[Samba] New Samba wiki on-line
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, We've brought a new wiki online at http://wiki.samba.org/ for Samba users and developers alike. The intent is to allow the community to fill the gap in dynamic or temporary documentation and other relevant information. Our thanks to Craig White who has volunteered to act as standing editor (at least at first). But in general, the wiki will only be as good or useful as you, the community, make it. cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBqPOIR7qMdg1EfYRAoMjAKCCMI3RHLJtr2ajNVtlf9RQm6X4TQCeN/kM S/IYDZEmb9s1TtNo6NFufbo= =JCVl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc without winbindd
On Wed, 2006-03-01 at 23:39 -0800, Gordon Messmer wrote: > mallapadi niranjan wrote: > > > > is pdc without winbind a best option or with winbind > > I believe that winbind is intended only for domain members, not for > domain controllers. That's wrong, on a DC winbindd serves nested groups (aliases) and trusted domains users and groups. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc without winbindd
mallapadi niranjan wrote: is pdc without winbind a best option or with winbind I believe that winbind is intended only for domain members, not for domain controllers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
adrian sender wrote: I am sticking to the documentation, (samba 3 by example by jht) excellent book!; Yes, it's an excellent book. I have a copy, myself. However, you won't get anywhere "sticking to" its LDAP documentation. The LDAP documentation in "Samba-3 by Example" is BAD. Very bad. It completely abrogates any discussion of security as a matter that the user should be expert enough to handle, and gives example configuration files that are completely open to attack. It would have been better to ignore the LDAP server's configuration entirely and explicitly state that admins are expected to be able to do it on their own. Further, "Samba-3 by Example" assumes that you have a working directory, to begin with. Using OpenLDAP, you must create the containers (using slapadd, or ldapadd and the "rootdn") before you can bind and populate the directory with other tools. This is covered in the quickstart guide: http://www.openldap.org/doc/admin23/quickstart.html I think you should follow Craig's advice, get your hands on a copy of "LDAP System Administration", and go through it carefully. LDAP is a wonderful enabling technology, but if you don't understand how it works, you'll get terrible performance, and risk exposing private data. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris winbind with password aging (workaround inside)
A few days back, I asked whether it was possible to have winbind co-exist with password aging on a Solaris system. Seems like there is no easy way around this. After a few more days of frantic poking and truss-ing around, I found a crude but seemingly workable workaround. It seems the the library /usr/lib/passwdutil.so.1 is the one responsible for checking that the passwd entry in /etc/nsswitch.conf has the "allowed" values like files, nis, nisplus and ldap. Both passwd and telnet/rlogin will eventually call passwdutil.so.1 indirectly. The crude hack, which relies on the lucky coincidence that the words "nisplus" and "winbind" both have 7 chararcters, is to use a hex-editor to replace a couple of the "nisplus" strings inside passwdutil.so.1 binary file with "winbind". After that, did some testing with telnet, rlogin, ftp, passwd, password expiring as well as winbind, all seem to work ok. At this point, the nsswitch.conf has "files winbind" for both passwd and group. YMMV. L8r, Mike - Forwarded message from Mike <[EMAIL PROTECTED]> - Date: Mon, 27 Feb 2006 17:16:40 +0800 (SGT) From: Mike <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Subject: Solaris nsswitch.conf with winbind To: samba@lists.samba.org Hi, I have the exact same problem (described in this archived mail below) but couldn't find any solution in the archives or on google. So far, I have tried renaming one of the "allowed" libraries like ldap and then creating a symlink named nss_ldap.so.1 to point to nss_winbind.so.1 and also tried renaming in different versions of the /etc/nsswitch.conf file before and after starting winbindd but none of these work. Can any Solaris admin who also uses Winbind with password aging let me know of any workarounds for this problem ? thanks, Mike (the exact problem is described below) >From David.Legge at dier.tas.gov.au Sun Jan 4 23:49:02 2004 From: David.Legge at dier.tas.gov.au (David Legge) Date: Sun Jan 4 23:49:26 2004 Subject: [Samba] Problem with winbind and nsswitch.conf on Solaris 8 server Message-ID: <[EMAIL PROTECTED]> Hello, I'm having some problems using winbind on Samba 3.0.1 with /etc/nsswitch.conf on a Solaris 8 server. The Solaris 8 release is 10/00. The basic problem that I have is that there are restrictions on what nsswitch.conf can contain if password ageing is used. My setup is that users connecting to shares on the Solaris samba server are authenticated against a accounts on a Windows Active Directory Domain. (That is, smb.conf is configured to use "security = ADS"). I am using winbind on the Solaris samba server to enumerate Active Directory Domain users and groups as standard unix groups and users. I have installed the winbind libraries thus: cp libnss_winbind.so /lib ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2 I have also edited /etc/nsswitch.conf from using passwd: files group: files to passwd: files winbind group: files winbind The problem that I have is that there are restrictions on what nsswitch.conf can contain if password ageing is used. This is indicated in the Solaris 8 man page for nsswitch.conf(4), which says: Interaction with Password Aging When password aging is turned on, only a limited set of pos- sible name services are permitted for the passwd: database in the /etc/nsswitch.conf file: passwd: files passwd: files nis passwd: files nisplus passwd: files ldap passwd: compat passwd_compat: nisplus passwd_compat: ldap Any other settings will cause the passwd(1) command to fail when it attempts to change the password after expiration and will prevent the user from logging in. These are the only permitted settings when password aging has been turned on. Otherwise, you can work around incorrect passwd: lines by using the -r repository argument to the passwd(1) command and using passwd -r repository to override the nsswitch.conf settings and specify in which name service you want to modify your password. So, using winbind like this forces me to use `passwd -r files` to do operations using the passwd command. If I don't use the "-r" switch on the password command, an error is produced due to the presense of winbind in the nsswitch.conf file. The error is passwd: Unsupported nsswitch entry for "passwd:". Use "-r repository ". We have some applications that will break because of this and we have to use password ageing because of our security policy. Is there any way of overcoming this limitation with nsswitch.conf and winbind on Solaris 8? Thanks, Dav
[Samba] samba pdc without winbindd
Hi all i have a samba pdc (samba 3.0.21c) with openldap (openldap 2.3.19) on Redhat Enterprise Linux 4 ES (kernel version 2.6.9-5smp). and 2 domain member server(Linux same architecture as server). All my windows clients are windows 2000 professional joined to my pdc. Right now i have configured pdc without winbind. and started using it. while configuring the pdc. i could not configure winbind, and winbind was not working so stopped winbind, and started configuring PDC, if i start winbind and configure it , will it effect my existing pdc, or do i have start from the first. is pdc without winbind a best option or with winbind please guide me. Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
Matt,
> To reiterate... the fcntl64 spins in a blocking wait, so we never see an
> error unfortunately.
spins in a blocking wait? What does that mean? Either it is spinning
(chewing cpu) or its in a blocking wait (and not chewing cpu). If its
doing both then its a kernel bug.
If this is Linux, and its blocked waiting for a lock, then I'd suggest
catting /proc/locks while its stuck. From that you should be able to
work out the state of each smbd using that tdb, and see if its a
"possible" state or not ('possible' defined by the pattern of locks
tdb does).
