[Samba] winbindd hangs up while retreiving usernames.
Hello.
I'm installing new FreeBSD 6.2-RELEASE, based on intel machine. Firewall
type is OPEN.
I have Windows Server 2000 with Active Directory on it, working in Native
mode.
I've installed samba-3.0.23c_2,1 from /usr/ports/net/samba3
prefix=/usr/local
without krb-1.5.1 being installed.
Added:
nmbd_enable=NO
smbd_enable=NO
winbindd_enable=YES
to /etc/rc.conf
filled /etc/nsswitch.conf with:
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
filled /usr/local/etc/smb.conf with:
#
#=== Global Settings =
[global]
workgroup = DEP2
realm = DEP2.CITY-XXI.INT http://dep2.city-xxi.int/
netbios name = SZRouter
server string = Secondary Router
security = ADS
hosts allow = 10.1.9., 127.
log file = /var/log/samba/log.%m
max log size = 5000
password server = City2.dep2.city-xxi.int http://city2.dep2.city-xxi.int/
dns proxy = no
preferred master = no
local master = no
domain master = no
os level = 0
# My Properties
auth methods = winbind
winbind use default domain = yes
allow trusted domains = no
client NTLMv2 auth = yes
winbind separator = +
winbind cache time = 10
idmap uid = 1-2
idmap gid = 1-2
and checked syntax with:
testparm -s
I've modified /etc/krb5.conf
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 2400
default_realm = DEP2.CITY-XXI.INT http://dep2.city-xxi.int/
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5 rc4-hmac
default_etypes_des = des-cbc-crc des-cbc-md5 rc4-hmac
[realms]
DEP2.CITY-XXI.INT http://dep2.city-xxi.int/ = {
kdc = 10.1.9.200:88
admin_server = 10.1.9.200:749
}
[domain_realm]
.dep2.city-xxi.int = DEP2.CITY-XXI.INT http://dep2.city-xxi.int/
and checked it with verify_krb5_conf
I've created new computer account in AD with Allow pre-Windows 2000
computers to use this account checked box.
Then I've successfuly authenticated with login mitroko (member of Domain
Admins) and entered joined domain with
net ads join -U mitroko
Computer account in AD achieved proper DNS-name field, but didn't achieve
any of OS type fileds.
I've restarted winbindd (with /usr/local/etc/rc.d/samba restart) - OK
I've pinged winbindd with
wbinfo -p - Success
wbinfo -t returns checking the trust secret via RPC calls succeeded
wbinfo -a testme%testme returns
plaintext password authentication succeeded
challenge/response password authentication succeeded
wbinfo -s successfuly converts SIDs to object-names.
however, wbinfo -u and wbinfo -g returns lists only after 20-30 seconds.
wbinfo -r testme doesn't work, hanging up, so squid's wbinfo_group.pl script
doesn't work also.
I have in my /var/log/samba/log.winbindd error's:
nsswitch/winbindd_ads.c:query_user_list(218)
Not a user account? atype=0x3000
and
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x8returned critical
error. Error was Call timed out: server did not respond after 1
milliseconds
libads/dns.c:ads_dns_lookup_srv(260)
I've read samba mail-list
In advice http://lists.samba.org/archive/samba/2006-July/122912.html, I've
installed krb-1.5.1 from /usr/ports/security/krb5
with prefix /usr/local, moved old vesions to *.old filenames and added
simlinks to /usr/local/* kerberos files
but it doesn't help me.
Unfortunately I can´t send verbose output of
winbindd -i -d 50 output.txt command
because of 64K limit.
Therefore, I´ve placed it here - http://mitroko.com/output.txt
Any suggestions will be appreciated.
Thank you.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of winbind on solaris 8
I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100% well on a Solaris 8 machine. On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] wrote: Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777 bash-2.03# chmod 777 /usr/lib/libnss_winbind.so bash-2.03# ls -alrt /usr/lib/libnss_winbind.so -rwxrwxrwx 1 root other 74744 Apr 28 13:32 /usr/lib/libnss_winbind.so nscd is turned off. I can login as an AD users but I cant start any command. :( login as: oweinmann Using keyboard-interactive authentication. Password: Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou bash-2.03$ ls -alrt [1]+ Stopped ls -alrt bash-2.03$ id [2]+ Stopped id bash-2.03$ group [3]+ Stopped group bash-2.03$ echo TEST TEST bash-2.03$ Some commands are working and some others are put in background and the session closes after one or two minutes? When I turn on nscd everything is fine, except ls -alrt not working. On 4/28/08, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: | forgot to mention that the nss_winbind links are there: | | bash-2.03# ls -alrt /usr/lib/nss_w* | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so.2 - /usr/lib/libnss_winbind.so.1 | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so.1 - /usr/lib/libnss_winbind.so.1 | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so - /usr/lib/libnss_winbind.so.1 Check the perms on /usr/lib/libnss_winbind.so.1. Sounds like it might be rwx for root only. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnYWVRtqmcwCg293J 0OxWwTr/wJPDW67YmZCAfQo= =6S2v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA with NetApp filer
Hi, i just setup a NETAPP Filer and a few Unix/linux workstations myself with samba-winbind. I came across a lot of problems but I found out it's best to not use CIFS under Linux as it doesn't work 100%. Instead you should try to use NFS if you have a license for your netapp filer. We use mixed qtree styles to ensure that both, windows and unix can change the permissions on a file. Regards, Oli On 4/28/08, udomsak chundang [EMAIL PROTECTED] wrote: I'm newbies in SAMBA and NetApp filer , I use Filer with OpenLDAP as an authentication and authorization server , but look like NetApp doesn't work properly ( can't authentication ) , NetApp engineer suggest me that NetApp work properly with pure ActiveDirectory Environment. not SAMBA + OpenLDAP backend like me have. so I solve this problem by make Samba as native PDC and use OpenLDAP as database backend. So authentication are complete but next problem is home directory are not automatic create. then i try to solve this by mount NetApp CIFS share as '\homedir' and use mount.cifs to mount as local dir but not work too. even if i can mount CIFS on Filer but owner and permission after mount not work properly every file that i create on Filer are permission 777 and owner is who mount file system . but In correct way i want 'owner is who pass authentication and access only by owner ' So if i authenticate through Filer permission is ok. ( but must change permission by hand ) 1. It's possible that I use remote storage ( Filer ) as Samba local file ? 2. If it can , How do i ? everything on above is ok and correct if i use samba on local filesystem mount.cifs 192.168.1.2\\homedir /var/samba/cifs2 -o username=smb-perm,gid=513(domain users ) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to access linux files from windows using samba configured in linux Vmware
Hallo, gforgcc, Du (narendra.ka) meintest am 28.04.08: take out the space between the , and password=abc and the extra / on //home/abc when i tried mount -t cifs //192.168.248.195/home/abc /mnt -o username=abc,password=abc it is giving the following error mount error 5 = Input/Output error Refer to the mount.cifs(8) manual page (e.g man mount.cifs ) Does the workgroup fit? Has the username or the password any special character? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of winbind on solaris 8
which output gives ldd -r /usr/lib/nss_winbind.so ? I have the following naming and permission for nss_winbind: lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so - nss_winbind.so.1 -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1 Please try with the exactly same naming and permissions of your files. Oliver Weinmann schrieb: I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100% well on a Solaris 8 machine. On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] wrote: Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777 bash-2.03# chmod 777 /usr/lib/libnss_winbind.so bash-2.03# ls -alrt /usr/lib/libnss_winbind.so -rwxrwxrwx 1 root other 74744 Apr 28 13:32 /usr/lib/libnss_winbind.so nscd is turned off. I can login as an AD users but I cant start any command. :( login as: oweinmann Using keyboard-interactive authentication. Password: Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou bash-2.03$ ls -alrt [1]+ Stopped ls -alrt bash-2.03$ id [2]+ Stopped id bash-2.03$ group [3]+ Stopped group bash-2.03$ echo TEST TEST bash-2.03$ Some commands are working and some others are put in background and the session closes after one or two minutes? When I turn on nscd everything is fine, except ls -alrt not working. On 4/28/08, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: | forgot to mention that the nss_winbind links are there: | | bash-2.03# ls -alrt /usr/lib/nss_w* | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so.2 - /usr/lib/libnss_winbind.so.1 | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so.1 - /usr/lib/libnss_winbind.so.1 | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so - /usr/lib/libnss_winbind.so.1 Check the perms on /usr/lib/libnss_winbind.so.1. Sounds like it might be rwx for root only. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnYWVRtqmcwCg293J 0OxWwTr/wJPDW67YmZCAfQo= =6S2v -END PGP SIGNATURE- -- Mit freundlichen Grüßen Dietrich Streifert -- Visionet GmbH Firmensitz: Am Weichselgarten 7, 91058 Erlangen Registergericht: Handelsregister Fürth, HRB 6573 Geschäftsführer: Stefan Lindner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Maxtor NAS share problem
I was talking about saving the Linux filesystem info. Do your rsync to the NAS, then do a recursive getfacl, redirecting the output to a file on the NAS. When you do an rsync back from the NAS, correct the owner/perms with setfacl. Trouble is that I CAN'T do my rsync to the NAS drive because it doesn't give me the access privileges I need to write to the NAS. The rsync wants to change owner and the NAS won't let it do that. There are switches to modify that behaviour - -p, -o, -t, -g - and there are aliases (eg -a)that switch combinations of those on or off. What's the exact command line you're using to rsync? Something like rsync -r /source/ /destination should work, regardless of the permissions, because rsync will write everything as whoever you're logged on as (or whoever the NAS translates that to be). As previously suggested you can then do a recursive getfacl over /source and write the output to /destination. That will create a text file with all your permissions etc included in it so they can be restored by setfacl if required. Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND when print client tries to write to \epmapper named pipe
Hello all,
I've googled this but couldn't find anything relevant and the list's
archives didn't turn anything either, so pretty please someone take a
look at this if you can spare a moment.
My Samba server shares its CUPS printer, but Windows clients cannot
print to it (I haven't tried other CIFS clients). I have the
point-n-print driver all set up, so the Windows XP Pro clients can
automatically detect this printer and load the driver (I'm also able to
set the server default settings so the devmode is OK). But once the
printer is set up in the Windows client, the test page doesn't print.
The Windows driver says there's a communication problem with the
printer, and looking at logfiles and traffic captures I see the problem
is that the client is trying to do an NTCreate_and_X operation to open a
named pipe called \epmapper but Samba answers with an
NT_STATUS_OBJECT_NAME_NOT_FOUND message. The client retries this
operation a couple of times and then gives up.
I'm testing this by connecting to the server from a non-domain-member
machine, but by manually setting the correct username and password with
the net use \\myserver /user:muserver\myprinteradminusername itspass
command on a Windows command-line. The client and the server are both on
the same Workgroup.
In case you're wondering, my /var/spool/samba directory exists and has
mode 1777.
Here's a level 10 log (only the interesting part; ask if you need all of
it):
---
[2008/04/29 02:30:04, 10] lib/util.c:dump_data(2264)
[000] 00 5C 00 65 00 70 00 6D 00 61 00 70 00 70 00 65 .\.e.p.m .a.p.p.e
[010] 00 72 00 00 00.r...
[2008/04/29 02:30:04, 3] smbd/process.c:switch_message(926)
switch message SMBntcreateX (pid 16016) conn 0x55c09660
[2008/04/29 02:30:04, 4] smbd/uid.c:change_to_user(183)
change_to_user: Skipping user change - already user
[2008/04/29 02:30:04, 10] smbd/nttrans.c:reply_ntcreate_and_X(515)
reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f
file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1
create_options = 0x40 root_dir_fid = 0x0
[2008/04/29 02:30:04, 4] smbd/nttrans.c:nt_open_pipe(328)
nt_open_pipe: Opening pipe \epmapper.
