[Samba] Problem on displaying groupquota info
Gentleman, I have samba-3.0.25a working on a FreeBSD6.2 server. It was been compiled with-quota support. It was supposed to be working well with userquota and groupquota. Actually it is ok with userquotas. But it is passing wrong information about groupquota. On the server, 'quota -g sti' shows Disk quotas for group sti (gid 1001): Filesystem usage quota limit grace files quota limit grace /group 4339050 5242880 52428807279 0 0 As you can see, I set 5GB quota size for that group. Unfortunatelly, clients using windows are informed that this share has 63,9GB of total size and 34,6GB free space. grep groupquota /etc/fstab says: /dev/da0s1g /group ufs rw,noexec,groupquota,acls2 2 Note that quota is working well. No one can exceed the size. The problem is restricted to wrong information. I hope you can help. Thanks in advance! -- Fabiano Caixeta Duarte Especialista em Redes de Computadores Seção Técnica de Informática FEA-RP/USP-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Why doesn't getent passwd work for me?
I've attached a samba 3 (3.023c-2.el5.2.0.2) server to my windows 2003 domain. The domain's functional level is Windows 2000 Native. The server is running Centos 5. This configuration worked before I rebuild the server from Fedora Core 4 what ever version of samba it had. -- smb.conf -- [global] workgroup = mydomain netbios name = samba security = domain server string = Samba Server password server = passwd.server.edu encrypt passwords = yes wins server = 192.168.0.10 interfaces = eth0 lo idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes printing = cup wins support = yes log level = 10 (IP addresses and names have been altered) I ran the command net rpc join -Uadministrator%mypassword It replied Joined domain mydomain. wbinfo -u and wbinfo -g returns the user and group list I expected. wbinfo --authenticate=name%password returns plaintext password authentication succeeded challenge/response password authentication succeeded This concerns me, shouldn't the password be encrypted? getent passwd name returns nothing. getent passwd returns a list of local accounts. Also, why would I need to have a krb5.conf file in my /etc directory. I didn't think I was running KRB. When the default krb5.conf is there wbinfo -u doesn't work, if I remove it wbinfo -u starts working after I restart winbindd and smbd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd needs 5 minutes to work after reboot
I'm using winbind for authentication agains Windows 2003 server here at the college. The system has successfully joined he Windows domain and domain logins works wonderful 5 minutes after booting. That's my problem, domain logins does not work until the winbind daemon has established contact with the password server, and this take approx 5 minutes after a reboot. I think the problem is related to DHCPclient taking too long time to get an IP address, so maybee this is not a Samba/Winbind problem but there seems to be some synchronization missing during boot. This problem is on Ubuntu 7.04, I had the same problem on Fedora 4 2 years back, but there I managed to stop the network start/DHCPclient, so the bootsequence does not continue until the system has got an IP address, this works ok. So my question is how do I stop the bootsequence on Ubuntu during DHCPclient processing until an valid IP address is received ? Should this be part of winbindd configuring ? -- Knut Collin Narvik Univeristy College, Norway -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain users and local permissions
I have a situation that I don't know how to solve I have a directory that is shared out /apps My smb.conf has a write list for domain users valid users = @"Domian+Group",@Domain+user1,@Domain+user2,@Domain+user3,@Domain+user4,@Domain+user5 write list = @"Domian+Group",@Domain+user1,@Domain+user2,@Domain+user3,@Domain+user4,@Domain+user5 create mask = 0774 force create mode = 0774 force directory mode = 0774 What I need to do is one of two things... not sure which I can do. 1. I need have the local directories and files owned by a domain user & group and when anyone writes to the directory via the samba share or local shell the ownership remains the same(owned by the domain user/group). The problem I have is setting the local permissions to a domain user/group 2. I need to have the local directories and files owned by a local user & group and when anyone writes to the directory via the samba share or local shell the ownership remains the same/ The problem is the domain users can't write to the directory unless they are in the local group (how do you add a domain user to the passwd file?) or the directory is set to 777. Anyone know how to accomplish this? Thanks Jason -- Jason Greene -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] join ads -> Preauthentication failed
