[Samba] Samba 3.0.31 stills fails to read and write to socket.
Hi, I recently upgraded my servers from 3.0.28 to 3.0.31 trying to solve the winbind issue previously reported (Bug# 5551) but the issue is still happening in my servers. I have an ftp server (vsftpd), configured to use pam_winbind with krb5_auth and I see some random disconnects and my users cant login. My samba servers are member of a Windows 2003 domain. The relevant lines on my log.wb-OTHERDOMAIN are saying that the write to the socket failed because the connection was reset by peer, this happened also on 3.0.28, i was hoping that 3.0.31 fix this issue. Im including my configuration and my log files. This happens only when pam_winbind authenticates users of other domains, sometimes it gets fixed itself because in my krb5.conf i have configured several domain controllers for the other domains and it changes the connections to the next server, but sometimes it gets stuck with one failed server and all my users cant login for a while. Regards, Jose Santiago Oyervides. This is my setup: [global] workgroup = MYDOMAIN netbios name = MYSERVER security = ADS password server = 10.X.X.1 10.X.X.2 10.X.X.3 encrypt passwords = Yes wins server = 10.X.Y.1 10.X.Y.2 local master = no domain master = no preferred master = no log level =10 passdb:10 auth:10 winbind:10 idmap:10 smb:10 acls:10 log file = /var/log/samba/%m.log max log size = 1000 idmap uid = 1-6 idmap gid = 1-6 winbind enum users = no winbind enum groups = no winbind refresh tickets = true realm = MYDOMAIN.FORREST.COM winbind use default domain = Yes interfaces = 127.0.0.1/255.0.0.0 10.X.X.30/255.255.240.0 template shell = /bin/bash username map = /etc/samba/smbusers template homedir = /home/users/%D/%U socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = lmhosts wins bcast bind interfaces only = yes load printers = No dns proxy = No hosts allow = 10. 127. hosts deny = 0.0.0.0/0 smb ports = 139 My /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = SYSLOG:INFO:DAEMON default = SYSLOG:INFO:DAEMON admin_server = SYSLOG:INFO:DAEMON [libdefaults] default_realm = MYDOMAIN.FORREST.COM dns_lookup_realm = none dns_lookup_kdc = none ticket_lifetime = 24h forwardable = yes [realms] FORREST.COM = { kdc=SERVER1.FORREST.COM kdc=SERVER2.FORREST.COM } MYDOMAIN.FORREST.COM= { kdc=SERVER1.MYDOMAIN.FORREST.COM kdc=SERVER2.MYDOMAIN.FORREST.COM ) OTHERDOMAIN.FORREST.COM= = { kdc=SERVER1.OTHERDOMAIN.FORREST.COM kdc=SERVER1.OTHERDOMAIN.FORREST.COM } [domain_realm] .mydomain.forrest.com = MYDOMAIN.FORREST.COM .otherdomain.forrest.com = OTHERDOMAIN.FORREST.COM /etc/nsswitch.conf passwd: files winbind shadow: files group: files winbind hosts: files wins dns winbind These are the lines that I see in log.wb-ANOTERDOMAIN: [2008/07/31 10:03:35, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Thu, 31 Jul 2008 20:03:28 CDT [2008/07/31 10:03:35, 10] libsmb/clikrb5.c:ads_krb5_mk_req(624) ads_krb5_mk_req: Ticket ([EMAIL PROTECTED]) in ccache (MEMORY:winbind_ccache) is valid until: (Thu, 31 Jul 2008 20:03:28 CDT - 1217552608) [2008/07/31 10:03:35, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(735) Got KRB5 session key of length 16 [2008/07/31 10:03:35, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) Search for (objectclass=*) in gave 1 replies [2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(440) store_cache_seqnum: success [OTHERDOMAIN][646535412 @ 1217516615] [2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(504) refresh_sequence_number: OTHERDOMAIN seq number is now 646535412 [2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:centry_expired(549) centry_expired: Key U/S-1-5-21-2031228914-1097686851-784825492-55515 for domain OTHERDOMAIN expired [2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:wcache_fetch(621) wcache_fetch: entry U/S-1-5-21-2031228914-1097686851-784825492-55515 expired for domain OTHERDOMAIN [2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:query_user(1652) query_user: [Cached] - doing backend query for info for domain OTHERDOMAIN [2008/07/31 10:03:35, 3] nsswitch/winbindd_ads.c:query_user(453) ads: query_user [2008/07/31 10:03:35, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46) ads_cached_connection [2008/07/31 10:03:35, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59) Current tickets expire in 35993 seconds (at 1217552608, time is now 1217516615) [2008/07/31 10:03:35, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\F2\17\12\79\43\5F\6D\41\94\7C\C7\2E\DB\D8\00\00) in dc
Re: [Samba] Samba 3.0.31 stills fails to read and write to socket.
