[Samba] config a share named "Global", not "global"
Hello, in my network I have on every (Windows) Client a share named "Global" (with a capital first letter "G", not "g") I tried to do this with samba, but it doesn't work. How can I config such a share name "Global"? Think it is a problem, because of the "global" config at the top of the smb.conf file, but the share should be "Global" not "global" Does anybody knows how to solve such a problem? T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 logging
On Thu, 2012-11-15 at 23:31 -0600, Kristofer wrote: > --Apple-Mail=_1D7237A3-73B1-4E61-9DEC-71E2FE1742EB > Content-Transfer-Encoding: quoted-printable > Content-Type: text/plain; > charset=us-ascii > > Does Samba 4 provide any logging as far as who authenticated from where, = > similar to how Windows AD servers log it to the security event log? Not at this point, sorry. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba domain member losing membership
On Fri, 2012-11-16 at 15:49 +1030, Andrew Galdes wrote: > Hello all, > > I've recently posted here for help with a Samba domain member system which > seems to lose it's domain membership. I want to discuss it a little more. I > have more information. I'm after comments and suggestions for > troubleshooting. Also, i say "loses membership" but i don't really know if > it has lost it. Just doesn't work anymore until i re-join the Samba system > to the domain. > > I have noticed this behaviour with two sites (installations) now. Both are > CentOS systems with Samba versions as follows: > > samba-*-3.5.10-125.el6.x86_64 > samba-*-3.5.10-115.el6_2.x86_64 > > I successfully join these systems to Active Directory domains (2008 r2 > DC's) using the following command. The system can then do as i need and > "wbinfo" works: > > net join -U Administrator%MyPass > > After some time the Samba servers will stop functioning as expected and > users will get 'access denied' errors. "wbinfo" stops working. > > Some error messages: > > LOG FILE: "/var/log/samba/log.wb-MYDOM" > > [2012/11/12 13:20:43.338947, 0] > libsmb/cliconnect.c:1052(cli_session_setup_spnego) > Kinit failed: Preauthentication failed > [2012/11/12 13:20:43.459457, 2] > winbindd/winbindd_pam.c:2121(winbindd_dual_pam_auth_crap) > NTLM CRAP authentication for user [MYDOM]\[myuser] returned > NT_STATUS_ACCESS_DENIED (PAM: 4) > > Notice Kinit in the above error. I have not configured Kerberos at this > point. > > I have not identified consistent time intervals for these 'drop-outs'. I > have not updated (YUM) these systems between the joining and dropping from > the domains. > > What might cause this? What causes this is that when we change our domain membership password, and the connection to the DC we change against times out. There is a patch in later releases for this (gives a longer timeout). The issue is, this takes longer than we allow, so we think it failed, but it actually succeed, and so we loose our membership. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Additional Zones with Samba4 DNS
Hi, yes I use internal DNS not bind. how do you want me to check the DNS? I am able to resolve host normally, when a new client join the domain the DNS is updated properly as well. yes the the machine running the DNS tool is properly logged in the domain with domain Administrator username. When I try to connect, it just says it cannot connect to DNS server. but when I try to monitor/test that DNS server with dns tool, I see that reverse dns is working, but simple dns test fails. Best Regards, Innocent. De : Michael Hildenbrand À : samba@lists.samba.org Envoyé le : Vendredi 16 novembre 2012 10h21 Objet : Re: [Samba] Additional Zones with Samba4 DNS Hi, config file smb.conf is quite unimportant for DNS. Do you use internal Samba DNS, not bind, and did you check your DNS ? Is your user who uses the DNS tool from MS in the domain and in the domain logged on? Without a logged on Domain User with Admin Rights your are not able to connect to the DNS Server. What error message do you get? Von: Innocent Yevide [mailto:inye...@yahoo.fr] Gesendet: Donnerstag, 15. November 2012 23:39 An: Michael Hildenbrand Betreff: Re: [Samba] Additional Zones with Samba4 DNS Hi Michael, I also have samba4 rc5 installed but cannot connect to the internal dns with MS DNS tool. could u please share your config file with me? perhaps I am missing something. Regards, Inno. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] config a share named "Global", not "global"