Cheers, Tridge
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
On Thu, 2006-03-02 at 14:47 +1100, adrian sender wrote: > I will try to explain my situtation a little better so other can understand. > > I am sticking to the documentation, (samba 3 by example by jht) excellent > book!; > > So here is where I am at; > > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per > the documentation chapter 6. > > I do have a bdc; however there is no relivence to that as I am only working > on the PDC at the time; > > I have these commented out in the slapd.conf for the moment. > > #replica host=192.168.0.3:389 > #suffix="dc=tinistuff,dc=com" > #binddn="cn=updateuser,dc=tinistuff,dc=com" > #bindmethod=simple credentials=123456 > > #replogfile /var/lib/ldap/replogfile > > > This is my smb.conf as per chapter 6; > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** > > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com > > [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in > secrets.tdb > > Does this look right so far; I am now going to configure smbldaptools as per > the documentation; In chapter 5 (./configure) > > Ok, now we take a look at this - > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=sambaadmin,dc=tinistuff,dc=com" > masterPw="123456" > > > Time to populate the ldap DB. > [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 > > This does not work because it cannot bind as "sambaadmin" > > If I change my smbldap_bind to Manager, I can populate the DB. > > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=Manager,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=Manager,dc=tinistuff,dc=com" > masterPw="123456" > > Now it populates fine. > > Is this a fault on my behalf, or is there something wrong with "sambaadmin" > in the config files? > > PS - please forgive any spelling errors. > the problem with this of course is that this really has nothing to do with Samba at all - this is strictly a user grappling with LDAP. What do you get from command line ? ldapsearch -x -h localhost -D 'cn=Manager,dc=tinistuff,dc=com' -W \ '(cn=sambaadmin)' If there is a dn: there it should show several attributes including a userPassword attribute. My guess is that is why it's not working...either there isn't a dn: cn=sambaadmin,dc=tinistuff,dc=com or there isn't a userPassword attribute set. My recommendation to you is to forget all about samba for a while and learn how to set up and manage LDAP. Then integrating samba will be a piece of cake. Here's my best suggestion, buy LDAP System Administration book by Gerald Carter (yes, our Jerry)...it's a bit outdated but it makes understanding LDAP easy. Using samba to learn LDAP is like trying to use salad tongs to do neuro surgery. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
I will try to explain my situtation a little better so other can understand. I am sticking to the documentation, (samba 3 by example by jht) excellent book!; So here is where I am at; I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per the documentation chapter 6. I do have a bdc; however there is no relivence to that as I am only working on the PDC at the time; I have these commented out in the slapd.conf for the moment. #replica host=192.168.0.3:389 #suffix="dc=tinistuff,dc=com" #binddn="cn=updateuser,dc=tinistuff,dc=com" #bindmethod=simple credentials=123456 #replogfile /var/lib/ldap/replogfile This is my smb.conf as per chapter 6; ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in secrets.tdb Does this look right so far; I am now going to configure smbldaptools as per the documentation; In chapter 5 (./configure) Ok, now we take a look at this - [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf # Credential Configuration # # Notes: you can specify two differents configuration if you use a # master ldap for writing access and a slave ldap server for reading access # By default, we will use the same DN (so it will work for standard Samba # release) slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" slavePw="123456" masterDN="cn=sambaadmin,dc=tinistuff,dc=com" masterPw="123456" Time to populate the ldap DB. [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 This does not work because it cannot bind as "sambaadmin" If I change my smbldap_bind to Manager, I can populate the DB. [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf # Credential Configuration # # Notes: you can specify two differents configuration if you use a # master ldap for writing access and a slave ldap server for reading access # By default, we will use the same DN (so it will work for standard Samba # release) slaveDN="cn=Manager,dc=tinistuff,dc=com" slavePw="123456" masterDN="cn=Manager,dc=tinistuff,dc=com" masterPw="123456" Now it populates fine. Is this a fault on my behalf, or is there something wrong with "sambaadmin" in the config files? PS - please forgive any spelling errors. Kind Regards, Adrian Sender. From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]>, samba Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Wed, 01 Mar 2006 08:13:32 -0800 Well... you have to create the containers using slapdadd. After the containers are present, then you can populate them with users, etc, using ldapadd or other tools. If you haven't created the containers, nothing is going to work. adrian sender wrote: The database has not been populated, and cannot be populated using "sambaadmin" From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Tue, 28 Feb 2006 22:01:24 -0800 adrian sender wrote: [EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif added: "cn=updateuser,dc=tinistuff,dc=com" (0002) added: "cn=sambaadmin,dc=tinistuff,dc=com" (0003) Error, entries missing! entry 1: dc=tinistuff,dc=com If you dump the database, does "dc=tinistuff,dc=com" show up in there? It looks like the entry for the base DN is missing, which might explain the problems that you're having. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Repost] Offline Files No Go
Dear All, I want to enable Offline Files support on several Win2K SP4 laptops. We have a samba file server. I have researched as much as I could to get answers and here is what I have. I am unfortunately unable to get this working properly. If anyone can answer or point me in to a good resource, I would greatly appreciate that. I am attempting to offline profile directories mapped to network drive letter X:. Here is my config for the profiles share: - [Profiles] comment = Shared User Profiles path = /home invalid users = nobody, guest create mask = 0600 directory mask = 0700 map acl inherit = Yes case sensitive = Yes hide special files = Yes store dos attributes = Yes csc policy = documents dos filemode = Yes dos filetime resolution = Yes - I get an error similar to the following for every file that I try to make available offline: Could not make 'somthing.doc' available offline. The specified file can not be found. If I create a new file, it appears as available offine, but I can neither delete nor rename it. At that point I usually start to get an Access Denied error on the entire shared drive and am forced to restart. The share is stored on a RHEL 3 server running Samba 3.0.9-1.3E.5 with an EXT3 file system with ACL support enabled. I have also included my global configuration at the bottom of this email. Here is my test procedure. -I make a share available offline. -It synchronizes showing all current files as "Unable to make 'file.txt' available offine on '\\server_b\profiles\testuser\My Documents'. The system cannot find the file specified." -I create new files in the folder while online. They appear oplocked in samba status: DENY_NONE RDWR EXCLUSIVE+BATCH /home/testuser/My Documents/New Text Document.txt -I attempt to give the file a name. This results in "X:\My Documents folder does not exist. Do you want to create it?" -The oplock is removed. -If I edit the file and attempt to save changes, I get "This file exists with Read Only attributes. Please use a different name." -If I then name the file something else, the file is created on the windows side and appears offline available. The file appears on the samba server also. -If I try to save this file again, I repeat the "This file exists with Read Only attributes..." situation from above. -Now, if I take the computer "offline" by disconnecting the NIC... all files behave normally. -After reconnecting, all files that were changed on windows while offline are synced to the samba server. Could this have something to do with case sensitivity or such? ANY help is greatly appreciated. Thanks! -Cheers, Peter. [global] workgroup = EXAMPLE realm = EXAMPLE.COM server string = File Server [ServerB] (Samba %v) security = ADS password server = SERVERA username level = 5 log level = 1 log file = /var/log/samba/%m max xmit = 65535 name resolve order = host wins bcast socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY load printers = No logon script = \\servera\netlogon\logon.bat logon drive = X: logon home = \\SERVERB\Profiles\%U lm announce = No preferred master = No local master = No domain master = No wins server = 10.0.2.1 lock spin count = 30 lock spin time = 15 ldap ssl = no idmap uid = 1000-2000 idmap gid = 1000-2000 template primary group = @ template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind cache time = 10 winbind use default domain = Yes winbind nested groups = Yes printer admin = jdoe read only = No create mask = 0660 directory mask = 0770 inherit permissions = Yes inherit acls = Yes delete veto files = Yes veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/ veto oplock files = /*.sem/*.qbw/*.mdb/*.nsf/*.log/*.id/*.ini/ csc policy = disable strict locking = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ntml_auth --require-membership-of
Hey guys, I have found that using a + as the seperator opposed to the slash in the group name works. IE: Sending "company+user pass" to ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="company\internet" returns Could not parse company/internet into seperate domain/name parts! but sending it to ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="company+internet" returns OK I found this after looking through ntlm_auth.c and finding that it relies on winbindd to provide the serperator. This maybe platform dependant, I have not dug deeper. The Man page is what thru me here as it states to use a backslash as the seperator in the example. Cheers, Simon Woodward. Andrew Bartlett wrote: > > On Thu, 2006-01-19 at 12:42 -0600, Rex Dieter wrote: >> Andrew Bartlett wrote: >> > On Wed, 2006-01-18 at 10:21 -0600, Rex Dieter wrote: >> > >> >>Rex Dieter wrote: >> >> >> >>>Rex Dieter wrote: >> >> I'm having trouble getting ntml_auth to recognize ActiveDirectory >> groups that aren't in AD\Users. In particular, we've a few groups in >> our department OU that I'd like to be able to use. If I specify any >> of our OU-specific groups, using something like: >> # ntlm_auth --username=foo --require-membership-of="AD\OUGroup1" >> password: >> I get: >> Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! >> >> >>>Turns out using >> >>>wbinfo --name-to-sid=OUGroup1 >> >> >>So my question is: why can wbinfo resolve the name to a SID, but >> >>ntlm_auth can't? >> >> > Sometimes this is a problem of timing, as ntlm_auth does this when >> squid >> > is starting. >> >> I'm skeptical. I repeated this on several occasions on several >> different boxes. ntlm-auth *always* failed the same way when trying to >> resolve Groups not in the top-level AD\Users OU. > > Interesting. It should be asking the same question as wbinfo -n > > Can you chase this down a bit more, with the current code, and file a > bug? > > Andrew Bartlett > > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Student Network Administrator, Hawker College http://hawkerc.net > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- View this message in context: http://www.nabble.com/ntml_auth---require-membership-of-t945220.html#a3193055 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems Running an executable from samba share.
