Re: [Samba] Change the IP/name of the domain member server - upgrading the server
Gaiseric Vandal pisze: Maybe you should also copy the private directory from the old to the new server. That may include the machine password used by the samba server to connect to the domain. Run testparm -v on both servers. Are both servers samba version of samba? So maybe I will answer to my own question sharing my little knowledge. The old server has Samba 3.0.14 and the new one 3.5.6. What worked for me? 1. Migrated the group/user id mappings (winbind) from old to new server on old server: net idmap dump /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt on new one: net idmap restore idmap_dump.txt net cache flush restart samba/winbindd Now I have the same mappings on both servers, so I don't care about migrating them. Just simple cp/tar or whatever. 2. Copy smb.conf (check it, it is upgrade anyway) 3. Copy the files tar cf - . | ssh r...@xx.xx.xx.xx 'cd /home/samba; tar xf -' 3.a surfing the web/watching films 4. For the purpose of international characters only convmv -f iso-8859-2 -t utf8 --notest -r user_files 5. Prepare the actual join of new server. on old server: net ads leave -U Administrator (as of samba 3.0.14 I had to delete the machine AD account manually) shutdown on new one: change its name (/etc/hostname, mailname...) update DHCP server (if in use) restart net ads join -U Administrator (if failed, try kdestroy its Kerberos stuff) net ads testjoin It should work. Now check (double check) if the ACLs are ok. I had some minor (quickly repaired it) problems with group rights. somehow instead of rwx I had rx only. But users had problems so the bothered me with phones ;-). The windows disk mappings worked fine if they were mapped in AD login scripts like that (most of the mapping in my situation): net use m: \\server\%UserName% /PERSISTENT:NO if they were manually mapped it required manual intervention So as you can see the only mysterious thing is transfering the group/user id mappings, and fortunately it worked as expected. I hope the it would help others with similar task. Regards P. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Change the IP/name of the domain member server
Hi I have two servers: old production and new to change the old one. What is the right way to change to brand new server (with new Samba) in a way transparent to end users? Both (old and new one) servers are domain member servers. What I want to achieve is to: leave the old servers name and IP but assign them to new server. I have done almost everything, so the new server has the data, the ACLs are transfered and are ok, but when I shut down the old server, change the hostname of the new one to old one, changed the SID of the new server to the old server (using net getlocalsid/net setlocalsid xxx) and... booom. When I try to access the shares on the new server (from windows) it asks for user name/password just like the new server is not a member of the domain. So is it possible to achieve what I want? I'm not sure if other way, by using net ads leave (on new server) and then join with changed name (of the old server) would work. I'm afraid of loosing the connection to domain controler and all windows workstations would not be able to access the new server after joining. what is wors, also the old one could (?) have problems then. Looks like the trick with the changed SID is not working well. I hope someone would help me with this. Playing with windows is dangerous, some actions are not possible to undo. Regards P. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] dbench strange results
Hi I'm building new samba server (on Debian 6.0, software RAID10 2TB, Xeon CPU). Generally everything is working fine, so I have decided to run some stress tests. My choice was dbench. Old server is Debian 4.0 (samba 3.0.24, Athlon 3000+, one ATA 160GB disk). So run dbench 16 on both old and new server The results are strange old serwer: about 300MB/sek (dbench 3.0) and below are first seconds of dbench output 16 1766 398.71 MB/sec warmup 1 sec 16 4852 334.46 MB/sec warmup 2 sec 16 7956 317.26 MB/sec warmup 3 sec 16 7 309.62 MB/sec warmup 4 sec 16 14357 298.27 MB/sec warmup 5 sec 16 17579 295.52 MB/sec warmup 6 sec 16 20912 294.48 MB/sec warmup 7 sec 16 24167 292.58 MB/sec warmup 8 sec .. new server: about 80MB/sek (dbench 4.0) and below are first seconds of dbench output 16 859 347.35 MB/sec warmup 1 sec latency 420.932 ms 16 1535 203.14 MB/sec warmup 2 sec latency 625.747 ms 16 2905 175.82 MB/sec warmup 3 sec latency 466.965 ms 16 3705 147.27 MB/sec warmup 4 sec latency 511.865 ms 16 5111 142.35 MB/sec warmup 5 sec latency 543.783 ms 16 5961 130.80 MB/sec warmup 6 sec latency 830.662 ms 16 7413 130.37 MB/sec warmup 7 sec latency 875.614 ms 16 8235 122.21 MB/sec warmup 8 sec latency 450.523 ms 16 8448 110.87 MB/sec warmup 9 sec latency 743.648 ms 16 9725 110.55 MB/sec warmup 10 sec latency 841.132 ms 16 10901 110.39 MB/sec warmup 11 sec latency 291.013 ms 16 12014 109.05 MB/sec warmup 12 sec latency 537.937 ms .. Please nore that on old server MB/sec are rather constant (about 300MB/s ) but on new one are dropping rapidly (at the end to about 80MB/s). So what is going on? the new server is really fast (tested with iozone). Regards P. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net rpc idmap restore does not work
Hi In the samba HOWTO collection here http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html Creating an IDMAP Database Dump File there is a command net idmap restore /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt the point is: it doesn't work. It just does nothing, except of printing a lot of lines like this: ignoring invalid line [] ignoring invalid line [BB] Looks like the winbindd_idmap.tdb file is not changed after this command has been run. The actual dump was done like this: net idmap dump /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt The system I'm testing it on is Debian 6.1, samba 3.5.6. Regards P. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Copying files between 2 samba serv with ACL in mind using winbind database - solution?