On Fri, 2012-11-16 at 00:52 +0100, Thomas Jung wrote: > Hello, > > in my network I have on every (Windows) Client a share named "Global" > (with a capital first letter "G", not "g") > I tried to do this with samba, but it doesn't work. > > How can I config such a share name "Global"? > Think it is a problem, because of the "global" config at the top of > the smb.conf file, but the share should be "Global" not "global" > > Does anybody knows how to solve such a problem? Find and change: #define GLOBAL_NAME "global" #define GLOBAL_NAME2 "global" to whatever you need to change it to. The header file it is in for 4.0 rc is lib/param/loadparm.h, but it's probably in source3/include/local.h in 3.x releases. However, doing so makes it very difficult for whoever has the job of supporting the result, so make sure you *document* it very clearly for whoever comes after you, or has to provide emergency support. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] grant windows group share permission
Hello i like to give a windows group (W2K3-AD) permissions to use a share read/write on a Samba domain member server. Therefore if have added the Samba server to the domain without problem and created a share like this: [bild] comment = Some Comment path = /data/bild admin users = root force user = smbuser force group = sambashare valid users = DOMAIN\w-user1 @DOMAIN\w-group1 guest ok = no read only = no writeable = yes browseable = yes The windows domain user "w-user1" work as it should, but no member of the windows group "w-group1" can access the share. If have also tried mapping the windows group to the Unix group "sambashare" with "username map" but always get access denied eg. asked for a windows user. Can please someone give a hint how to grant access for a windows group without adding/removing the members to a Unix group? Many Thanks Andi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] grant windows group share permission
It's easiest to tell samba to allow everyone access to the share, and use ACL's on the Linux filesystem to restrict access. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of lst_ho...@kwsoft.de Sent: Friday, November 16, 2012 8:55 AM To: samba@lists.samba.org Subject: [Samba] grant windows group share permission Hello i like to give a windows group (W2K3-AD) permissions to use a share read/write on a Samba domain member server. Therefore if have added the Samba server to the domain without problem and created a share like this: [bild] comment = Some Comment path = /data/bild admin users = root force user = smbuser force group = sambashare valid users = DOMAIN\w-user1 @DOMAIN\w-group1 guest ok = no read only = no writeable = yes browseable = yes The windows domain user "w-user1" work as it should, but no member of the windows group "w-group1" can access the share. If have also tried mapping the windows group to the Unix group "sambashare" with "username map" but always get access denied eg. asked for a windows user. Can please someone give a hint how to grant access for a windows group without adding/removing the members to a Unix group? Many Thanks Andi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] grant windows group share permission
Zitat von "Baird, Josh" : It's easiest to tell samba to allow everyone access to the share, and use ACL's on the Linux filesystem to restrict access. My intention was to not mess around on the Unix side as much as possible therefore the idea to limit share access by windows group and force/user group on the unix side. Is this even possible? With limiting by filesystem how do i map the windows group to the unix group without doubling users? Should i go for "username map" or with winbind mappings? Thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help
Is this samba 3.x Samba 3.x domains and domain controllers function like Windows NT4 domains. They are not like Windows 200x Active Directory servers and domains. The domain name has to be a simple netbios compatible name. A single name not fqdn. I do not believe that "." are a valid character. I think the domain name can not exceed 15 or 15 characters. On 11/15/12 14:38, Hanganu Sergiu wrote: hello i m not speaking very well english i m trying to configure samba .i m using debian as O.S. my problem is : i want to configure a local domain as PDC this is a part of a little example /|workgroup = MIDEARTH|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User |/ /|workgroup = MIDEARTH.MILANO|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User|/ my domain will be "MIDEARTH" This is working, but if i will change in "MIDEARH.MILANO" ...is not working when i m trying to connect a xp pro client with the domain name "MIDEARTH" is working but if i change in "MIDEARTH.MILANO" like fqnd is not working and i don t understand why.. i m trying to find on google same example but i can t find anything like this.. PLEASE HELP ME THANK YOU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 ad problems
