Re: [Samba] Unable to modify TDB passwd ERROR
[EMAIL PROTECTED] wrote: I'm trying to track down why I can't seem to add a computer to the domain. I've looked high and low to no avail. Right now, when I try to add the computer as a "trusted machine," I've added it to the Unix passwd dB with the appropriate machinename$ and the added the machine to the dmbpasswd via: smbpasswd -a -m machinename But, when I go to add the machine to the domain, I get the error that this computer has no account on the domain. It then gives me the screen to key in an administrator username and password (and the domain), and then I get a "cant' find user or bad password," error from Windows. I assume that means I've not created a proper automated script, haven't properly elevated the user to the "ADMINS GROUP" or perhaps it can't talk to the SMB server properly. Here's what it shows in the log created by that machine's attempt to log onto the network: less /var/log/samba/log.app160 [2008/08/01 14:12:09, 0] passdb/pdb_tdb.c:tdb_update_ridrec_only(1308) Unable to modify TDB passwd ! Error: Record does not exist occured while storing the RID index (RID_01f4) [2008/08/01 14:12:09, 1] auth/auth_sam.c:check_sam_security(316) Failed to modify entry. Opinions welcome. -- Jason N I have same problem with adding user account (samba 3.2.3, tdbsam, Fedora 9), "smbpasswd -a username" result is: New SMB password: Retype new SMB password: Unable to modify TDB passwd: NT_STATUS_UNSUCCESSFUL! Failed to add entry for user username. Failed to modify password entry for user username But adding user via "pdbedit -a -u username" works fine, as well as smbpasswd in local mode "smbpasswd -a -L username". And curious - deleting account via smbpasswd in client-server mode is possible, changing password too. Maybe some bug in smbpasswd code... František Hanzlík -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unix group vs. domain
Hi! I have a problem with a samba member server (3.0.28 on ubuntu hardy). The primary dc and the backup dc are showing on the security tab on a windows client "domain\group a" "domain\group b" ... the member server is showing "unix group\group a" "unix group\group b" How can I get the member server showing the domain instead "unix group"? lg Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Nmbd is using the wrong ip address as source
Also nmblookup is using the external ip address: querying HDV on 10.10.10.255 09:19:19.461813 IP X.X.X.X.45781 > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:19:19.732139 IP X.X.X.X.45781 > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:19:20.002136 IP X.X.X.X.45781 > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST name_query failed to find name HDV The debugging information would show: params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = HOSTNAME doing parameter netbios name = HDV handle_netbios_name: set global_myname to: HDV doing parameter interfaces = 10.10.10.1 doing parameter hosts allow = 127.0.0., 10.10.10. doing parameter bind interfaces only = yes doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter preferred master = yes doing parameter domain master = yes doing parameter local master = yes doing parameter os level = 100 doing parameter remote announce = 10.10.10.255/HOSTNAME doing parameter socket address = 10.10.10.255 doing parameter log level = 1 .. added interface ip=10.10.10.1 bcast=10.10.10.255 nmask=255.255.255.0 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 1 .. Socket opened. querying HDV on 10.10.10.255 Sending a packet of len 50 to (10.10.10.255) on port 137 tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory Sending a packet of len 50 to (10.10.10.255) on port 137 tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory Sending a packet of len 50 to (10.10.10.255) on port 137 tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory name_query failed to find name HDV .. _ From: Frank Gruman [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 3:29 AM To: Teodor Iacob Cc: samba@lists.samba.org Subject: RE: [Samba] Nmbd is using the wrong ip address as source On Mon, 2008-10-06 at 09:05 +0300, Teodor Iacob wrote: Hello, Sorry for seeming impatient, I just had some rough night hours because of this problem :) tcpdump shows: 08:21:22.920832 IP X.X.X.X.netbios-dgm > 10.10.10.255.netbios-dgm: NBT UDP PACKET(138) 08:21:22.920986 IP X.X.X.X.netbios-dgm > 10.10.10.255.netbios-dgm: NBT UDP PACKET(138) 08:21:23.072063 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 08:21:23.072069 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 08:21:23.072073 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 08:21:23.072076 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 08:21:23.072079 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 08:21:24.072491 IP X.X.X.X.netbios-dgm > 10.10.10.255.netbios-dgm: NBT UDP PACKET(138) 08:21:24.072497 IP X.X.X.X.netbios-dgm > 10.10.10.255.netbios-dgm: NBT UDP PACKET(138) 08:21:24.072656 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 08:21:25.073432 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 08:21:25.073438 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 08:21:25.073441 IP X.X.X.X.netbios-ns > 10.10.10.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ( where X.X.X.X is the public ip address of the linux server from eth0 ), this tcpdump was taken from another linux machine with the ip: 10.10.10.2 The requested netstat output: [EMAIL PROTECTED] ~]# netstat -nap |grep [sn]mbd tcp0 0 10.10.10.1:139 0.0.0.0:* LISTEN 18538/smbd tcp0 0 10.10.10.1:445 0.0.0.0:* LISTEN 18538/smbd udp0 0 10.10.10.1:137 0.0.0.0:* 18542/nmbd udp0 0 10.10.10.255:1370.0.0.0:*