Hi Jeremy, I think i could be DNS resolution like you say, since this problem only happens with accounts from other domains. I have had troubles in the past in order to get DNS resolution to work, because this server also has a public postfix server, so If I configured the internal DNS the external resolution didn't work and viceversa, in order to cope with this issue I configured and internal DNS server with both internal and external resolution and that seemed to work. If I ping the domain controllers from any another domain it responds very fast, since I have all DC's in /etc/hosts and /etc/samba/lmhosts and in my nsswitch.conf I have configured this: hosts: files wins dns winbind and in /etc/samba/smb.conf I have name resolve order=lmhosts wins bcast. Would it help if I configured the Ip address in my krb5.conf for all domains instead of their name? Why in /var/lib/samba/smb_krb5 is only created krb5.conf.MYDOMAIN and not the file for the others domains? May be this has somethng to do... Regards, Jose Santiago Oyervides. On Fri, Aug 1, 2008 at 12:19 PM, Jeremy Allison [EMAIL PROTECTED] wrote: On Fri, Aug 01, 2008 at 10:46:54AM -0500, Jose Santiago Oyervides wrote: Hi, I recently upgraded my servers from 3.0.28 to 3.0.31 trying to solve the winbind issue previously reported (Bug# 5551) but the issue is still happening in my servers. I have an ftp server (vsftpd), configured to use pam_winbind with krb5_auth and I see some random disconnects and my users cant login. My samba servers are member of a Windows 2003 domain. The relevant lines on my log.wb-OTHERDOMAIN are saying that the write to the socket failed because the connection was reset by peer, this happened also on 3.0.28, i was hoping that 3.0.31 fix this issue. Im including my configuration and my log files. This happens only when pam_winbind authenticates users of other domains, sometimes it gets fixed itself because in my krb5.conf i have configured several domain controllers for the other domains and it changes the connections to the next server, but sometimes it gets stuck with one failed server and all my users cant login for a while. This is your problem : config [/var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN] [2008/07/31 10:03:55, 10] nsswitch/winbindd_pam.c:winbindd_raw_kerberos_login(580) got TGT for [EMAIL PROTECTED] in MEMORY:winbindd_pam_ccache (valid until: Thu, 31 Jul 2008 20:03:57 CDT (1217552637), renewable till: Thu, 31 Jul 2008 20:03:57 CDT (1217552617)) [2008/07/31 10:04:05, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 2 seconds to cope with clock skew Note the 30 second gap in timestamps. Looks like the call : krb5_ret = cli_krb5_get_ticket(local_service, time_offset, tkt, session_key_krb5, 0, cc, NULL); at line 604: in nsswitch/winbindd_pam.c is taking ages to contact a KDC. Do you have DNS resolution issues ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.31 stills fails to read and write to socket.
Thanks Jeremy, I wil follow your recommendations and let you know what happens. Regards Jose Santiago Oyervides. On Fri, Aug 1, 2008 at 12:59 PM, Jeremy Allison [EMAIL PROTECTED] wrote: On Fri, Aug 01, 2008 at 12:50:48PM -0500, Jose Santiago Oyervides wrote: Hi Jeremy, I think i could be DNS resolution like you say, since this problem only happens with accounts from other domains. I have had troubles in the past in order to get DNS resolution to work, because this server also has a public postfix server, so If I configured the internal DNS the external resolution didn't work and viceversa, in order to cope with this issue I configured and internal DNS server with both internal and external resolution and that seemed to work. If I ping the domain controllers from any another domain it responds very fast, since I have all DC's in /etc/hosts and /etc/samba/lmhosts and in my nsswitch.conf I have configured this: hosts: files wins dns winbind and in /etc/samba/smb.conf I have name resolve order=lmhosts wins bcast. Try taking wins out of the /etc/nsswitch.conf hosts line. It may be recursing into winbindd. Alternatively ensure that dns is second after files. Would it help if I configured the Ip address in my krb5.conf for all domains instead of their name? Why in /var/lib/samba/smb_krb5 is only created krb5.conf.MYDOMAIN and not the file for the others domains? May be this has somethng to do... Yes, an explicit IP address would help, but if DNS is working correctly you shouldn't need that. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot see trusted domains (getfacl or setfacl)