> Hello, > > I'm currently running samba 3 on solaris 9 within an active directory > domain (windows 2003 server , main kdc). All seems to be working well > in terms of authentication etc. Sharing and printing is fine. > > Below is my smb.conf > > # Samba config file created using SWAT > # from 192.200.29.110 (192.200.29.110) > # Date: 2006/02/15 16:23:13 > > [global] > workgroup = SANGERS > realm = SANGERS.LOCAL > server string = prima240 samba file and print server > security = ADS > log level = 3 > log file = /extra/samba/var/log.%m > max log size = 30 > preferred master = No > ldap ssl = no > idmap uid = 1-2 > idmap gid = 1-2 > printing = cups > print command = lpr -P'%p' %s; rm %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > lppause command = lp -i '%p-%j' -H hold > lpresume command = lp -i '%p-%j' -H resume > queuepause command = disable '%p' > queueresume command = enable '%p' > > [extra] > comment = Extra Samba Share > path = /extra > read only = No > force create mode = 0770 > guest ok = Yes > > [printers] > comment = All Printers > path = /usr/spool/samba > printable = Yes > browseable = No > > [export] > comment = Export Samba share > path = /export > browesable = yes > guest ok = no > writeable = yes > force create mode = 770 > > The problem I have is with my /export share. Whenever I try to run a > setup.exe file to install an accounts package, the client machine (xp > sp2) reports an error : > > "Only part of a ReadProcessMemory or WriteProcessMemory request was > completed" > > This file will open and install correctly through an NFS share and > mount on the same client machine so I have (hopefully) narrowed this > down to a samba error. Output from the samba log is below relevant to > this problem: > > [2006/03/01 14:39:40, 3] smbd/process.c:process_smb(1194) > Transaction 600 of length 162 > [2006/03/01 14:39:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans2 (pid 21110) conn 0x38bd80 > [2006/03/01 14:39:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (10033, 1) - sec_ctx_stack_ndx = 0 > [2006/03/01 14:39:40, 3] smbd/trans2.c:call_trans2qfilepathinfo(2859) > call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 > [2006/03/01 14:39:40, 3] smbd/trans2.c:call_trans2qfilepathinfo(2884) > call_trans2qfilepathinfo: SMB_VFS_STAT of > com/openacc/oa_start/CG42_Install_Gd.pdf failed (No such file or > directory) > [2006/03/01 14:39:40, 3] smbd/error.c:error_packet(146) > error packet at smbd/trans2.c(2627) cmd=50 (SMBtrans2) > NT_STATUS_OBJECT_NAME_NOT_FOUND > [2006/03/01 14:39:40, 3] smbd/process.c:process_smb(1194) > Transaction 601 of length 146 > [2006/03/01 14:39:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans2 (pid 21110) conn 0x38bd80 > [2006/03/01 14:39:40, 3] smbd/trans2.c:call_trans2qfilepathinfo(2859) > call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 > [2006/03/01 14:39:40, 3] smbd/trans2.c:call_trans2qfilepathinfo(2884) > call_trans2qfilepathinfo: SMB_VFS_STAT of > com/openacc/oa_start/resumes.ico failed (No such file or directory) > [2006/03/01 14:39:40, 3] smbd/error.c:error_packet(146) > error packet at smbd/trans2.c(2627) cmd=50 (SMBtrans2) > NT_STATUS_OBJECT_NAME_NOT_FOUND > [2006/03/01 14:39:40, 3] smbd/process.c:process_smb(1194) > Transaction 602 of length 142 > [2006/03/01 14:39:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans2 (pid 21110) conn 0x38bd80 > [2006/03/01 14:39:40, 3] smbd/trans2.c:call_trans2qfilepathinfo(2859) > call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 > [2006/03/01 14:39:40, 3] smbd/trans2.c:call_trans2qfilepathinfo(2884) > call_trans2qfilepathinfo: SMB_VFS_STAT of > com/openacc/oa_start/COOKN.ICO failed (No such file or directory) > [2006/03/01 14:39:40, 3] smbd/error.c:error_packet(146) > error packet at smbd/trans2.c(2627) cmd=50 (SMBtrans2) > NT_STATUS_OBJECT_NAME_NOT_FOUND > [2006/03/01 14:39:40, 3] smbd/process.c:process_smb(1194) > Transaction 603 of length 148 > [2006/03/01 14:39:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans2 (pid 21110) conn 0x38bd80 > [2006/03/01 14:39:40, 3] smbd/trans2.c:call_trans2qfilepathinfo(2859) > call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 > [2006/03/01 14:39:40, 3] smbd/trans2.c:call_trans2qfilepathinfo(2884) > call_trans2qfilepathinfo: SMB_VFS_STAT of > com/openacc/oa_start/string_e.ldl failed (No such file or directory) > [2006/03/01 14:39:40, 3] smbd/error.c:error_packet(146) > error packet at smbd/trans2.c(2627) cmd=50 (SMBtrans2) > NT_STATUS_OBJECT_NAME_NOT_FOUND > [2006/03/01 14:39:40, 3] smbd/process.c:process_smb(1194) > Transaction 604 of length 144 > [2006/03/01 14:39:40, 3] smbd/proces
[Samba] 0Xc0000022 wbinfo
I have in charge a windows network where we have some linux server with samba and winbind. Since few days, I have an error 0Xc022, apparently, winbind can't have the active directory of the controler domain windows 2000. My collegue and I are looking for a solution but we don't have one. Can you help us ? or give us some piece of information, or a solution ? thanks kind regard Calvin Coman mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
FW: [Samba] samba as a domain member
whoops, forgot to copy the list on it. sorry. Well, an update. I can log in to the console using any domain profiles, but, I can not access the exposed home directory through NetBeui (My Network Places/Network Neighborhood). Also, how should I configure /etc/pam.d/sshd to allow domain users to authenticate and logon through an ssh client (PuTTY?, OpenSSH?) -Original Message- From: Guillermo Gutierrez Sent: Wednesday, March 01, 2006 12:47 PM To: 'David Shapiro' Subject: RE: [Samba] samba as a domain member yes, getent passwd returns users and what appears to be machine names as well. wbinfo -u returns user info and computer info. wbinfo -g returns domain groups . Since I sent this email a couple of things changed. the above commands no longer display the domain as part of the info. I cannot get into my home directory which is shared but with a valid user of "valid users = %S" in the smb.conf. -Original Message- From: David Shapiro [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 01, 2006 12:32 PM To: Guillermo Gutierrez Subject: Re: [Samba] samba as a domain member Is the getent passwd returning users? Does wbinfo -u and wbinfo -g return users and groups? David David Shapiro Unix Team Lead 919-765-2011 >>> "Guillermo Gutierrez" <[EMAIL PROTECTED]> 3/1/2006 1:09:26 PM >>> Hello, I am new to this list but I have been learning to use linux/bsd and samba for the past year. so far I have been able to learn enough on my own to be able to successfully set up a functional samba server on FreeBSD and Gentoo Linux boxes. I am trying to learn how to integrate them into an Active Directory windows 2003 server domain. So far I have verified that Kerberos and ldap and winbind (I think) are functioning correctly. I am able to do a 'kinit [EMAIL PROTECTED]' command and not get a failure. I am able to see all of the groups and users/systems in the domain from getent commands. My problem is that I cant access samba shares when permissions are set using domain users. I can access the /home/samba/public share is I DON'T specify a 'valid users =' line in the smb.conf file, but not the other way around. Here is what my smb.conf file looks like: # Samba config file created using SWAT # from 10.11.7.56 (10.11.7.56) # Date: 2006/03/01 09:45:11 [global] workgroup = MARKETSCAN realm = MARKETSCAN.COM server string = %h Samba Server interfaces = lo, eth0 bind interfaces only = Yes security = ADS auth methods = winbind password server = nostradmus, nostradamus_ii, nostradamus_cam log file = /var/log/samba/log.%m socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 load printers = No preferred master = No dns proxy = No wins proxy = No wins server = 10.11.3.198 ldap ssl = no passdb expand explicit = No idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = max log size = 50 winbind use default domain = Yes [public] comment = %h Public Share path = /home/samba/public read only = No force create mode = 0777 force directory mode = 0777 guest ok = Yes [homes] comment = Home Directory for %U path = /home/%D/%U valid users = %S read only = No force create mode = 0777 force directory mode = 0777 browseable = No I would greatly appreciate any help. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Prevent deleting/moving of primary directory, but allow deleting/moving of subdirectories by users
Greetings - In general terms I would like to prevent users from deleting or moving a primary directory within a share, but allow users to create / delete / move subdirectories and files that reside under these directories. My reason for needing this type of setup is to prevent an accidental deletion of a common directory and to maintain a planned directory structure at the top level of the share. My system information is listed below. Linux RHES 3 Samba 3.0.9-1.3 File Server for 8 Windows boxes (2000 and XP) The share and directory structure that explains what I would like to do is listed below. We have a small open office where everyone works together on multiple projects and proposals. The permissions currently set for the ECOSYSTEM share are read/write/execute (0777) for the entire share, with all subdirectories inheriting permissions. I would like to be able to allow all users (or a specified group) to create/delete/move directories such as Project1, or any files under Project1, as they wish. I would like to prevent anyone but the administrator with root privileges from accidentally deleting or moving the Archive, Admin, Marketing, Projects, and Reference directories. The pertinent details of my smb.conf are also listed below. ECOSYSTEM |-Archive |-Admin |-Marketing |-Proposal1 |-Proposal2 |-Projects |-Project1 |-Project2 |-Reference smb.conf #=== Global Settings = [global] server string = Bison samba server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 unix password sync = yes pam password change = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 preferred master = yes password server = None guest ok = yes security = SHARE dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writeable = yes hide dot files = yes [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes [ecosystem] path = /ecosystem writeable = yes create mask = 0777 directory mask = 0777 inherit permissions = yes I have searched through the list archives and found discussion of a similar issue at http://marc.theaimsgroup.com/?l=samba&m=110746845920890&w=2 , but the solution of the issue is not clearly identified. I have read and re-read the 'Definitive Guide to Samba 3' without success at understanding if this is possible or not. If anyone has implemented this type of permissions setup, can you provide some guidance and details. Thanks for your assistance. Jeff Boyce Meridian Environmental www.meridianenv.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.21c safe_strcat string overflow w/ "net rpc share migrate files"
On Thu, Mar 02, 2006 at 12:03:14AM +0100, Thomas Limoncelli wrote: > When migrating files off an existing Win2K file server using "net rpc > share migrate files" with Samba 3.0.21c on SuSE 9.3 Pro I stumbled > across a number of "string overflow by X in safe_strcat" errors on a few > files with non-ASCII characters: > > myserver# net rpc share migrate files myshare --acls --attrs > --timestamps -S win2k -U 'XXX\administrator' --destination=`hostname` > Password: > syncing[myshare] files and directories including ACLs, including DOS > Attributes (preserving timestamps) > [...] > [2006/03/01 23:04:59, 0] lib/util_str.c:safe_strcat_fn(637) > ERROR: string overflow by 4 in safe_strcat [Meyer ABCD Ostlandstr., > Carl-Köttgen-Str., Pe] > > Also, there are a number of (possibly related) errors of the kind: > > could not handle file: \some\long\path\with\special\characters\like > öüäß: NT_STATUS_OBJECT_NAME_NOT_FOUND > > > Would this likely be a Samba or W2K server bug? Is there any way to > migrate these files using any sort of automated mangling? I'm willing to > provide level 10 debug logs, Ethereal traces and whatever it may take to > track it down. Please log a bug at bugzilla.samba.org and attach level 10 debug logs + ethereal traces. Thanks ! Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.21c safe_strcat string overflow w/ "net rpc share migrate files"
When migrating files off an existing Win2K file server using "net rpc share migrate files" with Samba 3.0.21c on SuSE 9.3 Pro I stumbled across a number of "string overflow by X in safe_strcat" errors on a few files with non-ASCII characters: myserver# net rpc share migrate files myshare --acls --attrs --timestamps -S win2k -U 'XXX\administrator' --destination=`hostname` Password: syncing[myshare] files and directories including ACLs, including DOS Attributes (preserving timestamps) [...] [2006/03/01 23:04:59, 0] lib/util_str.c:safe_strcat_fn(637) ERROR: string overflow by 4 in safe_strcat [Meyer ABCD Ostlandstr., Carl-Köttgen-Str., Pe] Also, there are a number of (possibly related) errors of the kind: could not handle file: \some\long\path\with\special\characters\like öüäß: NT_STATUS_OBJECT_NAME_NOT_FOUND Would this likely be a Samba or W2K server bug? Is there any way to migrate these files using any sort of automated mangling? I'm willing to provide level 10 debug logs, Ethereal traces and whatever it may take to track it down. -TL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migration from NT4 to W2K3 AD
So many changes that you are working on... just the migration from NT4 to AD2k3 is a project, though not too difficult. You will be moving to an Active Directory configuration (very similar to OpenLDAP) and binding to the new AD LDAP database will be critical. Also, adding the appropriate schema information to your AD infrastructure. If you are planning on making a 100% immediate cutover I would strongly recommend against it. Starting out in a mixed environment would be the best until you get the LDAP/AD Samba Integration resolved. Since Samba is not fully integrated with AD yet there could be some issues you might not have foreseen. If your current admin working on this project is unfamiliar with Linux and the configuration I might suggest using an outside source for additional support and help. I would strongly recommend (if you haven't already building a test lab for this project to test the entire user migration from NT4 to AD2k3, as well as how Samba will respond during the Domain changes. Recently completing a project very similar to this I know what you are about to go through. James Taylor [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of updatemyself . Sent: Wednesday, March 01, 2006 2:30 PM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Migration from NT4 to W2K3 AD write abt ur needs sure, the solutions will be there.. it will be helpful.. if u can explain the corrent configuration.. regards jerrynikky. On 3/1/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Are there any gotcha's. > > > I am currently using winbindd and very successfully integrating my Samba > boxes with the NT4 domain structure. The admin who is doing the migration > (A corporate person not used to Linux at all) is already nervous about the > migration since it involves Linux. > > Usernames are not supposed to change..but, the authentication domain is > going to be a completely new one. > > Any and all help is greatly appreciated. > > Thanks, > Mike Barber > WPTZ/WNNE > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Primary and secondary group issues with Vintela VAS andSamba - Resolved
Upgraded VAS to version: 2.6.48.11 Added the following to vas.conf: (In the [nss_vas] section): groups-for-user-update = true (In the [vascd] section): workstation-mode-group-do-member = true And commented out all alt-* lines from the [vascd] section. Also, chmod g+s on all top level directories so group permission are inherited On Feb 21, 2006, at 8:43 AM, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc Donnelly wrote: what version of samba have you seen this on? -marc On Feb 20, 2006, at 4:18 PM, Golden Butler wrote: This is not a Vintela issue. I've experienced this with Samba and winbind, and I haven't found any solution to it yet. I really wish that this can be solved because it's a serious hinderance! This makes no sense to me. Can you send me some level 10 logs from smbd that illustrates the problem? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+ycTIR7qMdg1EfYRAhiqAJ4lW3r4hYruohwMlSjlKiNA8DYp6gCgly3k V0Ietz+Sq5GuVAWz+tJPdBc= =fjkQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] "printer admin" still working in 3.0.21c?