Many thanks Alexandr. Works perfectly with 3.0.24 . Next issue : zfs and ACL . May work in 3.0.25 with the correct module ! I'll post on technical list. Nicolas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] high load averages on large file transfers
Hello, I work for a production studio in Canada. I have a small problem I thought Id submit as it is now affecting our work. First, some background: Our production server is a Dell Poweredge 2800 (dual-xeon, dual-core) with 3 GB of ram running Fedora Core 3 (default install, stock Samba: 3.0.8pre1-0.pre1.3). We have about 60 clients, and often running 200+ smbd processes. The server is connected to a SUN StorEdge fibre channel array (3 TB, RAID5) where our database volumes are located. These volumes are shared with Samba, and nothing else (two shares total). I am observing increasingly dangerous load averages which is now affecting our database process. Every time somebody does any kind of heavy operation on the share (search, flip through 100s of bitmaps with ACDSee, transfer large Photoshop .PSD files from one share to another), the load averages go to the roof (15+) and our database process (tbdbserver, one process only, not multithreaded) starts slowing down, freezing access to the database. When idle, our load averages are close to 0. Under load, all 4 reported cores do rise somewhat (~20% each) in top. I attempted to upgrade both OS and Samba, with terrifying results: Fedora Core 5, which comes with a newer version of Samba, was not only worse, but made problems with some of our network rendering software. We had to get back to FC3. I have reduced the number of shares to a minimum, have attempted to isolate the database server process on one core as well as lowering its nice value, to no effect. The amount of RAM actually used is around 1.5 GB. When under heavy load, I always trace the guilty samba process back to a workstation running some heavy file transfer. Is this Samba behavior normal? If not, is there a version of Samba you would recommend? Here is our smb.conf: [global] socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = FILMSTUDIO server string = prodserver load printers = no security = SHARE logon path = logon drive = logon home = encrypt passwords = yes blocking locks = false level2 oplocks = false oplocks = false [usa] comment = USAnimation binaries browsable = yes read only = no guest ok = yes create mask = 0777 directory mask = 0777 path = /usa follow symlinks = yes [prod] comment = Fibre channel array (production) browsable = yes read only = no guest ok = yes create mask = 0777 directory mask = 0777 path = /mnt/production follow symlinks = yes [fcarray] comment = Fibre channel array (database) browsable = yes read only = no guest ok = yes create mask = 0777 directory mask = 0777 path = /mnt/array follow symlinks = yes Here is a top at idle: top - 09:10:41 up 91 days, 20:10, 2 users, load average: 1.16, 1.14, 1.04 Tasks: 259 total, 1 running, 258 sleeping, 0 stopped, 0 zombie Cpu(s): 4.8% us, 6.6% sy, 0.0% ni, 63.7% id, 23.5% wa, 0.0% hi, 1.4% si Mem: 3112960k total, 3080224k used,32736k free, 1014392k buffers Swap: 2031608k total, 7712k used, 2023896k free, 991960k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 1205 nobody15 0 11856 3408 9480 S 5.5 0.1 0:00.63 smbd 24083 nobody15 0 33544 6412 9484 S 4.1 0.2 1:01.38 smbd 24161 nobody15 0 69548 13m 9484 S 2.8 0.4 16:43.94 smbd 2778 usabatch 16 0 23620 11m 17m S 2.8 0.4 2:19.90 tbdbserver database server process 27480 nobody15 0 19504 9568 9480 D 2.8 0.3 4:35.55 smbd 11141 root 15 0 3216 1064 1664 R 2.8 0.0 0:00.64 top 2605 root 15 0 5200 1568 3524 S 1.4 0.1 6:20.13 sshd 20485 nobody15 0 20460 5520 9484 S 1.4 0.2 0:53.68 smbd 23137 nobody16 0 12576 3696 9484 S 1.4 0.1 0:08.76 smbd Dexter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 upgrade misery