[2008/04/29 02:30:04, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/nttrans.c(343) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
---
Here's an strace of smbd (also abridged); notice that the real uid 501
corresponds to the one chosen by the net use command:
---
write(20, [2008/04/29 02:35:56, 10] lib/util.c:dump_data(2264)\n, 53) = 53
geteuid() = 501
write(20, [000] 00 5C 00 65 00 70 00 6D 00 61 00 70 00 70 00 65
.\\.e.p.m .a.p.p.e\n, 76) = 76
geteuid() = 501
write(20, [010] 00 72 00 00 00
.r... \n, 65) = 65
stat(/etc/localtime, {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid() = 501
write(20, [2008/04/29 02:35:56, 3]
smbd/process.c:switch_message(926)\n, 60) = 60
geteuid() = 501
write(20, switch message SMBntcreateX (pid 17224) conn
0x55c094d0\n, 62) = 62
stat(/etc/localtime, {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid() = 501
write(20, [2008/04/29 02:35:56, 4] smbd/uid.c:change_to_user(183)\n,
56) = 56
geteuid() = 501
write(20, change_to_user: Skipping user change - already user\n, 54)
= 54
stat(/etc/localtime, {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid() = 501
write(20, [2008/04/29 02:35:56, 10]
smbd/nttrans.c:reply_ntcreate_and_X(515)\n, 67) = 67
geteuid() = 501
write(20, reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f
file_attributes = 0x0, share_access = 0x3, create_dispositio..., 169) = 169
stat(/etc/localtime, {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid() = 501
write(20, [2008/04/29 02:35:56, 4] smbd/nttrans.c:nt_open_pipe(328)\n,
58) = 58
geteuid() = 501
write(20, nt_open_pipe: Opening pipe \\epmapper.\n, 40) = 40
stat(/etc/localtime, {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid() = 501
write(20, [2008/04/29 02:35:56, 3]
smbd/error.c:error_packet_set(106)\n, 60) = 60
geteuid() = 501
write(20, error packet at smbd/nttrans.c(343) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND\n, 93) = 93
---
Here's my smb.conf:
---
[global]
workgroup = CASITA
netbios name = RAINBOW
server string = Samba Server
security = USER
encrypt passwords = Yes
passdb backend = tdbsam
domain master = Yes
local master = Yes
preferred master = Yes
os level = 35
guest account = sambaguest
[Samba] Re: Samba 3.2.0-pre3 packages in Debian - version of Samba in Debian lenny
Quoting Volker Lendecke ([EMAIL PROTECTED]): 3.0.28a has known bugs in particular with trusts, so you will inevitably have to backport stuff from 3.0.28b that will be done by then. And, I have to agree with Jerry, having to live with .28a for the next decade in Debian might be not the best thing. heh, Debian releases are not supported for a decade..:-). We're just dropping support for sarge (which was out in 2005) right now. So, in short, we're roughly targeting a 3-year support timeframe. When it comes at samba, the supported releases are currently: - 3.0.14a which came with Debian sarge - 3.0.24 which came with Debian etch (both were updated with security fixes, of course) Of course, if 3.0.x releases come out, these will be included in lenny. Such updates do not break the philosophy of the current soft freeze if I correctly understand the policy of the Samba Team for the next releases. So, in short, Debian will be released with whatever 3.0.x version will be current as of the day of the hard freeze of the distribution. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of winbind on solaris 8
Please try to login (or su) to the user oweinmann and issue then ldd -r /usr/lib/nss_winbind.so For some reason I think that non root users are not able to read one of the involved files. This could be /etc/nsswitch.conf /usr/lib/nss_winbind.so or some of the files found by the ldd -r command. The fact that you can issue commands while nscd is running points to this fact becaus nscd is running as root and has permissions to read all of those files. /etc/nsswitch.conf should be readable by everyone. I compiled samba myself with a full stack of openssl, iconv, heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak of the Windows DLL hell this is the Solaris shared library hell :-( But it works. Oliver Weinmann schrieb: Hi, bash-2.03# ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 I changed the permissions and files exactly to be the same but i still cant issue commands... :( bash-2.03# ls -alrt /usr/lib/nss_winbind.so* -rwxr-xr-x 1 root other 74744 Apr 29 09:03 /usr/lib/nss_winbind.so.1 lrwxrwxrwx 1 root other 25 Apr 29 09:04 /usr/lib/nss_winbind.so - /usr/lib/nss_winbind.so.1 Could this also be a problem of a compiling? Have you compiled the samba yourself or are you using prebuilt packages? On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: which output gives ldd -r /usr/lib/nss_winbind.so ? I have the following naming and permission for nss_winbind: lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so - nss_winbind.so.1 -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1 Please try with the exactly same naming and permissions of your files. Oliver Weinmann schrieb: I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100% well on a Solaris 8 machine. On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777 bash-2.03# chmod 777 /usr/lib/libnss_winbind.so bash-2.03# ls -alrt /usr/lib/libnss_winbind.so -rwxrwxrwx 1 root other 74744 Apr 28 13:32 /usr/lib/libnss_winbind.so nscd is turned off. I can login as an AD users but I cant start any command. :( login as: oweinmann Using keyboard-interactive authentication. Password: Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou bash-2.03$ ls -alrt [1]+ Stopped ls -alrt bash-2.03$ id [2]+ Stopped id bash-2.03$ group [3]+ Stopped group bash-2.03$ echo TEST TEST bash-2.03$ Some commands are working and some others are put in background and the session closes after one or two minutes? When I turn on nscd everything is fine, except ls -alrt not working. On 4/28/08, Gerald (Jerry) Carter [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: | forgot to mention that the nss_winbind links are there: | | bash-2.03# ls -alrt /usr/lib/nss_w* | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so.2 - /usr/lib/libnss_winbind.so.1 | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so.1 - /usr/lib/libnss_winbind.so.1 | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so - /usr/lib/libnss_winbind.so.1 Check the perms on /usr/lib/libnss_winbind.so.1. Sounds like it might be rwx for root only. cheers, jerry - -- = Samba--- http://www.samba.org http://www.samba.org/ Likewise Software - http://www.likewisesoftware.com
Re: [Samba] Samba 3.2.0-pre3 packages in Debian - version of Samba in Debian lenny
Quoting Gerald (Jerry) Carter ([EMAIL PROTECTED]): Christian, I really disagree here. What made you com to the decision that 3.0 is batter for a September Debian release? Because the Debian release team asked maintainers to slow odwn upstream version bumps as of March 2008. And one of the keys of try to release Debian on time is avoiding to go against the release team suggestions. (for instance, the KDE packaging team decided to stick with KDE 3.4 for such reasons) Debian entered the freeze stage for lenny on April 1st. Currenly, only the base system packages are frozen, but the freeze should slowly become stronger (the toolchain should come soon). The current schedule for releasing samba 3.2.0 leaves us quite a chort time before the planned release and, with the current manpower we have in the Debian maintenance team, I don't feel comfortable going to 3.2.0 now. That's a very though decision, indeed. I somewhat feel like Steve Langasek will agree (actually he didn't disagree when I proposed this in ou internal mailign listwhile he may be too busy with the Ubuntu release). Of course, I'm ready to hear arguments against that decision... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of winbind on solaris 8
su to user oweinmann works but when i ussie the ldd -r /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do fg 2 and this is the output: bash-2.03$ ldd -r /usr/lib/nss_winbind.so [2]+ Stopped ldd -r /usr/lib/nss_winbind.so bash-2.03$ fg 2 ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 bash-2.03$ ls -alrt /etc/nsswitch.conf [2]+ Stopped ls -alrt /etc/nsswitch.conf bash-2.03$ fg 2 ls -alrt /etc/nsswitch.conf -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: Please try to login (or su) to the user oweinmann and issue then ldd -r /usr/lib/nss_winbind.so For some reason I think that non root users are not able to read one of the involved files. This could be /etc/nsswitch.conf /usr/lib/nss_winbind.so or some of the files found by the ldd -r command. The fact that you can issue commands while nscd is running points to this fact becaus nscd is running as root and has permissions to read all of those files. /etc/nsswitch.conf should be readable by everyone. I compiled samba myself with a full stack of openssl, iconv, heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak of the Windows DLL hell this is the Solaris shared library hell :-( But it works. Oliver Weinmann schrieb: Hi, bash-2.03# ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 I changed the permissions and files exactly to be the same but i still cant issue commands... :( bash-2.03# ls -alrt /usr/lib/nss_winbind.so* -rwxr-xr-x 1 root other 74744 Apr 29 09:03 /usr/lib/nss_winbind.so.1 lrwxrwxrwx 1 root other 25 Apr 29 09:04 /usr/lib/nss_winbind.so - /usr/lib/nss_winbind.so.1 Could this also be a problem of a compiling? Have you compiled the samba yourself or are you using prebuilt packages? On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: which output gives ldd -r /usr/lib/nss_winbind.so ? I have the following naming and permission for nss_winbind: lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so - nss_winbind.so.1 -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1 Please try with the exactly same naming and permissions of your files. Oliver Weinmann schrieb: I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100% well on a Solaris 8 machine. On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] wrote: Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777 bash-2.03# chmod 777 /usr/lib/libnss_winbind.so bash-2.03# ls -alrt /usr/lib/libnss_winbind.so -rwxrwxrwx 1 root other 74744 Apr 28 13:32 /usr/lib/libnss_winbind.so nscd is turned off. I can login as an AD users but I cant start any command. :( login as: oweinmann Using keyboard-interactive authentication. Password: Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou bash-2.03$ ls -alrt [1]+ Stopped ls -alrt bash-2.03$ id [2]+ Stopped id bash-2.03$ group [3]+ Stopped group bash-2.03$ echo TEST TEST bash-2.03$ Some commands are working and some others are put in background and the session closes after one or two minutes? When I turn on nscd everything is fine, except ls -alrt not working. On 4/28/08, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: | forgot to mention that the nss_winbind links are there: | | bash-2.03# ls -alrt /usr/lib/nss_w* | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so.2 - /usr/lib/libnss_winbind.so.1 | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so.1 - /usr/lib/libnss_winbind.so.1 | lrwxrwxrwx 1 root other 28 Apr 23 14:30 | /usr/lib/nss_winbind.so - /usr/lib/libnss_winbind.so.1 Check the perms on /usr/lib/libnss_winbind.so.1. Sounds like
Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND when print client tries to write to \epmapper named pipe
On Tue, Apr 29, 2008 at 04:01:39AM -0300, Leonardo Tancredi wrote: printer, and looking at logfiles and traffic captures I see the problem is that the client is trying to do an NTCreate_and_X operation to open a named pipe called \epmapper but Samba answers with an NT_STATUS_OBJECT_NAME_NOT_FOUND message. The client retries this operation a couple of times and then gives up. This is the so-called endpoint mapper which right now is not supported by Samba 3. I'm working on that right now. In the meantime, it would be interesting to see a sniff of this machine printing using the same driver on a Windows box. Volker pgpnURuYk8XcT.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to access linux files from windows using samba configured in linux Vmware
Helmut Hullen wrote: Hallo, gforgcc, Does the workgroup fit? Has the username or the password any special character? Viele Gruesse! Helmut Hi Viele Gruesse, :) no there are no special charecters in username or password.. just abc and abc thats it... and i dint get what is the meaning of Workgroup fit ? you mean to say both the workgroup in windows and Vmware linux need to be same ? if that is the case i am not specifying workgroup anywhere while configuring samba..and can you please tell where to specify workgroup, and how to find the same in windows that to which workgroup do i belong ? thanks... :) -- View this message in context: http://www.nabble.com/Unable-to-access-linux-files-from-windows-using-samba-configured-in-linux-Vmware-tp16847019p16955729.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of winbind on solaris 8