Hello, i have a samba4 ad domain with 5 domain controllers. Since 2-3 weeks, i have problems with kerberos, log.samba: [2012/11/16 16:21:11, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:12, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:12, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:14, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:24, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:24, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:44, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 3 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:21:53, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:21:53, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local DC=test,DC=local [2012/11/16 16:23:49, 2] ../source4/libcli/dgram/dgramsocket.c:92(dgm_socket_recv) No mailslot handler for 'ÃMAILSLOTÃLANMAN' [2012/11/16 16:25:06, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=test,DC=local [2012/11/16 16:25:19, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=test,DC=local [2012/11/16 16:25:19, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Configuration,DC=test,DC=local [2012/11/16 16:26:01, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:da93641c-ad62-4a93-bf2d-5eae845237ab._msdcs.test.local[1024,seal,krb5] NT_STATUS_INVALID_PARAMETER [2012/11/16 16:26:01, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:11, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:12, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:13, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:13, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:14, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:49, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:50, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:26:51, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:56, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gense
[Samba] reg import via logon script
hi everybody I'm being trouble by a strange system behavior, it's Win 7 machine script it as simple as one line reg import Y:\IT\domainLogons\exportRaw.reg Y: is a net share that is mapped beforehand it does not get imported but below works just fine reg restore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Y:\IT\domainLogons\exportRaw.hiv both reg & hiv are logic-wise structurally identical ??? any thoughts? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 logging
> > Does Samba 4 provide any logging as far as who authenticated from where, = >> similar to how Windows AD servers log it to the security event log? > > Not at this point, sorry. Are you aware of any plans to add this type of logging in the future? Thanks, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - Wins error running samba-tool classicupgrade
Hello: First, sorry for my English. I'm testing samba4 rc5. I have compiled and installed samba4 and now I'm trying to simulate an upgrade from my samba3 site to my samba4 test installation. I have setup a isolated network and I have replicated server and clients, copied my samba3 ldap contents and tdb files. But, when I run samba-tool classicupgrade following to the docs, samba-tool complaints about wins error. Below is the error. When the error appeared, I manually deleted the name entries in the wins.dat file, but the error continues with other machine names. Can I delete the wins.dat (entirely or its content) without consecuences? I have re-run the samba-tool classicupgrade after every error. Need I to wipe the internal samba4 database before re-run samba-tool classicupgrade? If, "yes", how? Importing WINS database ERROR (ldb): uncaught exception - Entry name=REP-01-FUN01, type=0x20 already exists File "/usr/local/samba/python2.7/site-packages/samba/netcmd/__init__.py", line 175 in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 848, in upgrade_from_samba3 import_wins(Ldb(result.paths.winsdb), samba3_winsdb) File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 364, in import_wins "address": ips}) Regards Federico -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] grant windows group share permission
On 16/11/12 13:55, lst_ho...@kwsoft.de wrote: Hello i like to give a windows group (W2K3-AD) permissions to use a share read/write on a Samba domain member server. Therefore if have added the Samba server to the domain without problem and created a share like this: [bild] comment = Some Comment path = /data/bild admin users = root force user = smbuser force group = sambashare valid users = DOMAIN\w-user1 @DOMAIN\w-group1 guest ok = no read only = no writeable = yes browseable = yes The windows domain user "w-user1" work as it should, but no member of the windows group "w-group1" can access the share. If have also tried mapping the windows group to the Unix group "sambashare" with "username map" but always get access denied eg. asked for a windows user. Can please someone give a hint how to grant access for a windows group without adding/removing the members to a Unix group? Many Thanks Andi Hi, just a few pointers: You can remove the 'admin users' line, here you are giving 'root' root privileges You only need one of the 'read only' & 'writeable' lines, they both mean the same, I suggest using 'read only' Finally, try removing the @ sign, I do not think you need it with winbind (I take it you are using winbind) Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] reg import via logon script