Re: [Samba] samba in wxp environment
- Original Message - From: "Dale Schroeder" Sent: Wednesday, October 08, 2008 00:16 Subject: Re: [Samba] samba in wxp environment Paul, It sounds like you're losing master browser elections. Try these modifications and see if they help. local master = Yes os level = 65 announce version = 5.9 Dale I will try "announce version = 5.9", "local master" was set to yes, sorry for the mistake. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.x reports "not implemented" when Server 2008 SMB client requests FSCTL_GET_OBJECT_ID
Hi Samba list, I ran across this really bizarre issue and was hoping somebody would be able to shed some further light on the issue. If this is better directed to the samba technical list, please let me know and I will post there instead. Background = I'm using CommVault Galaxy 7.0 SP4 for backup and decided to share it's "IndexCache", which is a collection of files & folders, on a UNC share from our SuSE Linux server. However, during file I/O a call to Samba to request the FSCTL_GET_OBJECT_ID fails which causes CV to fail.We are pursuing things on the CommVault side but wanted to know if there could be done from Samba side, so I investigated a bit further via Google, mailing lists and trying different security settings (security = user .vs. domain, oplocks on off, etc.), here's what I found: SMB Server logs (Samba) (smbd.log) === MA2 (1.2.3.4) connect to service galaxy initially as user administrator (uid=, gid=xxx) (pid 5022) [2008/10/08 10:15:13, 0] smbd/nttrans.c:call_nt_transact_ioctl(2463) call_nt_transact_ioctl(0x940cf): Currently not implemented. [2008/10/08 10:15:49, 1] smbd/service.c:close_cnum(1230) MA2 (1.2.3.4) closed connection to service galaxy SMB Client logs (Process Explorer, Server 2008 SP1 server) (of interest is the NOT SUPPORTED lines) 226 10:15:17.4357270 AM archiveIndex.exe6064QueryEAFile \\unix\galaxy\IndexCache\CV_Index\2\180\1223420221\tree.dat 0xC052 227 10:15:17.4360329 AM archiveIndex.exe6064QueryStreamInformationFile \\brbackup1\galaxy\IndexCache\CV_Index\2\180\1223420221\tree.dat SUCCESS 0: ::$DATA 228 10:15:17.4362604 AM archiveIndex.exe6064FileSystemControl \\unix\galaxy\IndexCache\CV_Index\2\180\1223420221\tree.dat NOT SUPPORTED Control: FSCTL_GET_OBJECT_ID 229 10:15:17.4364787 AM archiveIndex.exe6064FileSystemControl \\unix\galaxy\IndexCache\CV_Index\2\180\1223420221\tree.dat NOT SUPPORTED Control: 0x94160 (Device:0x9 Function:88 Method: 0) 230 10:15:17.4388151 AM archiveIndex.exe6064CloseFile \\unix\galaxy\IndexCache\CV_Index\collects\66789.txtSUCCESS 231 10:15:23.3183477 AM archiveIndex.exe6064CloseFile \\unix\galaxy\IndexCache\CV_Index\2\180\1223420221\tree.dat SUCCESS Further information on FSCTL_GET_OBJECT_ID from the MSDN pages (http://msdn.microsoft.com/en-us/library/aa364570(VS.85).aspx) shows that it's about getting the "object identifier" for the specified file. If anyone would be able to add some comments or provide some technical direction, that would be much appreciated. Regards, Luke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbclient kerberos issue
Nope, it's got a real .com to it. The behavior was the hostname returned the hostname and hostname -f also returned just the shortname. If it had returned an error instead of just the hostname, I think it would have been ok from my quick view of the Samba source. On Tue, Oct 7, 2008 at 2:51 PM, James Zuelow <[EMAIL PROTECTED]> wrote: > This is just a guess: > > Does your domain end in .local? > > If so, avahi would hijack DNS lookups for anything like > domain_controller.company.local -- and since your DC probably doesn't > have Bonjour installed on it, it gets no answer and reports back with a > host not found. Unfortunately that's a valid DNS response, so your > system does not then fall back to regular DNS. > > James ZuelowCBJ MIS (907)586-0236 > Network Specialist...Registered Linux User No. 186591 > >> -Original Message- >> From: >> [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] > .org] On Behalf Of Ryan Bair >> Sent: Sunday, 05 October, 2008 10:44 >> To: Gerald (Jerry) Carter >> Cc: samba@lists.samba.org >> Subject: Re: [Samba] Re: smbclient kerberos issue >> >> >> It seems like it was a problem avahi which mistakenly made its way >> into my nsswitch.conf. After removing mdns4_minimal and mdns4, I >> rejoined to the domain and everything works great. I'm a bit confused >> as to how this caused the problem, but I'm very happy to have it >> fixed! >> >> Thanks > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] opensuse 11 samba 3.2.4 ldap add machine