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Curtis Maloney wrote, On 17-08-2007 02:45: > Well, just had a user come and show me a JPEG that's been > corrupted because the file copy died part way through. > The error was that the destination folder was no longer > available. > > I have no idea how much of the copious logs are relevant > to the debugging of this issue, as there are no log level > indications (why not??) so I'll paste as much as seems > relevant. > > Feel free to ask for more. > > [2007/08/17 15:38:59, 8] smbd/dosmode.c:dos_mode(371) >dos_mode: PROJS/R425_E1022_EV15_12 Scan Eng/EV12_assy_TB1.JPG > [2007/08/17 15:38:59, 8] smbd/dosmode.c:dos_mode_from_sbuf(188) >dos_mode_from_sbuf returning a > [2007/08/17 15:38:59, 8] smbd/dosmode.c:dos_mode(409) >dos_mode returning a[sparse] > [2007/08/17 15:38:59, 10] smbd/trans2.c:call_trans2qfilepathinfo(3539) >call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION > [2007/08/17 15:38:59, 5] smbd/trans2.c:call_trans2qfilepathinfo(3549) >SMB_QFBI - create: Fri Aug 17 15:34:36 2007 > access: Fri Aug 17 15:34:36 2007 > write: Fri Aug 17 15:34:36 2007 > change: Fri Aug 17 15:34:36 2007 > mode: 220 > [2007/08/17 15:38:59, 9] smbd/trans2.c:send_trans2_replies(712) >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = > 131010 > [2007/08/17 15:38:59, 9] smbd/trans2.c:send_trans2_replies(714) >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 > [2007/08/17 15:38:59, 5] lib/util.c:show_msg(484) > [2007/08/17 15:38:59, 5] lib/util.c:show_msg(494) >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=2532 >smb_uid=101 >smb_mid=13570 >smt_wct=10 >smb_vwv[ 0]=2 (0x2) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]=0 (0x0) >smb_vwv[ 3]=2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]=0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]=0 (0x0) >smb_vwv[ 9]=0 (0x0) >smb_bcc=45 > [2007/08/17 15:38:59, 10] lib/util.c:dump_data(2261) >[000] 00 00 00 00 00 00 7E 19 4C 90 E0 C7 01 00 7E 19 ..~. L.~. >[010] 4C 90 E0 C7 01 00 7E 19 4C 90 E0 C7 01 00 7E 19 L.~. L.~. >[020] 4C 90 E0 C7 01 20 02 00 00 00 00 00 00 L .. . > > For now, I can NOT afford for Samba to be destroying my files, so I'm going > to > switch back to 2.x and statically link the CUPS libs (the main driving reason > to > upgrade in the first place - samba2 doesn't support CUPS 1.2) Good luck. I remember that you said that the Samba 3 compilation was not very smooth on Solaris 9, did you check the compilation info from here: http://us4.samba.org/samba/ftp/Binary_Packages/solaris/sparc/ Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxaKbCj65ZxU4gPQRCEUvAJ4z8hjBiX3H8jEuoj0YPBwUipJ31QCgzgih rl4zyXMqyhrDCju4pKPB1U0= =gwqB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 upgrade misery
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Curtis Maloney wrote, On 16-08-2007 21:08: > Felipe Augusto van de Wiel wrote: >> Curtis Maloney wrote, On 15-08-2007 21:07: [...] >> There are quite a few messages on the archive about >> different speed problems with regards to Samba serving files, > > Honestly, I think if I can stop smbd barfing and closing > sockets, the problems might just clear up... Seems reasonable. > smbd is repeatedly spewing forth lists of socket options from > print_socket_options: [...] What testparm tells you about your smb.conf parameters with regards to the socket options? >> What options did you tried? Can you post more details >> about your smb.conf? > > With samba 2 I used the line: > socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_BROADCAST In recent version of Linux (2.6.x) it is the consensus on this list to drop some of the flags, I'm not so sure about Solaris kernel. > And things were just fine. Here are a few messages from threads about performance, maybe you can find something useful for your case. http://lists.samba.org/archive/samba/2007-April/131096.html http://lists.samba.org/archive/samba/2007-February/129562.html http://lists.samba.org/archive/samba/2007-April/131091.html http://lists.samba.org/archive/samba/2007-February/129139.html http://lists.samba.org/archive/samba/2007-January/128814.html http://lists.samba.org/archive/samba/2007-January/128645.html http://lists.samba.org/archive/samba/2007-February/129652.html http://lists.samba.org/archive/samba/2007-February/129797.html >>> 3) And what can I say to my boss who keeps asking "What does samba3 give us >>> over >>> samba2?" Because frankly, I'm