hi everybody I'm being trouble by a strange system behavior, it's Win 7 machine script it as simple as one line reg import Y:\IT\domainLogons\exportRaw.reg Y: is a net share that is mapped beforehand it does not get imported but below works just fine reg restore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Y:\IT\domainLogons\exportRaw.hiv both reg & hiv are logic-wise structurally identical ??? any thoughts? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] reg import via logon script
I'm being troubled :) a trouble hopefully I ain't ;) On 16/11/12 16:38, lejeczek wrote: hi everybody I'm being trouble by a strange system behavior, it's Win 7 machine script it as simple as one line reg import Y:\IT\domainLogons\exportRaw.reg Y: is a net share that is mapped beforehand it does not get imported but below works just fine reg restore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Y:\IT\domainLogons\exportRaw.hiv both reg & hiv are logic-wise structurally identical ??? any thoughts? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Wins error running samba-tool classicupgrade
On 16/11/12 13:00, Federico Alberto Sayd wrote: Hello: First, sorry for my English. I'm testing samba4 rc5. I have compiled and installed samba4 and now I'm trying to simulate an upgrade from my samba3 site to my samba4 test installation. I have setup a isolated network and I have replicated server and clients, copied my samba3 ldap contents and tdb files. But, when I run samba-tool classicupgrade following to the docs, samba-tool complaints about wins error. Below is the error. When the error appeared, I manually deleted the name entries in the wins.dat file, but the error continues with other machine names. Can I delete the wins.dat (entirely or its content) without consecuences? I have re-run the samba-tool classicupgrade after every error. Need I to wipe the internal samba4 database before re-run samba-tool classicupgrade? If, "yes", how? Importing WINS database ERROR (ldb): uncaught exception - Entry name=REP-01-FUN01, type=0x20 already exists File "/usr/local/samba/python2.7/site-packages/samba/netcmd/__init__.py", line 175 in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 848, in upgrade_from_samba3 import_wins(Ldb(result.paths.winsdb), samba3_winsdb) File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 364, in import_wins "address": ips}) Regards Federico I have read the samba 3 docs, and this page[1] says that there is not need to preserve winds.dat because this file is regenerated when Samba is restarted. I deleted the file and the migration finished ok. it is ok to delete this file? But If the file is not neccesary, why do "samba-tool classicupgrade" check this file and complaint when it finds inconsistences? [1] http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html Regards Federico -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is it possible to change the root/Administrator user to another username?
On 11/15/2012 10:08 PM, Günter Kukkukk wrote: Am Freitag, 16. November 2012, 03:00:11 schrieb Andrew Bartlett: On Thu, 2012-11-15 at 08:44 -0500, Paul Griffith wrote: Hi Andrew, The 'username map' option isn't exactly what I am looking for. That doesn't solve my issue. We have a home grown backend with a custom Samba plugin. The original writer has moved on and I am faced with solving a issue that might be solved if I could replace Samba query for the root user with something else. At least that what it looks like from where I am sitting. You are going to need to give many more details of what you are actually trying to do, rather than how you think you might fix it. Then we can probably give you some sensible advise. "root" isn't hard-coded anywhere in Samba, but uid 0 is special in unix and in Samba. Andrew Bartlett Paul, just a further note on what Andrew is saying here with "uid 0 is special in unix and in Samba". You can create a new *nix user e.g. named "smbroot" with "useradd . -u 0 smbroot" to assign him the uid 0". This cmd useradd is sometimes named adduser and might take different arguments. Sample (done as root): useradd -d /nodir -s /bin/false -u 0 smbroot This created user doesn't even have a *nix homedir and a login shell - but has otherwise the same rights as root. But choose the options you like - at least uid 0 must be set. Then you can add this new user to the samba user database. smbpasswd -a smbroot Cheers, Günter Surely more detailed info is needed from your side. Thank you for the suggestions, re smbroot. I will try to give you a clearer picture. I understand that you looking into a black box and trying to help. Thank you for that! We have a home grown passdb module, it talks to our home grown user database. The original developer of the plugin and the user database has moved on but we have managed to keep things working without any major issues, until now. Recently we have been