Hi @ll, i didnt worked on samba for a while now had setup a new domain contoller on opensuse 11 i used the repositories from download.opensuse.org samba 3.2.4 i mostly copied stuff from working suse 10 samba ldap pdc and configured /etc/nsswitch.conf smb.conf in equal ways , testparm shows no bugs as well as getent passwd etc does not, populating ldap worked fine fixing dbus boot stuff in /etc/ldap.conf by boot_policy soft etc but i didnt got managed joinig the domain by the root user with a new installed winxp serv pack3 german client bug message means "no such user" it looks like it haves problems finding the root user adding another user and putting him in the domain admin with the latest smbldaptools script group doesnt helped either. samba client logs doesnt report root not to be not found I just googeld around and found likly problems with opensuse 11 mostly telling to upgrade openldap and samba, but now i am on the latest upgrade level, so before i just loosing more time , just wanna ask if there are known problems with samba ldap on opensuse 11? And if ther are known one ,how were they fixed -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba in wxp environment
hello, i have a linux machine running samba with these settings: workgroup = ... netbios name = ... interfaces = lo eth1 bind interfaces only = yes hosts allow = smb ports = 139 local master = no os level = 35 domain master = yes preferred master = yes wins support = yes dns proxy = no browseable = yes the wxp computers have dhcp enable, the dhcp server has these settings: option subnet-mask ... option broadcast-address ... option routers ...; option domain-name-servers option netbios-name-servers eth1_ip After I start the samba server, everything (in terms of network browsing) works fine for about 30 minutes, then in my netowrk places there is only one computer, the linux server. Nothing in the logs. I found a similar problem here: http://lists.samba.org/archive/samba/2004-October/094102.html but no answer. My wxp machines were part of a windows NT domain, I dont know if that matters. any ideas? TIA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Gotten getent to work but uid off by 1
I have gotten getent to work, but now the uid for files are off by one and some of the gid are off by 4 to 24. So if I copy from one system to another the file ownerships get changed all up. Any work around for this? idmap uid = 1-2 idmap gid = 1-2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Another getent problem
Thanks that solved the problem. I wonder when this got changed. The original smb.conf was copied from another system and modified for the new server. So somewhere between 3.0.10 and 3.0.28 The change was made. I never saw this in the latest HOW-TO either. Thanks maybe later today or tomorrow I would have thrown the kitchen sink at this and finally found the problem, so thanks for saving me a bunch of time. On Tue, Oct 7, 2008 at 12:02 PM, Gerald (Jerry) Carter <[EMAIL PROTECTED]>wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Clark Johnston wrote: > > I have set up a system to be a member server and installed the samba > > rpms. I then copied over the samba config file and changed it to > > reflect the new shares and name change. I ran 'net rpc join - > > UAdministrator%'secret' and I was able to join the domain. > > Started up smb and then winbind > > wbinfo -u > > and I can see the users in the domain > > getent passwd > > shows nothing but the users in /etc/passwd > > "By default, "winbind enum users" and "winbind enum groups" > are both disabled. See the smb.conf (5) man page for details. > > > > > cheers, jerry > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFI65YdIR7qMdg1EfYRApzXAJ91TZwLOdYDymgBSwlA1LmSKe3nqwCgqVST > QeGBhOk1090EWWs4HSVL0ns= > =R/kW > -END PGP SIGNATURE- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Another getent problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Clark Johnston wrote: > I have set up a system to be a member server and installed the samba > rpms. I then copied over the samba config file and changed it to > reflect the new shares and name change. I ran 'net rpc join - > UAdministrator%'secret' and I was able to join the domain. > Started up smb and then winbind > wbinfo -u > and I can see the users in the domain > getent passwd > shows nothing but the users in /etc/passwd "By default, "winbind enum users" and "winbind enum groups" are both disabled. See the smb.conf (5) man page for details. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI65YdIR7qMdg1EfYRApzXAJ91TZwLOdYDymgBSwlA1LmSKe3nqwCgqVST QeGBhOk1090EWWs4HSVL0ns= =R/kW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Another getent problem