coming up empty. >> >> First, maintainance, Samba2 is deprecated, no security >> updates. It is better to "talk" with client machines in several >> ways. It uses tdbs and/or LDAP, account policies, group mappings. > > Well, security's always a good point... Could you possibly elaborate at all > on > what advantage tdbs gives? I have switched to using it, but, again, the docs > aren't very specific on its gains. Check tdb source forge page: http://sourceforge.net/projects/tdb/ The idea is that it allow multiple writes, should be faster and safer (because it uses internal locks). http://wiki.samba.org/index.php/TDB It also has nice backup tools to keep various different information about Samba and its network environment. >> I'm not sure if you are using LDAP, it is a powerful >> resource, specially if you want to have PDC/BDC behaviour. The >> Samba3 changes a few points in the course of his development, I >> don't know what migration doc you read, but if it is not about >> 3.0.25, you need to check a few extra points from the release >> notes that will solve a few problems. > > The only feature of a PDC we use is the single point of authentication. Hmmm... PDC/BDC spreads the authentication among them, they do not use a single point. You can have a authentication server without being a PDC. :-) > Other than that, we just need to share files (and because of > some ridiculously old apps, printers). Nice, a standalone server would work great. > The possibility of using LDAP has surfaced a few times, but > as yet it's been avoided as grossly over complex for us, a > security hassle, and various other issues. I'm biased, but I would use LDAP for networks with 10 users. :-) > I read the migration docs on the web site, so if they're not > current, someone should make them so. Seems fair, do you have any links? Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxaHvCj65ZxU4gPQRCPQbAKC2d+i8dF9elM8SmVdO3CQCjyVbkQCcDJSn uiZ3OQ7pSyKc6ISmvoEaegg= =xwoG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba+LDAP: Groups and Groupmappings?
Hi, just a question about the representation of Windows Domain groups in LDAP when using the ldapsam backend: What exactly is required to have a Windows Domain group properly configured? Am I correct that there is only a single LDAP object of - objectClasses sambaGroupMapping and posixGroup, - where the cn and gidNumber tell the posix/unix group stuff, - where the sambaSID, the sambaGroupType, and the displayName describe the Windows group, - and the mapping is done by just having both parts of information in the same object? Is it correct that the posix group name (cn) and the windows group name (displayName) are independent and can be arbitrarily chosen? And that it does not matter whether the windows group name contains spaces, where unix/posix group names must not? regards Hadmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] join ads -> Preauthentication failed
The same situation. There is open bug https://bugzilla.samba.org/show_bug.cgi?id=4863 Seems krb5 support broken after samba 3.0.24 with 3.0.24 krb5 works fine. Join with a Administrator user gives me : [2007/08/16 17:21:49, 0] libads/kerberos.c:(228) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed Failed to join domain: Logon failure Any help would be appreciated. Nicolas -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind offline logon
Hello, I'd like to have more information about the winbind offline logon. Could I for example use pam_winbind on a linux system (domain member) for ssh, this works fine (the PDC is samba also). What I understood is that if I stop my PDC, I should still be able to connect with ssh as it uses pam_winbind. But that doesn't work :( thx fred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] join ads -> Preauthentication failed
Solaris 10 on sparc Samba version 3.0.25b (SUNWspro/bin/cc) kerberos from MIT Hi all, I'm trying to join a Active Directory Domain. kinit is working fine with any AD User. Join with a none-privileged user shout with - Failed to set password for machine account (NT_STATUS_ACCESS_DENIED) - Great. Join with a Administrator user gives me : [2007/08/16 17:21:49, 0] libads/kerberos.c:(228) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed Failed to join domain: Logon failure Any help would be appreciated. Nicolas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
