[Samba] upgrade samba

Nico Kadel-Garcia nkadel at gmail.com
Mon Jan 28 07:27:55 MST 2013


On Mon, Jan 28, 2013 at 3:38 AM, Fabrizio Monti <thefantaman at gmail.com> wrote:
> Hi Nico Kadel-Garcia,
> thanks for reply. Path for smbldap is correct. Other log file have

Then you have a manually built and installed smbldap-tools, and you
should probably replace it with the one from Red Hat or your Red Hat
rebuild provider. For consistence and compatibility with your RPM
supplied Samba, I urge you to use the distribution provided
smbldap-tools package and move aside the hand-built versions you  have
in /usr/local/bin.

While this won't necessarily solve your problem, it gives all of us a
consistent reference as to what tools and versions of tools you're
using. It's also why I spend so much time RPM bundling software, so
both people I support and I are using the same package from the same,
clean build environment.

                       Nico Kadel-Garcia <nkadel at gmail.com>




> 2013/01/25 17:20:13.974204,  1] auth/server_info.c:386(samu_to_SamInfo3)
>   The primary group domain
> sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the
> domain sid(S-1-5-21-2427793829-1009842549-3523806979) for
> Manager(S-1-5-21-2427793829-1009842549-3523806979-500)
> [2013/01/25 17:20:13.974250,  4] smbd/sec_ctx.c:422(pop_sec_ctx)
>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2013/01/25 17:20:13.974286,  0] auth/check_samsec.c:491(check_sam_security)
>   check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_UNSUCCESSFUL'
> [2013/01/25 17:20:13.974506,  3] auth/auth_winbind.c:60(check_winbind_security)
>   check_winbind_security: Not using winbind, requested domain [gis]
> was for this SAM.
> [2013/01/25 17:20:13.974542,  2] auth/auth.c:319(check_ntlm_password)
>   check_ntlm_password:  Authentication for user [Manager] -> [Manager]
> FAILED with error NT_STATUS_UNSUCCESSFUL
> [2013/01/25 17:20:13.974610,  3] smbd/error.c:81(error_packet_set)
>   error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX)
> NT_STATUS_UNSUCCESSFUL
> [2013/01/25 17:20:24.885770,  1] smbd/process.c:457(receive_smb_talloc)
>   receive_smb_raw_talloc failed for client 192.0.200.149 read error =
> NT_STATUS_CONNECTION_RESET.
> [2013/01/25 17:20:24.885923,  4] smbd/sec_ctx.c:314(set_sec_ctx)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2013/01/25 17:20:24.886102,  3] smbd/server_exit.c:181(exit_server_common)
>   Server exit (failed to receive smb request)
>
>
> Then the problem is sid, samba-3.3 probabily do not check sid. Ldap is
> workin so it is possible disable sid check in samba-3.6?
>
> Fabrizio.
>
> Well, for one thing, if you updated to samba3x  your binaries for
>>
>> things like "smbldap-usermod" are all going to be in /usr/bin, not
>> /usr/local/bin.
>
> path is correct, files smbldap are in /usr/local/bin.
>
>>
>> Did you have an old hand-built Samba lying around? If
>> you did, you need to clear it.
>
>
>
>
>
>
>
>
>
>>
>>
>> > Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837,  0]
>> > auth/check_samsec.c:491(check_sam_security)
>> > Jan 24 17:53:03 VmPDC smbd[15115]:   check_sam_security:
>> > make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL'
>> > Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597,  0]
>> > auth/check_samsec.c:491(check_sam_security)
>> > Jan 24 17:53:04 VmPDC smbd[15115]:   check_sam_security:
>> > make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL'
>> >
>> > This configuration of samba
>> >
>> > [root at VmPDC ~]# testparm
>> > Load smb config files from /etc/samba/smb.conf
>> > Processing section "[netlogon]"
>> > Processing section "[profiles]"
>> > Loaded services file OK.
>> > Server role: ROLE_DOMAIN_PDC
>> > Press enter to see a dump of your service definitions
>> >
>> > [global]
>> >         workgroup = GIS
>> >         passdb backend = ldapsam:ldap://192.0.200.2/
>> >         log file = /var/log/samba/log.%U
>> >         time server = Yes
>> >         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> > SO_KEEPALIVE
>> >         add user script = /usr/local/bin/smbldap-useradd -a -m -P "%u"
>> >         delete user script = /usr/local/bin/smbldap-userdel -r "%u"
>> >         add group script = /usr/local/bin/smbldap-groupadd -p "%g"
>> >         delete group script = /usr/local/bin/smbldap-groupdel "%g"
>> >         add user to group script = /usr/local/bin/smbldap-groupmod -m "%u"
>> > "%g"
>> >         delete user from group script = /usr/local/bin/smbldap-groupmod -x
>> > "%u" "%g"
>> >         set primary group script = /usr/local/bin/smbldap-usermod -g "%g"
>> > "%u"
>> >         add machine script = /usr/local/bin/smbldap-useradd -w "%u"
>> >         logon path =
>> >         logon home =
>> >         domain logons = Yes
>> >         os level = 33
>> >         preferred master = Auto
>> >         domain master = Yes
>> >         ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra
>> >         ldap delete dn = Yes
>> >         ldap group suffix = ou=group
>> >         ldap machine suffix = ou=machines
>> >         ldap passwd sync = yes
>> >         ldap suffix = dc=sigesgroup,dc=intra
>> >         ldap ssl = no
>> >         ldap user suffix = ou=People
>> >         idmap config * :range = 5000 - 50000
>> >         ldapsam:editposix = yes
>> >         ldapsam:trusted = yes
>> >         idmap config * : backend = ldap:ldap://192.0.200.2/
>> >
>> > [netlogon]
>> >         comment = Network Logon Service
>> >         path = /home/netlogon
>> >         guest ok = Yes
>> >
>> > [profiles]
>> >         path = /home/profiles
>> >         read only = No
>> >         create mask = 0600
>> >         directory mask = 0700
>> >
>> > why is not it working?
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list