Hi, I have a samba server (version 3.0.28). I have joined my server to my domain with no problems. Since I will have postfix in my machine, (to relay mails externally) I configured my /etc/resolv.conf with my external dns first and later my internal dns. The problem is that when I try to apply acl permissions on some folder (using setfacl) I cannot see the trusted domains, If I comment out the entries in my resolv.conf of the external dns servers, it works fine, the same for getfacl, I need to comment out the external dns in order to view the permissions. I only see the uid numbers (group:10007:rwx instead of group:domain\group:rwx) I have configured my samba server to first lookup my lmhosts and in the lmhosts I have the netbios name for all trusted domains, but It seems, samba (or winbind) is looking up directly my resolv.conf file ignoring my lmhosts file. Does someone know why could have been happening this? Is there a way getfacl and setfacl look first in my lmhosts and hosts file? Regards, Jose Oyervides. This is my config files: smb.conf [global] workgroup = MYDOMAIN netbios name = MYSERVERNAME #server string = Samba Server %v security = ADS password server = 192.168.0.1 192.168.0.2 192.168.0.3 encrypt passwords = Yes wins server = 192.168.0.20 192.168.0.21 local master = no domain master = no preferred master = no log level =3 log file = /var/log/samba/%m.log max log size = 1000 idmap uid = 1-6 idmap gid = 1-6 winbind enum users = yes winbind enum groups = yes realm = MYREALM.COMPANY.COM winbind use default domain = Yes interfaces = 127.0.0.1/255.0.0.0 192.168.0.25/255.255.240.0 template shell = /bin/bash template homedir = /home//%D/%U username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = lmhosts wins bcast bind interfaces only = yes nsswitch.conf passwd: files winbind shadow: files group: files winbind hosts: files wins dns winbind krb5.conf [realms] MYREALM.COMPANY.COM = { kdc = SERVER1.COMPANY.COM } MYTRUSTEDDOMAIN.COMPANY.COM = { kdc = SERVER23.COMPANY.COM } resolv.conf domain MYDOMAIN nameserver (external dns) nameserver (external dns) nameserver (internal dns) nameserver (internal dns) search MYDOMAIN.COMPANY.COM search MYTRUSTEDDOMAIN.COMPANY.COM lmhosts MYDOMAINDC 192.168.0.1 MYDOMAINTRUSTED 192.168.0.20 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] files between w2k domains...
Hi, I have a Mandrake 8.2 server with samba 2.2.5 installed. My server has ftp and the files some users upload I move them to another structure, this structure is shared via Samba with other users. I am in a W2k Domain.(We are in the process to migrate to linux). So, I have some users that move the files uploaded to their servers. A few days ago, a user reported me he couldn´t see the files in his share, (he knew he had some files) and their files were in his share,I could see them via share in some machines in my domain. (Note that my user and I are in different W2K Domains) but my client couldn't see them in any machine in his domain. I notice that if I accessed the share via IP \\x.x.x.x\myshare I could see them, but if I accessed via name \\myserver\myshare I couldn't see them, in some machines. (In other machines I could see them via share and IP address) I asked my user to create folders and copy some files in the share, and I couldn't see the folders he created neither the files!, that was very weird. I did several restart to smb and winbind and the problem continued. After that, I just stopped smb and winbind for several minutes, then start the services and he finally could see his files, and move them to their machine. The folders he created and the files were gone. This is the relevant part of my smb.conf workgroup = My_W2k_Domain password server = DC1DC2 encrypt passwords = yes log file = /var/log/samba/log.%m max log size = 50 smb passwd file = /etc/samba/smbpasswd winbind uid = 1-2 winbind gid = 1-2 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = X.X.X.X dns proxy = no #The share : [Share_name] comment = MyShare path = /home/to/my/folder write list = @OtherDomain\Some_Group @OtherDomain\Other_group OtherDomain\SomeUser @MyDomain\Domain Admins writable = no browseable = yes In my log.machine: [2003/08/19 11:54:57, 0] smbd/service.c:make_connection(349) Couldn't find account Otherdomain\someuser [2003/08/19 11:54:57, 0] smbd/service.c:make_connection(349) Couldn't find account Otherdomain\someuser I had had this problem before, (once in a while) but normally it was fixed with just a restart to samba and winbind. This time really had me think. I've looked in the list, and I couldn't find a similar case like mine, does anyone know what happened? Is there some kind of cache between domains and samba? or may be this is a bug of my samba version... Any idea would be great. Regards. Jose Oyervides. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Tomcat 4.0.6 stops...
Hi, I just re-installed Tomcat using the script Nate passed me: (I just edited my settings) tomcat.exe -install Apache Tomcat C:\j2sdk1.4.0\jre\bin\client\jvm.dll -server -Xmx1024m -Xms1024m -Djava.class.path=d:\Tomcat4\bin\bootstrap.jar -Dcatalina.home=d:\Tomcat4 -Djava.endorsed.dirs=d:\Tomcat4\common\endorsed -start org.apache.catalina.startup.BootstrapService -params start -stop org.apache.catalina.startup.BootstrapService -params stop -out_log_file: d:\Tomcat4\logs\stdout.log -err_log_file: d:\Tomcat4\logs\stderr.log I'm using Tomcat 4.0.6 (Win 2k - IIS 5.0 - JDK 1.4.0) When I configure server.xml with minprocessors on the Ajp13 connector, above 600 the service stops suddenly, in my log The log starts with no errors... 2003-06-30 13:52:28 HttpProcessor[8080][497] Starting background thread 2003-06-30 13:52:28 HttpProcessor[8080][498] Starting background thread 2003-06-30 13:52:28 HttpProcessor[8080][499] Starting background thread 2003-06-30 13:52:28 Ajp13Connector[8009] Opening server socket on all host IP addresses 2003-06-30 13:52:28 Ajp13Connector[8009] Starting background thread 2003-06-30 13:52:29 Ajp13Processor[8009][0] Starting background thread 2003-06-30 13:52:29 Ajp13Processor[8009][1] Starting background thread ...then all the threads...and finally: 2003-06-30 13:52:29 Ajp13Processor[8009][350] Starting background thread 2003-06-30 13:52:29 Ajp13Processor[8009][351] Starting background thread 2003-06-30 13:52:29 Ajp13Processor[8009][352] Starting background thread Here suddenly stops... (and the service too) This is my server.xml: Server port=8005 shutdown=SHUTDOWN debug=0 Service name=Tomcat-Standalone Connector className=org.apache.catalina.connector.http.HttpConnector port=8080 minProcessors=500 maxProcessors=1000 enableLookups=false acceptCount=400 debug=0 connectionTimeout=6/ Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=800 maxProcessors=3000 acceptCount=400 debug=0/ Engine name=Standalone defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.log timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / Host name=localhost debug=0 appBase=\\mymachine\webapps unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.log pattern=combined/ Context path=/examples docBase=examples debug=0 reloadable=false crossContext=true Parameter name=context.param.name value=context.param.value override=false/ Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=false maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager /Context /Host /Engine /Service Service name=Tomcat-Apache Connector className=org.apache.catalina.connector.warp.WarpConnector port=8008 minProcessors=5 maxProcessors=75 enableLookups=true appBase=webapps acceptCount=10 debug=0/ Engine className=org.apache.catalina.connector.warp.WarpEngine name=Apache debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=apache_log. suffix=.log timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / /Engine /Service /Server I wonder if there is a relation between the memory I configured and this event. What do you think about 1,024 m ? (my servers have 2GB in RAM) and I'm expecting high load. Does anyone of you have had the same problem? Regards. Jose Oyervides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 4.0.6 stops...
Hi, It seems http connector was the problem, just removed it, (I don't need it) and now it's working with more than 352 processors. Regards Jose Oyervides. -Original Message- From: Jose Santiago Oyervides Gonzalez [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2003 2:12 PM To: Tomcat Users List Subject: Tomcat 4.0.6 stops... Hi, I just re-installed Tomcat using the script Nate passed me: (I just edited my settings) tomcat.exe -install Apache Tomcat C:\j2sdk1.4.0\jre\bin\client\jvm.dll -server -Xmx1024m -Xms1024m -Djava.class.path=d:\Tomcat4\bin\bootstrap.jar -Dcatalina.home=d:\Tomcat4 -Djava.endorsed.dirs=d:\Tomcat4\common\endorsed -start org.apache.catalina.startup.BootstrapService -params start -stop org.apache.catalina.startup.BootstrapService -params stop -out_log_file: d:\Tomcat4\logs\stdout.log -err_log_file: d:\Tomcat4\logs\stderr.log I'm using Tomcat 4.0.6 (Win 2k - IIS 5.0 - JDK 1.4.0) When I configure server.xml with minprocessors on the Ajp13 connector, above 600 the service stops suddenly, in my log The log starts with no errors... 2003-06-30 13:52:28 HttpProcessor[8080][497] Starting background thread 2003-06-30 13:52:28 HttpProcessor[8080][498] Starting background thread 2003-06-30 13:52:28 HttpProcessor[8080][499] Starting background thread 2003-06-30 13:52:28 Ajp13Connector[8009] Opening server socket on all host IP addresses 2003-06-30 13:52:28 Ajp13Connector[8009] Starting background thread 2003-06-30 13:52:29 Ajp13Processor[8009][0] Starting background thread 2003-06-30 13:52:29 Ajp13Processor[8009][1] Starting background thread ...then all the threads...and finally: 2003-06-30 13:52:29 Ajp13Processor[8009][350] Starting background thread 2003-06-30 13:52:29 Ajp13Processor[8009][351] Starting background thread 2003-06-30 13:52:29 Ajp13Processor[8009][352] Starting background thread Here suddenly stops... (and the service too) This is my server.xml: Server port=8005 shutdown=SHUTDOWN debug=0 