Hi The question how to copy files and preserve ACLs appears from time to time but I have not find the right (stable and working) solution so far on this list and on the other Internet sites. So after some thinking I have 'discovered' my own solution. But what is the situation. I have old samba 3.0.24 (debian) on old computer. Now there is new computer with new samba 3.5.6 (debian 6.x). Both are working as domain member servers (in the same domain). The problem is: copy files form old to new server keeping in mind that there are 100 users with their ACLs on the files. I'm using winbindd. There are of course different UID-SID mappings on those servers so the solutions are two (IMHO): 1. Somehow set the new server mappings on the copied files or 2. Transfer the mappings itself from old to new server Ad.1 It is possible using some windows station to copy all the files from one server to another. But it is a bit extra work and time consuming. Ad.2 Use whatever linux copy tools (tar etc) to copy files. Faster but here is the problem I have faced. First I have dumped winbindd_idmap.tdb mapping on oldserver: net idmap dump /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt copied this file to new server and restored it: net idmap restore /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt during this restore operation the following errors (warnings?) appeared: ignoring invalid line [] . ignoring invalid line [BB] . Why? What does it mean? Ignore or it is serious? Looking at the dumped file it seems to be ok. So I have tried other solution, just copied the database file winbindd_idmap.tdb from old to new server. After flushing the samba cache net cache flush and restarting winbind the ACLs appeared to be the same on both servers. So after untaring the files from old server it just started to work. But my question: is it safe to do it the way I did it? The fields in databases tends to change so I have no idea if winbindd_idmap.tdb on the samba 3.0 is the same as on the 3.5? Regards Piotr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] create mask not fully working?
Hi I have Debian/stable and samba 3.2.5. I have set this (smb.conf): ... create mode = 0770 directory mask = 0770 ... and the files created have those permissions: drwxrwx--- 2 piotrlg piotrlg 22 2010-05-06 14:51 nowy3 -rwxrw 1 piotrlg piotrlg 10752 2010-05-06 14:51 nowy3.doc please note the lack of x bit for group file permission (for directory it works as expected). I have to use force create mode = 0770 to set x for groups. What is going on? Regards P. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] W2003, domain and home dirs
Hi The introduction is a bit long, but the question is really short (last paragraph). Here I have samba 3.0.14a (debian/stable) acting as domain member server with home dirs for domain users which are located on the w2003 r2 serwer being domain controler. I have a few problems with this setup, but it is hard to track them. Meybe answer to the question below could help me a bit. Samba once was PDC, than whe have installed w2003 and it was promoted to PDC. Also users form samba were transeferd to w2003. OK. Those users had in theirs Profiles tab (in user preferences window): Logon folder set to (for example): logon.bat and Home folder/Connect (for example): M and the path to: \\samba_serwer\user_name\.profiles. And it worked. Than I wanted to change logon sctipts to GPO specific (so removed logon.bat form Profiles tab) and also removed home drive mapping (M: and \\samba_serwer\user_name\.profiles) So now I don't have to fill in the Profiles tab for every new user, and home drive mapping is setup in the logon script: net use M: \\samba_serwer\%UserName% /PERSISTENT:NO It is working (so home dirs are mapped to M:), but I wonder why previously in the path to the user home dir there was .profiles? Now when I have omited this, should I expect some surprises from samba? Regards Piotr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mapping well known groups problem (net groupmap)
Hi I have samba 3.0.14a (debian/stable) and wonder where the problem is that running this command: # net groupmap add ntgroup=Domain Admins unixgroup=ntadmins rid=512 type=d gives: adding entry for group Domain Admins failed! but (note changed rid) # net groupmap add ntgroup=Domain Admins unixgroup=ntadmins rid=1000 type=d works fine. Hm, winbind is not working, but I suppose it is not needed here. So what is the problem with mapping? Regards Piotr L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance problem. big amount of net traffic for file properties
Jean-Philippe FARCY wrote: Hi, We're having performance problems with some workstations (XP workstations). The problem we diagnosed occurs when a user right clicks on a UNC link (on his desktop). The popup window only appears after 80 seconds. On another XP workstation (in the same room, same switch ...), it works OK. I have noticed the same on my XP comps, but not all. Currently I'm investigating the problem (maybe some NICs are not samba-friendly ;-)? The problematic machine uses Asus mainborad A8Vdeluxe (with marvel yukon ethernet card) Samba 3.0.14a/Debian stable. Regards Piotr L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba