417) pdb_update_autolock_flag: Account Admin not autolocked, no check needed [2010/01/27 22:40:36, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2010/01/27 22:40:36, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user Admin [2010/01/27 22:40:36, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user Admin allowed to logon at this time (Wed Jan 27 21:40:36 2010 ) [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Wed Jan 27 22:41:36 2010 [2010/01/27 22:40:36, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914) ldapsam_get_account_policy: got valid value from cache [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 1] auth/auth_util.c:make_server_info_sam(562) User Admin in passdb, but getpwnam() fails! [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 0] auth/auth_sam.c:check_sam_security(355) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2010/01/27 22:40:36, 5] auth/auth.c:check_ntlm_password(272) check_ntlm_password: sam authentication for user [Admin] FAILED with error NT_STATUS_NO_SUCH_USER [2010/01/27 22:40:36, 3] auth/auth_winbind.c:check_winbind_security(54) check_winbind_security: Not using winbind, requested domain [semarktest] was for this SAM. [2010/01/27 22:40:36, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: winbind had nothing to say [2010/01/27 22:40:36, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Admin] -> [Admin] FAILED with error NT_STATUS_NO_SUCH_USER [2010/01/27 22:40:36, 5] auth/auth_util.c:free_user_info(1985) attempting to free (and zero) a user_info structure [2010/01/27 22:40:36, 10] auth/auth_util.c:free_user_info(1989) structure was created for Admin [2010/01/27 22:40:36, 3] smbd/error.c:error_packet_set(61) error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2010/01/27 22:40:36, 5] lib/util.c:show_msg(642) [2010/01/27 22:40:36, 5] lib/util.c:show_msg(652) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=0 smb_bcc=0 [2010/01/27 22:40:36, 11] lib/events.c:run_events(257) run_events: Nothing to do [2010/01/27 22:40:36, 11] lib/events.c:run_events(257) run_events: Nothing to do [2010/01/27 22:40:36, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2010/01/27 22:40:36, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2010/01/27 22:40:36, 3] smbd/process.c:smbd_process(2056) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2010/01/27 22:40:36, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2010/01/27 22:40:36, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2010/01/27 22:40:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/01/27 22:40:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2010/01/27 22:40:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/01/27 22:40:36, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/01/27 22:40:36, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key B3100000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xa133d58 [2010/01/27 22:40:36, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key B3100000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2010/01/27 22:40:36, 3] smbd/server.c:exit_server_common(949) Server exit (normal exit) --- Med Venlig Hilsen / Best regards Henrik Dige Semark On 27-01-2010 22:31, Eliel Oliveira wrote: > name resolve order = host lmhosts bcast wins > change the order of bcast and wins > bcast is slower than wins, witch is the best option in this case > > check your ldap.conf too, if you have a slave ldap server in > localhost. It should improve the performance of ldap searchs > and use ldap slave on smbldap.conf too. > > if does not solve your problem, post the part of the machine log when > you are trying to join the domain. > log file = /var/log/samba/%m.log > that should help a lot. > > regards > > > On Wed, Jan 27, 2010 at 7:23 PM, Henrik Dige Semark wrote: > >> I have already posted those once but here the go again >> >> --- >> Med Venlig Hilsen / Best regards >> Henrik Dige Semark >> >> On 27-01-2010 22:21, Eliel Oliveira wrote: >> >> post your global section of smb.conf >> are you using smbldap-tools ?? >> post your smbldap-tools.conf too >> it will be easyer if we know what we are dealing with. >> >> regards >> >> On Wed, Jan 27, 2010 at 7:16 PM, Henrik Dige Semark wrote: >> >>> I have remembered to run smbpassd -W, and I still get the same error >>> when I try with -S pdc on net join command. >>> >>> I can see that LDAP is activated, and that samba is doing something, but >>> it seams like the answer is disappear on the way back. >>> >>> Samba have initialised my LDAP with its SID and RID's, when it can do >>> this way is it not possible to lookup users? >>> >>> Is it necessary to join my PDC to its own domain btw.? cause the new >>> server here is going to be PDC and replace my old Win2k DC (its not a >>> member it a separate test-domain) >>> >>> --- >>> Med Venlig Hilsen / Best regards >>> Henrik Dige Semark >>> >>> >>> >>> On 27-01-2010 21:56, Dale Schroeder wrote: >>> >>>> Did you remember to run "smbpasswd -W"? >>>> >>>> Sometimes you have to add the -S switch for the join to work. >>>> net rpc join -S pdc -U root >>>> >>>> Dale >>>> >>>> >>>> On 01/27/2010 2:33 PM, Henrik Dige Semark wrote: >>>> >>>>> I have just tried with "net join -U Admin" and I get the same error as >>>>> before. >>>>> >>>>> # net join -U Admin >>>>> Enter admin's password: >>>>> Could not connect to server PDC >>>>> The username or password was not correct. >>>>> Connection failed: NT_STATUS_LOGON_FAILURE >>>>> >>>>> Ldap search for Admin: >>>>> >>>>> # ldapsearch -x -h 127.0.0.1 -p 389 >>>>> >>>>> # Admin, Users, semark-testing.dk >>>>> dn: uid=Admin,ou=Users,dc=semark-testing,dc=dk >>>>> cn: Admin >>>>> sn: Admin >>>>> objectClass: top >>>>> objectClass: person >>>>> objectClass: organizationalPerson >>>>> objectClass: inetOrgPerson >>>>> objectClass: sambaSamAccount >>>>> objectClass: posixAccount >>>>> objectClass: shadowAccount >>>>> gidNumber: 0 >>>>> uid: Admin >>>>> uidNumber: 0 >>>>> homeDirectory: /home/Admin >>>>> sambaLogonTime: 0 >>>>> sambaLogoffTime: 2147483647 >>>>> sambaKickoffTime: 2147483647 >>>>> sambaPwdCanChange: 0 >>>>> sambaHomePath: \\192.168.1.182\Admin >>>>> sambaHomeDrive: H: >>>>> sambaProfilePath: \\192.168.1.182\profiles\Admin >>>>> sambaPrimaryGroupSID: S-1-5-21-860714184-2299130787-2886737959-512 >>>>> sambaSID: S-1-5-21-860714184-2299130787-2886737959-500 >>>>> loginShell: /bin/false >>>>> gecos: Netbios Domain Administrator >>>>> sambaLMPassword: my-pass >>>>> sambaAcctFlags: [U] >>>>> sambaNTPassword: my-pass >>>>> sambaPwdLastSet: 1264374249 >>>>> sambaPwdMustChange: 1268262249 >>>>> shadowMax: 45 >>>>> >>>>> Log dump from net join command: >>>>> >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got >>>>> connid=22 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): >>>>> checking for input on id=22 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=3 do_search >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> >>>>> dnPrettyNormal: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< >>>>> dnPrettyNormal:, >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH >>>>> "dc=semark-testing,dc=dk" 2 0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: >>>>> (&(uid=admin)(objectClass=sambaSamAccount)) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uid >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: gidNumber >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: homeDirectory >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdLastSet >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdCanChange >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdMustChange >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonTime >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogoffTime >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaKickoffTime >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: cn >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sn >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: displayName >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomeDrive >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomePath >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonScript >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaProfilePath >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: description >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaUserWorkstations >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaSID >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLMPassword >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaNTPassword >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaDomainName >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: objectClass >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaAcctFlags >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMungedDial >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordCount >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordTime >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPasswordHistory >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonHours >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>>>> bdb_dn2entry("dc=semark-testing,dc=dk") >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: search_candidates: >>>>> base="dc=semark-testing,dc=dk" (0x00000001) scope=2 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => >>>>> hdb_dn2idl("dc=semark-testing,dc=dk") >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => >>>>> bdb_equality_candidates (objectClass) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>> [b49d1940] >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>>> (-30990) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= >>>>> bdb_equality_candidates: id=0, first=0, last=0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => >>>>> bdb_equality_candidates (uid) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>> [f67dad88] >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 1 >>>>> candidates >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= >>>>> bdb_equality_candidates: id=1, first=6, last=6 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => >>>>> bdb_equality_candidates (objectClass) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>> [f937ce0f] >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 3 >>>>> candidates >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= >>>>> bdb_equality_candidates: id=3, first=6, last=18 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_search_candidates: >>>>> id=1 first=6 last=6 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: >>>>> conn 22 dn="uid=Admin,ou=Users,dc=semark-testing,dc=dk" >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: >>>>> conn 22 exit. >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: >>>>> conn=22 op=3 p=3 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>>>> matched="" text="" >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: >>>>> msgid=4 tag=101 err=0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got >>>>> connid=22 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): >>>>> checking for input on id=22 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=4 do_search >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> >>>>> dnPrettyNormal: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< >>>>> dnPrettyNormal:, >>>>> >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH >>>>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMaxPwdAge >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>>>> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: >>>>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: >>>>> conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: >>>>> conn 22 exit. >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: >>>>> conn=22 op=4 p=3 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>>>> matched="" text="" >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: >>>>> msgid=5 tag=101 err=0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got >>>>> connid=22 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): >>>>> checking for input on id=22 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=5 do_search >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>> >>>>> dnPrettyNormal: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<< >>>>> dnPrettyNormal:, >>>>> >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH >>>>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLockoutThreshold >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: >>>>> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base: >>>>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry: >>>>> conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk" >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry: >>>>> conn 22 exit. >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: >>>>> conn=22 op=5 p=3 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>>>> matched="" text="" >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response: >>>>> msgid=6 tag=101 err=0 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got >>>>> connid=22 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22): >>>>> checking for input on id=22 >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: ber_get_next on fd 22 >>>>> failed errno=0 (Success) >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_closing: >>>>> readying conn=22 sd=22 for close >>>>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_close: >>>>> conn=22 sd=22 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14) >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14): got >>>>> connid=5 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_read(14): >>>>> checking for input on id=5 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: conn=5 op=1145 do_search >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:>>> >>>>> dnPrettyNormal: >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<<< >>>>> dnPrettyNormal:, >>>>> >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: SRCH >>>>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: 0 15 0 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: filter: >>>>> (objectClass=sambaTrustedDomainPassword) >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: attrs: >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaDomainName >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaSID >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_search >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: >>>>> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: search_candidates: >>>>> base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" >>>>> (0x00000011) scope=2 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => >>>>> hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => >>>>> bdb_equality_candidates (objectClass) >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>> [b49d1940] >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>>> (-30990) >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= >>>>> bdb_equality_candidates: id=0, first=0, last=0 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => >>>>> bdb_equality_candidates (objectClass) >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>> [633a0e9d] >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>>> (-30990) >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= >>>>> bdb_equality_candidates: id=0, first=0, last=0 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_search_candidates: >>>>> id=0 first=17 last=0 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: hdb_search: no candidates >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 >>>>> op=1145 p=3 >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>>>> matched="" text="" >>>>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_response: >>>>> msgid=1146 tag=101 err=0 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14) >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14): got >>>>> connid=5 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_read(14): >>>>> checking for input on id=5 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: conn=5 op=1146 do_search >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:>>> >>>>> dnPrettyNormal: >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<<< >>>>> dnPrettyNormal:, >>>>> >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: SRCH >>>>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: 0 15 0 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: filter: >>>>> (objectClass=sambaTrustedDomainPassword) >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: attrs: >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaDomainName >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaSID >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_search >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: >>>>> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: search_candidates: >>>>> base="sambaDomainName=semarktest,dc=semark-testing,dc=dk" >>>>> (0x00000011) scope=2 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => >>>>> hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => >>>>> bdb_equality_candidates (objectClass) >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>> [b49d1940] >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>>> (-30990) >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= >>>>> bdb_equality_candidates: id=0, first=0, last=0 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => >>>>> bdb_equality_candidates (objectClass) >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>> [633a0e9d] >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>>> (-30990) >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= >>>>> bdb_equality_candidates: id=0, first=0, last=0 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates: >>>>> id=0 first=17 last=0 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 >>>>> op=1146 p=3 >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>>>> matched="" text="" >>>>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response: >>>>> msgid=1147 tag=101 err=0 >>>>> >>>>> --- >>>>> Med Venlig Hilsen / Best regards >>>>> Henrik Dige Semark >>>>> >>>>> >>>>> On 27-01-2010 21:06, Gaiseric Vandal wrote: >>>>> >>>>> >>>>>> Try using "net ... -U Administrator" instead, since "root" is not >>>>>> by default a member of the domain admin group. This presumes you have >>>>>> created the Administrator account in samba, created the "domain >>>>>> admins" group and setup the approp group mapping for key groups >>>>>> (domain admins, domain users etc.) >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On 01/27/10 14:23, Henrik Dige Semark wrote: >>>>>> >>>>>> >>>>>>> Dos the PDC have to join the domain also? >>>>>>> >>>>>>> When I try to join my PDC to its domain with "net join" I get the >>>>>>> following error. >>>>>>> >>>>>>> Enter root's password: >>>>>>> Could not connect to server PDC >>>>>>> The username or password was not correct. >>>>>>> Connection failed: NT_STATUS_LOGON_FAILURE >>>>>>> >>>>>>> >>>>>>> The netbios name for my PDC is pdc.semarktest.dk I guess that way it >>>>>>> tells my that is can't connect to server PDC >>>>>>> I have checked that pdc is in the name server (nameserver is on >>>>>>> 127.0.0.1) >>>>>>> >>>>>>> # host pdc >>>>>>> pdc.semarktest.dk has address 192.168.1.182 >>>>>>> >>>>>>> Is there something I'm missing? >>>>>>> >>>>>>> Log dump from net join command: >>>>>>> >>>>>>> # tail -200 /var/log/syslog | grep slapd >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>>>>>> connid=15 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>>>>>> checking for input on id=15 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>>>>>> dnPrettyNormal: >>>>>>> >>>>>>> >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >>>>>>> dnPrettyNormal:, >>>>>>> >>>>>>> >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >>>>>>> "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" >>>>>>> >>>>>>> 2 0 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >>>>>>> (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest)) >>>>>>> >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>>>>>> bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>>>>> >>>>>>> >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>>>>>> hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk") >>>>>>> >>>>>>> >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed: >>>>>>> DB_NOTFOUND: No matching key/data pair found (-30990) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >>>>>>> conn=15 op=2 p=3 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 >>>>>>> matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text="" >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >>>>>>> msgid=3 tag=101 err=32 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>>>>>> connid=15 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>>>>>> checking for input on id=15 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> >>>>>>> dnPrettyNormal: >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< >>>>>>> dnPrettyNormal:, >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH >>>>>>> "dc=semark-testing,dc=dk" 2 0 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: >>>>>>> (&(uid=root)(objectClass=sambaSamAccount)) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs: >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: description >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>>>>>> bdb_dn2entry("dc=semark-testing,dc=dk") >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: >>>>>>> base="dc=semark-testing,dc=dk" (0x00000001) scope=2 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>>>>>> hdb_dn2idl("dc=semark-testing,dc=dk") >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>>>>>> bdb_equality_candidates (objectClass) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>>>> [b49d1940] >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>>>>> (-30990) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >>>>>>> bdb_equality_candidates: id=0, first=0, last=0 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => >>>>>>> bdb_equality_candidates (uid) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: >>>>>>> [15f2129b] >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed >>>>>>> (-30990) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= >>>>>>> bdb_equality_candidates: id=0, first=0, last=0 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: >>>>>>> id=0 first=1 last=0 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: >>>>>>> conn=15 op=3 p=3 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 >>>>>>> matched="" text="" >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: >>>>>>> msgid=4 tag=101 err=0 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got >>>>>>> connid=15 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): >>>>>>> checking for input on id=15 >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 >>>>>>> failed errno=0 (Success) >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: >>>>>>> readying conn=15 sd=22 for close >>>>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: >>>>>>> conn=15 sd=22 >>>>>>> >>>>>>> --- >>>>>>> Med Venlig Hilsen / Best regards >>>>>>> Henrik Dige Semark >>>>>>> >>>>>>> >>>>>>> On 26-01-2010 22:42, Dale Schroeder wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Henrik, >>>>>>>> >>>>>>>> I saw that another user wanted you to make sure that the PDC was >>>>>>>> added >>>>>>>> to the domain, and he is correct. >>>>>>>> If it is still not working after adding the PDC to the domain, >>>>>>>> consider changing the add machine script to this: >>>>>>>> >>>>>>>> add machine script = /usr/sbin/smbldap-useradd -i -w '%u' >>>>>>>> >>>>>>>> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that >>>>>>>> is what fixed the issue. >>>>>>>> >>>>>>>> Dale >>>>>>>> >>>>>>>> >>>>>>>> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> I have a serous problem. >>>>>>>>> >>>>>>>>> I have for some time now tried to get an SAMBA based Domain >>>>>>>>> Controller >>>>>>>>> working. >>>>>>>>> I have tried with OpenLDAP and tdbsam as backend, but I get the same >>>>>>>>> error every time. >>>>>>>>> >>>>>>>>> I wood prefer to use LDAP as my backend. >>>>>>>>> I have read tons of how-to SAMBA + LDAP, but non of the seams to >>>>>>>>> work >>>>>>>>> for my, is there someone that maybe can see what I have done rung in >>>>>>>>> my config.? >>>>>>>>> >>>>>>>>> I have attached my samba conf and LDAP conf. >>>>>>>>> >>>>>>>>> Samba is connected to OpenLDAP, and LDAP is running fine. >>>>>>>>> But when I try to join my Windows XP Pro SP3 I takes about one >>>>>>>>> Min and >>>>>>>>> it tells my that Username and/or Password maybe rung, ore not >>>>>>>>> existing. >>>>>>>>> >>>>>>>>> There is no doubt that Samba and Ldap is talking together (samba >>>>>>>>> have >>>>>>>>> updated the SID and RID's), cause when I try to join the domain LDAP >>>>>>>>> is activated, but the return value is somehow disappearing on the >>>>>>>>> way >>>>>>>>> back to my client >>>>>>>>> >>>>>>>>> I have some wireshark dump that I can provide if its necessary. >>>>>>>>> I can provide LOGS, DUMPS, and everything needed if its necessary. >>>>>>>>> >>>>>>>>> System info: >>>>>>>>> Clean installed Debian Lenny (5.0.3) >>>>>>>>> Clean installed Samba 3.2.5 + Winbind 3.2.5 >>>>>>>>> Clean installed OpenLDAP 2.4.11 (slapd) >>>>>>>>> Debian default smbldap-tools (smbldap-populate is working and have >>>>>>>>> populated LDAP without problems) >>>>>>>>> if there is something I have forgotten please just ask for it, I'm >>>>>>>>> close to be desperate.! >>>>>>>>> >>>>>>>>> --- >>>>>>>>> Med Venlig Hilsen / Best regards >>>>>>>>> Henrik Dige Semark >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> >>>>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> From Keith.Schoepflin at hp.com Wed Jan 27 14:45:09 2010 From: Keith.Schoepflin at hp.com (Schoepflin, Keith) Date: Wed, 27 Jan 2010 21:45:09 +0000 Subject: [Samba] Does samba-common-3.0.10-1.4E.12.2 support NTLM? Message-ID: I would like to know if NTLM is supported in samba version 3.0.10-1.4E.12.2. Thanks Cheers, Keith From stan at hardwarefreak.com Wed Jan 27 15:37:25 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 27 Jan 2010 16:37:25 -0600 Subject: [Samba] single stream performance issue, Win2K, WinXP, Samba 3.2.5-4lenny7 (Debian Lenny) In-Reply-To: <4B5E299A.7020908@hardwarefreak.com> References: <4B58E2B1.9000907@hardwarefreak.com> <9210629800.20100122030444@online.ru> <4B5AB7D4.80309@tlinx.org> <7efa8a7d1001230131p272c1c45ob0f02b35026ac1e7@mail.gmail.com> <4B5B57D8.2050503@hardwarefreak.com> <5a8aa6681001240409h6fc6d319g299f04e9b2673cba@mail.gmail.com> <4B5D36CC.1010103@hardwarefreak.com> <4B5E299A.7020908@hardwarefreak.com> Message-ID: <4B60C025.8080004@hardwarefreak.com> Stan Hoeppner put forth on 1/25/2010 5:30 PM: > Volker Lendecke put forth on 1/25/2010 1:28 AM: >> The dual-stream one is kindof limited help. The interesting >> piece is how Win->Win does its thing faster, so we need to >> see that one. > > I've been busting my but trying to get you something meaningful. This dump is > less than optimal for two reasons, but it's the best I can get you thus far. > > 1. Running tshark on Win2K creates a huge network performance hit and thus b/w > numbers for small file (<250MB) transfers don't come close to accurately > describing the real world. With tshark running the b/w is less than half of > normal with small files. > > 2. Because of this I had to do a huge file copy to allow time for the client to > level off at peak performance, which is still ~500KB/s lower than normal due to > tshark overhead. > > Anyway, the file is over 400MB. It'll take quite a while to grab off my server. > > http://www.hardwarefreak.com/smb-winwin-single-stream > > Hope you are able to glean something meaningful from it. Were you able to grab this trace file yet Volker? If so, have you found anything interesting yet when comparing it to the previous Samba->Win2K trace file? Any clues yet as to why the win-win throughput is almost 3MB/s better than Samba->Win? If you haven't dug into it yet, as a reminder, this last trace capture was done with tshark on windows. The previous trace file was captured on the Linux machine with tcpdump. -- Stan From stan at hardwarefreak.com Wed Jan 27 16:03:37 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 27 Jan 2010 17:03:37 -0600 Subject: [Samba] max smbd processes Message-ID: <4B60C649.7000400@hardwarefreak.com> Samba 3.2.5 on Debian Lenny From: http://www.samba.org/samba/docs/server_security.html "Samba is able to limit the number of concurrent connections when smbd is launched as a daemon (not from inetd). The 'max smbd processes' smb.conf option allows Administrators to define the maximum number of smbd processes running at any given point in time. Any further attempts from clients to connect to the server will be rejected." I'm using max smbd processes for another reason. I'm trying to optimize memory usage on this box, which really only ever has one samba client machine connecting. I'm trying to get the number of smbd processes down to 1 but to this point have failed. I have in /etc/samba/smb.conf: max smbd processes = 1 Yet once restarting samba and connecting to a share, I get this: [04:41:16][root at greer]/$ ps -ef|grep smbd root 8586 1 0 00:12 ? 00:00:00 /usr/sbin/smbd -D root 8591 8586 0 00:12 ? 00:00:00 /usr/sbin/smbd -D stan 8596 8586 0 00:13 ? 00:00:56 /usr/sbin/smbd -D top: 8586 root 20 0 12368 2828 2168 S 0 0.7 0:00.12 smbd 8591 root 20 0 12368 984 340 S 0 0.3 0:00.00 smbd 8596 stan 20 0 12912 3972 2896 S 0 1.0 0:56.46 smbd I've set max smbd processes to 1, yet I see 3 smbd processes. Is something broken? Is "max smbd processes" not an accurate description? Would it better be described as "max smbd concurrent clients" or "max smbd user processes"? I can understand the need for a master daemon process that spawns children for each connection, but at most that should require 2 smbd processes, not 3. As you can see from the top output, only one smbd process is actually servicing a client. One is completely idle, sucking up resources. The other appears to be the master which spawns the children. I know I'm in a fringe scenario here, as most people aren't going to try to limit smbd processes to 1. I'm just wondering why the documentation is so exactly specific as to the nature of this config option, but why the option doesn't work the way it is described. Is this a "truth in advertising" issue, or am I missing something else in my config to make this config directive work as advertised? Thanks. -- Stan From jra at samba.org Wed Jan 27 16:18:11 2010 From: jra at samba.org (Jeremy Allison) Date: Wed, 27 Jan 2010 15:18:11 -0800 Subject: [Samba] max smbd processes In-Reply-To: <4B60C649.7000400@hardwarefreak.com> References: <4B60C649.7000400@hardwarefreak.com> Message-ID: <20100127231811.GC21446@samba1> On Wed, Jan 27, 2010 at 05:03:37PM -0600, Stan Hoeppner wrote: > Samba 3.2.5 on Debian Lenny > > From: http://www.samba.org/samba/docs/server_security.html > "Samba is able to limit the number of concurrent connections when smbd is > launched as a daemon (not from inetd). The 'max smbd processes' smb.conf option > allows Administrators to define the maximum number of smbd processes running at > any given point in time. Any further attempts from clients to connect to the > server will be rejected." > > I'm using max smbd processes for another reason. I'm trying to optimize memory > usage on this box, which really only ever has one samba client machine > connecting. I'm trying to get the number of smbd processes down to 1 but to > this point have failed. I have in /etc/samba/smb.conf: > > max smbd processes = 1 > > Yet once restarting samba and connecting to a share, I get this: > > [04:41:16][root at greer]/$ ps -ef|grep smbd > root 8586 1 0 00:12 ? 00:00:00 /usr/sbin/smbd -D > root 8591 8586 0 00:12 ? 00:00:00 /usr/sbin/smbd -D > stan 8596 8586 0 00:13 ? 00:00:56 /usr/sbin/smbd -D > > top: > 8586 root 20 0 12368 2828 2168 S 0 0.7 0:00.12 smbd > 8591 root 20 0 12368 984 340 S 0 0.3 0:00.00 smbd > 8596 stan 20 0 12912 3972 2896 S 0 1.0 0:56.46 smbd > > I've set max smbd processes to 1, yet I see 3 smbd processes. Is something > broken? No. > Is "max smbd processes" not an accurate description? Would it better > be described as "max smbd concurrent clients" or "max smbd user processes"? Yes, that's a better description. > I can understand the need for a master daemon process that spawns children for > each connection, but at most that should require 2 smbd processes, not 3. As > you can see from the top output, only one smbd process is actually servicing a > client. One is completely idle, sucking up resources. The other appears to be > the master which spawns the children. There's also the printer background lpq updater process, that's the third one. We should probably update the description to make this clear. It's all working as designed. You can always comment out the code for this (it's in printing/printing.c:start_background_queue()) if you are resource constrained. Jeremy. From stan at hardwarefreak.com Wed Jan 27 17:21:36 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 27 Jan 2010 18:21:36 -0600 Subject: [Samba] max smbd processes In-Reply-To: <20100127231811.GC21446@samba1> References: <4B60C649.7000400@hardwarefreak.com> <20100127231811.GC21446@samba1> Message-ID: <4B60D890.2030106@hardwarefreak.com> Jeremy Allison put forth on 1/27/2010 5:18 PM: >> Is "max smbd processes" not an accurate description? Would it better >> be described as "max smbd concurrent clients" or "max smbd user processes"? > > Yes, that's a better description. Understood. > There's also the printer background lpq updater process, that's the > third one. We should probably update the description to make this > clear. It's all working as designed. You can always comment out > the code for this (it's in printing/printing.c:start_background_queue()) > if you are resource constrained. Aha, so that's what the third one is. As I don't do printer sharing this possibility slipped my mind. I'm not so resource constrained as to start hacking source. I always stick with my distro's packages unless extreme circumstances require going to source, and this really isn't one of them. Maybe there could be a future smb.conf option to completely disable printer sharing and the launch of the deamon process? I noticed in the documentation I quoted earlier something about running Samba from inetd. Is this (easily) doable? Would running from inetd be advantageous in my low resource consumption scenario, processes exiting after a period of inactivity? Or would this cause more problems than it would solve? Thanks Jeremy. -- Stan P.S. We briefly met once a few years ago when you were in St. Louis. You stopped by Whitfield School to troubleshoot an issue with the AD code. I was the sysadmin there at the time. You were working for Novell at that time. From jra at samba.org Wed Jan 27 18:20:36 2010 From: jra at samba.org (Jeremy Allison) Date: Wed, 27 Jan 2010 17:20:36 -0800 Subject: [Samba] max smbd processes In-Reply-To: <4B60D890.2030106@hardwarefreak.com> References: <4B60C649.7000400@hardwarefreak.com> <20100127231811.GC21446@samba1> <4B60D890.2030106@hardwarefreak.com> Message-ID: <20100128012036.GA13381@samba1> On Wed, Jan 27, 2010 at 06:21:36PM -0600, Stan Hoeppner wrote: > > Aha, so that's what the third one is. As I don't do printer sharing this > possibility slipped my mind. I'm not so resource constrained as to start > hacking source. I always stick with my distro's packages unless extreme > circumstances require going to source, and this really isn't one of them. > > Maybe there could be a future smb.conf option to completely disable printer > sharing and the launch of the deamon process? Good point, I'll think about this. > I noticed in the documentation I quoted earlier something about running Samba > from inetd. Is this (easily) doable? Would running from inetd be advantageous > in my low resource consumption scenario, processes exiting after a period of > inactivity? Or would this cause more problems than it would solve? Should work. Log a bug if it doesn't. It will also prevent the backend printer smbd from running as well. > P.S. We briefly met once a few years ago when you were in St. Louis. You > stopped by Whitfield School to troubleshoot an issue with the AD code. I was > the sysadmin there at the time. You were working for Novell at that time. Oh that's great ! I am actually wearing my green Whitfield School fleese right now ! It's one of my favourite items of clothing :-). Thanks, Jeremy. From danielgore at yaktech.com Wed Jan 27 19:29:27 2010 From: danielgore at yaktech.com (Daniel R. Gore) Date: Wed, 27 Jan 2010 21:29:27 -0500 Subject: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID..... Message-ID: <1264645767.12367.41.camel@hawku> Because of the extremely restrictive security environment we work under, our Windows Admins have disabled the administrator account on our Domain and created a new account with administrator rights. The result is that the common RID of 500 which maps to the Linux UID and GID of 500 is no longer valid. This means that when the Windows Domain controller, via the Domain Administrator (which has another name and RID) tries to make an account on the samba share where the profiles are intended for, it fails because Samba expects this to come from the well known RID of 500. Is there any way to specify in Samba what RID number to expect and use for Domain Administration management? Thanks. Dan _________________________________ This email has been ClamScanned ! www.clamav.net From jht at samba.org Wed Jan 27 20:27:11 2010 From: jht at samba.org (John H Terpstra) Date: Wed, 27 Jan 2010 21:27:11 -0600 Subject: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID..... In-Reply-To: <1264645767.12367.41.camel@hawku> References: <1264645767.12367.41.camel@hawku> Message-ID: <4B61040F.7090003@samba.org> On 01/27/2010 08:29 PM, Daniel R. Gore wrote: > Because of the extremely restrictive security environment we work under, > our Windows Admins have disabled the administrator account on our Domain > and created a new account with administrator rights. The result is that > the common RID of 500 which maps to the Linux UID and GID of 500 is no > longer valid. This means that when the Windows Domain controller, via > the Domain Administrator (which has another name and RID) tries to make > an account on the samba share where the profiles are intended for, it > fails because Samba expects this to come from the well known RID of > 500. > > Is there any way to specify in Samba what RID number to expect and use > for Domain Administration management? > > Thanks. > > Dan Dan, You can assign suitable rights and privileges using the "net" utility as follows: net rpc grant rights "DOMAIN\Group Name" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -Uadministrator%password When correctly processed for domain group "Whatchamacallit" you will get something that looks like this: net rpc rights list accounts -Uwinadmin%n3v3rgessit BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned URDOMAIN\Whatchamacallit SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Yell if you need more help. Cheers, John T. From stan at hardwarefreak.com Wed Jan 27 20:16:43 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 27 Jan 2010 21:16:43 -0600 Subject: [Samba] max smbd processes In-Reply-To: <20100128012036.GA13381@samba1> References: <4B60C649.7000400@hardwarefreak.com> <20100127231811.GC21446@samba1> <4B60D890.2030106@hardwarefreak.com> <20100128012036.GA13381@samba1> Message-ID: <4B61019B.9030408@hardwarefreak.com> Jeremy Allison put forth on 1/27/2010 7:20 PM: > On Wed, Jan 27, 2010 at 06:21:36PM -0600, Stan Hoeppner wrote: >> I noticed in the documentation I quoted earlier something about running Samba >> from inetd. Is this (easily) doable? Would running from inetd be advantageous >> in my low resource consumption scenario, processes exiting after a period of >> inactivity? Or would this cause more problems than it would solve? > > Should work. Log a bug if it doesn't. It will also prevent the > backend printer smbd from running as well. I'd never dug into inetd.conf before today. Luckily I've got smbd working via inetd now. I didn't configure nmbd in inetd as I don't really need browsing. I have netbios disabled everywhere anyway so it's of little use. So, this is great, exactly what I was looking for. When I click my mapped drive(s) in Windows, a single smbd process fires on the Debian host, and it works, just as it should. I've not rebooted the system since making the inetd changes, merely killing inetd with -HUP to reload its config. The Samba init script is still going to be run during the next boot as I haven't monkeyed with the rcX.d directories or anything. I set RUN_MODE="inetd" in the /etc/init.d/samba script. Will that change by itself keep the script from launching the normal set of daemon processes or is there something else I need to do to prevent this and have inetd handle it all? >> P.S. We briefly met once a few years ago when you were in St. Louis. You >> stopped by Whitfield School to troubleshoot an issue with the AD code. I was >> the sysadmin there at the time. You were working for Novell at that time. > > Oh that's great ! I am actually wearing my green Whitfield School fleese > right now ! It's one of my favourite items of clothing :-). I guess that clothing is better than the name it bears. Do you wear any of your Novell clothing? If not, you'll understand why I no longer wear any of my Whitfield clothing. ;) However, I'm glad I was working there at that time, as it offered me the rare opportunity to meet one of the great wizards in the FOSS realm. ;) I must admit I haven't kept tabs on you since you left Novell and landed at Google. I just recently joined the samba list (should have long ago). I noticed the listserv seems to be hosted in Utah. Are you still living in the mountains or did you migrate to the Bay Area? Novell has its problems, but one has to admit they picked a spot with one heck of view for their HQ. I was there for Brainshare '07. The view of those mountains almost made me want to move there. Then I came to my senses when taking the local religion factor into account. ;) Sorry I'm getting OT. I guess we could pick up the reminiscing off list. -- Stan From rob at steinmetznet.com Wed Jan 27 23:26:34 2010 From: rob at steinmetznet.com (Robert Steinmetz AIA) Date: Thu, 28 Jan 2010 00:26:34 -0600 Subject: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID..... In-Reply-To: <4B61040F.7090003@samba.org> References: <1264645767.12367.41.camel@hawku> <4B61040F.7090003@samba.org> Message-ID: <4B612E1A.60909@steinmetznet.com> I just tried that on my network. I think the correct command is "net rpc rights grant" Which seemed to work on the DC But although geten and wbinfo work, I didn't get any of the domain users with this command. Shouldn't they be listed? John H Terpstra wrote: > On 01/27/2010 08:29 PM, Daniel R. Gore wrote: > >> Because of the extremely restrictive security environment we work under, >> our Windows Admins have disabled the administrator account on our Domain >> and created a new account with administrator rights. The result is that >> the common RID of 500 which maps to the Linux UID and GID of 500 is no >> longer valid. This means that when the Windows Domain controller, via >> the Domain Administrator (which has another name and RID) tries to make >> an account on the samba share where the profiles are intended for, it >> fails because Samba expects this to come from the well known RID of >> 500. >> >> Is there any way to specify in Samba what RID number to expect and use >> for Domain Administration management? >> >> Thanks. >> >> Dan >> > Dan, > > You can assign suitable rights and privileges using the "net" utility as > follows: > > net rpc grant rights "DOMAIN\Group Name" SeMachineAccountPrivilege > SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege > SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege > SeDiskOperatorPrivilege -Uadministrator%password > > When correctly processed for domain group "Whatchamacallit" you will get > something that looks like this: > > net rpc rights list accounts -Uwinadmin%n3v3rgessit > BUILTIN\Print Operators > No privileges assigned > > BUILTIN\Account Operators > No privileges assigned > > BUILTIN\Backup Operators > No privileges assigned > > BUILTIN\Server Operators > No privileges assigned > > BUILTIN\Administrators > SeMachineAccountPrivilege > SeTakeOwnershipPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeRemoteShutdownPrivilege > SePrintOperatorPrivilege > SeAddUsersPrivilege > SeDiskOperatorPrivilege > > Everyone > No privileges assigned > URDOMAIN\Whatchamacallit > SeMachineAccountPrivilege > SeTakeOwnershipPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeRemoteShutdownPrivilege > SePrintOperatorPrivilege > SeAddUsersPrivilege > SeDiskOperatorPrivilege > > > Yell if you need more help. > > Cheers, > John T. > -- Robert Steinmetz, AIA Principal Steinmetz & Associates From bubulle at debian.org Wed Jan 27 23:41:00 2010 From: bubulle at debian.org (Christian PERRIER) Date: Thu, 28 Jan 2010 07:41:00 +0100 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <20100127204511.GA8779@dario.dodds.net> References: <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> <20100126211842.GA6643@dario.dodds.net> <20100126222236.GA9310@dario.dodds.net> <20100127120546.GC26727@dario.dodds.net> <20100127204511.GA8779@dario.dodds.net> Message-ID: <20100128064059.GE4604@mykerinos.kheops.frmug.org> Quoting Steve Langasek (vorlon at debian.org): > > Referring to the SUBJECT: Where is this leading to a panic > > in Samba 3.4, I got lost in the meantime. > > I'm afraid I don't know. I was cc:ed on this somewhat mid-thread, and > haven't seen any panics; what I know about is http://bugs.debian.org/566977, > which reports that after upgrade to MIT Kerberos 1.8alpha1, samba domain > joins are failing because of the need for allow_weak_crypto to be set before > setting DES tgs enctypes is permitted. Our user reported that panic stopped when he updated MIT Kerberos to 1.8....then, of course, he jumped into problems related to the use of weak encryption (at least this is my understanding of all this...). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From tjaalton at cc.hut.fi Thu Jan 28 01:46:11 2010 From: tjaalton at cc.hut.fi (Timo Aaltonen) Date: Thu, 28 Jan 2010 10:46:11 +0200 (EET) Subject: [Samba] winbind confused about the DC's Message-ID: Hi Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. The log.winbindd-idmap is filled with this: [2010/01/28 10:32:56, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=* [2010/01/28 10:32:56, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: ", *" [2010/01/28 10:32:56, 3] libads/dns.c:343(dns_send_req) ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success) [2010/01/28 10:32:56, 3] libads/dns.c:413(ads_dns_lookup_srv) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) [2010/01/28 10:32:56, 4] libsmb/namequery.c:2004(get_dc_list) get_dc_list: no servers found [2010/01/28 10:32:56, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: ", *" [2010/01/28 10:32:56, 3] libsmb/namequery.c:1225(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name *<0x1c> [2010/01/28 10:32:56, 4] libsmb/namequery.c:839(startlmhosts) startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory [2010/01/28 10:32:56, 3] libsmb/namequery.c:1089(resolve_wins) resolve_wins: Attempting wins lookup for name *<0x1c> [2010/01/28 10:32:56, 3] libsmb/namequery.c:1093(resolve_wins) resolve_wins: WINS server resolution selected and no WINS servers listed. [2010/01/28 10:32:56, 3] libsmb/namequery.c:1016(name_resolve_bcast) name_resolve_bcast: Attempting broadcast lookup for name *<0x1c> [2010/01/28 10:32:57, 4] libsmb/namequery.c:2004(get_dc_list) get_dc_list: no servers found [2010/01/28 10:32:58, 3] libsmb/namequery_dc.c:167(rpc_dc_name) Could not look up dc's for domain * [2010/01/28 10:32:58, 1] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal) ad_idmap_init: failed to connect to AD [2010/01/28 10:32:58, 1] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids) ADS uninitialized: No logon servers The first one is alarming. Why does it try a wildcard? Especially since log.winbindd-dc-connect has this: [2010/01/28 10:41:10, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=AALTO [2010/01/28 10:41:10, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: "DC04.org.aalto.fi, *" [2010/01/28 10:41:10, 4] libsmb/namequery.c:2105(get_dc_list) get_dc_list: returning 4 ip addresses in an ordered list [2010/01/28 10:41:10, 4] libsmb/namequery.c:2106(get_dc_list) get_dc_list: 130.233.251.7:389 130.233.251.6:389 130.233.251.5:389 130.233.251.4:389 [2010/01/28 10:41:10, 3] libads/ldap.c:621(ads_connect) Successfully contacted LDAP server 130.233.251.7 . . . ?? running 3.4.3 on ubuntu devel release. t From danielgore at yaktech.com Thu Jan 28 03:49:19 2010 From: danielgore at yaktech.com (Daniel R. Gore) Date: Thu, 28 Jan 2010 05:49:19 -0500 Subject: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID..... In-Reply-To: <4B61040F.7090003@samba.org> References: <1264645767.12367.41.camel@hawku> <4B61040F.7090003@samba.org> Message-ID: <1264675759.13255.0.camel@hawku> Thanks John, I will give that a try today. Dan On Wed, 2010-01-27 at 21:27 -0600, John H Terpstra wrote: > On 01/27/2010 08:29 PM, Daniel R. Gore wrote: > > Because of the extremely restrictive security environment we work under, > > our Windows Admins have disabled the administrator account on our Domain > > and created a new account with administrator rights. The result is that > > the common RID of 500 which maps to the Linux UID and GID of 500 is no > > longer valid. This means that when the Windows Domain controller, via > > the Domain Administrator (which has another name and RID) tries to make > > an account on the samba share where the profiles are intended for, it > > fails because Samba expects this to come from the well known RID of > > 500. > > > > Is there any way to specify in Samba what RID number to expect and use > > for Domain Administration management? > > > > Thanks. > > > > Dan > > Dan, > > You can assign suitable rights and privileges using the "net" utility as > follows: > > net rpc grant rights "DOMAIN\Group Name" SeMachineAccountPrivilege > SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege > SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege > SeDiskOperatorPrivilege -Uadministrator%password > > When correctly processed for domain group "Whatchamacallit" you will get > something that looks like this: > > net rpc rights list accounts -Uwinadmin%n3v3rgessit > BUILTIN\Print Operators > No privileges assigned > > BUILTIN\Account Operators > No privileges assigned > > BUILTIN\Backup Operators > No privileges assigned > > BUILTIN\Server Operators > No privileges assigned > > BUILTIN\Administrators > SeMachineAccountPrivilege > SeTakeOwnershipPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeRemoteShutdownPrivilege > SePrintOperatorPrivilege > SeAddUsersPrivilege > SeDiskOperatorPrivilege > > Everyone > No privileges assigned > URDOMAIN\Whatchamacallit > SeMachineAccountPrivilege > SeTakeOwnershipPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeRemoteShutdownPrivilege > SePrintOperatorPrivilege > SeAddUsersPrivilege > SeDiskOperatorPrivilege > > > Yell if you need more help. > > Cheers, > John T. > _________________________________ > This email has been ClamScanned ! > www.clamav.net _________________________________ This email has been ClamScanned ! www.clamav.net From Moray.Henderson at ict.om.org Thu Jan 28 05:12:33 2010 From: Moray.Henderson at ict.om.org (Moray Henderson (ICT)) Date: Thu, 28 Jan 2010 12:12:33 +0000 Subject: [Samba] Samba access Windows Vista and Seven In-Reply-To: <604595c11001261322v60480a9dm6bc7cbe4553b761f@mail.gmail.com> References: <604595c11001261322v60480a9dm6bc7cbe4553b761f@mail.gmail.com> Message-ID: <000f01caa013$2e82fe80$8b88fb80$@Henderson@ict.om.org> >From: Claudio Guzman [mailto:cguzmana at gmail.com] >need to update some settings or install any special protocol? > >best regards http://wiki.samba.org/index.php/Windows7 From dale at BriannasSaladDressing.com Thu Jan 28 06:43:25 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Thu, 28 Jan 2010 07:43:25 -0600 Subject: [Samba] Samba 3.4 Panic in Debian In-Reply-To: <20100128064059.GE4604@mykerinos.kheops.frmug.org> References: <20100126014514.GF8066@samba1> <20100126064431.GF15807@cc-mykerinos.onera> <4B5F0280.4070102@BriannasSaladDressing.com> <20100126211842.GA6643@dario.dodds.net> <20100126222236.GA9310@dario.dodds.net> <20100127120546.GC26727@dario.dodds.net> <20100127204511.GA8779@dario.dodds.net> <20100128064059.GE4604@mykerinos.kheops.frmug.org> Message-ID: <4B61947D.9070809@BriannasSaladDressing.com> On 01/28/2010 12:41 AM, Christian PERRIER wrote: > Quoting Steve Langasek (vorlon at debian.org): > > >>> Referring to the SUBJECT: Where is this leading to a panic >>> in Samba 3.4, I got lost in the meantime. >>> >> I'm afraid I don't know. I was cc:ed on this somewhat mid-thread, and >> haven't seen any panics; what I know about is http://bugs.debian.org/566977, >> which reports that after upgrade to MIT Kerberos 1.8alpha1, samba domain >> joins are failing because of the need for allow_weak_crypto to be set before >> setting DES tgs enctypes is permitted. >> > Our user reported that panic stopped when he updated MIT Kerberos to > 1.8....then, of course, he jumped into problems related to the use of > weak encryption (at least this is my understanding of all this...). > That is exactly what happened, and I didn't notice any improvement with the alpha5 version of libkrb5-3 over alpha4, the originator of my current problem. In my testing of Samba unstable (3.4.5), the error continues. I intend to retry today with a fresh install of a recent daily build, but after reading the contents of the bug Steve mentioned ( http://bugs.debian.org/566977 ), I doubt that the redo will be successful. For it to be more accurate, I did change the named of the subject yesterday to: "winbind failure with libkrb5-3 1.8 in Debian *Renamed*". Thanks, Dale From tjaalton at cc.hut.fi Thu Jan 28 07:12:12 2010 From: tjaalton at cc.hut.fi (Timo Aaltonen) Date: Thu, 28 Jan 2010 16:12:12 +0200 (EET) Subject: [Samba] winbind confused about the DC's In-Reply-To: <1890_1264668465_ZZ0KWY007S38FDZM.00_alpine.DEB.2.00.1001281026360.9022@kosh.hut.fi> References: <1890_1264668465_ZZ0KWY007S38FDZM.00_alpine.DEB.2.00.1001281026360.9022@kosh.hut.fi> Message-ID: On Thu, 28 Jan 2010, Timo Aaltonen wrote: > > Hi > > Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. The > log.winbindd-idmap is filled with this: More verbose part of the log where it goes wrong: [2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:479(set_domain_online_request) set_domain_online_request: called for domain AALTO [2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:508(set_domain_online_request) set_domain_online_request: domain AALTO was globally offline. [2010/01/28 13:29:52, 10] lib/events.c:287(s3_event_debug) s3_event: Added timed event "check_domain_online_handler": 0x25635b0 [2010/01/28 13:29:52, 10] lib/events.c:148(get_timed_events_timeout) timed_events_timeout: 4/999954 [2010/01/28 13:29:52, 4] winbindd/winbindd_dual.c:1452(fork_domain_child) child daemon request 51 [2010/01/28 13:29:52, 10] winbindd/winbindd_dual.c:452(child_process_request) child_process_request: request fn DUAL_SID2UID [2010/01/28 13:29:52, 3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid) [26144]: sid to uid S-1-5-21-2413826791-1553473826-2432194272-1265 [2010/01/28 13:29:52, 10] winbindd/idmap_util.c:157(idmap_sid_to_uid) idmap_sid_to_uid: sid = [S-1-5-21-2413826791-1553473826-2432194272-1265], domain = '' [2010/01/28 13:29:52, 10] winbindd/idmap.c:765(idmap_backends_sid_to_unixid) idmap_backends_sid_to_unixid: domain = '', sid = [S-1-5-21-2413826791-1553473826-2432194272-1265] [2010/01/28 13:29:52, 10] winbindd/idmap.c:465(idmap_find_domain) idmap_find_domain called for domain '' I've tried to debug it by setting the breakpoint at winbindd_dual_sid2uid, but couldn't make anything of the backtrace. Suggestions? -- Timo Aaltonen Systems Specialist IT Services, Aalto University School of Science and Technology From joe at pyx.ch Thu Jan 28 08:06:43 2010 From: joe at pyx.ch (Joe Ammann) Date: Thu, 28 Jan 2010 16:06:43 +0100 Subject: [Samba] SOLVED: readline/termcap problems compiling Samba 3.5.0rc1 on CentOS 5.4 64-bit In-Reply-To: <201001220121.46172.joe@pyx.ch> References: <201001220121.46172.joe@pyx.ch> Message-ID: <201001281606.43307.joe@pyx.ch> Hi On Friday 22 January 2010 01:21:46 Joe Ammann wrote: > When I try to compile 3.5.0rc1 on CentOS 5.4, I get the seemingly well > know problem below > > Linking bin/smbclient > /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: > undefined reference to `tgetnum' I was finally able to solve my problem. The reason was the combination of 2 facts: - CentOS readline library does not declate dependency on curses/termcap - Samba compile uses the -Wl,--ad-needed link flag Then, although libtermcap is mentioned as library to link (-ltermcap), gcc does not include it - because no directly used library declares any dependency on it. I fixed my problem by using LDFLAGS="-Wl,--no-as-needed" ./configure...... to compile. -- CU, Joe From drescherjm at gmail.com Thu Jan 28 08:27:07 2010 From: drescherjm at gmail.com (John Drescher) Date: Thu, 28 Jan 2010 10:27:07 -0500 Subject: [Samba] SOLVED: readline/termcap problems compiling Samba 3.5.0rc1 on CentOS 5.4 64-bit In-Reply-To: <201001281606.43307.joe@pyx.ch> References: <201001220121.46172.joe@pyx.ch> <201001281606.43307.joe@pyx.ch> Message-ID: <387ee2021001280727k75f1a86di950405cc5e56752a@mail.gmail.com> On Thu, Jan 28, 2010 at 10:06 AM, Joe Ammann wrote: > Hi > > On Friday 22 January 2010 01:21:46 Joe Ammann wrote: >> When I try to compile ?3.5.0rc1 on CentOS 5.4, I get the seemingly well >> know problem below >> >> Linking bin/smbclient >> /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libreadline.so: >> undefined reference to `tgetnum' > > I was finally able to solve my problem. The reason was the combination of 2 > facts: > > - CentOS readline library does not declate dependency on curses/termcap > - Samba compile uses the -Wl,--ad-needed link flag > BTW, rc2 is now out. John From Joel_Therrien at uml.edu Thu Jan 28 08:14:09 2010 From: Joel_Therrien at uml.edu (Joel Therrien) Date: Thu, 28 Jan 2010 10:14:09 -0500 Subject: [Samba] Trouble getting past net join ads... Message-ID: <4B61A9C1.7070904@uml.edu> I am in the process of getting samba working again with Activer Directory. Recently our IT department upgraded their windows server to 2008. I am following the approach described here: http://www.surlyjake.com/linux/samba/join-debian-lenny-to-active-directory-using-samba/ I am able to get kerberos to issue a ticket, but where I am running into a wall is with the net join ads part... It appears to work in that setting the correct dn and using the username given to me by Jim for binding to the windows server passes back a message that looks OK: > nanoelecfs:/home/joel# net ads dn 'DC=fs,DC=uml,DC=edu' join -U XXXXX > Enter XXXXX's password: > Got 1 replies But if I try to test this by issuing the net ads testjoin command, I am always asked this (highlighted in red): > nanoelecfs:/home/joel# net ads testjoin > Enter NANOELECFS$@FS.UML.EDU's password: > [2010/01/25 22:36:17, 0] libads/kerberos.c:ads_kinit_password(356) > kerberos_kinit_password NANOELECFS$@FS.UML.EDU failed: > Preauthentication failed > Join to domain is not valid: Logon failure There is no such account, as kerberos is happy to indicate. This is odd because I do not recall getting this before the upgrade to 2008. NANOELECFS is the name of the linux box. Trying wbinfo -t gives the following: > nanoelecfs:/home/joel# wbinfo -t > checking the trust secret via RPC calls failed > Could not check secret I am running a Debian Lenny system with kernel version 2.6.26-2-amd64 I am running samba version 2:3.2.5 Thanks in advance! Joel Therrien My config files are below: smb.conf [global] workgroup = ad realm = FS.UML.EDU preferred master = no server string = %h server dns proxy = no #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ####### Authentication ####### security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes guest account = nobody map to guest = bad user ########## Printing ########## load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes ############ Misc ############ idmap backend = hash winbind nss info = hash winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /ls/users/%U template shell = /bin/bash winbind refresh tickets = yes # kerberos method = system keytab winbind offline logon = yes # get quota command = /root/sambaquota.sh krb5.conf [libdefaults] default_realm = FS.UML.EDU # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] FS.UML.EDU = { kdc = FSDC1.FS.UML.EDU kdc = FSDC2.FS.UML.EDU admin_server = FSDC1.FS.UML.EDU } STUDENT.UML.EDU = { kdc = STDC1.STUDENT.UML.EDU kdc = STDC2.STUDENT.UML.EDU } [domain_realm] .umlfs01.fs.uml.edu = FS.UML.EDU umlfs01.fs.uml.edu = FS.UML.EDU [login] krb4_convert = true krb4_get_tickets = false -- Asst. Prof. Joel M. Therrien Ph: 978-934-3324 Fax: 978-934-3027 Joel_Therrien at uml.edu Dept. of Electrical& Computer Engineering U. Massachusetts-Lowell 1 University Ave Lowell, MA 01854 From tjaalton at cc.hut.fi Thu Jan 28 08:02:37 2010 From: tjaalton at cc.hut.fi (Timo Aaltonen) Date: Thu, 28 Jan 2010 17:02:37 +0200 (EET) Subject: [Samba] winbind confused about the DC's In-Reply-To: <1890_1264688147_ZZ0KWY00C62NLF78.00_alpine.DEB.2.00.1001281605340.9022@kosh.hut.fi> References: <1890_1264668465_ZZ0KWY007S38FDZM.00_alpine.DEB.2.00.1001281026360.9022@kosh.hut.fi> <1890_1264688147_ZZ0KWY00C62NLF78.00_alpine.DEB.2.00.1001281605340.9022@kosh.hut.fi> Message-ID: On Thu, 28 Jan 2010, Timo Aaltonen wrote: > On Thu, 28 Jan 2010, Timo Aaltonen wrote: > >> >> Hi >> >> Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. >> The log.winbindd-idmap is filled with this: > > More verbose part of the log where it goes wrong: Bollocks. I had to change the config, this works: [global] workgroup = AALTO realm = ORG.AALTO.FI security = ADS kerberos method = system keytab idmap config AALTO : backend = ad idmap config AALTO : readonly = yes idmap config AALTO : schema_mode = rfc2307 idmap config AALTO : range = 1000-4000000000 idmap uid = 1000-4000000000 idmap gid = 1000-4000000000 winbind nss info = rfc2307 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true A summary of the changes: - idmap backend = ad -> idmap config AALTO : backend = ad - add range & idmap uid/gid (- added winbind offline/cache/refresh, but they are irrelevant here) Without setting the range the uid would be mapped to the default value (which I asked about last fall). -- Timo Aaltonen Systems Specialist IT Services, Aalto University School of Science and Technology From dale at BriannasSaladDressing.com Thu Jan 28 09:06:36 2010 From: dale at BriannasSaladDressing.com (Dale Schroeder) Date: Thu, 28 Jan 2010 10:06:36 -0600 Subject: [Samba] Trouble getting past net join ads... In-Reply-To: <4B61A9C1.7070904@uml.edu> References: <4B61A9C1.7070904@uml.edu> Message-ID: <4B61B60C.7040606@BriannasSaladDressing.com> Joel, When I've received this error, I've been able to resolve by telling it the name of the DC. net ads join -S pdc -U admin_user See if it works for you. Dale On 01/28/2010 9:14 AM, Joel Therrien wrote: > I am in the process of getting samba working again with Activer > Directory. Recently our IT department > upgraded their windows server to 2008. > > I am following the approach described here: > http://www.surlyjake.com/linux/samba/join-debian-lenny-to-active-directory-using-samba/ > > > I am able to get kerberos to issue a ticket, but where I am > running into a wall is with the net join ads part... It appears to > work in that > setting the correct dn and using the username given to me by Jim for > binding to the windows server passes back a message that looks OK: > >> nanoelecfs:/home/joel# net ads dn 'DC=fs,DC=uml,DC=edu' join -U XXXXX >> Enter XXXXX's password: >> Got 1 replies > > But if I try to test this by issuing the net ads testjoin command, I > am always asked this (highlighted in red): > >> nanoelecfs:/home/joel# net ads testjoin >> Enter NANOELECFS$@FS.UML.EDU's password: >> [2010/01/25 22:36:17, 0] libads/kerberos.c:ads_kinit_password(356) >> kerberos_kinit_password NANOELECFS$@FS.UML.EDU failed: >> Preauthentication failed >> Join to domain is not valid: Logon failure > > There is no such account, as kerberos is happy to indicate. This is > odd because I do not recall getting this > before the upgrade to 2008. NANOELECFS is the name of the linux box. > > Trying wbinfo -t gives the following: > >> nanoelecfs:/home/joel# wbinfo -t >> checking the trust secret via RPC calls failed >> Could not check secret > > > I am running a Debian Lenny system with kernel version 2.6.26-2-amd64 > > I am running samba version 2:3.2.5 > > Thanks in advance! > > Joel Therrien > > My config files are below: > > smb.conf > [global] > workgroup = ad > realm = FS.UML.EDU > preferred master = no > server string = %h server > dns proxy = no > > #### Debugging/Accounting #### > > log file = /var/log/samba/log.%m > max log size = 1000 > syslog = 0 > panic action = /usr/share/samba/panic-action %d > > ####### Authentication ####### > > security = ADS > encrypt passwords = true > passdb backend = tdbsam > obey pam restrictions = yes > invalid users = root > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > pam password change = yes > guest account = nobody > map to guest = bad user > > ########## Printing ########## > > load printers = no > printing = bsd > printcap name = /dev/null > show add printer wizard = no > disable spoolss = yes > > ############ Misc ############ > > idmap backend = hash > winbind nss info = hash > winbind use default domain = yes > winbind separator = + > winbind enum groups = no > winbind enum users = no > winbind nested groups = yes > template homedir = /ls/users/%U > template shell = /bin/bash > winbind refresh tickets = yes > # kerberos method = system keytab > winbind offline logon = yes > # get quota command = /root/sambaquota.sh > > krb5.conf > > [libdefaults] > default_realm = FS.UML.EDU > > # The following krb5.conf variables are only for MIT Kerberos. > krb4_config = /etc/krb.conf > krb4_realms = /etc/krb.realms > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > > # The following encryption type specification will be used by MIT > Kerberos > # if uncommented. In general, the defaults in the MIT Kerberos code are > # correct and overriding these specifications only serves to disable new > # encryption types as they are added, creating interoperability problems. > # > # Thie only time when you might need to uncomment these lines and change > # the enctypes is if you have local software that will break on ticket > # caches containing ticket encryption types it doesn't know about > (such as > # old versions of Sun Java). > > # default_tgs_enctypes = des3-hmac-sha1 > # default_tkt_enctypes = des3-hmac-sha1 > # permitted_enctypes = des3-hmac-sha1 > > # The following libdefaults parameters are only for Heimdal Kerberos. > v4_instance_resolve = false > v4_name_convert = { > host = { > rcmd = host > ftp = ftp > } > plain = { > something = something-else > } > } > fcc-mit-ticketflags = true > > [realms] > FS.UML.EDU = { > kdc = FSDC1.FS.UML.EDU > kdc = FSDC2.FS.UML.EDU > admin_server = FSDC1.FS.UML.EDU > } > STUDENT.UML.EDU = { > kdc = STDC1.STUDENT.UML.EDU > kdc = STDC2.STUDENT.UML.EDU > } > > > [domain_realm] > .umlfs01.fs.uml.edu = FS.UML.EDU > umlfs01.fs.uml.edu = FS.UML.EDU > > [login] > krb4_convert = true > krb4_get_tickets = false > From cj.keist at colostate.edu Thu Jan 28 09:39:43 2010 From: cj.keist at colostate.edu (CJ Keist) Date: Thu, 28 Jan 2010 09:39:43 -0700 Subject: [Samba] vfs objects - zfsacl Message-ID: <4B61BDCF.70702@colostate.edu> Looking to see if any one else is having this issue. Running 3.4.5 on solaris 10 with ZFS file system. When I add the vfs objects = zfsacl, Windows clients seem to fine but all my Mac OS X clients can no longer access folders on the share. They can mount the share fine but permissions are not being followed for Mac clients. "The folder "Name" could not be opened because you do not have sufficient access privileges". Without the zfsacl Mac clients are fine. smb.conf: [global] workgroup = ENGR_DOM server string = Samba Server security = DOMAIN lanman auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 2 log file = /XKA2/var/log/samba/logs/log.%m deadtime = 10 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No domain master = No dns proxy = No kernel oplocks = No lock directory = /XKA2/var/samba/locks pid directory = /XKA2/var/samba/locks homedir map = usershare path = /XKA2/var/samba/locks/usershares host msdfs = No oplocks = No strict locking = No dos filetimes = No [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:acedup = merge nfs4:chown = yes nfs4:mode = special -- C. J. Keist Email: cj.keist at colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' From Joel_Therrien at uml.edu Thu Jan 28 12:07:08 2010 From: Joel_Therrien at uml.edu (Joel Therrien) Date: Thu, 28 Jan 2010 14:07:08 -0500 Subject: [Samba] Trouble getting past net join ads... In-Reply-To: <4B61B60C.7040606@BriannasSaladDressing.com> References: <4B61A9C1.7070904@uml.edu> <4B61B60C.7040606@BriannasSaladDressing.com> Message-ID: <4B61E05C.8080804@uml.edu> Thanks. Unfortunately that did not appear to do anything. What is even stranger is I tried running net ads info and it returned information on the LDAP server name, the correct IP address, realm, and bindpath. To my uninformed eye, this looks like it is connected to the windows server in some manner. Yet wbinfo -t still cannot check the trust secret. One thing I also don't get is why the net ads testjoin command insists on asking for a password for an account that does not exist. Even specifying a username with the -U command does not work, it is just ignored. Joel On 1/28/2010 11:06 AM, Dale Schroeder wrote: > Joel, > > When I've received this error, I've been able to resolve by telling it > the name of the DC. > net ads join -S pdc -U admin_user > > See if it works for you. > > Dale > > > On 01/28/2010 9:14 AM, Joel Therrien wrote: >> I am in the process of getting samba working again with Activer >> Directory. Recently our IT department >> upgraded their windows server to 2008. >> >> I am following the approach described here: >> http://www.surlyjake.com/linux/samba/join-debian-lenny-to-active-directory-using-samba/ >> >> >> I am able to get kerberos to issue a ticket, but where I am >> running into a wall is with the net join ads part... It appears to >> work in that >> setting the correct dn and using the username given to me by Jim for >> binding to the windows server passes back a message that looks OK: >> >>> nanoelecfs:/home/joel# net ads dn 'DC=fs,DC=uml,DC=edu' join -U XXXXX >>> Enter XXXXX's password: >>> Got 1 replies >> >> But if I try to test this by issuing the net ads testjoin command, I >> am always asked this (highlighted in red): >> >>> nanoelecfs:/home/joel# net ads testjoin >>> Enter NANOELECFS$@FS.UML.EDU's password: >>> [2010/01/25 22:36:17, 0] libads/kerberos.c:ads_kinit_password(356) >>> kerberos_kinit_password NANOELECFS$@FS.UML.EDU failed: >>> Preauthentication failed >>> Join to domain is not valid: Logon failure >> >> There is no such account, as kerberos is happy to indicate. This is >> odd because I do not recall getting this >> before the upgrade to 2008. NANOELECFS is the name of the linux box. >> >> Trying wbinfo -t gives the following: >> >>> nanoelecfs:/home/joel# wbinfo -t >>> checking the trust secret via RPC calls failed >>> Could not check secret >> >> >> I am running a Debian Lenny system with kernel version 2.6.26-2-amd64 >> >> I am running samba version 2:3.2.5 >> >> Thanks in advance! >> >> Joel Therrien >> >> My config files are below: >> >> smb.conf >> [global] >> workgroup = ad >> realm = FS.UML.EDU >> preferred master = no >> server string = %h server >> dns proxy = no >> >> #### Debugging/Accounting #### >> >> log file = /var/log/samba/log.%m >> max log size = 1000 >> syslog = 0 >> panic action = /usr/share/samba/panic-action %d >> >> ####### Authentication ####### >> >> security = ADS >> encrypt passwords = true >> passdb backend = tdbsam >> obey pam restrictions = yes >> invalid users = root >> unix password sync = yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> pam password change = yes >> guest account = nobody >> map to guest = bad user >> >> ########## Printing ########## >> >> load printers = no >> printing = bsd >> printcap name = /dev/null >> show add printer wizard = no >> disable spoolss = yes >> >> ############ Misc ############ >> >> idmap backend = hash >> winbind nss info = hash >> winbind use default domain = yes >> winbind separator = + >> winbind enum groups = no >> winbind enum users = no >> winbind nested groups = yes >> template homedir = /ls/users/%U >> template shell = /bin/bash >> winbind refresh tickets = yes >> # kerberos method = system keytab >> winbind offline logon = yes >> # get quota command = /root/sambaquota.sh >> >> krb5.conf >> >> [libdefaults] >> default_realm = FS.UML.EDU >> >> # The following krb5.conf variables are only for MIT Kerberos. >> krb4_config = /etc/krb.conf >> krb4_realms = /etc/krb.realms >> kdc_timesync = 1 >> ccache_type = 4 >> forwardable = true >> proxiable = true >> >> # The following encryption type specification will be used by MIT >> Kerberos >> # if uncommented. In general, the defaults in the MIT Kerberos code are >> # correct and overriding these specifications only serves to disable new >> # encryption types as they are added, creating interoperability >> problems. >> # >> # Thie only time when you might need to uncomment these lines and change >> # the enctypes is if you have local software that will break on ticket >> # caches containing ticket encryption types it doesn't know about >> (such as >> # old versions of Sun Java). >> >> # default_tgs_enctypes = des3-hmac-sha1 >> # default_tkt_enctypes = des3-hmac-sha1 >> # permitted_enctypes = des3-hmac-sha1 >> >> # The following libdefaults parameters are only for Heimdal Kerberos. >> v4_instance_resolve = false >> v4_name_convert = { >> host = { >> rcmd = host >> ftp = ftp >> } >> plain = { >> something = something-else >> } >> } >> fcc-mit-ticketflags = true >> >> [realms] >> FS.UML.EDU = { >> kdc = FSDC1.FS.UML.EDU >> kdc = FSDC2.FS.UML.EDU >> admin_server = FSDC1.FS.UML.EDU >> } >> STUDENT.UML.EDU = { >> kdc = STDC1.STUDENT.UML.EDU >> kdc = STDC2.STUDENT.UML.EDU >> } >> >> >> [domain_realm] >> .umlfs01.fs.uml.edu = FS.UML.EDU >> umlfs01.fs.uml.edu = FS.UML.EDU >> >> [login] >> krb4_convert = true >> krb4_get_tickets = false >> -- Asst. Prof. Joel M. Therrien Ph: 978-934-3324 Fax: 978-934-3027 Joel_Therrien at uml.edu Dept. of Electrical& Computer Engineering U. Massachusetts-Lowell 1 University Ave Lowell, MA 01854 From esiotrot at gmail.com Thu Jan 28 13:02:29 2010 From: esiotrot at gmail.com (Michael Wood) Date: Thu, 28 Jan 2010 22:02:29 +0200 Subject: [Samba] Trouble getting past net join ads... In-Reply-To: <4B61E05C.8080804@uml.edu> References: <4B61A9C1.7070904@uml.edu> <4B61B60C.7040606@BriannasSaladDressing.com> <4B61E05C.8080804@uml.edu> Message-ID: <5a8aa6681001281202g4902dc07t6a1f466ebe0dd555@mail.gmail.com> On 28 January 2010 21:07, Joel Therrien wrote: > Thanks. Unfortunately that did not appear to do anything. > > What is even stranger is I tried running net ads info and it returned > information on the LDAP server name, the correct IP address, > realm, and bindpath. To my uninformed eye, this looks like it is > connected to the windows server in some manner. Yet wbinfo -t > still cannot check the trust secret. > > One thing I also don't get is why the net ads testjoin command insists > on asking for a password for an account that does not exist. Even specifying > a username with the -U command does not work, it is just ignored. Here's something to try while waiting for a reply from someone who knows more about this stuff: The NANOELECFS$ account is a machine account. As far as I understand it, this account is supposed to be created automatically when you join the machine to the domain. The password is randomly generated and the client is supposed to change it periodically (every month?) automatically. I've heard some people on this list say they had to manually create the machine account first in order to be able to join the domain, so perhaps you should try that. i.e. just create an account (the same way you create a user account) with NANOELECFS$ as the username. Why this might be necessary, I wouldn't know. Another thing is that things might work better with a later version of Samba. e.g. 3.3.10 or 3.4.5. > Joel > > On 1/28/2010 11:06 AM, Dale Schroeder wrote: >> >> Joel, >> >> When I've received this error, I've been able to resolve by telling it the >> name of the DC. >> net ads join -S pdc -U admin_user >> >> See if it works for you. >> >> Dale >> >> >> On 01/28/2010 9:14 AM, Joel Therrien wrote: >>> >>> ? ?I am in the process of getting samba working again with Activer >>> Directory. Recently our IT department >>> upgraded their windows server to 2008. >>> >>> ? ?I am following the approach described here: >>> http://www.surlyjake.com/linux/samba/join-debian-lenny-to-active-directory-using-samba/ >>> >>> ? ?I am able to get kerberos to issue a ticket, but where I am running >>> into a wall is with the net join ads part... It appears to work in that >>> setting the correct dn and using the username given to me by Jim for >>> binding to the windows server passes back a message that looks OK: >>> >>>> nanoelecfs:/home/joel# net ads dn 'DC=fs,DC=uml,DC=edu' join -U XXXXX >>>> Enter XXXXX's password: >>>> Got 1 replies >>> >>> But if I try to test this by issuing the net ads testjoin command, I am >>> always asked this (highlighted in red): >>> >>>> nanoelecfs:/home/joel# net ads testjoin >>>> Enter NANOELECFS$@FS.UML.EDU's password: >>>> [2010/01/25 22:36:17, ?0] libads/kerberos.c:ads_kinit_password(356) >>>> ?kerberos_kinit_password NANOELECFS$@FS.UML.EDU failed: >>>> Preauthentication failed >>>> Join to domain is not valid: Logon failure >>> >>> There is no such account, as kerberos is happy to indicate. This is odd >>> because I do not recall getting this >>> before the upgrade to 2008. NANOELECFS is the name of the linux box. >>> >>> ? ?Trying wbinfo -t gives the following: >>> >>>> nanoelecfs:/home/joel# wbinfo -t >>>> checking the trust secret via RPC calls failed >>>> Could not check secret >>> >>> >>> I am running a Debian Lenny system with kernel version 2.6.26-2-amd64 >>> >>> I am running samba version 2:3.2.5 >>> >>> Thanks in advance! -- Michael Wood From centoslist at gmail.com Thu Jan 28 13:57:25 2010 From: centoslist at gmail.com (CList) Date: Fri, 29 Jan 2010 04:57:25 +0800 Subject: [Samba] layout of folders Message-ID: <002901caa05c$80da0e50$828e2af0$@com> Dear all, I hope my question was not asked before and I do not want to be repeating the same question by other users. As I do not know what is the correct term use to my question, thus I am unable to do google. I had created 5 users and created their folders in /home/staff/user1, /home/staff/user2, /home/staff/user3 so on, and added path and security to these individual users in smb.conf. Whenever I login to the samba using any of these users, I found out that all the folders will be shown. Is there a way to put all the users into a main folder called Staffs. So when I login, I will only see the main folder Staffs. After clicking into the Staffs folder, then I will be able to see all the users folder? Please pardon my English and I hope that good people like you will understand what I am trying to express myself. Thank you From jason.gerfen at scl.utah.edu Thu Jan 28 13:08:55 2010 From: jason.gerfen at scl.utah.edu (Jason Gerfen) Date: Thu, 28 Jan 2010 13:08:55 -0700 Subject: [Samba] Trouble getting past net join ads... In-Reply-To: <5a8aa6681001281202g4902dc07t6a1f466ebe0dd555@mail.gmail.com> References: <4B61A9C1.7070904@uml.edu> <4B61B60C.7040606@BriannasSaladDressing.com> <4B61E05C.8080804@uml.edu> <5a8aa6681001281202g4902dc07t6a1f466ebe0dd555@mail.gmail.com> Message-ID: <4B61EED7.2070403@scl.utah.edu> Have you tried the following? %> kinit -u DOMAIN\Admistrator Enter Password: xxxxxx %>net ads dn 'DC=fs,DC=uml,DC=edu' join -U XXXXX I think the users you attempting to join the domain with needs a valid Kerberos TGT first Michael Wood wrote: > On 28 January 2010 21:07, Joel Therrien wrote: > >> Thanks. Unfortunately that did not appear to do anything. >> >> What is even stranger is I tried running net ads info and it returned >> information on the LDAP server name, the correct IP address, >> realm, and bindpath. To my uninformed eye, this looks like it is >> connected to the windows server in some manner. Yet wbinfo -t >> still cannot check the trust secret. >> >> One thing I also don't get is why the net ads testjoin command insists >> on asking for a password for an account that does not exist. Even specifying >> a username with the -U command does not work, it is just ignored. >> > > Here's something to try while waiting for a reply from someone who > knows more about this stuff: > > The NANOELECFS$ account is a machine account. As far as I understand > it, this account is supposed to be created automatically when you join > the machine to the domain. The password is randomly generated and the > client is supposed to change it periodically (every month?) > automatically. > > I've heard some people on this list say they had to manually create > the machine account first in order to be able to join the domain, so > perhaps you should try that. i.e. just create an account (the same > way you create a user account) with NANOELECFS$ as the username. Why > this might be necessary, I wouldn't know. > > Another thing is that things might work better with a later version of > Samba. e.g. 3.3.10 or 3.4.5. > > >> Joel >> >> On 1/28/2010 11:06 AM, Dale Schroeder wrote: >> >>> Joel, >>> >>> When I've received this error, I've been able to resolve by telling it the >>> name of the DC. >>> net ads join -S pdc -U admin_user >>> >>> See if it works for you. >>> >>> Dale >>> >>> >>> On 01/28/2010 9:14 AM, Joel Therrien wrote: >>> >>>> I am in the process of getting samba working again with Activer >>>> Directory. Recently our IT department >>>> upgraded their windows server to 2008. >>>> >>>> I am following the approach described here: >>>> http://www.surlyjake.com/linux/samba/join-debian-lenny-to-active-directory-using-samba/ >>>> >>>> I am able to get kerberos to issue a ticket, but where I am running >>>> into a wall is with the net join ads part... It appears to work in that >>>> setting the correct dn and using the username given to me by Jim for >>>> binding to the windows server passes back a message that looks OK: >>>> >>>> >>>>> nanoelecfs:/home/joel# net ads dn 'DC=fs,DC=uml,DC=edu' join -U XXXXX >>>>> Enter XXXXX's password: >>>>> Got 1 replies >>>>> >>>> But if I try to test this by issuing the net ads testjoin command, I am >>>> always asked this (highlighted in red): >>>> >>>> >>>>> nanoelecfs:/home/joel# net ads testjoin >>>>> Enter NANOELECFS$@FS.UML.EDU's password: >>>>> [2010/01/25 22:36:17, 0] libads/kerberos.c:ads_kinit_password(356) >>>>> kerberos_kinit_password NANOELECFS$@FS.UML.EDU failed: >>>>> Preauthentication failed >>>>> Join to domain is not valid: Logon failure >>>>> >>>> There is no such account, as kerberos is happy to indicate. This is odd >>>> because I do not recall getting this >>>> before the upgrade to 2008. NANOELECFS is the name of the linux box. >>>> >>>> Trying wbinfo -t gives the following: >>>> >>>> >>>>> nanoelecfs:/home/joel# wbinfo -t >>>>> checking the trust secret via RPC calls failed >>>>> Could not check secret >>>>> >>>> I am running a Debian Lenny system with kernel version 2.6.26-2-amd64 >>>> >>>> I am running samba version 2:3.2.5 >>>> >>>> Thanks in advance! >>>> > > -- Jason Gerfen Systems Administration/Web application development jason.gerfen at scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 From jra at samba.org Thu Jan 28 17:19:32 2010 From: jra at samba.org (Jeremy Allison) Date: Thu, 28 Jan 2010 16:19:32 -0800 Subject: [Samba] samba veto files: underscore In-Reply-To: <10D6EADA-4898-4000-88AD-C98AD68B4586@joutubes.nl> References: <10D6EADA-4898-4000-88AD-C98AD68B4586@joutubes.nl> Message-ID: <20100129001932.GA7871@samba1> On Tue, Jan 26, 2010 at 05:41:27PM +0100, Evas Hofmans wrote: > Hello all, > > I'm trying to hide files beginning with a underscore ( "_" ) and hidden files from my samba share's so i added this to my smb.conf: > > veto files = /_*/.*/ > > The section with the dot works, but the one with the underscore doesn't. I also tried /\_*/.*/ but this has the same result. > > Any ideas how to hide the files beginning with a underscore? This should work. If not, please log a bug at bugzilla.samba.org so we can track it. Thanks ! Jeremy. From Daniel.Ng at ktd-kyocera.com Thu Jan 28 19:15:28 2010 From: Daniel.Ng at ktd-kyocera.com (Daniel Ng) Date: Thu, 28 Jan 2010 18:15:28 -0800 Subject: [Samba] SMB2 testing on SAMBA 3.5.0 rc2 Message-ID: <9A6213D6CEDE5147A5FA6559410C363D04F9724F@Mail1.ktd.com> I am trying to setup a SAMBA server using 3.5.0rc2 to test SMB2. Without using SMB2, my windows 7 was able to browse the public share listed on the server anonymously. However, when SMB2 is enabled, a network error message is always popped up when I try to browse the samba server from Win 7. I have looked at the trace. It seemed to me that Win 7 had troubles accessing wkssvc, srvsvc, etc. Win 7 sent a create request for wksvc and then a close request immediately even a positive create response was returned. Is there anyone successfully using the SMB2 protocol? It only works if I types the whole share path. For example: \\my-samba-smb2server <- NOT WORK \\my-samba-smb2server\share <- WORK I also want to setup a shared printer using SMB2. However, it never worked. Anyone can help? Thanks From jra at samba.org Thu Jan 28 22:42:36 2010 From: jra at samba.org (Jeremy Allison) Date: Thu, 28 Jan 2010 21:42:36 -0800 Subject: [Samba] SMB2 testing on SAMBA 3.5.0 rc2 In-Reply-To: <9A6213D6CEDE5147A5FA6559410C363D04F9724F@Mail1.ktd.com> References: <9A6213D6CEDE5147A5FA6559410C363D04F9724F@Mail1.ktd.com> Message-ID: <20100129054236.GA9397@jeremy-desktop> On Thu, Jan 28, 2010 at 06:15:28PM -0800, Daniel Ng wrote: > I am trying to setup a SAMBA server using 3.5.0rc2 to test SMB2. > Without using SMB2, my windows 7 was able to browse the public share > listed on the server anonymously. However, when SMB2 is enabled, a > network error message is always popped up when I try to browse the samba > server from Win 7. > > > > I have looked at the trace. It seemed to me that Win 7 had troubles > accessing wkssvc, srvsvc, etc. Win 7 sent a create request for wksvc > and then a close request immediately even a positive create response was > returned. Is there anyone successfully using the SMB2 protocol? It > only works if I types the whole share path. For example: > > > > \\my-samba-smb2server <- NOT WORK > > > > \\my-samba-smb2server\share <- > WORK > > > > > > I also want to setup a shared printer using SMB2. However, it never > worked. Anyone can help? Log a bug in bugzilla.samba.org and we'll track it there. Thanks ! Jeremy. From Volker.Lendecke at SerNet.DE Fri Jan 29 01:03:44 2010 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Fri, 29 Jan 2010 09:03:44 +0100 Subject: [Samba] SMB2 testing on SAMBA 3.5.0 rc2 In-Reply-To: <9A6213D6CEDE5147A5FA6559410C363D04F9724F@Mail1.ktd.com> References: <9A6213D6CEDE5147A5FA6559410C363D04F9724F@Mail1.ktd.com> Message-ID: On Thu, Jan 28, 2010 at 06:15:28PM -0800, Daniel Ng wrote: > I have looked at the trace. It seemed to me that Win 7 had troubles > accessing wkssvc, srvsvc, etc. Win 7 sent a create request for wksvc > and then a close request immediately even a positive create response was > returned. Is there anyone successfully using the SMB2 protocol? It > only works if I types the whole share path. For example: When you file a bug report, please upload sniffs to it, one with the failure and one with success against a Windows server, if you have one. Thanks, Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From david.harrison at stress-free.co.nz Fri Jan 29 02:43:42 2010 From: david.harrison at stress-free.co.nz (David Harrison) Date: Fri, 29 Jan 2010 22:43:42 +1300 Subject: [Samba] Error when trying to print with point and print installed drivers Message-ID: <837136411001290143k196ad115j8d28f4463dada2e1@mail.gmail.com> I have an Ubuntu Sever 9.10 setup running Samba as a PDC for a bunch of Windows clients. Everything is functioning perfectly except for the point and print delivery of printer drivers. I have tested this with Ubuntu 9.10's Samba (3.4.0) and two of the Debian Samba packages (3.4.3 and 3.4.5). All seem to demonstrate the same problem. *What works:* Adding a printer and manually installing the drivers to the client works perfectly. Installing drivers and associating them to printers shared by Samba works fine via the Windows GUI and the rpcclient tool. Adding the printer to a Windows client also appears to work, i.e. the driver downloads, installs and the printer is visible. *What doesn't:* Unfortunately when trying to print using the point and print configured printer a generic 'failed to print' message is returned by Windows. In the Samba logs there is the following error (this occurs when opening preferences and trying to print): ------------------------------------ [2010/01/29 22:00:25, 1] smbd/service.c:1047(make_connection_snum) snowball (192.168.2.30) connect to service print$ initially as user david (uid=1021, gid=513) (pid 2214) [2010/01/29 22:00:31, 0] lib/fault.c:46(fault_report) =============================================================== [2010/01/29 22:00:31, 0] lib/fault.c:47(fault_report) INTERNAL ERROR: Signal 11 in pid 2214 (3.4.5) Please read the Trouble-Shooting section of the Samba3-HOWTO [2010/01/29 22:00:31, 0] lib/fault.c:49(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2010/01/29 22:00:31, 0] lib/fault.c:50(fault_report) =============================================================== [2010/01/29 22:00:31, 0] lib/util.c:1480(smb_panic) PANIC (pid 2214): internal error [2010/01/29 22:00:31, 0] lib/util.c:1584(log_stack_trace) BACKTRACE: 25 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0x836632d] #1 /usr/sbin/smbd(smb_panic+0x2d) [0x836644d] #2 /usr/sbin/smbd [0x8353c3e] #3 [0xb77a7400] #4 /usr/lib/libtalloc.so.2(_talloc_free+0x1d5) [0xb746e915] #5 /usr/sbin/smbd [0x82a67cb] #6 /usr/sbin/smbd [0x82e8f09] #7 /usr/sbin/smbd(api_pipe_request+0x192) [0x82e9752] #8 /usr/sbin/smbd [0x82e25fa] #9 /usr/sbin/smbd(np_write_send+0x637) [0x82e2c97] #10 /usr/sbin/smbd [0x80e3d06] #11 /usr/sbin/smbd [0x80e430b] #12 /usr/sbin/smbd(reply_trans+0x686) [0x80e4e26] #13 /usr/sbin/smbd [0x81496de] #14 /usr/sbin/smbd [0x8149b4d] #15 /usr/sbin/smbd [0x814a3ad] #16 /usr/sbin/smbd(run_events+0x12e) [0x837745e] #17 /usr/sbin/smbd(smbd_process+0x827) [0x8148e37] #18 /usr/sbin/smbd [0x8646695] #19 /usr/sbin/smbd(run_events+0x12e) [0x837745e] #20 /usr/sbin/smbd [0x83776ff] #21 /usr/sbin/smbd(_tevent_loop_once+0x98) [0x8377d48] #22 /usr/sbin/smbd(main+0xc92) [0x86473c2] #23 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb7332b56] #24 /usr/sbin/smbd [0x80c3eb1] [2010/01/29 22:00:31, 0] lib/util.c:1485(smb_panic) smb_panic(): calling panic action [/usr/share/samba/panic-action 2214] [2010/01/29 22:00:31, 0] lib/util.c:1493(smb_panic) smb_panic(): action returned status 0 [2010/01/29 22:00:31, 0] lib/fault.c:326(dump_core) dumping core in /var/log/samba/cores/smbd [2010/01/29 22:00:41, 1] smbd/service.c:1047(make_connection_snum) snowball (192.168.2.30) connect to service print$ initially as user david (uid=1021, gid=513) (pid 2271) ------------------------------------ Here is the output of the rpcclient's enumprinters, The first printer doesn't have the driver installed (and works) whilst the second has the driver installed (and doesn't): rpcclient $> enumprinters 2 servername:[\\fissionator] printername:[\\fissionator\Ricoh] sharename:[Ricoh] portname:[Samba Printer Port] drivername:[] comment:[Ricoh 3245C MFD] location:[] sepfile:[] printprocessor:[winprint] datatype:[RAW] parameters:[] attributes:[0x1048] priority:[0x1] defaultpriority:[0x1] starttime:[0x0] untiltime:[0x0] status:[0x0] cjobs:[0x0] averageppm:[0x0] .... servername:[\\fissionator] printername:[\\fissionator\RICOH Aficio 3245C PCL 6] sharename:[RicohTest] portname:[Samba Printer Port] drivername:[RICOH Aficio 3245C PCL 6] comment:[Ricoh 3245C test] location:[] sepfile:[] printprocessor:[winprint] datatype:[RAW] parameters:[] attributes:[0x1848] priority:[0x1] defaultpriority:[0x1] starttime:[0x0] untiltime:[0x0] status:[0x0] cjobs:[0x0] averageppm:[0x0] Here is the output of rpcclient's enumdrivers: rpcclient $> enumdrivers 3 [Windows NT x86] Printer Driver Info 3: Version: [3] Driver Name: [RICOH Aficio 3245C PCL 6] Architecture: [Windows NT x86] Driver Path: [\\FISSIONATOR\print$\W32X86\3\RIC640K.DLL] Datafile: [\\FISSIONATOR\print$\W32X86\3\RIC640K.DLL] Configfile: [\\FISSIONATOR\print$\W32X86\3\RIC640U.DLL] Helpfile: [\\FISSIONATOR\print$\W32X86\3\RIC640.HLP] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640P.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640C.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640L.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640X.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640S.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640J.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640Q.EXE] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640ZU.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640ZK.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640WU.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640WK.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640PI.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\RIC640X.EXE] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\TrackID.DLL] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\TIBase64.dll] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\TIFmtA.dll] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\Ricjc32.dll] Dependentfiles: [\\FISSIONATOR\print$\W32X86\3\JCUI.exe] Monitorname: [] Defaultdatatype: [] Finally here is the relevant shares in smb.conf: (I have tried 'use client driver' yes/no and experienced the same result) [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes guest ok = no read only = yes create mask = 0700 # use client driver = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no write list = root, @"Domain Admins" force create mode = 0664 force directory mode = 0664 Permissions are setup fine for /var/lib/samba/printers. I have granted Domain admins the SePrintOperatorPrivilege. (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html) Any help/advice would be appreciated, but the issue is more of an annoyance than a major issue. Regards, David From joe at pyx.ch Fri Jan 29 03:26:46 2010 From: joe at pyx.ch (Joe Ammann) Date: Fri, 29 Jan 2010 11:26:46 +0100 Subject: [Samba] SOLVED: readline/termcap problems compiling Samba 3.5.0rc1 on CentOS 5.4 64-bit In-Reply-To: <387ee2021001280727k75f1a86di950405cc5e56752a@mail.gmail.com> References: <201001220121.46172.joe@pyx.ch> <201001281606.43307.joe@pyx.ch> <387ee2021001280727k75f1a86di950405cc5e56752a@mail.gmail.com> Message-ID: <201001291126.46442.joe@pyx.ch> On Thursday 28 January 2010 16:27:07 John Drescher wrote: > On Thu, Jan 28, 2010 at 10:06 AM, Joe Ammann wrote: > > - CentOS readline library does not declate dependency on curses/termcap > > - Samba compile uses the -Wl,--ad-needed link flag > > BTW, rc2 is now out. Yeah, just saw and tested it, same problem, same solution :-) -- CU, Joe From t.vancon at gmail.com Fri Jan 29 03:59:30 2010 From: t.vancon at gmail.com (=?ISO-8859-1?Q?Thibault_Van=E7on?=) Date: Fri, 29 Jan 2010 11:59:30 +0100 Subject: [Samba] Multi samba domain in one LDAP Backend with multi-site authentication Message-ID: Hello, I need some help to set up a multi-site authentication architecture with samba. Our company is composed by 6 sites which are VPN-Linked. On each, there is Samba 3.0.27 PDC with LDAP backend on Debian Etch (I will probably upgrade it to lenny with this project, and an upper version of Samba). We would like to permit an user of one domain to login in other with the same credentials. Actually, if a user need to connect to a share of another domain, we have to create it again in the other LDAP backend. So we have a lot of doubloon, what is not very good because we store a lot of administrative information as email, function, etc. , and we need to use LDAP for others application (Intranet on Apache server, ERP,?). My boss is not closed with that and want to keep the multi-domain architecture (I?m actually converting it to free software?). I know that it would be easier to have only one domain with LDAP replication, but he still don?t want. Is there a multi samba domain schema for LDAP ? What about trusted relationship ? Are they work fine ? Other possibilities (RADIUS, etc.) ? Thanks a lot for answer, and sorry for my English which is not very well. Thibault Van?on --------- System and Network administrator ? Alsapan ? France From gaiseric.vandal at gmail.com Fri Jan 29 08:50:18 2010 From: gaiseric.vandal at gmail.com (Gaiseric Vandal) Date: Fri, 29 Jan 2010 10:50:18 -0500 Subject: [Samba] Multi samba domain in one LDAP Backend with multi-site authentication In-Reply-To: References: Message-ID: <4B6303BA.6020001@gmail.com> On 01/29/10 05:59, Thibault Van?on wrote: > Hello, > > > > I need some help to set up a multi-site authentication architecture with > samba. > > Our company is composed by 6 sites which are VPN-Linked. > > On each, there is Samba 3.0.27 PDC with LDAP backend on Debian Etch (I will > probably upgrade it to lenny with this project, and an upper version of > Samba). We would like to permit an user of one domain to login in other with > the same credentials. > > Actually, if a user need to connect to a share of another domain, we have to > create it again in the other LDAP backend. So we have a lot of doubloon, > what is not very good because we store a lot of administrative information > as email, function, etc. , and we need to use LDAP for others application > (Intranet on Apache server, ERP,?). > > My boss is not closed with that and want to keep the multi-domain > architecture (I?m actually converting it to free software?). I know that it > would be easier to have only one domain with LDAP replication, but he still > don?t want. > > Is there a multi samba domain schema for LDAP ? What about trusted > relationship ? Are they work fine ? Other possibilities (RADIUS, etc.) ? > > Thanks a lot for answer, and sorry for my English which is not very well. > > > > > > Thibault Van?on > > --------- > > System and Network administrator ? Alsapan ? France > The samba how-to book documentation on www.samba.org does a pretty good job of explaining inter-domain trusts. Will does allow you to allow users from one domain to have access to resources in another domain. The samba domains are trusting each other. The LDAP server in one domain does not have to talk to the LDAP server in another domain. You do need to use winbind and setup IDMAP ranges - which can get a little tricky. So if each site has its own domain, and each domain has only one PDC, you will not have to worry about LDAP replication. There are some benefits to a multiple domain approach- - if you need to designate local administrators in each domain but not for the entire company - their is a logical business division between each site (maybe one site has the Sales people and one site has Engineering people.) - less problems if your VPN links are unreliable or slow. If you want to consolidate domains that you may want to make sure that either your remote site has a Samba BDC (with ldap replication) and a reliable VPN connection. Either way you want people to run their login scripts and have their home directories on a server in their site. You also may want to consider having a WINS server in each site- depending on the number of computers. From collen at hermanjordan.nl Fri Jan 29 08:51:55 2010 From: collen at hermanjordan.nl (Collen Blijenberg) Date: Fri, 29 Jan 2010 16:51:55 +0100 Subject: [Samba] provision-backend gone ?! Message-ID: <4B63041B.5050305@hermanjordan.nl> Hi, just a simple question, in most documents in the samba4 wiki there is a step to provision the backend... (setup/provision-backend) but i can't find it in the latest (11) alpha... so what's the idea now, skip this step ?? and go straight in the normal provision ? or, how else do i provision the openldap server. thx, Collen... -- love testing.. From holm at informatik.umu.se Fri Jan 29 09:46:14 2010 From: holm at informatik.umu.se (=?ISO-8859-1?Q?=C5ke?= Holmlund) Date: Fri, 29 Jan 2010 17:46:14 +0100 Subject: [Samba] Can't connect to printers from Win 2008 and Win 7 Message-ID: <1264783574.28012.3.camel@carme.informatik.umu.se> Hello! I have sent this a few days ago but I don't think it made it to the mailinglist. We have problems connecting to printers (spoolss) from Windows Server 2008 (64-bit, domain member) and Windows 7 (64-bit, NOT domain member). When trying to connect to the printers we get an error message saying "Windows cannot connect to the printer. Operation could not be completed (error 0x0000000d)". Connecting as a "standard" user or a domain administrator makes no difference. If I try to add a printer on the server from Windows 2008, there are no ports to choose from in the "Choose a printer port" dialog. Connecting to the printers is no problem from Win XP, Win Vista and Win 2003 (all 32-bit). When trying to add a printer from Windows 2003, the "Samba Printer Port" shows up in the "Choose a printer port" dialog. The Samba (domain) server is 3.4.4 running on Solaris 10 (Sparc). Any ideas what the problem can be or where to start looking? --- ?ke Holmlund Ume? University Dept of Informatics Ume? SWEDEN From ganju420 at gmail.com Fri Jan 29 09:57:26 2010 From: ganju420 at gmail.com (Ganju Yadav) Date: Fri, 29 Jan 2010 11:57:26 -0500 Subject: [Samba] Strange errors in Samba Logs Message-ID: <9a5b64241001290857g26b227ree507b56a7639f4f@mail.gmail.com> All, I see recurring error messages in my "smbd" log file. Any ideas how to fix this? [2010/01/29 09:17:27, 0] lib/util_sock.c:set_socket_options(261) Failed to set socket option TCP_NODELAY (*Error Invalid argument*) [2010/01/29 09:17:27, 0] lib/util_sock.c:set_socket_options(261) Failed to set socket option IPTOS_LOWDELAY (*Error Invalid argument*) [2010/01/29 09:17:27, 0] lib/util_sock.c:get_peer_addr(1232) getpeername failed. Error was Transport endpoint is not connected Here is how my smb.conf reads: socket options = TCP_NODELAY IPTOS_LOWDELAY Thanks in advance. Ganju From bj at SerNet.DE Fri Jan 29 10:00:21 2010 From: bj at SerNet.DE (=?iso-8859-1?Q?Bj=F6rn?= Jacke) Date: Fri, 29 Jan 2010 18:00:21 +0100 Subject: [Samba] readline/termcap problems compiling Samba 3.5.0rc1 on CentOS 5.4 64-bit In-Reply-To: <201001220121.46172.joe@pyx.ch> References: <201001220121.46172.joe@pyx.ch> Message-ID: On 2010-01-22 at 01:21 +0100 Joe Ammann sent off: > but still, I can't get rid of the above error. I'm a bit lost, any hints? this is a known issue of the RHEL5/CentOS packages, see https://bugzilla.samba.org/show_bug.cgi?id=6984 https://bugzilla.redhat.com/show_bug.cgi?id=499837 Cheers Bj?rn From jra at samba.org Fri Jan 29 11:09:57 2010 From: jra at samba.org (Jeremy Allison) Date: Fri, 29 Jan 2010 10:09:57 -0800 Subject: [Samba] Can't connect to printers from Win 2008 and Win 7 In-Reply-To: <1264783574.28012.3.camel@carme.informatik.umu.se> References: <1264783574.28012.3.camel@carme.informatik.umu.se> Message-ID: <20100129180957.GA4170@samba1> On Fri, Jan 29, 2010 at 05:46:14PM +0100, ?ke Holmlund wrote: > Hello! > > I have sent this a few days ago but I don't think it made it to the > mailinglist. > > We have problems connecting to printers (spoolss) from Windows Server > 2008 (64-bit, domain member) and Windows 7 (64-bit, NOT domain member). > When trying to connect to the printers we get an error message saying > "Windows cannot connect to the printer. Operation could not be completed > (error 0x0000000d)". Connecting as a "standard" user or a domain > administrator makes no difference. > > If I try to add a printer on the server from Windows 2008, there are no > ports to choose from in the "Choose a printer port" dialog. > > Connecting to the printers is no problem from Win XP, Win Vista and Win > 2003 (all 32-bit). When trying to add a printer from Windows 2003, the > "Samba Printer Port" shows up in the "Choose a printer port" dialog. > > The Samba (domain) server is 3.4.4 running on Solaris 10 (Sparc). > > Any ideas what the problem can be or where to start looking? Ok, here's the deal. If you have 64-bit Windows clients at the moment you need to be using 3.3.10, not anything later. If you're using 32-bit Windows clients, you can use 3.4.5 or later. The reason (and Guenther can correct me if I'm wrong), is that in 3.4.x we changed from the hand-marshalled SPOOLSS RPC we used in 3.3.x, which was mostly correct after being worked on for many years, to pidl-generated SPOOLSS RPC directly from the idl files. Now our idl files are correct, but it turns out that the Windows idl parser for SPOOLSS is itself custom, and won't accept the normally marshalled RPC packets that the pidl-generated code creates. Guenter and Metze have been doing a lot of work on fixing this, and this is why 32-bit Windows clients work in 3.4.5. However there are still some changes needed for 64-bit Windows clients, and this will probably make it into an early patch for 3.5.x (it won't make 3.5.0, as it's too late to test the changes needed before we ship next month). I'm going to write this up as a tech-note for the next 3.4.x release and for 3.5.0 and get it into the release notes. Hope this hasn't caused you too many problems. Jeremy. From jra at samba.org Fri Jan 29 11:09:57 2010 From: jra at samba.org (Jeremy Allison) Date: Fri, 29 Jan 2010 10:09:57 -0800 Subject: [Samba] Can't connect to printers from Win 2008 and Win 7 In-Reply-To: <1264783574.28012.3.camel@carme.informatik.umu.se> References: <1264783574.28012.3.camel@carme.informatik.umu.se> Message-ID: <20100129180957.GA4170@samba1> On Fri, Jan 29, 2010 at 05:46:14PM +0100, ?ke Holmlund wrote: > Hello! > > I have sent this a few days ago but I don't think it made it to the > mailinglist. > > We have problems connecting to printers (spoolss) from Windows Server > 2008 (64-bit, domain member) and Windows 7 (64-bit, NOT domain member). > When trying to connect to the printers we get an error message saying > "Windows cannot connect to the printer. Operation could not be completed > (error 0x0000000d)". Connecting as a "standard" user or a domain > administrator makes no difference. > > If I try to add a printer on the server from Windows 2008, there are no > ports to choose from in the "Choose a printer port" dialog. > > Connecting to the printers is no problem from Win XP, Win Vista and Win > 2003 (all 32-bit). When trying to add a printer from Windows 2003, the > "Samba Printer Port" shows up in the "Choose a printer port" dialog. > > The Samba (domain) server is 3.4.4 running on Solaris 10 (Sparc). > > Any ideas what the problem can be or where to start looking? Ok, here's the deal. If you have 64-bit Windows clients at the moment you need to be using 3.3.10, not anything later. If you're using 32-bit Windows clients, you can use 3.4.5 or later. The reason (and Guenther can correct me if I'm wrong), is that in 3.4.x we changed from the hand-marshalled SPOOLSS RPC we used in 3.3.x, which was mostly correct after being worked on for many years, to pidl-generated SPOOLSS RPC directly from the idl files. Now our idl files are correct, but it turns out that the Windows idl parser for SPOOLSS is itself custom, and won't accept the normally marshalled RPC packets that the pidl-generated code creates. Guenter and Metze have been doing a lot of work on fixing this, and this is why 32-bit Windows clients work in 3.4.5. However there are still some changes needed for 64-bit Windows clients, and this will probably make it into an early patch for 3.5.x (it won't make 3.5.0, as it's too late to test the changes needed before we ship next month). I'm going to write this up as a tech-note for the next 3.4.x release and for 3.5.0 and get it into the release notes. Hope this hasn't caused you too many problems. Jeremy. From ganju420 at gmail.com Fri Jan 29 13:31:26 2010 From: ganju420 at gmail.com (Ganju Yadav) Date: Fri, 29 Jan 2010 15:31:26 -0500 Subject: [Samba] Potential bug in latest build 3.4.5 Message-ID: <9a5b64241001291231x16dc3fd7p2e00d7c8b51b5c55@mail.gmail.com> I am trying to use following statement to include special smb.conf parameters for few clients using statement like below. I then created special smb.conf.*clientname* file under /usr/local/samba/lib/smb.conf.* clientname* include = /usr/local/samba/lib/smb.conf.%m However testparm gives error like "can't find include file /usr/local/samba/lib/smb.conf.". Has anyone else seen this behavior? Thanks. From morgan at tuxedo.darktech.org Fri Jan 29 15:20:26 2010 From: morgan at tuxedo.darktech.org (Rob Shinn) Date: Fri, 29 Jan 2010 17:20:26 -0500 Subject: [Samba] Samba+LDAP + Primary GIDs In-Reply-To: References: <4B54DB80.3040703@tuxedo.darktech.org> <4B5B8779.5070302@tuxedo.darktech.org> Message-ID: <4B635F2A.4000409@tuxedo.darktech.org> Kris Lou wrote: > PDC Results: > SID for local machine KIF is: S-1-5-21-1297059763-2273326489-1660943333 > SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 > > Openfiler Results: > SID for local machine VADER is: S-1-5-21-2859034502-3981372097-2611941478 > SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 > > As you can see, the domain SIDs match. > > Also, here's the global portion of the Openfiler smb.conf and an > example share (portions edited). About this - I can obviously edit the > smb.conf, but it gets overwritten by the Openfiler gui whenever > changes are made. Looking at the file, I'm not understanding where > the group security settings are being placed. It looks like Openfiler > runs with Samba 3.2.13 Is nss-ldap installed on the Openfiler? If so, is it pointing to the LDAP server on the Samba+LDAP machine? From jra at samba.org Fri Jan 29 15:29:41 2010 From: jra at samba.org (Jeremy Allison) Date: Fri, 29 Jan 2010 14:29:41 -0800 Subject: [Samba] Potential bug in latest build 3.4.5 In-Reply-To: <9a5b64241001291231x16dc3fd7p2e00d7c8b51b5c55@mail.gmail.com> References: <9a5b64241001291231x16dc3fd7p2e00d7c8b51b5c55@mail.gmail.com> Message-ID: <20100129222941.GB22943@samba1> On Fri, Jan 29, 2010 at 03:31:26PM -0500, Ganju Yadav wrote: > I am trying to use following statement to include special smb.conf > parameters for few clients using statement like below. I then created > special smb.conf.*clientname* file under /usr/local/samba/lib/smb.conf.* > clientname* > > include = /usr/local/samba/lib/smb.conf.%m > > However testparm gives error like "can't find include file > /usr/local/samba/lib/smb.conf.". > > Has anyone else seen this behavior? See the man page for smb.conf: %m the NetBIOS name of the client machine (very useful). This parameter is not available when Samba listens on port 445, as clients no longer send this information. If you use this macro in an include statement on a domain that has a Samba domain controller be sure to set in the [global] section smb ports = 139. This will cause Samba to not listen on port 445 and will permit include functionality to function as it did with Samba 2.x. From klou at themusiclink.net Fri Jan 29 15:29:39 2010 From: klou at themusiclink.net (Kris Lou) Date: Fri, 29 Jan 2010 14:29:39 -0800 Subject: [Samba] Samba+LDAP + Primary GIDs In-Reply-To: <4B635F2A.4000409@tuxedo.darktech.org> References: <4B54DB80.3040703@tuxedo.darktech.org> <4B5B8779.5070302@tuxedo.darktech.org> <4B635F2A.4000409@tuxedo.darktech.org> Message-ID: ldap.conf/nsswitch.conf/ldap.secrets all exist. Something might be wrong with the set up on the PDC side - when I run "net groupmap list" , all of my mappings correctly show up. But when I run a "net rpc group list" on the PDC, only 2 groups (most recently created) are displayed. Kris Lou klou at themusiclink.net On Fri, Jan 29, 2010 at 2:20 PM, Rob Shinn wrote: > Kris Lou wrote: > >> PDC Results: >> SID for local machine KIF is: S-1-5-21-1297059763-2273326489-1660943333 >> SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 >> >> Openfiler Results: >> SID for local machine VADER is: S-1-5-21-2859034502-3981372097-2611941478 >> SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 >> >> As you can see, the domain SIDs match. >> >> Also, here's the global portion of the Openfiler smb.conf and an example >> share (portions edited). About this - I can obviously edit the smb.conf, but >> it gets overwritten by the Openfiler gui whenever changes are made. Looking >> at the file, I'm not understanding where the group security settings are >> being placed. It looks like Openfiler runs with Samba 3.2.13 >> > > Is nss-ldap installed on the Openfiler? If so, is it pointing to the LDAP > server on the Samba+LDAP machine? > > From learner.study at gmail.com Fri Jan 29 15:49:49 2010 From: learner.study at gmail.com (Learner Study) Date: Fri, 29 Jan 2010 14:49:49 -0800 Subject: [Samba] flushing sambacache Message-ID: <7efa8a7d1001291449x3c98098al31977bb8f64005ac@mail.gmail.com> Is it possible to force samba server to write data to the disk and not cache it at-all? If yes, is there a config option for this? BAsically, I would like to emulate iozone "-o" option on the server side itself (without having iozone do -o)? Thanks! From learner.study at gmail.com Fri Jan 29 15:49:49 2010 From: learner.study at gmail.com (Learner Study) Date: Fri, 29 Jan 2010 14:49:49 -0800 Subject: [Samba] flushing sambacache Message-ID: <7efa8a7d1001291449x3c98098al31977bb8f64005ac@mail.gmail.com> Is it possible to force samba server to write data to the disk and not cache it at-all? If yes, is there a config option for this? BAsically, I would like to emulate iozone "-o" option on the server side itself (without having iozone do -o)? Thanks! From abartlet at samba.org Fri Jan 29 18:00:17 2010 From: abartlet at samba.org (Andrew Bartlett) Date: Sat, 30 Jan 2010 14:00:17 +1300 Subject: [Samba] provision-backend gone ?! In-Reply-To: <4B63041B.5050305@hermanjordan.nl> References: <4B63041B.5050305@hermanjordan.nl> Message-ID: <1264813217.2329.1.camel@ruth> On Fri, 2010-01-29 at 16:51 +0100, Collen Blijenberg wrote: > Hi, just a simple question, > > in most documents in the samba4 wiki > there is a step to provision the backend... (setup/provision-backend) > > but i can't find it in the latest (11) alpha... > > so what's the idea now, skip this step ?? and go straight in the normal > provision ? Yes, the provision-backend script has been rolled into the main provision script, to make it easier for users. Some extra options (like the path to slapd) are now required parameters to slapd. Also note that this will not work in the latest alpha, but we hope to integrate some patches Endi has been working on to fix this soon. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: This is a digitally signed message part URL: From jra at samba.org Fri Jan 29 18:26:56 2010 From: jra at samba.org (Jeremy Allison) Date: Fri, 29 Jan 2010 17:26:56 -0800 Subject: [Samba] Printer sharing with 64-bit Windows clients In-Reply-To: <32030.65.118.50.246.1264531462.squirrel@mail.progman.us> References: <32030.65.118.50.246.1264531462.squirrel@mail.progman.us> Message-ID: <20100130012656.GB19404@jeremy-laptop> On Tue, Jan 26, 2010 at 12:44:22PM -0600, Daniel Johnson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have a problem accessing a CUPS/Samba shared printer on a Windows XP x64 > Professional system (WinNT5.2 kernel). It seems from my searching that > this is a problem affecting only 64-bit Windows clients, but perhaps not > all 64-bit Windows clients. > > See also: > https://bugs.launchpad.net/fedora/+bug/482836 > http://ubuntuforums.org/showthread.php?p=8263192 > > I'm running Samba v3.4.5 on a 32-bit Slackware v13 virtual machine, Linux > kernel v2.6.29.6. CUPS is v1.3.11. I have produced a log level 5 output > showing two clients connecting to the Samba system and trying to view > properties on the printer. The 32-bit client "Manager2b" succeeds, the > 64-bit client "MasterIm64VM" does not. The logs (and config) are in > http://thor.chguernsey.com/temp/samba3.4.5logs-0.tgz > (116kb, MD5SUM 04672e49116c4596820812db5cb8cdfb). Ok, here's the deal. If you have 64-bit Windows clients at the moment you need to be using 3.3.10, not anything later. If you're using 32-bit Windows clients, you can use 3.4.5 or later. The reason (and Guenther can correct me if I'm wrong), is that in 3.4.x we changed from the hand-marshalled SPOOLSS RPC we used in 3.3.x, which was mostly correct after being worked on for many years, to pidl-generated SPOOLSS RPC directly from the idl files. Now our idl files are correct, but it turns out that the Windows idl parser for SPOOLSS is itself custom, and won't accept the normally marshalled RPC packets that the pidl-generated code creates. Guenter and Metze have been doing a lot of work on fixing this, and this is why 32-bit Windows clients work in 3.4.5. However there are still some changes needed for 64-bit Windows clients, and this will probably make it into an early patch for 3.5.x (it won't make 3.5.0, as it's too late to test the changes needed before we ship next month). I'm going to write this up as a tech-note for the next 3.4.x release and for 3.5.0 and get it into the release notes. Hope this hasn't caused you too many problems. Jeremy. From stan at hardwarefreak.com Fri Jan 29 20:29:42 2010 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 29 Jan 2010 21:29:42 -0600 Subject: [Samba] flushing sambacache In-Reply-To: <7efa8a7d1001291449x3c98098al31977bb8f64005ac@mail.gmail.com> References: <7efa8a7d1001291449x3c98098al31977bb8f64005ac@mail.gmail.com> Message-ID: <4B63A7A6.9010107@hardwarefreak.com> Learner Study put forth on 1/29/2010 4:49 PM: > Is it possible to force samba server to write data to the disk and not > cache it at-all? If yes, is there a config option for this? BAsically, > I would like to emulate iozone "-o" option on the server side itself > (without having iozone do -o)? You may want to read this. I assume you know who Linux Torvalds is, yes? http://kerneltrap.org/node/7563 -- Stan From Hullen at t-online.de Fri Jan 29 23:36:00 2010 From: Hullen at t-online.de (Helmut Hullen) Date: 30 Jan 2010 07:36:00 +0100 Subject: [Samba] Can't connect to printers from Win 2008 and Win 7 In-Reply-To: <20100129180957.GA4170@samba1> Message-ID: Hallo, Jeremy, Du meintest am 29.01.10: >> We have problems connecting to printers (spoolss) from Windows >> Server 2008 (64-bit, domain member) and Windows 7 (64-bit, NOT >> domain member). [...] > Ok, here's the deal. If you have 64-bit Windows clients at the > moment you need to be using 3.3.10, not anything later. If you're > using 32-bit Windows clients, you can use 3.4.5 or later. Only for "spoolss" or CUPS, or for the whole Samba bundle? Viele Gruesse! Helmut From jra at samba.org Sat Jan 30 10:59:07 2010 From: jra at samba.org (Jeremy Allison) Date: Sat, 30 Jan 2010 09:59:07 -0800 Subject: [Samba] Can't connect to printers from Win 2008 and Win 7 In-Reply-To: References: <20100129180957.GA4170@samba1> Message-ID: <20100130175907.GA23823@jeremy-desktop> On Sat, Jan 30, 2010 at 07:36:00AM +0100, Helmut Hullen wrote: > Hallo, Jeremy, > > Du meintest am 29.01.10: > > >> We have problems connecting to printers (spoolss) from Windows > >> Server 2008 (64-bit, domain member) and Windows 7 (64-bit, NOT > >> domain member). > > [...] > > > Ok, here's the deal. If you have 64-bit Windows clients at the > > moment you need to be using 3.3.10, not anything later. If you're > > using 32-bit Windows clients, you can use 3.4.5 or later. > > Only for "spoolss" or CUPS, or for the whole Samba bundle? I'm referring to the whole of Samba. Although the issue only affects SPOOLSS you can't just install that part of Samba. Jeremy. From tatel at infonegocio.com Sat Jan 30 12:20:15 2010 From: tatel at infonegocio.com (=?ISO-8859-1?Q?Roman_Mu=F1oz?=) Date: Sat, 30 Jan 2010 20:20:15 +0100 Subject: [Samba] Dual booted clients with different name drop each other out of domain Message-ID: <4B64866F.3020505@infonegocio.com> Hi, I'm setting some Ubuntu Karmic clients on a school net. PDC is windows 2k3 r2. I realized that DHCP server sends only "school", not "school.net" as domain name. I have been told that AD configuration was migrated "as is" from an older windows release. I used a "supersede" line on client's dhcp.conf to get a correct domain name. I'm not authorized to do any configuration change on PDC but could see the event log, etc. Client machines are dual booted: XP client and Ubuntu client on the same machine get different unique names. Ubuntu clients are configured following the guides available on the Net, and are working quite well: domain users can logon and shares are mounted. But XP and Ubuntu keep dropping each other out of domain. Any ideas? TIA Roman From cguzmana at gmail.com Sat Jan 30 15:56:57 2010 From: cguzmana at gmail.com (Claudio Guzman) Date: Sat, 30 Jan 2010 19:56:57 -0300 Subject: [Samba] I can not create Home DIR Message-ID: <604595c11001301456q601445detd7bc8edbf6852d21@mail.gmail.com> when users enter the system can not see your home folder, or it asks the username and password denuevo. My configuration is Server + Samba + LDAP PDC Samba server that only has the shared folders and are accessed via winbind and pam # Global settings [global] display charset = LOCALE passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* idmap gid = 1000-33554431 passwd program = /usr/bin/passwd %u netbios name = srvsamba idmap uid = 1000-33554431 dos charset = CP850 local master = no workgroup = SERVER debug level = 9 os level = 0 security = domain log file = /var/log/samba/%m.log guest account = nobody smb passwd file = /etc/samba/smbpasswd load printers = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = 192.168.1.252 map to guest = Bad User domain master = no encrypt passwords = yes realm = template shell = /bin/false server string = srvsamba winbind enum users = Yes password server = 192.168.1.252 template homedir = /mnt/samba/home/%U winbind enum groups = Yes unix charset = UTF-8 preferred master = no pam password change = yes winbind use default domain = no [homes] comment = Home Directories browseable = no writeable = yes From retlaw.rentuam at gmail.com Sat Jan 30 16:15:38 2010 From: retlaw.rentuam at gmail.com (Walter Mautner) Date: Sun, 31 Jan 2010 00:15:38 +0100 Subject: [Samba] Dual booted clients with different name drop each other out of domain In-Reply-To: <4B64866F.3020505@infonegocio.com> References: <4B64866F.3020505@infonegocio.com> Message-ID: <201001310015.38387.retlaw.rentuam@gmail.com> Am Samstag, 30. Januar 2010 20:20:15 schrieb Roman Mu?oz: > Hi, > > I'm setting some Ubuntu Karmic clients on a school net. PDC is windows > 2k3 r2. I realized that DHCP server sends only "school", not > "school.net" as domain name. I have been told that AD configuration was > migrated "as is" from an older windows release. I used a "supersede" > line on client's dhcp.conf to get a correct domain name. I'm not > authorized to do any configuration change on PDC but could see the event > log, etc. > > Client machines are dual booted: XP client and Ubuntu client on the same > machine get different unique names. Ubuntu clients are configured > following the guides available on the Net, and are working quite well: > domain users can logon and shares are mounted. > > But XP and Ubuntu keep dropping each other out of domain. Any ideas? > Would be a good idea to change the MAC address on one of the multiboot setups. From jon at doransw.com Sat Jan 30 17:14:33 2010 From: jon at doransw.com (Jonathon Doran) Date: Sat, 30 Jan 2010 18:14:33 -0600 Subject: [Samba] Dual booted clients with different name drop each other out of domain In-Reply-To: <4B64866F.3020505@infonegocio.com> References: <4B64866F.3020505@infonegocio.com> Message-ID: <20100130181433.rn09y97ibocw0ksw-wbaqbena@webmail.spamcop.net> Quoting Roman Mu?oz : > But XP and Ubuntu keep dropping each other out of domain. Any ideas? You might not be seeing this, but it is something to think about... I needed (or chose to) create separate machine accounts for each dual booted OS. One OS would change the machine account password, and the other OS would not be able to join the domain since it had the wrong password. Giving each OS a separate machine name made life a lot nicer. From GABY at il.ibm.com Sat Jan 30 19:02:38 2010 From: GABY at il.ibm.com (Gabby Romano) Date: Sun, 31 Jan 2010 04:02:38 +0200 Subject: [Samba] AUTO: I am out of office. (returning 07-02-2010) Message-ID: I am out of the office until 07-02-2010. I will reply to emails when I return. please contact my manager for any issues. Note: This is an automated response to your message "Re: [Samba] Dual booted clients with different name drop each other out of domain" sent on 31/1/10 1:15:38. This is the only notification you will receive while this person is away. From tatel at infonegocio.com Sun Jan 31 06:40:30 2010 From: tatel at infonegocio.com (=?ISO-8859-1?Q?Roman_Mu=F1oz?=) Date: Sun, 31 Jan 2010 14:40:30 +0100 Subject: [Samba] Dual booted clients with different name drop each other out of domain In-Reply-To: <7e84ed61001301633o18f59d15p1ce1baf3c1f1b541@mail.gmail.com> References: <4B64866F.3020505@infonegocio.com> <7e84ed61001301633o18f59d15p1ce1baf3c1f1b541@mail.gmail.com> Message-ID: <4B65884E.5020903@infonegocio.com> Thanks for your answers. Probably it would be not very difficult to change the MAC address. This has the advantage that could work even if IT staff doesn't want to do any change in their dhcpd configuration. On the other hand, it seems that reconfiguring dhcpd would be a nicer solution that could perhaps be accepted by IT staff. However the pointer given seems to be about linux dhcpd, not about windows dhcpd. After some googling I got the windows doc about vendor classes, but I wonder by just changing host's name is not enough. Could you guys give any pointer to dual boot problem between windows OSes? Thanks again, Roman Rob Townley(e)k dio: > changing the MAC is not recommended. > > Same problem with dual booted win2k/winxp/winvista machines as well. > Not just a Linux issue. > > Do u have control / influence over dhcpd? if so, Linux clients and > MSFT clients can be detected by their dhcp vendor id and then given a > different hostname and ip address even though the MAC IS THE SAME. > > drbl.sf.net has a good example of using dhcp vendor id when assigning > an ip configuration. > look at /etc/dhcp/dhcpd.conf > > report back and let us know. > > On 1/30/10, Roman Mu?oz wrote: >> Hi, >> >> I'm setting some Ubuntu Karmic clients on a school net. PDC is windows >> 2k3 r2. I realized that DHCP server sends only "school", not >> "school.net" as domain name. I have been told that AD configuration was >> migrated "as is" from an older windows release. I used a "supersede" >> line on client's dhcp.conf to get a correct domain name. I'm not >> authorized to do any configuration change on PDC but could see the event >> log, etc. >> >> Client machines are dual booted: XP client and Ubuntu client on the same >> machine get different unique names. Ubuntu clients are configured >> following the guides available on the Net, and are working quite well: >> domain users can logon and shares are mounted. >> >> But XP and Ubuntu keep dropping each other out of domain. Any ideas? >> >> TIA >> Roman >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > From cj.keist at colostate.edu Sun Jan 31 09:51:09 2010 From: cj.keist at colostate.edu (CJ Keist) Date: Sun, 31 Jan 2010 09:51:09 -0700 Subject: [Samba] Strange errors in Samba Logs In-Reply-To: <9a5b64241001290857g26b227ree507b56a7639f4f@mail.gmail.com> References: <9a5b64241001290857g26b227ree507b56a7639f4f@mail.gmail.com> Message-ID: <4B65B4FD.8060805@colostate.edu> Haven't seen any response to this question. I'm also seeing the same errors: [2010/01/31 09:33:32, 2] lib/util_sock.c:442(set_socket_options) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2010/01/31 09:33:32, 2] lib/util_sock.c:442(set_socket_options) Failed to set socket option TCP_NODELAY (Error Invalid argument) My socket line: socket options = TCP_NODELAY Why am I even getting invalid SO_KEEPALIVE when I don't even have it listed in smb.conf? These are valid socket options according to my systems man pages. Running 3.4.5 on Solaris 10 Sparc. Ganju Yadav wrote: > All, > > I see recurring error messages in my "smbd" log file. Any ideas how to fix > this? > > [2010/01/29 09:17:27, 0] lib/util_sock.c:set_socket_options(261) Failed to > set socket option TCP_NODELAY (*Error Invalid argument*) > [2010/01/29 09:17:27, 0] lib/util_sock.c:set_socket_options(261) Failed to > set socket option IPTOS_LOWDELAY (*Error Invalid argument*) > [2010/01/29 09:17:27, 0] lib/util_sock.c:get_peer_addr(1232) getpeername > failed. Error was Transport endpoint is not connected > > Here is how my smb.conf reads: > > socket options = TCP_NODELAY IPTOS_LOWDELAY > > Thanks in advance. > > Ganju > -- C. J. Keist Email: cj.keist at colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' From retlaw.rentuam at gmail.com Sun Jan 31 15:24:21 2010 From: retlaw.rentuam at gmail.com (Walter Mautner) Date: Sun, 31 Jan 2010 23:24:21 +0100 Subject: [Samba] Dual booted clients with different name drop each other out of domain In-Reply-To: <4B65884E.5020903@infonegocio.com> References: <4B64866F.3020505@infonegocio.com> <7e84ed61001301633o18f59d15p1ce1baf3c1f1b541@mail.gmail.com> <4B65884E.5020903@infonegocio.com> Message-ID: <201001312324.21493.retlaw.rentuam@gmail.com> Am Sonntag, 31. Januar 2010 14:40:30 schrieb Roman Mu?oz: > Thanks for your answers. > > Probably it would be not very difficult to change the MAC address. This > has the advantage that could work even if IT staff doesn't want to do > any change in their dhcpd configuration. > > On the other hand, it seems that reconfiguring dhcpd would be a nicer > solution that could perhaps be accepted by IT staff. However the pointer > given seems to be about linux dhcpd, not about windows dhcpd. After some > googling I got the windows doc about vendor classes, but I wonder by > just changing host's name is not enough. > You are talking about linux as a client, so you want to change your dhclient.conf or whatever dhcp client you use. I don't think changing merely the hostname will work, because without changing the IP address, the re-named dns entries will take more time to re-populate even if dynamicaly updated by the windows ad-dns server, as it may take to try machine authentication with a 2nd OS on the same hardware. I think, having two hostnames sharing the same physical hardware and IP is above the concept of AD/dynamic dns update. From subscription at kkeane.com Sun Jan 31 16:34:43 2010 From: subscription at kkeane.com (Kevin Keane) Date: Sun, 31 Jan 2010 15:34:43 -0800 Subject: [Samba] Dual booted clients with different name drop each other out of domain In-Reply-To: <4B65884E.5020903@infonegocio.com> References: <4B64866F.3020505@infonegocio.com> <7e84ed61001301633o18f59d15p1ce1baf3c1f1b541@mail.gmail.com> <4B65884E.5020903@infonegocio.com> Message-ID: <724C3B2F1C5EB44D9108E471EC5E9933803C4762B1@akechi-denki.ad.nctechcenter.com> The problem with dual-booting is that you end up with two DNS records pointing to the same IP address. Active Directory regularly tries to contact the clients one by one (it does that for any number of administrative purposes). If the machine is turned off and isn't responding at all - no problem. But if the machine is booted into Linux while AD tries to reach the Windows machine on the same IP, you get an error (I believe it is Kerberos Error 4). Another issue is that one of the two DNS records wouldn't have a matching reverse DNS record (PTR record), since there can only be one PTR record per IP address. All this happens when dual-booting different Windows versions, as well. In my experience, though, it's not really deadly - in fact, the user usually doesn't even know this is happening. What, specifically, do you mean by "drop each other out of the domain?" In my very small network, the easiest solution was to use a static IP for one of the two OS. > -----Original Message----- > From: samba-bounces at lists.samba.org [mailto:samba- > bounces at lists.samba.org] On Behalf Of Roman Mu?oz > Sent: Sunday, January 31, 2010 5:41 AM > To: samba at lists.samba.org > Subject: Re: [Samba] Dual booted clients with different name drop each > other out of domain > > Thanks for your answers. > > Probably it would be not very difficult to change the MAC address. This > has the advantage that could work even if IT staff doesn't want to do > any change in their dhcpd configuration. > > On the other hand, it seems that reconfiguring dhcpd would be a nicer > solution that could perhaps be accepted by IT staff. However the > pointer > given seems to be about linux dhcpd, not about windows dhcpd. After > some > googling I got the windows doc about vendor classes, but I wonder by > just changing host's name is not enough. > > Could you guys give any pointer to dual boot problem between windows > OSes? > > Thanks again, > Roman > > Rob Townley(e)k dio: > > changing the MAC is not recommended. > > > > Same problem with dual booted win2k/winxp/winvista machines as well. > > Not just a Linux issue. > > > > Do u have control / influence over dhcpd? if so, Linux clients and > > MSFT clients can be detected by their dhcp vendor id and then given a > > different hostname and ip address even though the MAC IS THE SAME. > > > > drbl.sf.net has a good example of using dhcp vendor id when assigning > > an ip configuration. > > look at /etc/dhcp/dhcpd.conf > > > > report back and let us know. > > > > On 1/30/10, Roman Mu?oz wrote: > >> Hi, > >> > >> I'm setting some Ubuntu Karmic clients on a school net. PDC is > windows > >> 2k3 r2. I realized that DHCP server sends only "school", not > >> "school.net" as domain name. I have been told that AD configuration > was > >> migrated "as is" from an older windows release. I used a "supersede" > >> line on client's dhcp.conf to get a correct domain name. I'm not > >> authorized to do any configuration change on PDC but could see the > event > >> log, etc. > >> > >> Client machines are dual booted: XP client and Ubuntu client on the > same > >> machine get different unique names. Ubuntu clients are configured > >> following the guides available on the Net, and are working quite > well: > >> domain users can logon and shares are mounted. > >> > >> But XP and Ubuntu keep dropping each other out of domain. Any ideas? > >> > >> TIA > >> Roman > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba From jpb at bordengrammar.kent.sch.uk Sun Jan 31 17:00:37 2010 From: jpb at bordengrammar.kent.sch.uk (Julian Pilfold-Bagwell) Date: Mon, 01 Feb 2010 00:00:37 +0000 Subject: [Samba] Samba multi-site advice request please Message-ID: <1264982437.3000.9.camel@jpb-laptop> Hi all, I am looking at setting up a multi-site office and need to put a plan forward. The site consists of one head office and several branch office and my plan so far is this: In head office, one Samba PDC. Each branch office will have a local BDC that also stores files local to the branch, hopefully cutting down the day to day traffic across the VPN. The VPN I plan to use is OpenVPN in bridge mode in order to allow broadcasts e.g. WINS etc., to traverse the connections. All the servers will have their own LDAP server and all will be synced to keep the authentication consistent and reduce VPN traffic. Each site will have it's own DNS, the PDC being the master and the BDCs slaves. The low number of machines involved mean I can set the clients to use their local DNS. The whole plot will be required to run across 2mb SDSL as this is all the budget will stretch to. Every other proposal has involved server 2008 and terminal services but I really want to go down the Linux/Samba route. Is there anyone out there that has successfully pulled this off and can give me some advice? I've spent a few hours searching Google but their doesn't seem to be any definite info/howtos. thanks, Julian PB From david.harrison at stress-free.co.nz Sun Jan 31 20:11:11 2010 From: david.harrison at stress-free.co.nz (David Harrison) Date: Mon, 1 Feb 2010 16:11:11 +1300 Subject: [Samba] Error when trying to print with point and print installed drivers Message-ID: <837136411001311911h75aefba3geb7934b687e6a0a4@mail.gmail.com> 2010/1/30 > I have an Ubuntu Sever 9.10 setup running Samba as a PDC for a bunch of Windows clients. Everything is functioning perfectly except for the point and print delivery of printer drivers. > I have tested this with Ubuntu 9.10's Samba (3.4.0) and two of the Debian Samba packages (3.4.3 and 3.4.5). All seem to demonstrate the same problem. > > *What works:* Adding a printer and manually installing the drivers to the client works perfectly. > Installing drivers and associating them to printers shared by Samba works fine via the Windows GUI and the rpcclient tool. Adding the printer to a Windows client also appears to work, i.e. the driver downloads, installs and the printer is visible. > *What doesn't:* Unfortunately when trying to print using the point and print configured printer a generic 'failed to print' message is returned by Windows. Just a follow up - based on Jeremy's response to the 64bit Windows printing question: http://lists.samba.org/archive/samba/2010-January/153456.html I have 'downgraded' to the Samba 3.3.10 packages provided by SerNet: http://enterprisesamba.org/ Point and print works without any issues with this version and we don't have to jump through hoops to get printers on the 64bit machines working. The only downer is one of the Windows 7 desktops is refusing to join the domain, but I'm hoping one of the many registry tweaks around should fix that... David From david.harrison at stress-free.co.nz Sun Jan 31 22:00:07 2010 From: david.harrison at stress-free.co.nz (David Harrison) Date: Mon, 1 Feb 2010 18:00:07 +1300 Subject: [Samba] Samba multi-site advice request please In-Reply-To: <1264982437.3000.9.camel@jpb-laptop> References: <1264982437.3000.9.camel@jpb-laptop> Message-ID: <837136411001312100gcf64ca3ked732a57faf1b159@mail.gmail.com> I am doing pretty much the same thing for a client right now. A few things I'm doing that have made my life easier: - Use the Samba 3.3.10 packages from Sernet to avoid any unwelcome printer issues: http://enterprisesamba.org/ - Use a central puppet server to store/distribute your system configurations: http://reductivelabs.com/trac/puppet/wiki/AboutPuppet - This Samba/LDAP guide from Ubuntu is pretty good: https://help.ubuntu.com/9.04/serverguide/C/samba-ldap.html https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html - If you don't need full DNS checkout dnsmasq, it is ideal for satellite offices: http://www.thekelleys.org.uk/dnsmasq/doc.html - Disable roaming profiles because they are a world of hurt. A few pain points: - Windows 7: it seems to be a bit of a lottery whether it joins the domain or not (even with registry tweaks). - OpenLDAP 2.4 multi-master replication: the instructions from the Ubuntu and OpenLDAP guys are pretty straightforward, but when it breaks, or doesn't quite work right, your head starts to hurt. Apart from that everything has gone very smoothly. Server and network utilisation is low, and even better, it has meant two Windows 2003 servers have been put out to pasture. David On Mon, Feb 1, 2010 at 1:00 PM, Julian Pilfold-Bagwell < jpb at bordengrammar.kent.sch.uk> wrote: > Hi all, > > I am looking at setting up a multi-site office and need to put a plan > forward. The site consists of one head office and several branch office > and my plan so far is this: > > In head office, one Samba PDC. Each branch office will have a local BDC > that also stores files local to the branch, hopefully cutting down the > day to day traffic across the VPN. The VPN I plan to use is OpenVPN in > bridge mode in order to allow broadcasts e.g. WINS etc., to traverse the > connections. All the servers will have their own LDAP server and all > will be synced to keep the authentication consistent and reduce VPN > traffic. Each site will have it's own DNS, the PDC being the master > and the BDCs slaves. The low number of machines involved mean I can set > the clients to use their local DNS. > > The whole plot will be required to run across 2mb SDSL as this is all > the budget will stretch to. > > Every other proposal has involved server 2008 and terminal services but > I really want to go down the Linux/Samba route. > > Is there anyone out there that has successfully pulled this off and can > give me some advice? I've spent a few hours searching Google but their > doesn't seem to be any definite info/howtos. > > thanks, > > Julian PB > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > From domains at fiforms.org Sun Jan 31 22:13:18 2010 From: domains at fiforms.org (Daniel McFeeters) Date: Mon, 1 Feb 2010 05:13:18 +0000 (UTC) Subject: [Samba] Samba multi-site advice request please References: <1264982437.3000.9.camel@jpb-laptop> Message-ID: Julian Pilfold-Bagwell bordengrammar.kent.sch.uk> writes: > > Hi all, > > I am looking at setting up a multi-site office and need to put a plan > forward. The site consists of one head office and several branch office > and my plan so far is this: > > In head office, one Samba PDC. Each branch office will have a local BDC > that also stores files local to the branch, hopefully cutting down the > day to day traffic across the VPN. The VPN I plan to use is OpenVPN in > bridge mode in order to allow broadcasts e.g. WINS etc., to traverse the > connections. All the servers will have their own LDAP server and all > will be synced to keep the authentication consistent and reduce VPN > traffic. Each site will have it's own DNS, the PDC being the master > and the BDCs slaves. The low number of machines involved mean I can set > the clients to use their local DNS. > > The whole plot will be required to run across 2mb SDSL as this is all > the budget will stretch to. > > Every other proposal has involved server 2008 and terminal services but > I really want to go down the Linux/Samba route. > > Is there anyone out there that has successfully pulled this off and can > give me some advice? I've spent a few hours searching Google but their > doesn't seem to be any definite info/howtos. > > thanks, > > Julian PB > I am in the process right now of deploying a very similar setup: multiple business locations, connected with OpenVPN, with servers located at each site. Each site, however, has a separate broadcast domain, and routing is handled by Quagga (OSPF), with DHCP on each server, and Bind DNS for name resolution (no need for WINS or broadcast resolution). We are right now working on deploying a new domain in Samba 4 (Compiling from Alpha 11), with a replicated DC at each site. Even though this software is still in alpha stage, it provides DRS replication out of the box, it does LDAP for us, and provisioning and replicating the directory is dead simple. You also have the benefit of Kerberos SSO security, and all the benefits of a Win2008R2 functional level domain. ~Daniel From bubulle at debian.org Sun Jan 31 23:05:02 2010 From: bubulle at debian.org (Christian PERRIER) Date: Mon, 1 Feb 2010 07:05:02 +0100 Subject: [Samba] [Announce] Samba 3.5.0rc2 Available for Download In-Reply-To: References: Message-ID: <20100201060502.GK4705@cc-mykerinos.onera> Quoting Karolin Seeger (kseeger at samba.org): > Release Announcements > ===================== > > This is the second release candidate of Samba 3.5. This is *not* Debian packages for 3.5.0rc2 were uploaded to Debian experimental as of Sunday Jan 31st. Many special thanks to Michael Adam for bringing a new configure option for the *.dat files location. That allowed us, Debian maintainers, to drop the very last bit of code changes meant to deal with file locations that were not fitting the Debian view of the FHS. The Debian diff is now very minimally restricted to Debian specific changes that are not suitable for upstream inclusion (mostly documentation stuff). The Debian packaging team for Samba will now discuss the opportunity to bring 3.5 packages in Debian unstable: - release Debian squeeze with 3.5 instead of the now quite rock solid 3.4? - consequences for Ubuntu? Anyway, we again renew public thanks to Karolin's for her tremendous job in release management. The entire Samba Team also deserves thanks for their commitment to follow their release manager. A predictable upstream release policy is the best that can happen to distro packagers. From bogus@does.not.exist.com Fri Jan 22 03:43:47 2010 From: bogus@does.not.exist.com () Date: Fri, 22 Jan 2010 10:43:47 -0000 Subject: No subject Message-ID: rsync -e -a /ShareA/ /ShareB ----------------------------------------------- EDV Daniel M=FCller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T=FCbingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr=FCngliche Nachricht----- Von: samba-bounces at lists.samba.org = [mailto:samba-bounces at lists.samba.org] Im Auftrag von Stijn Oude Brunink Gesendet: Mittwoch, 3. Februar 2010 11:59 An: samba at lists.samba.org Betreff: [Samba] file copy from share A to share B Hello, I'm using a samba server with one harddrive with several partitions. I = want to copy some file from one partition to the other. My pc runs on Ubuntu = and using the file browser I can easily copy files from one partition to the other. If I copy files from one samba share to the other using the file browser the file will be transported over the network to my pc and then = back to the other samba share. This is very inefficient if the files are large. Is there a more efficient way of doing this? thanks Stijn --=20 To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba From bogus@does.not.exist.com Fri Jan 22 03:43:47 2010 From: bogus@does.not.exist.com () Date: Fri, 22 Jan 2010 10:43:47 -0000 Subject: No subject Message-ID: gaps and the DNS-activity I can see in onther places seems ok. There is almost no network traffic and no CPU activity during the gaps so it looks like some kind of timeout issue. It may be of interest that, for the moment, IPv6 is beeing used. Sometimes we also have quite a long delay if we click on the "View computers and devices" link in the "Network and Sharing Center". Regards, =C3=85ke Holmlund --On 2 februari 2010 10.16.22 -0800 Jeremy Allison wrote: > On Tue, Feb 02, 2010 at 07:03:11PM +0100, =C3=85ke Holmlund wrote: >> Hello! >> >> We have a w2k8 R2 64-bit machine in a Samba 3.4.4 controlled domain. >> When logging in as a domain user there is a ~30 sec delay waiting >> for the User Profile Service. This has nothing to do with the size >> of the user profile. Looking at the network traffic I can see 2 >> gaps, the first about 11 sek and the second about 19 sek with >> no packets sent except one TCP ACK (from the client) in each gap. >> >> Between the gaps there is only a few packets sent. According >> to WireShark it's a "Tree Disconnect Request" with response and >> a "Logoff AndX Request" with response. >> >> Any idea what may be causing this? > > Gaps like that are almost always DNS lookups of some kind :-). > > Are you looking for those, or just CIFS traffic ? > > Jeremy. From adam_williams at bellsouth.net Sat Jan 30 18:47:31 2010 From: adam_williams at bellsouth.net (Adam Williams) Date: Sat, 30 Jan 2010 19:47:31 -0600 Subject: [Samba] I can not create Home DIR In-Reply-To: <604595c11001301456q601445detd7bc8edbf6852d21@mail.gmail.com> References: <604595c11001301456q601445detd7bc8edbf6852d21@mail.gmail.com> Message-ID: <4B64E133.2060803@bellsouth.net> add valid users = %S to [homes] and restart samba and try again Claudio Guzman wrote: > when users enter the system can not see your home folder, or it asks > the username and password denuevo. My configuration is > > Server + Samba + LDAP PDC > Samba server that only has the shared folders and are accessed via > winbind and pam > > # Global settings > [global] > display charset = LOCALE > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > idmap gid = 1000-33554431 > passwd program = /usr/bin/passwd %u > netbios name = srvsamba > idmap uid = 1000-33554431 > dos charset = CP850 > local master = no > workgroup = SERVER > debug level = 9 > os level = 0 > security = domain > log file = /var/log/samba/%m.log > guest account = nobody > smb passwd file = /etc/samba/smbpasswd > load printers = no > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > wins server = 192.168.1.252 > map to guest = Bad User > domain master = no > encrypt passwords = yes > realm = > template shell = /bin/false > server string = srvsamba > winbind enum users = Yes > password server = 192.168.1.252 > template homedir = /mnt/samba/home/%U > winbind enum groups = Yes > unix charset = UTF-8 > preferred master = no > pam password change = yes > winbind use default domain = no > > [homes] > comment = Home Directories > browseable = no > writeable = yes > From walter.mautner at reflex.at Sun Jan 31 02:47:57 2010 From: walter.mautner at reflex.at (Walter Mautner) Date: Sun, 31 Jan 2010 10:47:57 +0100 Subject: [Samba] =?iso-8859-1?q?Dual_booted_clients_with_different_name_dr?= =?iso-8859-1?q?op_each=09other_out_of_domain?= In-Reply-To: <20100130181433.rn09y97ibocw0ksw-wbaqbena@webmail.spamcop.net> References: <4B64866F.3020505@infonegocio.com> <20100130181433.rn09y97ibocw0ksw-wbaqbena@webmail.spamcop.net> Message-ID: <201001311047.57636.walter.mautner@reflex.at> Am Sonntag, 31. Januar 2010 01:14:33 schrieb Jonathon Doran: > Quoting Roman Mu?oz : > > But XP and Ubuntu keep dropping each other out of domain. Any ideas? > > You might not be seeing this, but it is something to think about... > > I needed (or chose to) create separate machine accounts for each dual > booted OS. One OS would change the machine account password, and the > other OS would not be able to join the domain since it had the wrong > password. Giving each OS a separate machine name made life a lot nicer. > Talking about different machine names should mean different DNS names (as well). A MAC override might help. From brent1a at yahoo.com Sun Jan 31 16:51:39 2010 From: brent1a at yahoo.com (Brent Austin) Date: Sun, 31 Jan 2010 15:51:39 -0800 (PST) Subject: [Samba] error compiling on 3.5 on OS X Message-ID: <844109.59799.qm@web65405.mail.ac4.yahoo.com> I've tried to compile 3.5.0 RC2 on MAc OS X 10.6.2 and I get an error towards the end--- any help/ideas would be greatly appreciated--- ------------------------ torture/../../lib/util/tests/strlist.c:285: warning: passing argument 1 of ?str_list_equal? from incompatible pointer type torture/../../lib/util/tests/strlist.c: In function ?test_list_remove?: torture/../../lib/util/tests/strlist.c:302: warning: passing argument 1 of ?str_list_remove? from incompatible pointer type torture/../../lib/util/tests/strlist.c:303: warning: passing argument 1 of ?str_list_equal? from incompatible pointer type torture/../../lib/util/tests/strlist.c: In function ?test_list_unique?: torture/../../lib/util/tests/strlist.c:359: warning: passing argument 1 of ?str_list_unique? from incompatible pointer type torture/../../lib/util/tests/strlist.c:359: warning: assignment from incompatible pointer type torture/../../lib/util/tests/strlist.c:362: warning: passing argument 2 of ?str_list_equal? from incompatible pointer type torture/../../lib/util/tests/strlist.c: In function ?test_list_append?: torture/../../lib/util/tests/strlist.c:425: warning: passing argument 1 of ?str_list_append? from incompatible pointer type torture/../../lib/util/tests/strlist.c:425: warning: assignment from incompatible pointer type torture/../../lib/util/tests/strlist.c:427: warning: passing argument 2 of ?str_list_equal? from incompatible pointer type torture/../../lib/util/tests/strlist.c: In function ?test_list_append_const?: torture/../../lib/util/tests/strlist.c:459: warning: passing argument 1 of ?str_list_append_const? from incompatible pointer type torture/../../lib/util/tests/strlist.c:459: warning: assignment from incompatible pointer type torture/../../lib/util/tests/strlist.c:461: warning: passing argument 2 of ?str_list_equal? from incompatible pointer type Compiling torture/../../lib/util/tests/parmlist.c Compiling torture/../../lib/util/tests/str.c Compiling torture/../../lib/util/tests/time.c Compiling torture/../../lib/util/tests/data_blob.c Compiling torture/../../lib/util/tests/file.c Compiling torture/../../lib/util/tests/genrand.c Compiling torture/../../lib/compression/testsuite.c Compiling torture/../../lib/util/charset/tests/charset.c Compiling torture/../libcli/security/tests/sddl.c Compiling ../lib/tdr/testsuite.c Compiling torture/../../lib/tevent/testsuite.c Compiling torture/../param/tests/share.c Compiling torture/../param/tests/loadparm.c Compiling torture/../auth/credentials/tests/simple.c Compiling torture/local/local.c Compiling torture/local/dbspeed.c Compiling torture/local/torture.c Compiling torture/ldb/ldb.c Partially linking bin/mergedobj/torture_local.o Compiling lib/registry/tests/generic.c Compiling lib/registry/tests/hive.c Compiling lib/registry/tests/diff.c Compiling lib/registry/tests/registry.c Partially linking bin/mergedobj/torture_registry.o Compiling ../lib/crypto/md4test.c Compiling ../lib/crypto/md5test.c Compiling ../lib/crypto/hmacmd5test.c Partially linking bin/mergedobj/torture_libcrypto.o Compiling torture/ndr/ndr.c Compiling torture/ndr/winreg.c Compiling torture/ndr/atsvc.c Compiling torture/ndr/lsa.c Compiling torture/ndr/epmap.c Compiling torture/ndr/dfs.c Compiling torture/ndr/netlogon.c Compiling torture/ndr/drsuapi.c Compiling torture/ndr/spoolss.c Compiling torture/ndr/samr.c Partially linking bin/mergedobj/torture_ndr.o Compiling torture/auth/ntlmssp.c Compiling torture/auth/pac.c Partially linking bin/mergedobj/torture_auth.o Compiling ../librpc/gen_ndr/ndr_echo_c.c Partially linking bin/mergedobj/rpc_ndr_echo.o Compiling torture/raw/qfsinfo.c Compiling torture/raw/qfileinfo.c Compiling torture/raw/setfileinfo.c Compiling torture/raw/search.c Compiling torture/raw/close.c Compiling torture/raw/open.c Compiling torture/raw/mkdir.c Compiling torture/raw/oplock.c Compiling torture/raw/notify.c Compiling torture/raw/mux.c Compiling torture/raw/ioctl.c Compiling torture/raw/chkpath.c Compiling torture/raw/unlink.c Compiling torture/raw/read.c Compiling torture/raw/context.c Compiling torture/raw/write.c Compiling torture/raw/lock.c torture/raw/lock.c: In function ?test_zerobytelocks?: torture/raw/lock.c:1406: warning: assignment discards qualifiers from pointer target type torture/raw/lock.c:1410: warning: assignment discards qualifiers from pointer target type torture/raw/lock.c:1435: warning: assignment discards qualifiers from pointer ta rget type Compiling torture/raw/pingpong.c Compiling torture/raw/lockbench.c Compiling torture/raw/lookuprate.c Compiling torture/raw/tconrate.c Compiling torture/raw/openbench.c Compiling torture/raw/rename.c Compiling torture/raw/eas.c Compiling torture/raw/streams.c Compiling torture/raw/acls.c Compiling torture/raw/seek.c Compiling torture/raw/samba3hide.c Compiling torture/raw/samba3misc.c Compiling torture/raw/composite.c Compiling torture/raw/raw.c Compiling torture/raw/offline.c Partially linking bin/mergedobj/torture_raw.o Compiling torture/util_smb.c Partially linking bin/mergedobj/torture_util.o Compiling ../lib/torture/torture.c Compiling ../lib/torture/subunit.c Partially linking bin/mergedobj/torture.o Linking bin/smbtorture Undefined symbols: "_getpwent_r", referenced from: _test_nwrap_enum_r_passwd in torture_local.o "_getgrent_r", referenced from: _test_nwrap_enum_r_group in torture_local.o ld: symbol(s) not found collect2: ld returned 1 exit status make: *** [bin/smbtorture] Error 1 From bogus@does.not.exist.com Fri Jan 22 03:43:47 2010 From: bogus@does.not.exist.com () Date: Fri, 22 Jan 2010 10:43:47 -0000 Subject: No subject Message-ID: files" only applies to os x views. From bogus@does.not.exist.com Fri Jan 22 03:43:47 2010 From: bogus@does.not.exist.com () Date: Fri, 22 Jan 2010 10:43:47 -0000 Subject: No subject Message-ID: * Lists itself as a PDC * Lists itself as a LMB * No ADMIN$ IPC share listed (Is this normal?) I am unsure as how to check the Admin domain accounts on the server. 2 user accounts (for now) asc1 asc2 on computers ascoffice1.lefty (172.16.32.8) and ascoffice2.lefty (172.16.32.9) server is earth.lefty (172.16.32.2) DHCP, BIND set up correctly (AFAICT) i can ping host names from earth and ascoffice1 WINS is also set up. earth:~# nmblookup -M asc querying asc on 172.16.32.255 172.16.32.2 asc<1d> earth:~# earth:~# smbclient -L earth -U asc1 Enter asc1's password: Domain=[ASC] OS=[Unix] Server=[Samba 3.4.3] Sharename Type Comment --------- ---- ------- srv_share Disk Server Share srv_bkup Disk Server Backups Share srv_snapshot Disk Server Snapshots Share netlogon Disk Network Logon Service print$ Disk Printer Drivers IPC$ IPC IPC Service (asc1 session user asc1 group earth clienthost) asc1 Disk Home Directories Domain=[ASC] OS=[Unix] Server=[Samba 3.4.3] Server Comment --------- ------- EARTH session user %G group nmbd clienthost Workgroup Master --------- ------- ASC EARTH WORKGROUP GEMINI earth:~# I have been trying to work through this over the last month with no success, we move office next week and I need this system going by then. Any hints however small I am grateful for, Something that might be obvious to a seasoned user might be what is tripping me up. Adrian -- 24x7x365 != 24x7x52 Stupid or bad maths? hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is. From bogus@does.not.exist.com Fri Jan 22 03:43:47 2010 From: bogus@does.not.exist.com () Date: Fri, 22 Jan 2010 10:43:47 -0000 Subject: No subject Message-ID: (samba-3.0.33-3.15.el5_4.1, Red Hat EL 5.x) ... Multiple servers may also be specified in double-quotes. Whether multiple servers are supported or not and the exact syntax depends on the LDAP library you use. ... If this feature is taken away in other distris or releases I can't say, but why should it? Regards, G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia H?bner Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium Gesch?ftsf?hrer: Prof. Thomas Schadt From bogus@does.not.exist.com Fri Jan 22 03:43:47 2010 From: bogus@does.not.exist.com () Date: Fri, 22 Jan 2010 10:43:47 -0000 Subject: No subject Message-ID: to only show shares that the user has access too, but I don't believe it is possible. To remedy this, I tried to create a share called "share". Then create subdirectories under that using UNIX groups. I am using a group sticky bit in conjunction with create mask = 770 to keep the perms straight. Here is the share: [share] nt acl support = no path = /home/samba/share writable = yes guest ok = no browsable = yes create mask = 770 directory mask = 770 inherit permissions = yes valid users = @share hide dot files = yes hide unreadable = yes Hide unreadable works great, users cannot see any directories that they do not have access to. However, they can still create folders in the root of the share (/home/samba/share). I've even changed the perms of that directory to 000, and still users can create directories there. Am I missing something? I guess if I have to manually create a share for each share I need, I can do that. However, I would prefer users to only see the shares they have access to... -- Matthew Daubenspeck http://oddprocess.org Gentoo Linux i686 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz 09:18:58 up 132 days, 22:45, 3 users, load average: 0.31, 0.16, 0.06 From bogus@does.not.exist.com Fri Jan 22 03:43:47 2010 From: bogus@does.not.exist.com () Date: Fri, 22 Jan 2010 10:43:47 -0000 Subject: No subject Message-ID: queue with the new driver, on teh samba server I see: rpcclient -U -c 'enumdrivers' [ snip ] [Windows x64] Printer Driver Info 1: Driver Name: [KONICA MINOLTA 350/250/200 VPS] [printserver] # rpcclient -U -c 'setdriver itmfp1_x64 "KONICA MINOLTA 350/250/200 VPS"' Enter chbeyer's password: Successfully set itmfp1_x64 to driver KONICA MINOLTA 350/250/200 VPS. Though the windows 7 client is still not happy and tells me there is no driver installed, the enum_printer_driver log looks like this: [2010/03/15 14:27:24.026479, 4] rpc_server/srv_spoolss_nt.c:6594(_spoolss_EnumPrinterDrivers) _spoolss_EnumPrinterDrivers we have:[0] drivers in environment [Windows 4.0] and version [0] we have:[0] drivers in environment [Windows 4.0] and version [1] we have:[0] drivers in environment [Windows 4.0] and version [2] we have:[0] drivers in environment [Windows 4.0] and version [3] we have:[0] drivers in environment [Windows NT x86] and version [0] we have:[0] drivers in environment [Windows NT x86] and version [1] we have:[0] drivers in environment [Windows NT x86] and version [2] we have:[77] drivers in environment [Windows NT x86] and version [3] [ collection of 77 printerdrivers listed ] we have:[0] drivers in environment [Windows NT R4000] and version [0] we have:[0] drivers in environment [Windows NT R4000] and version [1] we have:[0] drivers in environment [Windows NT R4000] and version [2] we have:[0] drivers in environment [Windows NT R4000] and version [3] we have:[0] drivers in environment [Windows NT Alpha_AXP] and version [0] we have:[0] drivers in environment [Windows NT Alpha_AXP] and version [1] we have:[0] drivers in environment [Windows NT Alpha_AXP] and version [2] we have:[0] drivers in environment [Windows NT Alpha_AXP] and version [3] we have:[0] drivers in environment [Windows NT PowerPC] and version [0] we have:[0] drivers in environment [Windows NT PowerPC] and version [1] we have:[0] drivers in environment [Windows NT PowerPC] and version [2] we have:[0] drivers in environment [Windows NT PowerPC] and version [3] we have:[0] drivers in environment [Windows IA64] and version [0] There is a xp driver with the same 'drivername' eventually this is the problem ? Any hint is appreciated, everything else looks very promising !!!! :) cheers ~christoph -- /* Christoph Beyer | Office: Building 2b / 23 *\ * DESY | Phone: 040-8998-2317 * * - IT - | Fax: 040-8998-4060 * \* 22603 Hamburg | http://www.desy.de */