Service name=Tomcat-Standalone Connector className=org.apache.catalina.connector.http.HttpConnector port=8080 minProcessors=500 maxProcessors=1000 enableLookups=false acceptCount=400 debug=0 connectionTimeout=6/ Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=800 maxProcessors=3000 acceptCount=400 debug=0/ Engine name=Standalone defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.log timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / Host name=localhost debug=0 appBase=\\mymachine\webapps unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.log pattern=combined/ Context path=/examples docBase=examples debug=0 reloadable=false crossContext=true Parameter name=context.param.name value=context.param.value override=false/ Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=false maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager /Context /Host /Engine /Service Service name=Tomcat-Apache Connector className=org.apache.catalina.connector.warp.WarpConnector port=8008 minProcessors=5 maxProcessors=75 enableLookups=true appBase=webapps acceptCount=10 debug=0/ Engine className=org.apache.catalina.connector.warp.WarpEngine name=Apache debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=apache_log. suffix=.log timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / /Engine /Service /Server I wonder if there is a relation between the memory I configured and this event. What do you think about 1,024 m ? (my servers have 2GB in RAM) and I'm expecting high load. Does anyone of you have had the same problem? Regards. Jose Oyervides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
performance on Tomcat 4.0.6
Hi, I'm doing some tests on performance with TC 4.0.6. My system (W2k IIS5.0 - JSDK 1.4.0). I'm expecting my site will have a heavy load (about 20,000 concurrent connections between several servers) My pages wont have database connections. I've read some documents about it, and I wonder if someone could tell me what's the limit of the parameters minProcessors, maxProcessors and acceptCount, when I configure minProcessors above 1000, Tomcat stops after about 30 seconds. ¿? Does it really improves performance? Another question: How can I increase the the memory configuration of JVM. I've read that is donde with the Xms, xms,ms and mx options, but how can I tell Tomcat to use that configuration. (i'm using Tomcat as a service) I've tried using it with no luck. Would that work if I edit cataliba.bat and add those options in %JAVA_OPTS%. Does anyone have some good tips about performance? (besides the documents found in the FAQ section) Regards. Jose Oyervides. Up to now this is my server.xml file : Server port=8005 shutdown=SHUTDOWN debug=0 Service name=Tomcat-Standalone Connector className=org.apache.catalina.connector.http.HttpConnector port=8080 minProcessors=750 maxProcessors=1000 enableLookups=false acceptCount=400 debug=0 connectionTimeout=6/ Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=1000 maxProcessors=2000 acceptCount=400 debug=0/ Engine name=Standalone defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.log timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / Host name=localhost debug=0 appBase=\\OtherMachine\foo\ unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.log pattern=combined/ Context path=/testing docBase=testing debug=0 privileged=true/ Context path=/examples docBase=examples debug=0 reloadable=false crossContext=true Context path=/manager docBase=manager debug=0 privileged=true/ Parameter name=context.param.name value=context.param.value override=false/ Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=false maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager /Context /Host /Engine /Service Service name=Tomcat-Apache Connector className=org.apache.catalina.connector.warp.WarpConnector port=8008 minProcessors=5 maxProcessors=75 enableLookups=true appBase=webapps acceptCount=10 debug=0/ Engine className=org.apache.catalina.connector.warp.WarpEngine name=Apache debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=apache_log. suffix=.log timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / /Engine /Service /Server - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Connectors for IIS/Tomcat SHOULD make sense
Hi Ken, This link explains how to install Tomcat 4.0.5 with IIS. http://support.esri.com/index.cfm?fa=knowledgebase.techarticles.articleShow; d=24055 I followed the instructions and worked. (with some help of this list) I hope it can help you. Regards. Jose Oyervides. -Original Message- From: Januski, Ken [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:28 PM To: Tomcat Users List Subject: RE: Connectors for IIS/Tomcat SHOULD make sense Thanks John, I wasn't sure about the loadbalancing. I commented it out but I'm still getting the 404 errors, /jakarta/isapi_redirector.dll is not available. I've watched other people have this error, including someone about a week ago I think, in which you gave some advice. But as far as I can tell the problem was never solved. It's surprising to me how fragile the IIS/Tomcat connectors seem to be. Most of the documentation finally ends with this should now work. If not please check for typos in worker.properties, etc. Perhaps this really is the right advice and I'll eventually see a typo. But right now it sure doesn't look like there are any to me and it's hard to know where to turn next, other than scouring the web for people who've had similar problems. I guess what I find oddest is that the logs are full of information but no one seems to know how to interpret them But then again I probably put more stock in logs than many people do. Ken -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:58 PM To: Tomcat Users List Subject: Re: Connectors for IIS/Tomcat SHOULD make sense There's no need for any of the loadbalancing stuff in workers.properties. You only need the four lines: type, name, port, host. John On Tue, 24 Jun 2003 13:10:33 -0400, Januski, Ken [EMAIL PROTECTED] wrote: Another day's experimentation and no more progress. One thing I notice is that the source code seems to refer to isapi_redirector2 and I'm using isapi_redirector.dll. I'm using that because I'm following instructions from ESRI for preparing IIS and Tomcat for an ArcIMS upgrade. Their instructions indicate that isapi_redirector.dll should work with Tomcat 4.1.12 and I, at least so far, have no reason to doubt them. I've also edited my worker.properties files to a minimum just for testing. I'm including it below. But I'm still puzzled as to why I'm getting the 404 error. The log indicates that an ajp13 worker is being created successfully and I don't really see any errors related to it, other than the 404. [Tue Jun 24 12:47:34 2003] [jk_worker.c (132)]: Into wc_get_worker_for_name ajp13 [Tue Jun 24 12:47:34 2003] [jk_worker.c (136)]: wc_get_worker_for_name, done found a worker [Tue Jun 24 12:47:34 2003] [jk_isapi_plugin.c (860)]: HttpExtensionProc got a worker for name ajp13 [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (1352)]: Into jk_worker_t::get_endpoint [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (1075)]: Into jk_endpoint_t::service [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (280)]: Into ajp_marshal_into_msgb [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (413)]: ajp_marshal_into_msgb - Done [Tue Jun 24 12:47:34 2003] [jk_connect.c (116)]: Into jk_open_socket [Tue Jun 24 12:47:34 2003] [jk_connect.c (123)]: jk_open_socket, try to connect socket = 2600 [Tue Jun 24 12:47:34 2003] [jk_connect.c (132)]: jk_open_socket, after connect ret = 0 [Tue Jun 24 12:47:34 2003] [jk_connect.c (140)]: jk_open_socket, set TCP_NODELAY to on [Tue Jun 24 12:47:34 2003] [jk_connect.c (148)]: jk_open_socket, return, sd = 2600 [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (588)]: In jk_endpoint_t::ajp_connect_to_endpoint, connected sd = 2600 [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (612)]: sending to ajp13 #294 [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (853)]: ajp_send_request 2: request body to send 0 - request body to resend 0 [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (698)]: received from ajp13 #81 [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (461)]: ajp_unmarshal_response: status = 404 [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (466)]: ajp_unmarshal_response: Number of headers is = 2 [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (506)]: ajp_unmarshal_response: Header[0] [Content-Type] = [text/html;charset=ISO-8859-1] [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (506)]: ajp_unmarshal_response: Header[1] [Content-Language] = [en-US] [Tue Jun 24 12:47:34 2003] [jk_isapi_plugin.c (428)]: Into jk_ws_service_t::start_response [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (698)]: received from ajp13 #756 [Tue Jun 24 12:47:34 2003] [jk_isapi_plugin.c (562)]: Into jk_ws_service_t::write [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (698)]: received from ajp13 #2 [Tue Jun 24 12:47:34 2003] [jk_isapi_plugin.c (872)]: HttpExtensionProc service() returned OK [Tue Jun 24 12:47:34 2003] [jk_ajp_common.c (1307)]: Into
RE: worker.properties
Thanks John, You were right, I only needed to add localhost in my worker.properties, now it's working. I'm using Tomcat 4.0.6 with one instance and using worker.properties, uriworkermap.properties and isapi_redirector.dll, just configured the localhost in my worker.properties and everything is now working. I read the FAQ for tomcat 4.1.X and got confused, since I didn't find the worker.properties configuration for tomcat 4.0.X, I followed the 4.1.X one. Thanks a lot John! Regards. Jose Oyervides. -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 7:50 AM To: Tomcat Users List Subject: Re: worker.properties Hi - Please clarify: do you have multiple Tomcat instances, or just one? The only time you need to put more hosts in workers.properties is if you have MULTIPLE Tomcat instances. If you only have one Tomcat instance, you only need the following in workers.properties: # BEGIN workers.properties # Definition for Ajp13 worker worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 # END workers.properties Note that it is workers.properties, not worker.properties (note the missing s in your post...a typo?). Note also that for IIS, you need more than workers.properties...you also