having more issues with the plugin and the user database. What has been happening is that some of the connections to the user database are hanging around for days at a time. This seems to create a condition where the other incoming connections are getting blocked. When I did a strace on one of the hanging processes/connections it was giving the following error message: udb_cmd: result: [error] [record root:user does not exist] udb_to_sam: record [root:user] does not exist That is when I thought that adding the root user might help the situation. If the root user existed, the error would go away and then maybe the connection could be completed normally and closed. I understand this is our own custom code we added to Samba and I certainly don't expect anyone to fix our code. I hope that gives you a better picture. Many Thanks, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Wins error running samba-tool classicupgrade
On Fri, 2012-11-16 at 15:47 -0300, Federico Alberto Sayd wrote: > On 16/11/12 13:00, Federico Alberto Sayd wrote: > > Hello: > > > > First, sorry for my English. > > > > I'm testing samba4 rc5. I have compiled and installed samba4 and now > > I'm trying to simulate an upgrade from my samba3 site to my samba4 > > test installation. I have setup a isolated network and I have > > replicated server and clients, copied my samba3 ldap contents and tdb > > files. > > > > But, when I run samba-tool classicupgrade following to the docs, > > samba-tool complaints about wins error. > > > > Below is the error. When the error appeared, I manually deleted the > > name entries in the wins.dat file, but the error continues with other > > machine names. > > > > Can I delete the wins.dat (entirely or its content) without consecuences? > > > > I have re-run the samba-tool classicupgrade after every error. Need I > > to wipe the internal samba4 database before re-run samba-tool > > classicupgrade? If, "yes", how? > > > > > > Importing WINS database > > ERROR (ldb): uncaught exception - Entry name=REP-01-FUN01, type=0x20 > > already exists > > File > > "/usr/local/samba/python2.7/site-packages/samba/netcmd/__init__.py", > > line 175 in _run > > return self.run(*args, **kwargs) > > File > > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", > > line 1318, in run > > useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) > > File > > "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line > > 848, in upgrade_from_samba3 > > import_wins(Ldb(result.paths.winsdb), samba3_winsdb) > > File > > "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line > > 364, in import_wins > > "address": ips}) > > > > > > Regards > > > > Federico > I have read the samba 3 docs, and this page[1] says that there is not > need to preserve winds.dat because this file is regenerated when Samba > is restarted. I deleted the file and the migration finished ok. > > it is ok to delete this file? It is and it isn't. The client will eventually re-register itself with WINS, but it won't be immediate. The correct fix would be to work out what nmbd does with a duplicate entry (does it just take the first or last entry?) and then do the same in the upgrade code. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] detected unhandled Python exception in '/usr/local/samba/sbin/samba_dnsupdate'
Hello, I've just seen the below exception in my log file. does any one knows why ? Nov 17 00:37:55 MyHost abrt: detected unhandled Python exception in '/usr/local/samba/sbin/samba_dnsupdate' Nov 17 00:37:55 MyHost abrtd: New client connected Nov 17 00:37:55 MyHost abrt-server[6427]: Saved Python crash dump of pid 6424 to /var/spool/abrt/pyhook-2012-11-17-00:37:55-6424 Nov 17 00:37:55 MyHost abrtd: Directory 'pyhook-2012-11-17-00:37:55-6424' creation detected Nov 17 00:37:55 MyHost abrtd: Executable'/usr/local/samba/sbin/samba_dnsupdate' doesn't belong to any package Nov 17 00:37:55 MyHost abrtd: 'post-create' on '/var/spool/abrt/pyhook-2012-11-17-00:37:55-6424' exited with 1 Nov 17 00:37:55 MyHost abrtd: Corrupted or bad directory /var/spool/abrt/pyhook-2012-11-17-00:37:55-6424, deleting Nov 17 00:47:55 MyHost abrt: detected unhandled Python exception in '/usr/local/samba/sbin/samba_dnsupdate' Nov 17 00:47:55 MyHost abrtd: New client connected Nov 17 00:47:55 MyHost abrtd: Directory 'pyhook-2012-11-17-00:47:55-6513' creation detected Nov 17 00:47:55 MyHost abrt-server[6516]: Saved Python crash dump of pid 6513 to /var/spool/abrt/pyhook-2012-11-17-00:47:55-6513 Nov 17 00:47:55 MyHost abrtd: Executable '/usr/local/samba/sbin/samba_dnsupdate' doesn't belong to any package Nov 17 00:47:55 MyHost abrtd: 'post-create' on '/var/spool/abrt/pyhook-2012-11-17-00:47:55-6513' exited with 1 Nov 17 00:47:55 MyHost abrtd: Corrupted or bad directory /var/spool/abrt/pyhook-2012-11-17-00:47:55-6513, deleting -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is it possible to change the root/Administrator user to another username?