Gerald (Jerry) Carter wrote: use client driver = Yes ^^ Thomas, See the man page for this option. It should never be set on printers for which you want to install drivers on the server. Jerry, you're the man! Works fine now. Cheers, -TL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migration from NT4 to W2K3 AD
write abt ur needs sure, the solutions will be there.. it will be helpful.. if u can explain the corrent configuration.. regards jerrynikky. On 3/1/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Are there any gotcha's. > > > I am currently using winbindd and very successfully integrating my Samba > boxes with the NT4 domain structure. The admin who is doing the migration > (A corporate person not used to Linux at all) is already nervous about the > migration since it involves Linux. > > Usernames are not supposed to change..but, the authentication domain is > going to be a completely new one. > > Any and all help is greatly appreciated. > > Thanks, > Mike Barber > WPTZ/WNNE > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File deletion error message
try to mount the file system with "acl" support mount /mount-point -o remount,rw,acl,user_xattr the set the permission for perticular user.. if he have "write" permission in samba server. then only he can delete the files... try it.. jerrynikky On 3/2/06, Tony Gulizia <[EMAIL PROTECTED]> wrote: > I am trying to delete files from a share on an IBM Risc from Windows > explorer in WinXP SP2. The message displayed is: Cannot delete > "filename": The mounted file system does not support extended > attributes. Do I need to modify settings on the Risc configuration or > the PC side? > > > > Thanks, > > Tony > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon Failure: The target account name is incorrect
On Thu, 2006-02-23 at 13:16 -0800, Richard Verdugo wrote: > Hi, > I'm using FC3 with samba 3.0 trying to be part of a Windows 2000 AD. > When I try to access a samba share it gives me: Logon Failure: The target > account name is incorrect > This error happens when the target server cannot decrypt the service ticket presented to it. > > The Active Directory domain for our small inhouse private network is > MBB.COM, we have our own nameservers that list the samba server in our > company domain, which is epublishers.com. So to reach the samba server we > would go to sambaserver.epublishers.com for example. > > Does this look right, or is it possible that the 2 different domain names > are somehow causing a conflict? > In most cases, this is because you have a server in the client's realm with a servicePrincipalName attribute (e.g. host/server) matching that of the "true" destination service in another realm. When the client asks for a service ticket to host/server, they end up with a service ticket to the service account in the client realm, not the remote realm. See the kerberos troubleshooting whitepaper at http://www.microsoft.com/kerberos for more details on this error, and how to remedy it. Generically speaking, this can be solved by either: 1) accessing the remote server by its FQDN (e.g. net use * \ \server.sambaserver.epublishers.com) (I'm assuming you're accessing the service via the NETBIOS name). 2) Checking for a matching service account in the client realm, and deleting it (or renaming it). > thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.21b is not able to connect to password server
On our AIX 5.2 system we have Samba 3.0.4 and 3.0.21b. The smb.conf files are identical for both versions. The 3.0.4 version runs fine, but with 3.0.21b, we get errors like the following when trying to run smbclient: [2006/02/28 22:03:05, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server FD0 00XSFED01 for domain FEDERATED. [2006/02/28 22:03:05, 0] auth/auth_domain.c:connect_to_domain_password_server(11 2) connect_to_domain_password_server: unable to open the domain client session to machine FD000XSFED01. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2006/02/28 22:03:05, 0] rpc_client/cli_pipe.c:get_schannel_session_key(2417) get_schannel_session_key: could not fetch trust account password for domain 'F EDERATED' [2006/02/28 22:03:06, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server FD0 00XSFED01 for domain FEDERATED. [2006/02/28 22:03:06, 0] auth/auth_domain.c:connect_to_domain_password_server(11 2) connect_to_domain_password_server: unable to open the domain client session to machine FD000XSFED01. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2006/02/28 22:03:06, 0] auth/auth_domain.c:domain_client_validate(206) domain_client_validate: Domain password server not available. I don't understand why it would make a difference which version we use. If it did not work with either version, then the configuration would be suspect. Here is the Global part of smb.conf. # Samba config file created using SWAT # from 11.16.153.117 (11.16.153.117) # Date: 2006/02/08 14:34:33 # Global parameters [global] workgroup = FEDERATED netbios name = CCASEMCOM4 server string = MCOM4 Samba Server security = DOMAIN update encrypted = Yes password server = fd000xsfed01 smb passwd file = /var/samba/private/smbpasswd passwd program = /usr/bin/passwd log file = /usr/local/samba/var/log.%m large readwrite = No max xmit = 65535 time server = Yes unix extensions = No deadtime = 30 max open files = 15000 dns proxy = No kernel oplocks = No ldap ssl = no create mask = 0775 directory mask = 0775 mangle case = Yes map archive = No oplocks = No level2 oplocks = No strict locking = No What is missing, or wrong, that would cause 3.0.21b to fail? Thank you. Ray Gebbie Federated Systems Group San Francisco, CA 94102 415-422-1662 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File deletion error message
I am trying to delete files from a share on an IBM Risc from Windows explorer in WinXP SP2. The message displayed is: Cannot delete "filename": The mounted file system does not support extended attributes. Do I need to modify settings on the Risc configuration or the PC side? Thanks, Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] connectivity trouble
I have samba 2.2.7 running on Tru64unix. In the smb.conf file, in the global section, I have the following: password server = PWA, PW security = server With these options set, all of the network users who also have accounts on the unix machine can access the samba share they need. We also have a user without a network accout but has an account on unix can also access the share because his name is in the unix and samba passwd files. I am trying to set up an identical situation on a new Tru64 unix machine. I have installed samba with no problems on unix. I have copied the smb.conf file from the original machine to the new. Everything has been set up the same on the new machine. The network users can browse and connect to the samba shares on the new machine but the one user that only has the unix and smb account cannot (the way he could on the original machine). The only difference between the two scenarios is the version of samba. On this new machine, I'm using ver. 3.0.21b. Here is the pertinent sections of the smb.conf file. [global] workgroup = PUBLICWORKS hosts allow = 10. wins server = 10.116.10.1 domain master = no local master = no preferred master = no os level = 0 password server = PWA, PW security = server encrypt passwords = yes username map = /usr/local/samba/lib/user.map [aff-src] comment = HiAffinity PhaseI code set path = /Affinity/Ver5.2 admin users = affinity guest ok = no writeable = no P.S. I have been and am still looking at the HOWTO and O'Reilly doc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
Really Thanks while we get the solution..., we may feel it so simple... the effort to find it out.. it not so small.. always.. U ppl gave nice Help... Thanks Once again... jerrynikky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba as a domain member
Hello, I am new to this list but I have been learning to use linux/bsd and samba for the past year. so far I have been able to learn enough on my own to be able to successfully set up a functional samba server on FreeBSD and Gentoo Linux boxes. I am trying to learn how to integrate them into an Active Directory windows 2003 server domain. So far I have verified that Kerberos and ldap and winbind (I think) are functioning correctly. I am able to do a 'kinit [EMAIL PROTECTED]' command and not get a failure. I am able to see all of the groups and users/systems in the domain from getent commands. My problem is that I cant access samba shares when permissions are set using domain users. I can access the /home/samba/public share is I DON'T specify a 'valid users =' line in the smb.conf file, but not the other way around. Here is what my smb.conf file looks like: # Samba config file created using SWAT # from 10.11.7.56 (10.11.7.56) # Date: 2006/03/01 09:45:11 [global] workgroup = MARKETSCAN realm = MARKETSCAN.COM server string = %h Samba Server interfaces = lo, eth0 bind interfaces only = Yes security = ADS auth methods = winbind password server = nostradmus, nostradamus_ii, nostradamus_cam log file = /var/log/samba/log.%m socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 load printers = No preferred master = No dns proxy = No wins proxy = No wins server = 10.11.3.198 ldap ssl = no passdb expand explicit = No idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = max log size = 50 winbind use default domain = Yes [public] comment = %h Public Share path = /home/samba/public read only = No force create mode = 0777 force directory mode = 0777 guest ok = Yes [homes] comment = Home Directory for %U path = /home/%D/%U valid users = %S read only = No force create mode = 0777 force directory mode = 0777 browseable = No I would greatly appreciate any help. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
We've all been there, glad to hear you figured it out, and more than happy to help! Regards, Mike. updatemyself . wrote: hi Guys... Its working well the only point is.. we need to restart the Windows client once we update it.. or atlease we need to logoff.. a stupid mistake from my side... sorry.. and same time Thanks a lot.. i spoil one day because of this stupid mistake... Thanks A lot dear Guys.. this line is enough invalid users = MYDOMAIN\rush MYDOMAIN\render regards jerrynikky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
hi Guys... Its working well the only point is.. we need to restart the Windows client once we update it.. or atlease we need to logoff.. a stupid mistake from my side... sorry.. and same time Thanks a lot.. i spoil one day because of this stupid mistake... Thanks A lot dear Guys.. this line is enough invalid users = MYDOMAIN\rush MYDOMAIN\render regards jerrynikky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: hanging smbd(s) revisited
Matt Johnson wrote: On Wed, 1 Mar 2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fermin Molina wrote: I don't know exactly, but when I moved the information from NFS servers to local storage, the problems disappeared. Samba assumes posix locking semantics on the filesystem. NFS locking is broken. You might try setting 'strict locking = no'. If that doesn't work, you might try 'posix locking = no' just as a test. We'll give that a shot -- we're still doing fs->nfs->samba sharing. Is this going to incur a slowdown? We did that for awhile, and the answer is an emphatic yes. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Wed, 1 Mar 2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Johnson wrote: Hm, fun... Okay. I guess that making the same host serve both NFS and CIFS off the same physical volume is probably the best ultimate solution? (This is the direction we are heading in, but right now, not quite in a position to do that yet). I can't remember but you are running Linux right ? In that case the nfsd and smbd processes coordinate locking through the kernel oplock interface. Correct -- our Samba server is Linux. However if/when we move samba to the same hosts as those serving NFS, those would be Solaris 8 boxes. cheers Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Wed, Mar 01, 2006 at 03:22:44PM +0100, Fermin Molina wrote: > > Well, but I think the problem isn't located in the locking of NFS files; > smbd daemons always get stalled doing a lock of "local" locking.tdb > file. Then, must be broken the ext3 locking? In any case, maybe it's > broken all locking system in linux kernel... If the NFS locking code has a problem for a process it is possible that this may cause issues with other (seemingly) unrelated locks for the same process. The give-away is that the problem goes away when you stop using nfs locking. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
- Original Message - From: "William Jojo" <[EMAIL PROTECTED]> To: "Jeremy Allison" <[EMAIL PROTECTED]> Cc: ; "Gerald (Jerry) Carter" <[EMAIL PROTECTED]>; "Andrew Tridgell" <[EMAIL PROTECTED]>; "Jeremy Allison" <[EMAIL PROTECTED]> Sent: Tuesday, February 28, 2006 4:33 PM Subject: Re: [Samba] hanging smbd(s) revisited > > - Original Message - > From: "Jeremy Allison" <[EMAIL PROTECTED]> > To: "William Jojo" <[EMAIL PROTECTED]> > Cc: ; "Gerald (Jerry) Carter" <[EMAIL PROTECTED]>; > "Andrew Tridgell" <[EMAIL PROTECTED]>; "Jeremy Allison" <[EMAIL PROTECTED]> > Sent: Tuesday, February 28, 2006 3:25 PM > Subject: Re: [Samba] hanging smbd(s) revisited > > > > On Tue, Feb 28, 2006 at 01:30:40PM -0500, William Jojo wrote: > > > > > > So we've gone back to 3.0.20 and we're stable again. I should indicate > that > > > it's 3.0.20 with patches 9484, 9481 and 9456 to fix Win98 dir loop, > excel > > > shared workbook and ACLs (not necessarily in that order). > > > > > > Since the problem manifests in the filesystem where our Samba install > is, > > > and it appears to be a tdb (namely locking.tdb for fd=15, but can't > identify > > > the fd=3 that spins unmercifully), I'm wondering if *maybe* it could be > the > > > "Fix for tdb clear-if-first race condition." or some other tdb change > after > > > 3.0.20 that traded one bug for another? I'm guessing... :-) > > > > Identifying that fd would be really useful. > > Ok, dug it up. This is the IBM info. > > > - Original Message - > From: Robert Elias > To: [EMAIL PROTECTED] > Sent: Monday, February 27, 2006 12:30 PM > Subject: Pmr#47402,180 > > > Bill, > > Thank you for patience while I work through your questions. I ran this issue > by our level 3 performance team and received the following input. > > The file in question is inode 12363 in /samba. Use 'find /samba -inum 12363' > to determine the file name. > > I ran this by the Samba team members that work for IBM and they suggested > the following: > > As a long shot, I suggest that you have him run tdbtorture (a file i/o > testcase) from the samba source tree as that does a simulation of the > locking that Samba does and if we have a bug in AIX locking. > > Your comments or thoughts? > > Thanks, > > Robert Elias > AIX Duty Manager > IBM Integrated Technology Services > 214-257-9292 - T/L 972 > > > > > > > [storage:/samba/3.0.21b] # find /samba -inum 12363 > /samba/3.0.21b/var/locks/locking.tdb > > > > > > We are going to start moving to 20a, then 20b, then to 21 then back to > 21a > > > where we started (21b did it too, haven't tried 21c yet) after another > day > > > or two of 3.0.20 to make sure we're not losing our mind. > > > > I've looked over the logic for the aquiring/release of the lock > > for the locking.tdb in the 3.0.21c release code - I can't see any possible > > paths, error or otherwise where the lock can be left live on a > > record. I'll keep looking though. When it's spinning, what is the errno > that the fcntl call > > returns ? > > > > What appears to happen is pid 266946 is exiting (exited?) and some kind of > dealock has occured which shows the following in filemon.sum from the > perfpmr that IBM had me run during the event. > > > > 9603204 hooks processed (incl. 2108 utility) > 60.013 secs in measured interval > Cpu utilization: 42.9% > > Most Active Files > > #MBs #opns #rds #wrs file volume:inode > > 230.1 0 29492 0 pid=266946_fd=3 > 43.3 0 1588129 pid=240270_fd=5 > > > > My question to IBM was how can this happen? The above inode number is what > was provided to me yesterday. > > Since moving to 3.0.20 the problem has subsided, I'm back here and not > bugging IBM at the moment. :-| > > Whatever else I can get you, just say the word. :-) > > Do you agree with us to step to 20a, 20b ... ? > > We've survived two days on 3.0.20, and our load is even more than when we started. We have over 1000 smbd's running on this machine and it's not even breaking a sweat. Now additonally, I'm looking through source/locking/locking.c I notice that diff of 3.0.20 and 20a and 20b have no changes. Then in 3.0.21 there's an invasive change. (locking/posix.c remains unchanged through 21b.) I'm pretty certain that 20a and 20b will be fine for us based on what I see, but I'm still learning (and comprehending :-) ) these changes looking for a smoking gun. And tomorrow I will put 20b (skipping 20a) in place on this server. I'm opening a bug because I think this one is real and load related. Cheers, Bill > Cheers, > > Bill > > > > Jeremy. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https:/
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
Well... you have to create the containers using slapdadd. After the containers are present, then you can populate them with users, etc, using ldapadd or other tools. If you haven't created the containers, nothing is going to work. adrian sender wrote: The database has not been populated, and cannot be populated using "sambaadmin" From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Tue, 28 Feb 2006 22:01:24 -0800 adrian sender wrote: [EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif added: "cn=updateuser,dc=tinistuff,dc=com" (0002) added: "cn=sambaadmin,dc=tinistuff,dc=com" (0003) Error, entries missing! entry 1: dc=tinistuff,dc=com If you dump the database, does "dc=tinistuff,dc=com" show up in there? It looks like the entry for the base DN is missing, which might explain the problems that you're having. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Johnson wrote: > Hm, fun... Okay. I guess that making the same host > serve both NFS and CIFS off the same physical volume > is probably the best ultimate solution? (This is the > direction we are heading in, but right now, not > quite in a position to do that yet). I can't remember but you are running Linux right ? In that case the nfsd and smbd processes coordinate locking through the kernel oplock interface. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBcdzIR7qMdg1EfYRAsA8AJsEquflM8u2SfR3hvsTs6qk+iF47QCgu+gm PDiz3Q7zy8lYXwvDTpjBp54= =2EOf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about roaming profiles
I am toiling with the idea of using the roaming profiles. I do not want to just 'turn it on' however; Can they be enabled or disabled on a per user basis? Is this a Samba configuration or workstation thing? If either what do I need to change? I only want to make a 'test' user to try roaming profiles out with. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Wed, 1 Mar 2006, Gerald (Jerry) Carter wrote: On Wed, 1 Mar 2006, Gerald (Jerry) Carter wrote: Samba assumes posix locking semantics on the filesystem. NFS locking is broken. You might try setting 'strict locking = no'. If that doesn't work, you might try 'posix locking = no' just as a test. We'll give that a shot -- we're still doing fs->nfs->samba sharing. Is this going to incur a slowdown? No. But if you are accessing the same file via NFS and CIFS, you might have problems with applications not recognizing each others locks. Hm, fun... Okay. I guess that making the same host serve both NFS and CIFS off the same physical volume is probably the best ultimate solution? (This is the direction we are heading in, but right now, not quite in a position to do that yet). Many thanks Matt -- == Matt Johnson <[EMAIL PROTECTED]> (020) 7594 8440 / x48440 Systems Programmer, Computing Support Group Office: Huxley 225 Department of Computing, Imperial College London == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Johnson wrote: > On Wed, 1 Mar 2006, Gerald (Jerry) Carter wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Fermin Molina wrote: >> >>> I don't know exactly, but when I moved the information >>> from NFS servers to local storage, the problems disappeared. >> >> >> Samba assumes posix locking semantics on the filesystem. >> NFS locking is broken. You might try setting >> 'strict locking = no'. If that doesn't work, you might >> try 'posix locking = no' just as a test. > > We'll give that a shot -- we're still doing fs->nfs->samba > sharing. Is this going to incur a slowdown? No. But if you are accessing the same file via NFS and CIFS, you might have problems with applications not recognizing each others locks. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBcBrIR7qMdg1EfYRAkzqAKCGja38B0JCpPTkGkucACyZebsiJQCgunBN 5UFAkiYNpLIRYq8RBcoKN8A= =guFx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Wed, 1 Mar 2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fermin Molina wrote: I don't know exactly, but when I moved the information from NFS servers to local storage, the problems disappeared. Samba assumes posix locking semantics on the filesystem. NFS locking is broken. You might try setting 'strict locking = no'. If that doesn't work, you might try 'posix locking = no' just as a test. We'll give that a shot -- we're still doing fs->nfs->samba sharing. Is this going to incur a slowdown? Cheers Matt -- == Matt Johnson <[EMAIL PROTECTED]> (020) 7594 8440 / x48440 Systems Programmer, Computing Support Group Office: Huxley 225 Department of Computing, Imperial College London == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migration from NT4 to W2K3 AD
Are there any gotcha's. I am currently using winbindd and very successfully integrating my Samba boxes with the NT4 domain structure. The admin who is doing the migration (A corporate person not used to Linux at all) is already nervous about the migration since it involves Linux. Usernames are not supposed to change..but, the authentication domain is going to be a completely new one. Any and all help is greatly appreciated. Thanks, Mike Barber WPTZ/WNNE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fermin Molina wrote: >> Samba assumes posix locking semantics on the filesystem. >> NFS locking is broken. You might try setting >> 'strict locking = no'. If that doesn't work, you might >> try 'posix locking = no' just as a test. > > Well, but I think the problem isn't located in the locking > of NFS files; smbd daemons always get stalled doing a lock > of "local" locking.tdb file. Then, must be broken the > ext3 locking? In any case, maybe it's broken all locking > system in linux kernel... I understand the problem description. I stand by my suggestion. > Regarding another subject, I cannot try those settings > because now that the information is 'local' to samba > machine and not further mounted from the NFS server, there > haven't been any problems... OK. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBbPsIR7qMdg1EfYRAihKAJ4u8AN8XYBzU0Aow24dyT1QRUOwlgCfZCmq EkEhQGYkv0gmojOFs2UdjDM= =yfnZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Account Manager 1.0.0 released
LDAP Account Manager (LAM) 1.0.0 - March 1st, 2006 == A web frontend for managing accounts stored in an LDAP directory. Announcement: - This release introduces a new architecture which supports more account types than just users, groups and hosts. There are also two new translations: Traditional Chinese and Dutch Features: - * management of Unix user and group accounts (posixAccount/posixGroup) * management of Samba 2.x/3 user and host accounts (sambaAccount/sambaSamAccount) * management of Kolab 2 accounts (kolabInetorgPerson) * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units (OU) * schema browser * tree view * multiple configuration files * multi-language support (Catalan, Chinese, Dutch, English, French, German, Hungarian, Italian, Japanese, Spanish) * support for LDAP+SSL Availability: - This software is available under the GNU General Public License V2.0. You can get the newest version at http://lam.sf.net. It may take some time until you can download the files from all mirrors. File formats: DEB, RPM, tar.gz There is also a FreeBSD port. Debian users may also use the packages in Debian unstable. Demo installation: -- You can try our demo installation online. http://lam.sf.net/live-demo/index.htm Support: If you find a bug please file a bug report. For questions or implementing new features please use the forum and feature request tracker at our Sourceforge homepage http://www.sf.net/projects/lam. Authors & Copyright: Copyright (C) 2003 - 2006: Michael Duergner <[EMAIL PROTECTED]> Roland Gruber <[EMAIL PROTECTED]> Tilo Lutz <[EMAIL PROTECTED]> LAM is published under the GNU General Public License. The comlete list of licenses can be found in the copyright file. signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Wed, 2006-03-01 at 07:45 -0600, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Fermin Molina wrote: > > > I don't know exactly, but when I moved the information > > from NFS servers to local storage, the problems disappeared. > > > Samba assumes posix locking semantics on the filesystem. > NFS locking is broken. You might try setting > 'strict locking = no'. If that doesn't work, you might > try 'posix locking = no' just as a test. Well, but I think the problem isn't located in the locking of NFS files; smbd daemons always get stalled doing a lock of "local" locking.tdb file. Then, must be broken the ext3 locking? In any case, maybe it's broken all locking system in linux kernel... Regarding another subject, I cannot try those settings because now that the information is 'local' to samba machine and not further mounted from the NFS server, there haven't been any problems... Cheers, -- Fermin Molina Ibarz Tècnic sistemes - ASIC Universitat de Lleida Tel: +34 973 702151 GPG: 0x060F857A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fermin Molina wrote: > I don't know exactly, but when I moved the information > from NFS servers to local storage, the problems disappeared. Samba assumes posix locking semantics on the filesystem. NFS locking is broken. You might try setting 'strict locking = no'. If that doesn't work, you might try 'posix locking = no' just as a test. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBaWIIR7qMdg1EfYRAi0cAKC1vIbeso6rnYfzVdKXFx92yz67vgCfb7ig XClbm0krxiEVKz5teI1XUtI= =qL5w -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating to AD with usernames containing dots
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Boothe wrote: > Does *anyone* have info on how I can authenticate to Active > Directory using dotted usernames from a Linux machine? You mean using the principal name and not the sAMAccountName, right? Not currently (at least not last time I looked). I admit we need to address this. cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBaLFIR7qMdg1EfYRAsaBAJ9DdPe5YU/5OmukE04Gn6FS2GQ+OwCfb7BP +YDrEvTmwdQWIR2SvvFsCyk= =ldOW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't log in new users
We have Samba 3.0.9 on SuSE acting as a PDC for our Windows clients (mainly XP, some 2k). We have the problem that sometimes newly created users can't log in, Windows says that the domain is not available. We checked all network settings on the client machines, and everythings fine, for our existing users also everything is okay. When I create a new user on the Samba server and try to log in, then I get the "domain not available" message again. A strange thing is that "net view server_name" on one of the clients very often says that the server has reached it's maximum connections, although we didn't specify a max connection limit. When a login attempt fails, there's no error at all in the Samba logs or in the Windows event log. When I just try to log in the new user again and again, then it sometimes suddenly works perfectly, and once it works it never fails again. Any ideas what could be the problem? If you need more info, please tell me! Thanks, Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Wed, 2006-03-01 at 09:57 +, Matt Johnson wrote: > On Tue, 28 Feb 2006, Fermin Molina wrote: > > Just to add -- our fcntl locking issue is on Linux, we've > seen it on 2.6.9, 2.6.13.1 and 2.6.15.3, running Mandrake 10.2. > locking.tdb is on a local disk. All smbd child processes are > blocked on apparently the same fcntl when it happens. > >>> > >>> Hmmm...ok. That ruins my theory. I thought you were on AIX > >>> as well. And just to make sure, you are running Samba 3.0.21b > >>> as well? > >> > >> Correct -- 3.0.21b on Linux 2.6. We had the same problem with 3.0.20 but > >> it was MUCH more frequent... 3.0.21b seems to have reduced the frequency > >> of the problem occurring but it does still seem to be there. > > > > I have had exactly the same problem. I reported that in thread "Samba > > daemons hang trying to lock locking.tdb", about Jan 25. > > > > I had a NFS mount from another server and then shared with samba. I > > moved the information on that server localy to the Samba server > > (avoiding NFS). All goes ok from that change. > > > > I don't understand why it works, because all smbd daemons were hanging > > in the previously commented fcntl call, that locks "locking.tdb" (that > > was located in local filesystem, not in any NFS mounted shares). > > > > I'm using FC4 with last updates (kernel included) and samba 3.0.21b. > > That's the one. We are indeed sharing volumes from the Samba server > which have been mounted via NFS, perhaps this is indeed an issue? I don't know exactly, but when I moved the information from NFS servers to local storage, the problems disappeared. > Something subtle with regard to tdb locking deadlocking in very specific > cases for samba-reshared NFS filesystems? (And yes, our locking.tdb is > on a local /var.) I cannot find any explanation for this behaviour... > To reiterate... the fcntl64 spins in a blocking wait, so we never see an > error unfortunately. IMHO, it's a hard to find problem. I tried to log 10 samba, but I couldn't find any clue. > It is always one of the 1-byte locks in locking.tdb > which it jams on. Also, no change to this behaviour from 3.0.20 through > 3.0.21b -- all have been broken, although 3.0.20 seemed to break more > frequently than 3.0.21b. Cheers, -- Fermin Molina Ibarz Tècnic sistemes - ASIC Universitat de Lleida Tel: +34 973 702151 GPG: 0x060F857A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Tue, 28 Feb 2006, Fermin Molina wrote: Just to add -- our fcntl locking issue is on Linux, we've seen it on 2.6.9, 2.6.13.1 and 2.6.15.3, running Mandrake 10.2. locking.tdb is on a local disk. All smbd child processes are blocked on apparently the same fcntl when it happens. Hmmm...ok. That ruins my theory. I thought you were on AIX as well. And just to make sure, you are running Samba 3.0.21b as well? Correct -- 3.0.21b on Linux 2.6. We had the same problem with 3.0.20 but it was MUCH more frequent... 3.0.21b seems to have reduced the frequency of the problem occurring but it does still seem to be there. I have had exactly the same problem. I reported that in thread "Samba daemons hang trying to lock locking.tdb", about Jan 25. I had a NFS mount from another server and then shared with samba. I moved the information on that server localy to the Samba server (avoiding NFS). All goes ok from that change. I don't understand why it works, because all smbd daemons were hanging in the previously commented fcntl call, that locks "locking.tdb" (that was located in local filesystem, not in any NFS mounted shares). I'm using FC4 with last updates (kernel included) and samba 3.0.21b. That's the one. We are indeed sharing volumes from the Samba server which have been mounted via NFS, perhaps this is indeed an issue? Something subtle with regard to tdb locking deadlocking in very specific cases for samba-reshared NFS filesystems? (And yes, our locking.tdb is on a local /var.) To reiterate... the fcntl64 spins in a blocking wait, so we never see an error unfortunately. It is always one of the 1-byte locks in locking.tdb which it jams on. Also, no change to this behaviour from 3.0.20 through 3.0.21b -- all have been broken, although 3.0.20 seemed to break more frequently than 3.0.21b. cheers Matt -- == Matt Johnson <[EMAIL PROTECTED]> (020) 7594 8440 / x48440 Systems Programmer, Computing Support Group Office: Huxley 225 Department of Computing, Imperial College London == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