Are there any messages in /var/adm/messages which are related to nss ? As I can see you are using bash as your shell. Try using csh. Does something change? Oliver Weinmann schrieb: su to user oweinmann works but when i ussie the ldd -r /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do fg 2 and this is the output: bash-2.03$ ldd -r /usr/lib/nss_winbind.so [2]+ Stopped ldd -r /usr/lib/nss_winbind.so bash-2.03$ fg 2 ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 bash-2.03$ ls -alrt /etc/nsswitch.conf [2]+ Stopped ls -alrt /etc/nsswitch.conf bash-2.03$ fg 2 ls -alrt /etc/nsswitch.conf -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Please try to login (or su) to the user oweinmann and issue then ldd -r /usr/lib/nss_winbind.so For some reason I think that non root users are not able to read one of the involved files. This could be /etc/nsswitch.conf /usr/lib/nss_winbind.so or some of the files found by the ldd -r command. The fact that you can issue commands while nscd is running points to this fact becaus nscd is running as root and has permissions to read all of those files. /etc/nsswitch.conf should be readable by everyone. I compiled samba myself with a full stack of openssl, iconv, heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak of the Windows DLL hell this is the Solaris shared library hell :-( But it works. Oliver Weinmann schrieb: Hi, bash-2.03# ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 I changed the permissions and files exactly to be the same but i still cant issue commands... :( bash-2.03# ls -alrt /usr/lib/nss_winbind.so* -rwxr-xr-x 1 root other 74744 Apr 29 09:03 /usr/lib/nss_winbind.so.1 lrwxrwxrwx 1 root other 25 Apr 29 09:04 /usr/lib/nss_winbind.so - /usr/lib/nss_winbind.so.1 Could this also be a problem of a compiling? Have you compiled the samba yourself or are you using prebuilt packages? On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: which output gives ldd -r /usr/lib/nss_winbind.so ? I have the following naming and permission for nss_winbind: lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so - nss_winbind.so.1 -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1 Please try with the exactly same naming and permissions of your files. Oliver Weinmann schrieb: I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100% well on a Solaris 8 machine. On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777 bash-2.03# chmod 777 /usr/lib/libnss_winbind.so bash-2.03# ls -alrt /usr/lib/libnss_winbind.so -rwxrwxrwx 1 root other 74744 Apr 28 13:32 /usr/lib/libnss_winbind.so nscd is turned off. I can login as an AD users but I cant start any command. :( login as: oweinmann Using keyboard-interactive authentication. Password: Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou bash-2.03$ ls -alrt [1]+ Stopped ls -alrt bash-2.03$ id [2]+ Stopped id bash-2.03$ group [3]+ Stopped group bash-2.03$ echo TEST TEST bash-2.03$ Some commands are working and some others are put in background and the session closes after one or
Re: [Samba] Unable to access linux files from windows using samba configured in linux Vmware
gforgcc wrote: Helmut Hullen wrote: Hallo, gforgcc, Does the workgroup fit? Has the username or the password any special character? Viele Gruesse! Helmut Hi Viele Gruesse, :) no there are no special charecters in username or password.. just abc and abc thats it... and i dint get what is the meaning of Workgroup fit ? you mean to say both the workgroup in windows and Vmware linux need to be same ? if that is the case i am not specifying workgroup anywhere while configuring samba..and can you please tell where to specify workgroup, and how to find the same in windows that to which workgroup do i belong ? thanks... :) sorry i came to know that i am in my companies domain so there wont be any workgroup probably... -- View this message in context: http://www.nabble.com/Unable-to-access-linux-files-from-windows-using-samba-configured-in-linux-Vmware-tp16847019p16955744.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of winbind on solaris 8
Hi, no, there was nothing in /var/adm/messages, but guess what with the csh ls -alrt and such commands work fine... But i get kicked out of the ssh session after 2 minutes... :( On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: Are there any messages in /var/adm/messages which are related to nss ? As I can see you are using bash as your shell. Try using csh. Does something change? Oliver Weinmann schrieb: su to user oweinmann works but when i ussie the ldd -r /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do fg 2 and this is the output: bash-2.03$ ldd -r /usr/lib/nss_winbind.so [2]+ Stopped ldd -r /usr/lib/nss_winbind.so bash-2.03$ fg 2 ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 bash-2.03$ ls -alrt /etc/nsswitch.conf [2]+ Stopped ls -alrt /etc/nsswitch.conf bash-2.03$ fg 2 ls -alrt /etc/nsswitch.conf -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: Please try to login (or su) to the user oweinmann and issue then ldd -r /usr/lib/nss_winbind.so For some reason I think that non root users are not able to read one of the involved files. This could be /etc/nsswitch.conf /usr/lib/nss_winbind.so or some of the files found by the ldd -r command. The fact that you can issue commands while nscd is running points to this fact becaus nscd is running as root and has permissions to read all of those files. /etc/nsswitch.conf should be readable by everyone. I compiled samba myself with a full stack of openssl, iconv, heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak of the Windows DLL hell this is the Solaris shared library hell :-( But it works. Oliver Weinmann schrieb: Hi, bash-2.03# ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 I changed the permissions and files exactly to be the same but i still cant issue commands... :( bash-2.03# ls -alrt /usr/lib/nss_winbind.so* -rwxr-xr-x 1 root other 74744 Apr 29 09:03 /usr/lib/nss_winbind.so.1 lrwxrwxrwx 1 root other 25 Apr 29 09:04 /usr/lib/nss_winbind.so - /usr/lib/nss_winbind.so.1 Could this also be a problem of a compiling? Have you compiled the samba yourself or are you using prebuilt packages? On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: which output gives ldd -r /usr/lib/nss_winbind.so ? I have the following naming and permission for nss_winbind: lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so - nss_winbind.so.1 -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1 Please try with the exactly same naming and permissions of your files. Oliver Weinmann schrieb: I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100% well on a Solaris 8 machine. On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] wrote: Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777 bash-2.03# chmod 777 /usr/lib/libnss_winbind.so bash-2.03# ls -alrt /usr/lib/libnss_winbind.so -rwxrwxrwx 1 root other 74744 Apr 28 13:32 /usr/lib/libnss_winbind.so nscd is turned off. I can login as an AD users but I cant start any command. :( login as: oweinmann Using keyboard-interactive authentication. Password: Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou bash-2.03$ ls -alrt [1]+ Stopped ls -alrt bash-2.03$ id [2]+ Stopped id bash-2.03$ group [3]+ Stopped group bash-2.03$ echo TEST TEST bash-2.03$ Some commands are working and some others are put in background and the session closes after one or two minutes? When I turn on nscd everything is fine, except ls -alrt not working. On 4/28/08, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver
Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2
Hi, On Fri, Apr 25, 2008 at 3:00 PM, Edd Barrett [EMAIL PROTECTED] wrote: I am willing to test patches. I may have a prod about in the source at some point, but you guys can probably diagnose and fix the fault a whole load better than I can. I have never looked at the samba source before. It turns out OpenBSD-current has some patches to fix this problem which came from FreeBSD, just after the release of 4.2. Is the samba team interested in taking the patches upstream? http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_iconv.c?rev=1.1content-type=text/x-cvsweb-markup http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_replace_repdir_getdirentries_c?rev=1.1content-type=text/x-cvsweb-markup -- Best Regards Edd http://students.dec.bournemouth.ac.uk/ebarrett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of winbind on solaris 8
So there must be something in your bash init files, /etc/profile or ~/.bashrc (sorry I'm not a bash user) which causes the problem. Maybe something which forms the shell prompt like whoami etc. Maybe there is something like a autologout set for the csh or in sshd with idle session timeout. Oliver Weinmann schrieb: Hi, no, there was nothing in /var/adm/messages, but guess what with the csh ls -alrt and such commands work fine... But i get kicked out of the ssh session after 2 minutes... :( On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Are there any messages in /var/adm/messages which are related to nss ? As I can see you are using bash as your shell. Try using csh. Does something change? Oliver Weinmann schrieb: su to user oweinmann works but when i ussie the ldd -r /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do fg 2 and this is the output: bash-2.03$ ldd -r /usr/lib/nss_winbind.so [2]+ Stopped ldd -r /usr/lib/nss_winbind.so bash-2.03$ fg 2 ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 bash-2.03$ ls -alrt /etc/nsswitch.conf [2]+ Stopped ls -alrt /etc/nsswitch.conf bash-2.03$ fg 2 ls -alrt /etc/nsswitch.conf -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Please try to login (or su) to the user oweinmann and issue then ldd -r /usr/lib/nss_winbind.so For some reason I think that non root users are not able to read one of the involved files. This could be /etc/nsswitch.conf /usr/lib/nss_winbind.so or some of the files found by the ldd -r command. The fact that you can issue commands while nscd is running points to this fact becaus nscd is running as root and has permissions to read all of those files. /etc/nsswitch.conf should be readable by everyone. I compiled samba myself with a full stack of openssl, iconv, heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak of the Windows DLL hell this is the Solaris shared library hell :-( But it works. Oliver Weinmann schrieb: Hi, bash-2.03# ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 I changed the permissions and files exactly to be the same but i still cant issue commands... :( bash-2.03# ls -alrt /usr/lib/nss_winbind.so* -rwxr-xr-x 1 root other 74744 Apr 29 09:03 /usr/lib/nss_winbind.so.1 lrwxrwxrwx 1 root other 25 Apr 29 09:04 /usr/lib/nss_winbind.so - /usr/lib/nss_winbind.so.1 Could this also be a problem of a compiling? Have you compiled the samba yourself or are you using prebuilt packages? On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: which output gives ldd -r /usr/lib/nss_winbind.so ? I have the following naming and permission for nss_winbind: lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so - nss_winbind.so.1 -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1 Please try with the exactly same naming and permissions of your files. Oliver Weinmann schrieb: I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100% well on a Solaris 8 machine. On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777 bash-2.03# chmod 777 /usr/lib/libnss_winbind.so bash-2.03# ls
Re: [Samba] Strange behaviour of winbind on solaris 8
there is nothing in /etc/profile and the user oweinmann has no .bashrc. The problem seems to be related to nscd. When nscd is turned on i can login and issue commands and I don't get kicked out of the ssh login. There is no idle session timeout set. If there was I would get kicked out when nscd is turned on as well. Only when logged in as an AD user I get kicked out... On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: So there must be something in your bash init files, /etc/profile or ~/.bashrc (sorry I'm not a bash user) which causes the problem. Maybe something which forms the shell prompt like whoami etc. Maybe there is something like a autologout set for the csh or in sshd with idle session timeout. Oliver Weinmann schrieb: Hi, no, there was nothing in /var/adm/messages, but guess what with the csh ls -alrt and such commands work fine... But i get kicked out of the ssh session after 2 minutes... :( On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: Are there any messages in /var/adm/messages which are related to nss ? As I can see you are using bash as your shell. Try using csh. Does something change? Oliver Weinmann schrieb: su to user oweinmann works but when i ussie the ldd -r /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do fg 2 and this is the output: bash-2.03$ ldd -r /usr/lib/nss_winbind.so [2]+ Stopped ldd -r /usr/lib/nss_winbind.so bash-2.03$ fg 2 ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 bash-2.03$ ls -alrt /etc/nsswitch.conf [2]+ Stopped ls -alrt /etc/nsswitch.conf bash-2.03$ fg 2 ls -alrt /etc/nsswitch.conf -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: Please try to login (or su) to the user oweinmann and issue then ldd -r /usr/lib/nss_winbind.so For some reason I think that non root users are not able to read one of the involved files. This could be /etc/nsswitch.conf /usr/lib/nss_winbind.so or some of the files found by the ldd -r command. The fact that you can issue commands while nscd is running points to this fact becaus nscd is running as root and has permissions to read all of those files. /etc/nsswitch.conf should be readable by everyone. I compiled samba myself with a full stack of openssl, iconv, heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak of the Windows DLL hell this is the Solaris shared library hell :-( But it works. Oliver Weinmann schrieb: Hi, bash-2.03# ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 I changed the permissions and files exactly to be the same but i still cant issue commands... :( bash-2.03# ls -alrt /usr/lib/nss_winbind.so* -rwxr-xr-x 1 root other 74744 Apr 29 09:03 /usr/lib/nss_winbind.so.1 lrwxrwxrwx 1 root other 25 Apr 29 09:04 /usr/lib/nss_winbind.so - /usr/lib/nss_winbind.so.1 Could this also be a problem of a compiling? Have you compiled the samba yourself or are you using prebuilt packages? On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: which output gives ldd -r /usr/lib/nss_winbind.so ? I have the following naming and permission for nss_winbind: lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so - nss_winbind.so.1 -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1 Please try with the exactly same naming and permissions of your files. Oliver Weinmann schrieb: I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100% well on a Solaris 8 machine. On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] wrote: Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777 bash-2.03# chmod 777 /usr/lib/libnss_winbind.so bash-2.03# ls -alrt /usr/lib/libnss_winbind.so -rwxrwxrwx 1 root other 74744 Apr 28 13:32 /usr/lib/libnss_winbind.so