On Fri, 2012-11-16 at 14:12 -0500, Paul Griffith wrote: > Thank you for the suggestions, re smbroot. I will try to give you a > clearer picture. I understand that you looking into a black box and > trying to help. Thank you for that! > > We have a home grown passdb module, it talks to our home grown user > database. The original developer of the plugin and the user database > has moved on but we have managed to keep things working without any > major issues, until now. > > Recently we have been having more issues with the plugin and the user > database. What has been happening is that some of the connections to the > user database are hanging around for days at a time. This seems to > create a condition where the other incoming connections are getting blocked. > > When I did a strace on one of the hanging processes/connections it was > giving the following error message: > > udb_cmd: result: [error] [record root:user does not exist] > udb_to_sam: record [root:user] does not exist > > > That is when I thought that adding the root user might help the > situation. If the root user existed, the error would go away and then > maybe the connection could be completed normally and closed. So, did adding root there help? > I understand this is our own custom code we added to Samba and I > certainly don't expect anyone to fix our code. I hope that gives you a > better picture. Thanks, it certainly does. In the future, given your special situation you really do need to include this much detail in your original post. Anyway, there have been a number of increased requirements on passdb modules over the years, but you don't say if you have seen your problems only on updating Samba, or if they have just grown due to other unknown factors. What version of Samba are you using? As speculation, upgrading to Samba 4.0 might help, as (partly in reaction to this kind of thing) we have tried to reduce how often we ask for a system and root token. It might just happen to reduce the demands on your backend to a level where it doesn't break down. I hope this helps, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Additional Zones with Samba4 DNS
Hi Michael, could you please send me your server dns info as below, so that I can compare if there is anything missing on my side... [root@MyHost ~]# samba-tool dns serverinfo MyHost Password for [administrator@OFFICE.LOCAL]: dwVersion : 0xece0205 fBootMethod : DNS_BOOT_METHOD_DIRECTORY fAdminConfigured : FALSE fAllowUpdate : TRUE fDsAvailable : TRUE pszServerName : MyHost.office.local pszDsContainer : CN=MicrosoftDNS,DC=DomainDnsZones,DC=office,DC=local aipServerAddrs : ['192.168.100.100 (53)'] aipListenAddrs : ['192.168.100.100 (53)'] aipForwarders : [] dwLogLevel : 0 dwDebugLevel : 0 dwForwardTimeout : 3 dwRpcPrototol : 0x5 dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES cAddressAnswerLimit : 0 dwRecursionRetry : 3 dwRecursionTimeout : 8 dwMaxCacheTtl : 86400 dwDsPollingInterval : 180 dwScavengingInterval : 0 dwDefaultRefreshInterval : 168 dwDefaultNoRefreshInterval : 168 fAutoReverseZones : FALSE fAutoCacheUpdate : FALSE fRecurseAfterForwarding : FALSE fForwardDelegations : TRUE fNoRecursion : FALSE fSecureResponses : FALSE fRoundRobin : TRUE fLocalNetPriority : FALSE fBindSecondaries : FALSE fWriteAuthorityNs : FALSE fStrictFileParsing : FALSE fLooseWildcarding : FALSE fDefaultAgingState : FALSE dwRpcStructureVersion : 0x2 aipLogFilter : [] pwszLogFilePath : None pszDomainName : office.local pszForestName : office.local pszDomainDirectoryPartition : DC=DomainDnsZones,DC=office,DC=local pszForestDirectoryPartition : DC=ForestDnsZones,DC=office,DC=local dwLocalNetPriorityNetMask : 0xff dwLastScavengeTime : 0 dwEventLogLevel : 4 dwLogFileMaxSize : 0 dwDsForestVersion : 0 dwDsDomainVersion : 0 dwDsDsaVersion : 4 fReadOnlyDC : FALSE De : Innocent Yevide À : Michael Hildenbrand Cc : "samba@lists.samba.org" Envoyé le : Vendredi 16 novembre 2012 14h32 Objet : Re: [Samba] Additional Zones with Samba4 DNS Hi, yes I use internal DNS not bind. how do you want me to check the DNS? I am able to resolve host normally, when a new client join the domain the DNS is updated properly as well. yes the the machine running the DNS tool is properly logged in the domain with domain Administrator username. When I try to connect, it just says it cannot connect to DNS server. but when I try to monitor/test that DNS server with dns tool, I see that reverse dns is working, but simple dns test fails. Best Regards, Innocent. De : Michael Hildenbrand À : samba@lists.samba.org Envoyé le : Vendredi 16 novembre 2012 10h21 Objet : Re: [Samba] Additional Zones with Samba4 DNS Hi, config file smb.conf is quite unimportant for DNS. Do you use internal Samba DNS, not bind, and did you check your DNS ? Is your user who uses the DNS tool from MS in the domain and in the domain logged on? Without a logged on Domain User with Admin Rights your are not able to connect to the DNS Server. What error message do you get? Von: Innocent Yevide [mailto:inye...@yahoo.fr] Gesendet: Donnerstag, 15. November 2012 23:39 An: Michael Hildenbrand Betreff: Re: [Samba] Additional Zones with Samba4 DNS Hi Michael, I also have samba4 rc5 installed but cannot connect to the internal dns with MS DNS tool. could u please share your config file with me? perhaps I am missing something. Regards, Inno. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] fast parallel crawling of file systems
Hi, I use a disk space inventory tool called TreeSizePro to scan file filesystems on windows and linux boxes. On Linux systems I export these shares via samba to scan them. TreeSizePro is multi-threaded (32 crawlers) and I run it on windows 7. I am scanning file systems that are local to the linux servers and also nfs mounts that are re-exported via samba. If I scan a windows 2008 server I can scan many millon files in about 1 hour, If I do the same thing with samba it takes more than 1 day. It takes longer to scan to re-exported nfs share than the local share but not a whole lot so I must assume the bottleneck lies within samba. (I can also crawl the nfs mount really fast) How can I make samba fly? How can I improve this metadata performance? I don't care about stability, I just want to maximize performance. We don't have a slow or a badly configured network. I compiled samba 3.6.9 on a plain ubuntu 12.04 box and searched the web for some performance improvement suggestions, not sure if the config below makes any sense. ./configure --with-aio-support --enable-pthreadpool --prefix=/opt/samba --with-ads /root # cat /opt/samba/lib/smb.conf [global] workgroup = FH netbios name = copycat min protocol = SMB2 max protocol = SMB2 #log level = 1 # performance enhancements strict locking = no max xmit = 65535 deadtime = 15 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 [tmp] path = /tmp read only = no [shared] path = /shared read only = yes follow symlinks = no wide links = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest && make && make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" I do "git pull" every day. In the samba-master directory, I did a "make test", many failures and errors. If any one can help me, I can send the st/summary files to him. Your help will be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba domain member losing membership
Thanks. I've updated to the latest version and so far so good. But time will tell in this case. Thanks alot for your help. -Andrew Galdes On Fri, Nov 16, 2012 at 8:45 PM, Andrew Bartlett wrote: > On Fri, 2012-11-16 at 15:49 +1030, Andrew Galdes wrote: > > Hello all, > > > > I've recently posted here for help with a Samba domain member system > which > > seems to lose it's domain membership. I want to discuss it a little > more. I > > have more information. I'm after comments and suggestions for > > troubleshooting. Also, i say "loses membership" but i don't really know > if > > it has lost it. Just doesn't work anymore until i re-join the Samba > system > > to the domain. > > > > I have noticed this behaviour with two sites (installations) now. Both > are > > CentOS systems with Samba versions as follows: > > > > samba-*-3.5.10-125.el6.x86_64 > > samba-*-3.5.10-115.el6_2.x86_64 > > > > I successfully join these systems to Active Directory domains (2008 r2 > > DC's) using the following command. The system can then do as i need and > > "wbinfo" works: > > > > net join -U Administrator%MyPass > > > > After some time the Samba servers will stop functioning as expected and > > users will get 'access denied' errors. "wbinfo" stops working. > > > > Some error messages: > > > > LOG FILE: "/var/log/samba/log.wb-MYDOM" > > > > [2012/11/12 13:20:43.338947, 0] > > libsmb/cliconnect.c:1052(cli_session_setup_spnego) > > Kinit failed: Preauthentication failed > > [2012/11/12 13:20:43.459457, 2] > > winbindd/winbindd_pam.c:2121(winbindd_dual_pam_auth_crap) > > NTLM CRAP authentication for user [MYDOM]\[myuser] returned > > NT_STATUS_ACCESS_DENIED (PAM: 4) > > > > Notice Kinit in the above error. I have not configured Kerberos at this > > point. > > > > I have not identified consistent time intervals for these 'drop-outs'. I > > have not updated (YUM) these systems between the joining and dropping > from > > the domains. > > > > What might cause this? > > What causes this is that when we change our domain membership password, > and the connection to the DC we change against times out. There is a > patch in later releases for this (gives a longer timeout). > > The issue is, this takes longer than we allow, so we think it failed, > but it actually succeed, and so we loose our membership. > > Andrew Bartlett > > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > > -- -Andrew Galdes Managing Director RHCSA, LPI, CCENT AGIX Linux Ph: 08 7324 4429 Mb: 0422 927 598 Site: http://www.agix.com.au Twitter: http://twitter.com/agixlinux LinkedIn: http://au.linkedin.com/in/andrewgaldes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