need a file called uriworkermap.properties. Workers.properties is not for the purpose of mapping virtual hosts...its only purpose is to tell the connector where to find Tomcat. If you have one Tomcat instance, and a workers.properties file like the one shown above, and you cannot get any host headers except localhost to work, your problem is in either or both of 1) defining/mapping virtual hosts on the web server side (IIS: uriworkermap.properties, Apache: JkMount), or 2) defining virtual hosts on the Tomcat side. Even if you have multiple Tomcat instances, I would suggest getting things to work for multiple virtual hosts using one Tomcat instance, then add the other Tomcat instances into the mix. Trying to get multiple Tomcat instances working with multiple virtual hosts all at once could easily become frustrating if you don't take it a step or piece at a time. John On Thu, 19 Jun 2003 17:03:30 -0500, Jose Santiago Oyervides Gonzalez [EMAIL PROTECTED] wrote: Hi, Could anyone tell me what would be the correct configuration in the worker.properties to allow IIS to redirect to multiple hosts. Currently I am using this: (with no success,only for localhost) worker.properties: worker.ajp13.type=ajp13 worker.work.type=ajp13 worker.tomcat_home=D:\Tomcat4 worker.java_home=C:\j2sdk1.4.0 ps=\ worker.list=ajp13,myworker,myworker2 worker.ajp13.port=8009 worker.ajp13.host=localhost worker.myworker.port=8009 worker.myworker.host=foo.com worker.myworker2.port=8009 worker.myworker2.host=otherhost.com I am using Tomcat 4.0.6 -- IIS 5.0. According the 4.1.X documentation my configuration is valid, but I wonder if that works in 4.0.X. ¿? Also in server.xml, I specified the address property for the ip of the domains I'm configuring.(and added the hosts,obviously) Regards. Jose Oyervides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
worker.properties
Hi, Could anyone tell me what would be the correct configuration in the worker.properties to allow IIS to redirect to multiple hosts. Currently I am using this: (with no success,only for localhost) worker.properties: worker.ajp13.type=ajp13 worker.work.type=ajp13 worker.tomcat_home=D:\Tomcat4 worker.java_home=C:\j2sdk1.4.0 ps=\ worker.list=ajp13,myworker,myworker2 worker.ajp13.port=8009 worker.ajp13.host=localhost worker.myworker.port=8009 worker.myworker.host=foo.com worker.myworker2.port=8009 worker.myworker2.host=otherhost.com I am using Tomcat 4.0.6 -- IIS 5.0. According the 4.1.X documentation my configuration is valid, but I wonder if that works in 4.0.X. ¿? Also in server.xml, I specified the address property for the ip of the domains I'm configuring.(and added the hosts,obviously) Regards. Jose Oyervides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: context.xml question
Hi, I am having the same situation as Joshua, I have a W2k Server IIS5.0, Tomcat 4.0.6. I looked for admin.xml and manager.xml and those weren't in my installation. All I am trying to do is put my jsp file outside CATALINA_HOME/ (D:\Tomcat4) and put them in E:\webapps. I have tried to do it but it still hasn't worked. I've tried: Host name=mydomain.com debug=0 appBase=e:\webapps unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=mydomain_access. suffix=.log pattern=common/ Context path=/manager docBase=manager debug=0 privileged=true/ Context path=/examples docBase=examples reloadable=true crossContext=true and Host name=mydomain.com debug=0 appBase=webapps unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=mydomain_access. suffix=.log pattern=common/ Context path=/manager docBase=e:\webapps\manager debug=0 privileged=true/ Context path=/examples docBase=e:\webapps\examples reloadable=true crossContext=true I look forward for your comments. Regards. Jose Oyervides. -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 11:35 AM To: Tomcat Users List Subject: Re: context.xml question On Wed, 18 Jun 2003 12:32:00 -0400, White, Joshua A (HTSC, CASD) [EMAIL PROTECTED] wrote: Can the docBase attribute of the context element be relative? The location of the docBase will be different depending on where I am deploying to. Given mywebapp/META-INF/context.xml, the document root will always be two directories up from the context.xml file. Could this be done? Is there a better way of managing this? See the admin.xml and manager.xml files that come with a Tomcat installation. John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: context.xml question
That were a network drive. I used the tip Jason gave me. Now it works. Thanks to all. Jose Oyervides. -Original Message- From: Jason Bainbridge [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 12:24 PM To: Tomcat Users List Subject: Re: context.xml question On Thu, 19 Jun 2003 01:15, Jose Santiago Oyervides Gonzalez wrote: I've tried: Host name=mydomain.com debug=0 appBase=e:\webapps unpackWARs=true Try a forward slash instead ie. e:/webapps or maybe a double backslash. Also is e: drive a local or network drive? If it is a Network drive you will need to use it's UNC name and the user that is running Tomcat will need access to the network ie. LocalSystem for an NT service won't work. Regards, -- Jason Bainbridge http://jblinux.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS ISAPI Redirect problems (was Re: context.xml question)
OK, I'm having error 404, with MSIE, setting as proxy the server IP, port 80, this way I can access the domains as they are been served in the machine. I'm not doing this in production yet. I have the friendly error messages turned off. BTW, If a access my domain setting the IE with server IP, port 8080 they all work. In my IIS logs, I see error 404,( GET /examples/jsp - 404) like the requests isn't passed to the isapi_redirector.dll, this is happening in the other domains, default web site shows the hits of the isapi. On the other hand, my isapi.log is showing this: (every time I access the error) jk_isapi_plugin.c (657)]: HttpFilterProc started [jk_isapi_plugin.c (705)]: In HttpFilterProc Virtual Host redirection of /some.mydomain.comhttp://some.mydomain.com/examples/jsp [jk_uri_worker_map.c (447)]: Into jk_uri_worker_map_t::map_uri_to_worker [jk_uri_worker_map.c (464)]: Attempting to map URI '/some.mydomain.comhttp://some.mydomain.com/examples/jsp' [jk_uri_worker_map.c (570)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [jk_isapi_plugin.c (711)]: In HttpFilterProc test Default redirection of http://some.mydomain.com/examples/jsp [jk_uri_worker_map.c (447)]: Into jk_uri_worker_map_t::map_uri_to_worker [jk_uri_worker_map.c (566)]: In jk_uri_worker_map_t::map_uri_to_worker, wrong parameters [jk_uri_worker_map.c (570)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [jk_isapi_plugin.c (775)]: HttpFilterProc [http://some.mydomain.com/examples/jsp] is not a servlet url [jk_isapi_plugin.c (784)]: HttpFilterProc check if [http://some.mydomain.com/examples/jsp] is points to the web-inf directory I am replacing the real domain for some.mydomain.com, to avoid me problems. My system: W2K-IIS5, Tomcat 4.0.6. My uriworker.properties and worker.properties are in the past mail. Regards. Jose Oyervides. -Original Message- From: Jason Bainbridge [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 3:53 PM To: Jose Santiago Oyervides Gonzalez Cc: [EMAIL PROTECTED] Subject: IIS ISAPI Redirect problems (was Re: context.xml question) G'day, You're welcome. :) In future though I suggest you post questions to the list and not direct to an individual you are much more likely to get help that way. :) (I've CC'd the list with this) As to your problem, can you give a few more details? Is the 404 being thrown by IIS or Tomcat? If you're using MSIE you will have to turn off friendly error messages to be able to see the 404 properly in your browser, that will reveal where it is coming from. Regards, -- Jason Bainbridge http://jblinux.org On Thu, 19 Jun 2003 04:41, you wrote: Hi Jason, Thanks for answering me. I have several web-sites, and I'm trying to configure the isapi redirect for some of them, now it works for localhost, but I am having some problem with the other hosts? All the web-sites have their Jakarta Virtual Directory with the isapi loaded (green and up arrow), and the hosts are added in the server.xml, if I access them with port 8080, they work, but the redirect isn't working. This is my uriworker.properties: (it is the default) /servlet/*=ajp13 /examples/*=ajp13 This is my worker.properties (Also the default, just added the other hosts) worker.ajp13.type=ajp13 worker.ajp13.lbfactor=1 worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=ajp13 worker.tomcat_home=D:\Tomcat4 worker.java_home=C:\j2sdk1.4.0 ps=# worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.host=mydomain.com worker.ajp13.host=myotherdomain.com -- Jason Bainbridge http://jblinux.org My registry is fine, because the redirect is working for the localhost. I'm trying this configuration and it isn't working, (error 404) do you know what could be causing this? Thanks Jose Oyervides. -Original Message- From: Jason Bainbridge [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 12:24 PM To: Tomcat Users List Subject: Re: context.xml question On Thu, 19 Jun 2003 01:15, Jose Santiago Oyervides Gonzalez wrote: I've tried: Host name=mydomain.com debug=0 appBase=e:\webapps unpackWARs=true Try a forward slash instead ie. e:/webapps or maybe a double backslash. Also is e: drive a local or network drive? If it is a Network drive you will need to use it's UNC name and the user that is running Tomcat will need access to the network ie. LocalSystem for an NT service won't work. Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Webapps different machine
Hi, I have a W2k-IIS5.0 server with multiple sites, and all my web-sites have their home directories in a different machine, I am trying to configure TomCat to serve JSP's who also are in the different machine, so with the isapi_redirect, I will keep working both my IIS and Tomcat. Is it possible to do that? Can I configure webapps to be in a remote host? Have anyone of you done this? like: host name=www.domain1.com -- webapps \\otherserver\myshare\domain1.jsp host name=www.domain2.com-- webapps \\otherserver\myshare2\domain2.jsp I have already configured TomCat with the localhost (and it works). I'm using Tomcat 4.0.6 - IIS 5.0 Any help would be helpful. Jose Oyervides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]