Re: [Samba] Strange behaviour of winbind on solaris 8
Could the problem be that the AD users are not in any of the local groups on the machine? How do you manage your AD users to be members of local groups e.g. staff, sys etc.? pam_groups? On 4/29/08, Oliver Weinmann [EMAIL PROTECTED] wrote: there is nothing in /etc/profile and the user oweinmann has no .bashrc. The problem seems to be related to nscd. When nscd is turned on i can login and issue commands and I don't get kicked out of the ssh login. There is no idle session timeout set. If there was I would get kicked out when nscd is turned on as well. Only when logged in as an AD user I get kicked out... On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: So there must be something in your bash init files, /etc/profile or ~/.bashrc (sorry I'm not a bash user) which causes the problem. Maybe something which forms the shell prompt like whoami etc. Maybe there is something like a autologout set for the csh or in sshd with idle session timeout. Oliver Weinmann schrieb: Hi, no, there was nothing in /var/adm/messages, but guess what with the csh ls -alrt and such commands work fine... But i get kicked out of the ssh session after 2 minutes... :( On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: Are there any messages in /var/adm/messages which are related to nss ? As I can see you are using bash as your shell. Try using csh. Does something change? Oliver Weinmann schrieb: su to user oweinmann works but when i ussie the ldd -r /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do fg 2 and this is the output: bash-2.03$ ldd -r /usr/lib/nss_winbind.so [2]+ Stopped ldd -r /usr/lib/nss_winbind.so bash-2.03$ fg 2 ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 bash-2.03$ ls -alrt /etc/nsswitch.conf [2]+ Stopped ls -alrt /etc/nsswitch.conf bash-2.03$ fg 2 ls -alrt /etc/nsswitch.conf -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: Please try to login (or su) to the user oweinmann and issue then ldd -r /usr/lib/nss_winbind.so For some reason I think that non root users are not able to read one of the involved files. This could be /etc/nsswitch.conf /usr/lib/nss_winbind.so or some of the files found by the ldd -r command. The fact that you can issue commands while nscd is running points to this fact becaus nscd is running as root and has permissions to read all of those files. /etc/nsswitch.conf should be readable by everyone. I compiled samba myself with a full stack of openssl, iconv, heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak of the Windows DLL hell this is the Solaris shared library hell :-( But it works. Oliver Weinmann schrieb: Hi, bash-2.03# ldd -r /usr/lib/nss_winbind.so libthread.so.1 =/usr/lib/libthread.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 I changed the permissions and files exactly to be the same but i still cant issue commands... :( bash-2.03# ls -alrt /usr/lib/nss_winbind.so* -rwxr-xr-x 1 root other 74744 Apr 29 09:03 /usr/lib/nss_winbind.so.1 lrwxrwxrwx 1 root other 25 Apr 29 09:04 /usr/lib/nss_winbind.so - /usr/lib/nss_winbind.so.1 Could this also be a problem of a compiling? Have you compiled the samba yourself or are you using prebuilt packages? On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote: which output gives ldd -r /usr/lib/nss_winbind.so ? I have the following naming and permission for nss_winbind: lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so - nss_winbind.so.1 -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1 Please try with the exactly same naming and permissions of your files. Oliver Weinmann schrieb: I will try to get hands on the latest patches for solaris 8 and see if that fixes the nscd problems. I can't believe that samba-winbind is not running 100%
Re: [Samba] Strange behaviour of winbind on solaris 8
We have several installations where we use the two different AD schema
extensions (SFU from Windows Services for Unix and rfc2307bis from
Windows Server 2003R2) to put the needed information in.
We are using the idmap_ad module to map the uid, gid, home etc.
information from the AD.
The local users and the AD users are completely separated. We do not mix
up local users and AD users.
The first basic test if the AD user information retreival is working is
to use the getent command:
getent someADUser
So for a test user account I get:
korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
If this works the first step is done.
The second test is to get all related Information for one user:
korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
The third test is to su - testuser and again try to issue both commands
obove. If the retreived information is the same you should all be done
(except from pam.conf which is another story).
Oliver Weinmann schrieb:
Could the problem be that the AD users are not in any of the local
groups on the machine? How do you manage your AD users to be members
of local groups e.g. staff, sys etc.? pam_groups?
On 4/29/08, *Oliver Weinmann* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
there is nothing in /etc/profile and the user oweinmann has no
.bashrc. The problem seems to be related to nscd. When nscd is
turned on i can login and issue commands and I don't get kicked
out of the ssh login. There is no idle session timeout set. If
there was I would get kicked out when nscd is turned on as well.
Only when logged in as an AD user I get kicked out...
On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
So there must be something in your bash init files,
/etc/profile or ~/.bashrc (sorry I'm not a bash user) which
causes the problem.
Maybe something which forms the shell prompt like whoami etc.
Maybe there is something like a autologout set for the csh or
in sshd with idle session timeout.
Oliver Weinmann schrieb:
Hi,
no, there was nothing in /var/adm/messages, but guess what
with the csh ls -alrt and such commands work fine... But i
get kicked out of the ssh session after 2 minutes... :(
On 4/29/08, *Dietrich Streifert*
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Are there any messages in /var/adm/messages which are
related to nss ?
As I can see you are using bash as your shell.
Try using csh. Does something change?
Oliver Weinmann schrieb:
su to user oweinmann works but when i ussie the ldd -r
/usr/lib/nss_winbind.so command it gets put in the
background.. :( i then do fg 2 and this is the output:
bash-2.03$ ldd -r /usr/lib/nss_winbind.so
[2]+ Stopped ldd -r /usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r /usr/lib/nss_winbind.so
libthread.so.1 =/usr/lib/libthread.so.1
libsocket.so.1 =/usr/lib/libsocket.so.1
libdl.so.1 =/usr/lib/libdl.so.1
libc.so.1 = /usr/lib/libc.so.1
libnsl.so.1 = /usr/lib/libnsl.so.1
libmp.so.2 =/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
bash-2.03$ ls -alrt /etc/nsswitch.conf
[2]+ Stopped ls -alrt /etc/nsswitch.conf
bash-2.03$ fg 2
ls -alrt /etc/nsswitch.conf
-rw-r--r-- 1 root sys 1320 Apr 28 13:19
/etc/nsswitch.conf
On 4/29/08, *Dietrich Streifert*
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Please try to login (or su) to the user oweinmann
and issue then ldd -r /usr/lib/nss_winbind.so
For some reason I think that non root users are not
able to read one of the involved files.
This could be
/etc/nsswitch.conf
/usr/lib/nss_winbind.so
or some of the files found by the ldd -r command.
The fact that you can issue commands while nscd is
running points to this fact becaus nscd is running
as root and has permissions to read all of those files.
/etc/nsswitch.conf should be readable by everyone.
I compiled samba myself with a full stack of
openssl, iconv, heimdal kerberos, cyrus-sasl,
openldap and samba. While people often speak of the
Re: [Samba] Strange behaviour of winbind on solaris 8
Here could be a problem. I could not change our win 2k3 schema. They were
afraid it could break something... tsss. So i had to use the idmap_rid
module. Which does a good job actually. It uses the last portion of the AD
users SID and adds it to a base set in smb.conf. I issued your commands:
bash-2.03# getent passwd | grep oweinmann
oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
the id -a as user oweinmann seems to get stuck. It just sits there. I
noticed when issuing groups oweinmann as root it also gets stuck. On some
users the groups command seems to be working on some other don't.
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
We have several installations where we use the two different AD schema
extensions (SFU from Windows Services for Unix and rfc2307bis from Windows
Server 2003R2) to put the needed information in.
We are using the idmap_ad module to map the uid, gid, home etc.
information from the AD.
The local users and the AD users are completely separated. We do not mix
up local users and AD users.
The first basic test if the AD user information retreival is working is to
use the getent command:
getent someADUser
So for a test user account I get:
korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
If this works the first step is done.
The second test is to get all related Information for one user:
korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
The third test is to su - testuser and again try to issue both commands
obove. If the retreived information is the same you should all be done
(except from pam.conf which is another story).
Oliver Weinmann schrieb:
Could the problem be that the AD users are not in any of the local groups
on the machine? How do you manage your AD users to be members of local
groups e.g. staff, sys etc.? pam_groups?
On 4/29/08, Oliver Weinmann [EMAIL PROTECTED] wrote:
there is nothing in /etc/profile and the user oweinmann has no .bashrc.
The problem seems to be related to nscd. When nscd is turned on i can login
and issue commands and I don't get kicked out of the ssh login. There is no
idle session timeout set. If there was I would get kicked out when nscd is
turned on as well. Only when logged in as an AD user I get kicked out...
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
So there must be something in your bash init files, /etc/profile or
~/.bashrc (sorry I'm not a bash user) which causes the problem.
Maybe something which forms the shell prompt like whoami etc.
Maybe there is something like a autologout set for the csh or in sshd
with idle session timeout.
Oliver Weinmann schrieb:
Hi,
no, there was nothing in /var/adm/messages, but guess what with the
csh ls -alrt and such commands work fine... But i get kicked out of the
ssh
session after 2 minutes... :(
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
Are there any messages in /var/adm/messages which are related to nss
?
As I can see you are using bash as your shell.
Try using csh. Does something change?
Oliver Weinmann schrieb:
su to user oweinmann works but when i ussie the ldd -r
/usr/lib/nss_winbind.so command it gets put in the background.. :( i
then do
fg 2 and this is the output:
bash-2.03$ ldd -r /usr/lib/nss_winbind.so
[2]+ Stopped ldd -r /usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r /usr/lib/nss_winbind.so
libthread.so.1 =/usr/lib/libthread.so.1
libsocket.so.1 =/usr/lib/libsocket.so.1
libdl.so.1 =/usr/lib/libdl.so.1
libc.so.1 = /usr/lib/libc.so.1
libnsl.so.1 = /usr/lib/libnsl.so.1
libmp.so.2 =/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
bash-2.03$ ls -alrt /etc/nsswitch.conf
[2]+ Stopped ls -alrt /etc/nsswitch.conf
bash-2.03$ fg 2
ls -alrt /etc/nsswitch.conf
-rw-r--r-- 1 root sys 1320 Apr 28 13:19
/etc/nsswitch.conf
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED]
wrote:
Please try to login (or su) to the user oweinmann and issue then
ldd -r /usr/lib/nss_winbind.so
For some reason I think that non root users are not able to read
one of the involved files.
This could be
/etc/nsswitch.conf
/usr/lib/nss_winbind.so
or some of the files found
Re: [Samba] Strange behaviour of winbind on solaris 8
Which samba version do you use?
Please post the global configuration section of smb.conf.
Oliver Weinmann schrieb:
Here could be a problem. I could not change our win 2k3 schema. They
were afraid it could break something... tsss. So i had to use the
idmap_rid module. Which does a good job actually. It uses the last
portion of the AD users SID and adds it to a base set in smb.conf. I
issued your commands:
bash-2.03# getent passwd | grep oweinmann
oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
the id -a as user oweinmann seems to get stuck. It just sits
there. I noticed when issuing groups oweinmann as root it also gets
stuck. On some users the groups command seems to be working on some
other don't.
On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
We have several installations where we use the two different AD
schema extensions (SFU from Windows Services for Unix and
rfc2307bis from Windows Server 2003R2) to put the needed
information in.
We are using the idmap_ad module to map the uid, gid, home etc.
information from the AD.
The local users and the AD users are completely separated. We do
not mix up local users and AD users.
The first basic test if the AD user information retreival is
working is to use the getent command:
getent someADUser
So for a test user account I get:
korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
If this works the first step is done.
The second test is to get all related Information for one user:
korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
The third test is to su - testuser and again try to issue both
commands obove. If the retreived information is the same you
should all be done (except from pam.conf which is another story).
Oliver Weinmann schrieb:
Could the problem be that the AD users are not in any of the
local groups on the machine? How do you manage your AD users to
be members of local groups e.g. staff, sys etc.? pam_groups?
On 4/29/08, *Oliver Weinmann* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
there is nothing in /etc/profile and the user oweinmann has
no .bashrc. The problem seems to be related to nscd. When
nscd is turned on i can login and issue commands and I don't
get kicked out of the ssh login. There is no idle session
timeout set. If there was I would get kicked out when nscd is
turned on as well. Only when logged in as an AD user I get
kicked out...
On 4/29/08, *Dietrich Streifert*
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
So there must be something in your bash init files,
/etc/profile or ~/.bashrc (sorry I'm not a bash user)
which causes the problem.
Maybe something which forms the shell prompt like whoami etc.
Maybe there is something like a autologout set for the
csh or in sshd with idle session timeout.
Oliver Weinmann schrieb:
Hi,
no, there was nothing in /var/adm/messages, but guess
what with the csh ls -alrt and such commands work
fine... But i get kicked out of the ssh session after 2
minutes... :(
On 4/29/08, *Dietrich Streifert*
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Are there any messages in /var/adm/messages which
are related to nss ?
As I can see you are using bash as your shell.
Try using csh. Does something change?
Oliver Weinmann schrieb:
su to user oweinmann works but when i ussie the ldd
-r /usr/lib/nss_winbind.so command it gets put in
the background.. :( i then do fg 2 and this is the
output:
bash-2.03$ ldd -r /usr/lib/nss_winbind.so
[2]+ Stopped ldd -r
/usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r /usr/lib/nss_winbind.so
libthread.so.1 =
/usr/lib/libthread.so.1
libsocket.so.1 =
/usr/lib/libsocket.so.1
libdl.so.1 =/usr/lib/libdl.so.1
libc.so.1 = /usr/lib/libc.so.1
libnsl.so.1 =
Re: [Samba] Strange behaviour of winbind on solaris 8
It's the latest stable.
# smbd -V
Version 3.0.28a
[global]
netbios name = rose8
realm = VEGAGROUP.NET
workgroup = VEGA
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1100-20
idmap gid = 1100-20
idmap backend = rid:VEGA=1100-20
allow trusted domains = no
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
#winbind separator = +
#winbind normalize names = yes
log level = 10
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.205.1
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind offline logon = yes
I really appreciate your big effort. Thanks!
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
Which samba version do you use?
Please post the global configuration section of smb.conf.
Oliver Weinmann schrieb:
Here could be a problem. I could not change our win 2k3 schema. They were
afraid it could break something... tsss. So i had to use the idmap_rid
module. Which does a good job actually. It uses the last portion of the AD
users SID and adds it to a base set in smb.conf. I issued your commands:
bash-2.03# getent passwd | grep oweinmann
oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
the id -a as user oweinmann seems to get stuck. It just sits there. I
noticed when issuing groups oweinmann as root it also gets stuck. On some
users the groups command seems to be working on some other don't.
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
We have several installations where we use the two different AD schema
extensions (SFU from Windows Services for Unix and rfc2307bis from Windows
Server 2003R2) to put the needed information in.
We are using the idmap_ad module to map the uid, gid, home etc.
information from the AD.
The local users and the AD users are completely separated. We do not mix
up local users and AD users.
The first basic test if the AD user information retreival is working is
to use the getent command:
getent someADUser
So for a test user account I get:
korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
If this works the first step is done.
The second test is to get all related Information for one user:
korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
The third test is to su - testuser and again try to issue both commands
obove. If the retreived information is the same you should all be done
(except from pam.conf which is another story).
Oliver Weinmann schrieb:
Could the problem be that the AD users are not in any of the local
groups on the machine? How do you manage your AD users to be members of
local groups e.g. staff, sys etc.? pam_groups?
On 4/29/08, Oliver Weinmann [EMAIL PROTECTED] wrote:
there is nothing in /etc/profile and the user oweinmann has no
.bashrc. The problem seems to be related to nscd. When nscd is turned on i
can login and issue commands and I don't get kicked out of the ssh login.
There is no idle session timeout set. If there was I would get kicked out
when nscd is turned on as well. Only when logged in as an AD user I get
kicked out...
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
So there must be something in your bash init files, /etc/profile or
~/.bashrc (sorry I'm not a bash user) which causes the problem.
Maybe something which forms the shell prompt like whoami etc.
Maybe there is something like a autologout set for the csh or in
sshd with idle session timeout.
Oliver Weinmann schrieb:
Hi,
no, there was nothing in /var/adm/messages, but guess what with the
csh ls -alrt and such commands work fine... But i get kicked out of the
ssh
session after 2 minutes... :(
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED]
wrote:
Are there any messages in /var/adm/messages which are related to
nss ?
As I can see you are using bash as your shell.
Try using csh. Does something change?
Oliver Weinmann schrieb:
Re: [Samba] Strange behaviour of winbind on solaris 8
Please try to set combinations of
winbind enum groups = No
and test again.
This could be the reason why getent groups never ends. This is known to
be a problem with big AD user/groups databases.
Have a look at this and related paramters in samba installation
path/swat/help/manpages/smb.conf.5.html
Oliver Weinmann schrieb:
It's the latest stable.
# smbd -V
Version 3.0.28a
[global]
netbios name = rose8
realm = VEGAGROUP.NET http://VEGAGROUP.NET
workgroup = VEGA
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1100-20
idmap gid = 1100-20
idmap backend = rid:VEGA=1100-20
allow trusted domains = no
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
#winbind separator = +
#winbind normalize names = yes
log level = 10
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.205.1 http://172.20.205.1
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind offline logon = yes
I really appreciate your big effort. Thanks!
On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Which samba version do you use?
Please post the global configuration section of smb.conf.
Oliver Weinmann schrieb:
Here could be a problem. I could not change our win 2k3 schema.
They were afraid it could break something... tsss. So i had to
use the idmap_rid module. Which does a good job actually. It uses
the last portion of the AD users SID and adds it to a base set in
smb.conf. I issued your commands:
bash-2.03# getent passwd | grep oweinmann
oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
the id -a as user oweinmann seems to get stuck. It just sits
there. I noticed when issuing groups oweinmann as root it also
gets stuck. On some users the groups command seems to be
working on some other don't.
On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
We have several installations where we use the two different
AD schema extensions (SFU from Windows Services for Unix and
rfc2307bis from Windows Server 2003R2) to put the needed
information in.
We are using the idmap_ad module to map the uid, gid, home
etc. information from the AD.
The local users and the AD users are completely separated. We
do not mix up local users and AD users.
The first basic test if the AD user information retreival is
working is to use the getent command:
getent someADUser
So for a test user account I get:
korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname,
Firstname:/home/testuser:/bin/tcsh
If this works the first step is done.
The second test is to get all related Information for one user:
korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
The third test is to su - testuser and again try to issue
both commands obove. If the retreived information is the same
you should all be done (except from pam.conf which is another
story).
Oliver Weinmann schrieb:
Could the problem be that the AD users are not in any of the
local groups on the machine? How do you manage your AD users
to be members of local groups e.g. staff, sys etc.? pam_groups?
On 4/29/08, *Oliver Weinmann*
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
there is nothing in /etc/profile and the user oweinmann
has no .bashrc. The problem seems to be related to nscd.
When nscd is turned on i can login and issue commands
and I don't get kicked out of the ssh login. There is no
idle session timeout set. If there was I would get
kicked out when nscd is turned on as well. Only when
logged in as an AD user I get kicked out...
On 4/29/08, *Dietrich Streifert*
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Re: [Samba] Strange behaviour of winbind on solaris 8
I wonder why oweinmann is member of the group staff. Maybe there is an
entry for oweinmann in /etc/passwd?
So I'm running out of ideas :-( Mabye someone out there can take over.
Good luck and report back what you have found.
Oliver Weinmann schrieb:
I changed both groups and users to no. Still no difference. Another
strange thing i came across.
as user oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
$ id -a
why is the id -a oweinmann working as user oweinmann but not id -a
On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Please try to set combinations of
winbind enum groups = No
and test again.
This could be the reason why getent groups never ends. This is
known to be a problem with big AD user/groups databases.
Have a look at this and related paramters in samba installation
path/swat/help/manpages/smb.conf.5.html
Oliver Weinmann schrieb:
It's the latest stable.
# smbd -V
Version 3.0.28a
[global]
netbios name = rose8
realm = VEGAGROUP.NET http://vegagroup.net/
workgroup = VEGA
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1100-20
idmap gid = 1100-20
idmap backend = rid:VEGA=1100-20
allow trusted domains = no
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
#winbind separator = +
#winbind normalize names = yes
log level = 10
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.205.1 http://172.20.205.1/
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind offline logon = yes
I really appreciate your big effort. Thanks!
On 4/29/08, *Dietrich Streifert* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Which samba version do you use?
Please post the global configuration section of smb.conf.
Oliver Weinmann schrieb:
Here could be a problem. I could not change our win 2k3
schema. They were afraid it could break something... tsss.
So i had to use the idmap_rid module. Which does a good job
actually. It uses the last portion of the AD users SID and
adds it to a base set in smb.conf. I issued your commands:
bash-2.03# getent passwd | grep oweinmann
oweinmann2:*:15042:1613:Oliver
Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver
Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
the id -a as user oweinmann seems to get stuck. It just
sits there. I noticed when issuing groups oweinmann as
root it also gets stuck. On some users the groups command
seems to be working on some other don't.
On 4/29/08, *Dietrich Streifert*
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
We have several installations where we use the two
different AD schema extensions (SFU from Windows
Services for Unix and rfc2307bis from Windows Server
2003R2) to put the needed information in.
We are using the idmap_ad module to map the uid, gid,
home etc. information from the AD.
The local users and the AD users are completely
separated. We do not mix up local users and AD users.
The first basic test if the AD user information
retreival is working is to use the getent command:
getent someADUser
So for a test user account I get:
korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname,
Firstname:/home/testuser:/bin/tcsh
If this works the first step is done.
The second test is to get all related Information for
one user:
korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet)
groups=1033(devjavalib)
The third test is to su - testuser and again try to
Re: [Samba] Strange behaviour of winbind on solaris 8
Yes, i added him to that group to see if that makes any difference. Thanks
for all your help. And I will let you know, when I found out what the
problem is.
Best Regards,
Oliver
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
I wonder why oweinmann is member of the group staff. Maybe there is an
entry for oweinmann in /etc/passwd?
So I'm running out of ideas :-( Mabye someone out there can take over.
Good luck and report back what you have found.
Oliver Weinmann schrieb:
I changed both groups and users to no. Still no difference. Another
strange thing i came across.
as user oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
$ id -a
why is the id -a oweinmann working as user oweinmann but not id -a
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
Please try to set combinations of
winbind enum groups = No
and test again.
This could be the reason why getent groups never ends. This is known to
be a problem with big AD user/groups databases.
Have a look at this and related paramters in samba installation
path/swat/help/manpages/smb.conf.5.html
Oliver Weinmann schrieb:
It's the latest stable.
# smbd -V
Version 3.0.28a
[global]
netbios name = rose8
realm = VEGAGROUP.NET http://vegagroup.net/
workgroup = VEGA
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1100-20
idmap gid = 1100-20
idmap backend = rid:VEGA=1100-20
allow trusted domains = no
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
#winbind separator = +
#winbind normalize names = yes
log level = 10
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.205.1
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind offline logon = yes
I really appreciate your big effort. Thanks!
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
Which samba version do you use?
Please post the global configuration section of smb.conf.
Oliver Weinmann schrieb:
Here could be a problem. I could not change our win 2k3 schema. They
were afraid it could break something... tsss. So i had to use the
idmap_rid
module. Which does a good job actually. It uses the last portion of the AD
users SID and adds it to a base set in smb.conf. I issued your commands:
bash-2.03# getent passwd | grep oweinmann
oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
the id -a as user oweinmann seems to get stuck. It just sits
there. I noticed when issuing groups oweinmann as root it also gets
stuck.
On some users the groups command seems to be working on some other
don't.
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
We have several installations where we use the two different AD
schema extensions (SFU from Windows Services for Unix and rfc2307bis
from
Windows Server 2003R2) to put the needed information in.
We are using the idmap_ad module to map the uid, gid, home etc.
information from the AD.
The local users and the AD users are completely separated. We do not
mix up local users and AD users.
The first basic test if the AD user information retreival is working
is to use the getent command:
getent someADUser
So for a test user account I get:
korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname,
Firstname:/home/testuser:/bin/tcsh
If this works the first step is done.
The second test is to get all related Information for one user:
korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
The third test is to su - testuser and again try to issue both
commands obove. If the retreived information is the same you should all
be
done (except from pam.conf which is another story).
Oliver Weinmann schrieb:
Could the problem be that the AD users are not in any of the
[Samba] samba windows domain controller
Hi I want windows machines to automatically be added into samba when they try to attach to the domain. Had various problems with root account not being accepted. Can anyone spot anything glaringly obviously wrong in my config that follows. Cheers [global] name resolve order = wins bcast hosts ldap ssl = no passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* idmap gid = 500-550 admin users = root obey pam restrictions = no client schannel = no passwd program = /usr/bin/passwd %u dns proxy = No netbios name = sss-server writeable = yes printing = lprng idmap uid = 500-2000 logon script = user.bat workgroup = domain debug level = 3 os level = 65 getwd cache = yes log file = /var/log/samba/%m.log guest account = root socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 sync always = yes map to guest = never null passwords = yes domain master = Yes encrypt passwords = yes public = yes realm = domain wins support = true netbios aliases = sss-server server string = sss-server add user script = /usr/sbin/useradd -g machines -c NTMachine -d /dev/null -s /bin/false %m$ /usr/bin/smbpasswd -a -m %m$ domain logons = Yes pam password change = Yes # DOMAIN ADMIN GROUP added to allow root as local admin domain admin group = root [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [netlogon] comment = Network Logon Service share modes = No public = yes path = /usr/local/samba/netlogon [Profiles] nt acl support = yes browseable = no delete readonly = yes path = /usr/local/samba/profiles force group = root force user = root comment = Network Profiles Service create mode = 0600 directory mode = 0700 [root_dir] comment = root dir mark only delete readonly = yes path = / [data] force user = root comment = Data Directory path = /home/data/ force group = root -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba windows domain controller
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evan Ingram wrote: | Hi | | I want windows machines to automatically be added into samba when they | try to attach to the domain. Had various problems with root account not | being accepted. | | Can anyone spot anything glaringly obviously wrong in my config that | follows. | add user script = /usr/sbin/useradd -g machines -c NTMachine | -d /dev/null -s /bin/false %m$ /usr/bin/smbpasswd -a -m %m$ Add user script should only add the unix account. Don't call smbpasswd here. smbd will fill in the information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIFyz7IR7qMdg1EfYRAp3QAJ9pepvD8KtoOSXqyK4f2W1XLTwzpQCdGnlw GCxzFdhtjyMGSbN8hEdUxqA= =eaGq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.0-pre3 packages in Debian - version of Samba in Debian lenny
Quoting Gerald (Jerry) Carter ([EMAIL PROTECTED]): -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian, | Debian entered the freeze stage for lenny on April 1st. Wow! A 5 month freeze before release? I guess I can understand for a distro but that seems a bit excessive. Well, etch freeze started on Aug. 1st 2006 and etch was released on Apr 8th 2007, so 5 months is actually *short*..:-) For people interested in such stuff, here's the release schedule: Early March 2008 Very soft freeze Please start thinking about the release when uploading new major upstream versions. Only upload to unstable if you are sure that the software will be stable before we release. If you are not convinced, use experimental as staging area. Freeze of release goal list We will announce the final list of release goals and report about the progress made in each area. At this point, goals which look too hard to complete for lenny will be removed from the list (and automatically put on the list for lenny+1) Start of the second BSP marathon for Lenny See below for more information about this, but you can and should help with it. Early April 2008 Freeze of the essential toolchain Mid of June 2008 Freeze of the non-essential toolchain and all libraries The non-essential toolchain means things like debhelper, cdbs and a big chunk of other things usually needed to produce binary packages. Mid of July 2008 Full freeze Please don't wait with uploads for the last day before the freeze, thanks. September 2008 Release lenny! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba send SPNEGO if Extended Security is ON
Help, anyone? Your responses will be greatly appreciated. Thanks! - Original Message From: Jewelyn Catingub [EMAIL PROTECTED] To: Jewelyn Catingub [EMAIL PROTECTED]; Gerald (Jerry) Carter [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Thursday, April 24, 2008 10:00:04 PM Subject: Re: [Samba] Samba send SPNEGO if Extended Security is ON Hi Jerry, In section 4.1.1 of the SNIA CIFS tech reference, it is not explicitly says that extended security bit == spnego support. Is it right? - Original Message From: Jewelyn Catingub [EMAIL PROTECTED] To: Gerald (Jerry) Carter [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Wednesday, April 23, 2008 6:48:20 AM Subject: Re: [Samba] Samba send SPNEGO if Extended Security is ON - Original Message From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: Jewelyn Catingub [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Tuesday, April 22, 2008 10:53:20 PM Subject: Re: [Samba] Samba send SPNEGO if Extended Security is ON -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jewelyn Catingub wrote: - Original Message From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: Jewelyn Catingub [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Tuesday, April 22, 2008 8:40:23 PM Subject: Re: [Samba] Samba send SPNEGO if Extended Security is ON Jewelyn Catingub wrote: Thanks for your reply. But in Windows, we encountered Raw NTLMSSP (not wrapped by spnego) even if Extended Security bit is ON when there is no KDC in the workgroup. (Well, we are not sure if that was really the reason) Why is that so? Hmm...What clients ? Windows clients yes. I figured that. But what versions and service packs? Client: Windows XP SP2 Server: Windows 2003 Server cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIDfvgIR7qMdg1EfYRAinKAJ4/7g8moK3Kq98kgK5ykcy/seJOfwCfXisi OU47EbjF9zbpRiqiJudLaH4= =4Vjh -END PGP SIGNATURE- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining XP SP2 Machines to the domain
Dale: I'm continuing to investigate - ipconfig /all shows both WINS servers. /var/cache/samba/wins.dat contains the xp machines. I do have a local DNS server, and it does resolve typical addresses ( google.com) as expected. My PDC and BDC have A and PTR records that resolve properly, but nothing special other than that. Nothing appears in the logs on either the PDC or BDC. I've recently tried using the ForensiT User Profile Wizard, which tries to join the domain as part of it's process. It's interesting that using this tool, when auth fails, wireshark shows no conversation between the XP box and the DC - it looks like the XP isn't even trying to connect to the PDC. I've seen similar results using wireshark and the normal domain joining facilities. I've attempted to disable the signorseal requirements, which have no effect. The only effective solution is adding an entry to the lmhosts file, which is undesirable. -Marshall On Fri, Apr 25, 2008 at 9:14 AM, Dale Schroeder [EMAIL PROTECTED] wrote: Marshall, Running out of ideas, but: Have you checked the wins.dat file to see if it is actually being populated with the xp machines? Does ipconfig /all on the xp machines list the wins server? If using it, is DNS working properly? Any other clues in the logs? In name resolve order = I list wins first to give it the first chance at name resolution. I also don't have the multi-subnet issue to deal with, but some admins put a wins server on each subnet. Dale Marshall Buschman wrote: Dale: Correct. I've implemented this option on all of the relevant subnets. I'm doing something like this: - option netbios-name-servers 1.2.3.4, 1.3.3.7; - Where 1.2.3.4 is the old windows 2000 DC that we're migrating away from, and 1.3.3.7 is the samba PDC. I tested this, and found it to work appropriately under Windows 2000 clients, but not Windows XP clients. I've even statically assigned an XP client an IP and WINS server, and it still does not work consistently. I still get the following error most of the time: The following error occurred attempting to join the domain FOO: Logon failure: unknown user name or bad password. Windows 2000 clients function perfectly. Any ideas? Especially why only the XP clients have an issue? -Marshall On Thu, Apr 24, 2008 at 8:43 AM, Dale Schroeder [EMAIL PROTECTED] wrote: Marshall, Since you have many clients, I'm guessing you have a dhcp server running. If so, do you have a netbios nameserver option enabled in the dhcp config? In ISC's dhcp3 server it is option netbios-name-servers xxx.xxx.xxx.xxx; Of course, on clients with static ip's, wins config must be done manually, and IIRC, the options changed somewhat in XP. The default is to get netbios info from the dhcp server. Good luck, Dale Marshall Buschman wrote: Hey All: I've got a working samba/ldap domain with a PDC in a datacenter and a BDC in my local office. I'm not able to reliably join a windows XP Pro machine to the domain by specifying the PDC as a wins server. I get the following error 90% of the time or more, with no discernible patterns or errors in any logs: - The following error occurred attempting to join the domain FOO: Logon failure: unknown user name or bad password. - Windows 2000 machines join the domain 100% of the time. Adding a line to the lmhosts file like this: --- 1.2.3.4 foopdc #PRE #DOM:FOO #net group's DC --- Causes the XP machine to be able to join the domain 100% of the time. I have many clients, and adding this file to the lmhosts file everywhere isn't feasible. The real question is - why doesn't WINS work? I can run net view and see all the machines.. I'd really appreciate any help you guys can provide. -Marshall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2
On Tue, Apr 29, 2008 at 10:06:18AM +0100, Edd Barrett wrote: Hi, On Fri, Apr 25, 2008 at 3:00 PM, Edd Barrett [EMAIL PROTECTED] wrote: I am willing to test patches. I may have a prod about in the source at some point, but you guys can probably diagnose and fix the fault a whole load better than I can. I have never looked at the samba source before. It turns out OpenBSD-current has some patches to fix this problem which came from FreeBSD, just after the release of 4.2. Is the samba team interested in taking the patches upstream? http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_iconv.c?rev=1.1content-type=text/x-cvsweb-markup http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_replace_repdir_getdirentries_c?rev=1.1content-type=text/x-cvsweb-markup Unfortunately the patch-lib_replace_repdir_getdirentries_c patch is completely wrong. It removes the abort assert, but doesn't change the code that the abort is trying to assert. That whole replace file assumes that an integral number of directory entries always fit in a DIR_BUF_SIZE (19) sized buffer. If they don't then this code simply doesn't work, which is why the abort is called. This file should be removed, when we know that this bug has been fixed in the *BSD's. This is needed because the existing directory handling in FreeBSD and OpenBSD (and possibly NetBSD) doesn't correctly handle unlink() on files in a directory where telldir() has been used. On a block boundary it will occasionally miss a file when seekdir() is used to return to a position previously recorded with telldir(). This also fixes a severe performance and memory usage problem with telldir() on BSD systems. Each call to telldir() in BSD adds an entry to a linked list, and those entries are cleaned up on closedir(). This means with a large directory closedir() can take an arbitrary amount of time, causing network timeouts as millions of telldir() entries are freed Is this now the case ? Last time I requested info in this Terry Lambert @ Apple claimed that this behavior (doesn't correctly handle unlink() on files in a directory where telldir() has been used. On a block boundary it will occasionally miss a file when seekdir() is used to return to a position previously recorded with telldir()) was allowed by POSIX and there was no intention of fixing it. If this is true it puts us at an impasse, as all other POSIX systems don't behave like this. I did do some work on our directory handling code in smbd/dir.c by adding a parameter directory name cache size which turns off the performance boost if set to zero. Check out the (long) bug report here : https://bugzilla.samba.org/show_bug.cgi?id=4715 The last person to check this reported the change did not work for him. If this is incorrect, and setting directory name cache size = 0 works for *BSD systems then I can remove the code in lib/replace/repdir_getdirentries.c entirely. In addition, has the second bug been fixed in the *BSD's (the : Each call to telldir() in BSD adds an entry to a linked list bug) ? If you give me feedback, I will close this out for 3.2. Unfortunately it's hard to get anyone on the *BSD side to work on this with me. I tend to be demand driven, and if someone from the *BSD community is willing to work directly with me to ensure Samba works on *BSD, I'd be happy to keep Samba working happily on these platforms. I don't have time to do a lot of testing on *BSD myself though, that's the problem. Guenther Kukkuk is a great example of how this can work. He drive us to keep fixing bigs with the OS/2 client support and is now a member of the Samba Team. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba windows domain controller
The add user script is only for adding users, not machines and it shouldn't call smbpassword. The script only needs to handle the OS task of adding the user. Samba will add the Samba stuff itself. To add machines you want an add machines script specified. Depending on what you are trying to do you can also have other scripts specified. A full set for a Linux box could be: add user script = /usr/sbin/useradd %u -n -g domusers delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/bin/gpasswd -a %u %g delete user from group script = /usr/bin/gpasswd -d %u %g add machine script = /usr/sbin/useradd -n -c Workstation (%u) -M -d /nohome -s /bin/false -g machines %u add share command = /usr/local/samba/modify_samba_config.py delete share command = /usr/local/samba/modify_samba_config.py On Tue, 2008-04-29 at 14:45 +0100, Evan Ingram wrote: Hi I want windows machines to automatically be added into samba when they try to attach to the domain. Had various problems with root account not being accepted. Can anyone spot anything glaringly obviously wrong in my config that follows. Cheers [global] name resolve order = wins bcast hosts ldap ssl = no passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* idmap gid = 500-550 admin users = root obey pam restrictions = no client schannel = no passwd program = /usr/bin/passwd %u dns proxy = No netbios name = sss-server writeable = yes printing = lprng idmap uid = 500-2000 logon script = user.bat workgroup = domain debug level = 3 os level = 65 getwd cache = yes log file = /var/log/samba/%m.log guest account = root socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 sync always = yes map to guest = never null passwords = yes domain master = Yes encrypt passwords = yes public = yes realm = domain wins support = true netbios aliases = sss-server server string = sss-server add user script = /usr/sbin/useradd -g machines -c NTMachine -d /dev/null -s /bin/false %m$ /usr/bin/smbpasswd -a -m %m$ domain logons = Yes pam password change = Yes # DOMAIN ADMIN GROUP added to allow root as local admin domain admin group = root [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [netlogon] comment = Network Logon Service share modes = No public = yes path = /usr/local/samba/netlogon [Profiles] nt acl support = yes browseable = no delete readonly = yes path = /usr/local/samba/profiles force group = root force user = root comment = Network Profiles Service create mode = 0600 directory mode = 0700 [root_dir] comment = root dir mark only delete readonly = yes path = / [data] force user = root comment = Data Directory path = /home/data/ force group = root -- Mike Brady PGP ID: 0x9C777DA4 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2
Jeremy Allison schrieb: If you give me feedback, I will close this out for 3.2. Unfortunately it's hard to get anyone on the *BSD side to work on this with me. I Thank you very much for your explanations. I must admit that I am quite shocked about this. I always thought of Samba as one of the most important products that can be run on a Unix machine. It would be quite sad for the *BSDs if nobody takes care of this. Well, maybe that troll on slashdot is right... :( bye, Uwe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: interdomain trust between two samba pdc's
I have trusts setup between 3 samba domains. Do you have a specific question regarding setup? Hans Adam Williams wrote: i think you have to create the trusts on both DOMAINS as they only work in one direction. the official samba how to and reference guide briefly touches on the subject. SoUnD WrEcK wrote: So is no one here doing interdomain trusts using two Samba PDC's on two different subnets? I have been struggling with this problem for a long time now, and would like some help with it. Thanks! On Fri, Apr 25, 2008 at 2:54 PM, SoUnD WrEcK [EMAIL PROTECTED] wrote: I have been trying off and on for some time now to get an interdomain trust relationship going between two samba pdc machines (DomainA=trusted DomainB=trusting). Both pdc's are running on Solaris boxes and NIS is involved (I doubt there is a NIS complication just because I can use accounts on DomainA on DomainB's samba, as long as I add them using smbpasswd manually). The situation is this. DomainA hosts most user accounts for my two networks. Therefore DomainA should be trusted and DomainB should be trusting. The documentation is confusing and does not describe this exact scenario (talks about samba with microsoft pdc's). I have tried every combination I can think of, but things still aren't working as they should. I have added an account for DomainB on DomainA. I then type smbpasswd -a -i DomainB, still working on DomainA. This seems to go through okay. However, when I type net rpc trustdom list on DomainA, I get the following: Trusted domains list: none Trusting domains list: Unable to find a suitable server domain controller is not responding DomainB I expect what I see for trusted, but for trusting, should I really be seeing those errors? What do they mean? Is the fact that DomainB is listed mean that it worked and I should ignore the errors? I guess I'll stop here and make sure there is not a problem with this step before I post further information about this process. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net view produces error 5
Larry Alkoff wrote: I am debbuging my Kubuntu Linux to Windows XP Professional Service Pack 1 and 2 connection using Andrew Tridgell's excellent diagnosis.txt. The test fails on test 5 which should return a list of available shares from the server. From the XP command prompt: net view \\kinda System error 5 has occurred. Access is denied. I can't see why this error should be happening. Bother users have the same user name. The linux password is encrypted but I don't know about the WXP password. Problem fixed. Please ignore. I was trying to do net view \\kinda as root. Changing to user fixed it. Also it was Tridgell 8 not 5. Larry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2
On Tue, Apr 29, 2008 at 10:34:22AM -0700, Jeremy Allison wrote: On Tue, Apr 29, 2008 at 10:06:18AM +0100, Edd Barrett wrote: It turns out OpenBSD-current has some patches to fix this problem which came from FreeBSD, just after the release of 4.2. Is the samba team interested in taking the patches upstream? http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_iconv.c?rev=1.1content-type=text/x-cvsweb-markup http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_replace_repdir_getdirentries_c?rev=1.1content-type=text/x-cvsweb-markup Unfortunately the patch-lib_replace_repdir_getdirentries_c patch is completely wrong. It removes the abort assert, but doesn't change the code that the abort is trying to assert. That whole replace file assumes that an integral number of directory entries always fit in a DIR_BUF_SIZE (19) sized buffer. If they don't then this code simply doesn't work, which is why the abort is called. This file should be removed, when we know that this bug has been fixed in the *BSD's. This is needed because the existing directory handling in FreeBSD and OpenBSD (and possibly NetBSD) doesn't correctly handle unlink() on files in a directory where telldir() has been used. On a block boundary it will occasionally miss a file when seekdir() is used to return to a position previously recorded with telldir(). This also fixes a severe performance and memory usage problem with telldir() on BSD systems. Each call to telldir() in BSD adds an entry to a linked list, and those entries are cleaned up on closedir(). This means with a large directory closedir() can take an arbitrary amount of time, causing network timeouts as millions of telldir() entries are freed Is this now the case ? Last time I requested info in this Terry Lambert @ Apple claimed that this behavior (doesn't correctly handle unlink() on files in a directory where telldir() has been used. On a block boundary it will occasionally miss a file when seekdir() is used to return to a position previously recorded with telldir()) was allowed by POSIX and there was no intention of fixing it. If this is true it puts us at an impasse, as all other POSIX systems don't behave like this. I did do some work on our directory handling code in smbd/dir.c by adding a parameter directory name cache size which turns off the performance boost if set to zero. Check out the (long) bug report here : https://bugzilla.samba.org/show_bug.cgi?id=4715 The last person to check this reported the change did not work for him. If this is incorrect, and setting directory name cache size = 0 works for *BSD systems then I can remove the code in lib/replace/repdir_getdirentries.c entirely. In addition, has the second bug been fixed in the *BSD's (the : Each call to telldir() in BSD adds an entry to a linked list bug) ? If you give me feedback, I will close this out for 3.2. Unfortunately it's hard to get anyone on the *BSD side to work on this with me. I tend to be demand driven, and if someone from the *BSD community is willing to work directly with me to ensure Samba works on *BSD, I'd be happy to keep Samba working happily on these platforms. I don't have time to do a lot of testing on *BSD myself though, that's the problem. Guenther Kukkuk is a great example of how this can work. He drive us to keep fixing bigs with the OS/2 client support and is now a member of the Samba Team. Jeremy. I am sure that the OpenBSD team will be interested in fixing these bugs if they still exist, as they take pride making good quality code. I can't speak for NetBSD or FreeBSD. As for the directory name cache size = 0 it does not work for me. On OpenBSD. I used this configuration: [global] workgroup = MYGROUP server string = Samba Server security = share log file = /var/log/smbd.%m directory name cache size = 0 [public] comment = Public Stuff path = /mnt/hot/sd0i public = yes writable = yes printable = no I tested this with samba-latest.tgz from your web-page. If I change the path to someplace else on a UFS slice, all is well. Unfortunately I am not really the one to speak to regarding this, but I will CC in the maintainer of Samba for OpenBSD. Marc, do you know anything about these potential issues? Thats not to say I am not willing to help. I will help if I can. -- Best Regards Edd http://students.dec.bmth.ac.uk/ebarrett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2
On Mon, Apr 28, 2008 at 09:05:29PM +0100, Edd Barrett wrote: I am sure that the OpenBSD team will be interested in fixing these bugs if they still exist, as they take pride making good quality code. I can't speak for NetBSD or FreeBSD. As for the directory name cache size = 0 it does not work for me. On OpenBSD. I used this configuration: [global] workgroup = MYGROUP server string = Samba Server security = share log file = /var/log/smbd.%m directory name cache size = 0 [public] comment = Public Stuff path = /mnt/hot/sd0i public = yes writable = yes printable = no I tested this with samba-latest.tgz from your web-page. If I change the path to someplace else on a UFS slice, all is well. Did you remove the lib/replace/repdir_getdirentries.c code as well ? The aborts will still trigger even with directory name cache size = 0 if that code is in place. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Maxtor NAS share problem
Rick Johnson wrote: Alex Harrington wrote: I was talking about saving the Linux filesystem info. Do your rsync to the NAS, then do a recursive getfacl, redirecting the output to a file on the NAS. When you do an rsync back from the NAS, correct the owner/perms with setfacl. Trouble is that I CAN'T do my rsync to the NAS drive because it doesn't give me the access privileges I need to write to the NAS. The rsync wants to change owner and the NAS won't let it do that. There are switches to modify that behaviour - -p, -o, -t, -g - and there are aliases (eg -a)that switch combinations of those on or off. What's the exact command line you're using to rsync? I was using a command of the form: rsync -avz /source /destination And if that had worked, I wouldn't have needed to ask this list for any help because ALL I was trying to do was use the NAS as a backup device. The permissions, symbolic links, etc. need to be preserved by the rsync so that the files can be restored correctly IF they ever need to be restored. Something like rsync -r /source/ /destination should work, regardless of the permissions, because rsync will write everything as whoever you're logged on as (or whoever the NAS translates that to be). As previously suggested you can then do a recursive getfacl over /source and write the output to /destination. That will create a text file with all your permissions etc included in it so they can be restored by setfacl if required. I'm afraid I don't understand what purpose the getfacl or setfacl serves? The files on my system never had any access control lists so how does creating them solve my problem? Understand that getfacl/setfacl captures/restores all file/dir attributes, ACL or not. A saved getfacl output, used as an input to setfacl will restore the attributes exactly - ACL or not. Have you read the man pages on rsync, getfacl, setfacl? It seems to me that what I REALLY need is access to the filesystem on the NAS so that I can set appropriate permissions there that will allow the original rsync -avz command to function properly. Which one is your goal: 1.) Get the rsync/NAS combo to work as you want/expect? 2.) Make reliable backups of your Linux box? If you say #1 , I think it's obvious you're going to have to manhandle the NAS box - install new firmware, hack your way in, get to the insides somehow - cause it ain't gonna work as is. If you say #2 , there's a lot of tools that can that done for you - right now. I think #2 should be your answer. PS - you could always yank the NAS disks out, install them into your Linux box, and make a real server. -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining XP SP2 Machines to the domain
Dale: There is no client firewall on any of the machines in question. The windows XP firewall has been disabled. -Marshall On Tue, Apr 29, 2008 at 12:57 PM, Dale Schroeder [EMAIL PROTECTED] wrote: Marshall, One last guess: Windows Firewall. Is it turned on? For comparison, in the AD domain I administer, I have to turn off the XP firewall or create an exception for tcp port 113 to join the domain. Otherwise, it just sits there until it times out. So, if any client firewall is running, try turning it off or making an exception. Dale Marshall Buschman wrote: Dale: I'm continuing to investigate - ipconfig /all shows both WINS servers. /var/cache/samba/wins.dat contains the xp machines. I do have a local DNS server, and it does resolve typical addresses ( google.com) as expected. My PDC and BDC have A and PTR records that resolve properly, but nothing special other than that. Nothing appears in the logs on either the PDC or BDC. I've recently tried using the ForensiT User Profile Wizard, which tries to join the domain as part of it's process. It's interesting that using this tool, when auth fails, wireshark shows no conversation between the XP box and the DC - it looks like the XP isn't even trying to connect to the PDC. I've seen similar results using wireshark and the normal domain joining facilities. I've attempted to disable the signorseal requirements, which have no effect. The only effective solution is adding an entry to the lmhosts file, which is undesirable. -Marshall On Fri, Apr 25, 2008 at 9:14 AM, Dale Schroeder [EMAIL PROTECTED] wrote: Marshall, Running out of ideas, but: Have you checked the wins.dat file to see if it is actually being populated with the xp machines? Does ipconfig /all on the xp machines list the wins server? If using it, is DNS working properly? Any other clues in the logs? In name resolve order = I list wins first to give it the first chance at name resolution. I also don't have the multi-subnet issue to deal with, but some admins put a wins server on each subnet. Dale Marshall Buschman wrote: Dale: Correct. I've implemented this option on all of the relevant subnets. I'm doing something like this: - option netbios-name-servers 1.2.3.4, 1.3.3.7; - Where 1.2.3.4 is the old windows 2000 DC that we're migrating away from, and 1.3.3.7 is the samba PDC. I tested this, and found it to work appropriately under Windows 2000 clients, but not Windows XP clients. I've even statically assigned an XP client an IP and WINS server, and it still does not work consistently. I still get the following error most of the time: The following error occurred attempting to join the domain FOO: Logon failure: unknown user name or bad password. Windows 2000 clients function perfectly. Any ideas? Especially why only the XP clients have an issue? -Marshall On Thu, Apr 24, 2008 at 8:43 AM, Dale Schroeder [EMAIL PROTECTED] wrote: Marshall, Since you have many clients, I'm guessing you have a dhcp server running. If so, do you have a netbios nameserver option enabled in the dhcp config? In ISC's dhcp3 server it is option netbios-name-servers xxx.xxx.xxx.xxx; Of course, on clients with static ip's, wins config must be done manually, and IIRC, the options changed somewhat in XP. The default is to get netbios info from the dhcp server. Good luck, Dale Marshall Buschman wrote: Hey All: I've got a working samba/ldap domain with a PDC in a datacenter and a BDC in my local office. I'm not able to reliably join a windows XP Pro machine to the domain by specifying the PDC as a wins server. I get the following error 90% of the time or more, with no discernible patterns or errors in any logs: - The following error occurred attempting to join the domain FOO: Logon failure: unknown user name or bad password. - Windows 2000 machines join the domain 100% of the time. Adding a line to the lmhosts file like this: --- 1.2.3.4 foopdc #PRE #DOM:FOO #net group's DC --- Causes the XP machine to be able to join the domain 100% of the time. I have many clients, and adding this file to the lmhosts file everywhere isn't feasible. The real question is - why doesn't WINS work? I can run net view and see all the machines.. I'd really
[Samba] files with ~ in filename
hi all i'm finding that my users are not able to copy files to samba with a ~ in the file name e.g marketing report for managemen~t.doc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28a-1148-g6c8f19c
The branch, v3-0-test has been updated
via 6c8f19cd6cc21106a71ab9d6bca5de76c71f0bca (commit)
via 23decdf98961caa6d6561b1886d902c0d71418e4 (commit)
from ce475f86a2dae3db9c094105be1a3daedacfb40e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -
commit 6c8f19cd6cc21106a71ab9d6bca5de76c71f0bca
Author: Rafal Szczesniak [EMAIL PROTECTED]
Date: Fri Aug 31 21:25:53 2007 +
r24853: Rename function as Jerry asked.
s/net_use_upn_machine_account/net_use_krb_machine_account/
rafal
(cherry picked from commit 86af9fedad71697f22cc739518340f7753b8f9da)
commit 23decdf98961caa6d6561b1886d902c0d71418e4
Author: Rafal Szczesniak [EMAIL PROTECTED]
Date: Wed Aug 29 19:55:13 2007 +
net: fix post join verification.
This patch is based on commit 30d99d8ac3379caadc5bdb353977149d1ee16403
and just a little modified to apply on 3-0-test.
Guenther
Original commit message:
r24789: Add implementation of machine-authenticated connection to netlogon
pipe used when connecting to win2k and newer domain controllers. The
server may be configured to deny anonymous netlogon connections which
would stop domain join verification step. Still, winnt domains require
such smb sessions not to be authenticated using machine credentials.
Creds employed in smb session cannot have a username in upn form, so
provide the separate function to use machine account.
rafal
---
Summary of changes:
source/utils/net.c | 28
source/utils/net_ads.c |4 ++--
source/utils/net_rpc_join.c | 17 -
3 files changed, 42 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/utils/net.c b/source/utils/net.c
index 99384ad..5a81edb 100644
--- a/source/utils/net.c
+++ b/source/utils/net.c
@@ -346,10 +346,10 @@ NTSTATUS connect_dst_pipe(struct cli_state **cli_dst,
struct rpc_pipe_client **p
}
/
- Use the local machine's password for this session.
+ Use the local machine account (krb) and password for this session.
/
-int net_use_machine_password(void)
+int net_use_krb_machine_account(void)
{
char *user_name = NULL;
@@ -358,7 +358,6 @@ int net_use_machine_password(void)
exit(1);
}
- user_name = NULL;
opt_password = secrets_fetch_machine_password(opt_target_workgroup,
NULL, NULL);
if (asprintf(user_name, [EMAIL PROTECTED], global_myname(),
lp_realm()) == -1) {
return -1;
@@ -367,6 +366,27 @@ int net_use_machine_password(void)
return 0;
}
+/
+ Use the machine account name and password for this session.
+/
+
+int net_use_machine_account(void)
+{
+ char *user_name = NULL;
+
+ if (!secrets_init()) {
+ d_fprintf(stderr, ERROR: Unable to open secrets database\n);
+ exit(1);
+ }
+
+ opt_password = secrets_fetch_machine_password(opt_target_workgroup,
NULL, NULL);
+ if (asprintf(user_name, %s$, global_myname()) == -1) {
+ return -1;
+ }
+ opt_user_name = user_name;
+ return 0;
+}
+
BOOL net_find_server(const char *domain, unsigned flags, struct in_addr
*server_ip, char **server_name)
{
const char *d = domain ? domain : opt_target_workgroup;
@@ -1034,7 +1054,7 @@ static struct functable net_func[] = {
/* it is very useful to be able to make ads queries as the
machine account for testing purposes and for domain leave */
- net_use_machine_password();
+ net_use_krb_machine_account();
}
if (!opt_password) {
diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c
index 75b631c..d6a52b8 100644
--- a/source/utils/net_ads.c
+++ b/source/utils/net_ads.c
@@ -886,7 +886,7 @@ static NTSTATUS net_ads_join_ok(void)
return NT_STATUS_ACCESS_DENIED;
}
- net_use_machine_password();
+ net_use_krb_machine_account();
status = ads_startup(True, ads);
if (!ADS_ERR_OK(status)) {
@@ -2170,7 +2170,7 @@ int net_ads_changetrustpw(int argc, const char **argv)
return -1;
}
- net_use_machine_password();
+ net_use_krb_machine_account();
use_in_memory_ccache();
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index 139d1dc..63e77b3 100644
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@
Build status as of Wed Apr 30 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-04-29 00:00:56.0 + +++ /home/build/master/cache/broken_results.txt 2008-04-30 00:00:28.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Apr 29 00:00:02 2008 +Build status as of Wed Apr 30 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -6,7 +6,7 @@ ccache 27 6 0 ctdb 0 0 0 distcc 1 0 0 -ldb 27 10 0 +ldb 26 10 0 libreplace 26 8 0 lorikeet-heimdal 24 20 0 pidl 16 13 0 @@ -15,7 +15,7 @@ samba-docs 0 0 0 samba-gtk4 4 0 samba_3_2_test 28 18 0 -samba_4_0_test 27 23 1 +samba_4_0_test 26 23 1 smb-build25 4 0 talloc 27 5 0 tdb 27 10 0