I have set up a system to be a member server and installed the samba rpms. I then copied over the samba config file and changed it to reflect the new shares and name change. I ran 'net rpc join - UAdministrator%'secret' and I was able to join the domain. Started up smb and then winbind wbinfo -u and I can see the users in the domain getent passwd shows nothing but the users in /etc/passwd checked nsswitch.conf and the following lines are there passwd: files winbind shadow: files group: files winbind I have the following links /lib/libnss_winbind.so /lib/libnss_winbind.so.2 /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.2 /usr/lib64/libnss_winbind.so /usr/lib64/libnss_winbind.so.2 /usr/lib64/nss/libnss_winbind.so /usr/lib64/nss/libnss_winbind.so.2 when running ldconfig /lib64/libnss_winbind.so.2 is pulled. Tried deleting the cache files winbindd_cache.tdb winbindd_idmap.tdb and restarting smb and winbind The only error I'm finding is Oct 6 18:04:45 localhost winbindd[3914]: cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED samba-common-3.0.28-0.el5.8 samba-3.0.28-0.el5.8 samba-client-3.0.28-0.el5.8 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Many strange errors in logs
Hello all. What we have: samba-3.0.32_1 FreeBSD-6.3 PDC + BDC + LDAP. All seems work mostly fine, but today I can`t add computer to domain. Error says what domain not exist or cant be reached (im don`t know how it says in english windows - im translate from russian) Im start to read logs and found many errors in differrent logs: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /usr/local/etc/samba/secrets.tdb log.172.16.1.2: domain_client_validate: unable to validate password for user ilyin-vy in domain HQ to Domain controller DC. Error was NT_STATUS_IO_TIMEOUT. log.172.16.1.2: cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x7485 to machine DC. Error was Call timed out: server did not respond after 1 milliseconds repeated million times.. What does it mean? testparm on PDC: %testparm Load smb config files from /usr/local/etc/smb.conf Processing section "[homes]" Processing section "[netlogon]" Processing section "[mail]" Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] dos charset = cp866 unix charset = koi8-r display charset = koi8-r workgroup = HQ server string = DC Server security = DOMAIN passdb backend = ldapsam:ldap://localhost/ log file = /var/log/samba/log.%m max log size = 500 time server = Yes add user script = /usr/local/sbin/ldapadduser '%u' users rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew' delete user script = /usr/local/sbin/ldapdeleteuser '%u' add group script = /usr/local/sbin/ldapaddgroup '%g' delete group script = /usr/local/sbin/ldapdeletegroup '%g' add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g' delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g' set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g' add machine script = /usr/local/sbin/ldapaddmachine '%u' computers logon path = os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = "cn=root,dc=fxclub,dc=org" ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap suffix = ou=Samba,dc=fxclub,dc=org ldap ssl = no ldap user suffix = ou=Users winbind separator = + winbind use default domain = Yes admin users = admin inherit acls = Yes hosts allow = 172.16.1., 192.168.1., 127. map acl inherit = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/db/samba/netlogon guest ok = Yes browseable = No share modes = No [mail] comment = temp path = /tmp/mail read only = No create mask = 0777 guest ok = Yes browseable = No -- Best regards, Proskurin Kirill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba accounts management API
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Русаков Денис wrote: > Hello, all > I'd like to create, remove, change samba accounts, groups etc. from my > own C program. > How can I do this, without using samba tools, but some samba API (headers > and shared objects). > Does samba provide some API (headers and shared objects) for accounts > creating etc.? > Thank you Starting with Samba 3.2 we added a new shared library called libnetapi. This library is designed very closely to the Windows NetApi equivalent, and provides functions for all these tasks you are looking for. For the upcoming Samba 3.3 release, this library provides around 50 calls and includes example code for at least all account management functions. You may want to have a look at: NetUserAdd, NetUserDel, NetUserSetInfo, and the the NetGroup* functions. The header file is located under: $SRC/lib/netapi/netapi.h Example code can found under: $SRC/lib/netapi/examples Let us know where we can help further. Hope this helps, Guenther - -- Günther DeschnerGPG-ID: 8EE11688 Red Hat [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjrKKkACgkQSOk3aI7hFojZNgCeLrPgVUfGQE/pzHgFpksAKzes B54An0NQzodllYBnVnSMV8Ww5Jw1aLPj =85Zy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba