[Samba] SMBD not authenticating against Active Directory
Hi,
Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use
Active Directory for authentication. I followed the instructions from
article in following website:
http://technet.microsoft.com/en-au/magazine/dd228986.aspx
Setup Winbind + Samba + Kerberos and it seems to work fine. I can see the
users in Active Directory through winbind as well as authenticate users
using NTLM authentication.
Problem is that Iam unable to access Samba share from Windows clients as AD
user. Analyzing the network traffic on SMBD port gives:
---
10.849969 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request,
NTLMSSP_AUTH, User: TESTDOMAIN\testuser
10.853302 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response,
Error:STATUS_LOGON_FAILURE
--
I can however access the Samba share as local user in the Samba server via
smbpasswd:
---
166.059746 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request,
NTLMSSP_AUTH, User: D1950-01\kums
166.068297 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response
166.068500 192.168.97.2 -> 192.168.97.5 SMB Tree Connect AndX Request, Path:
\\192.168.97.5\global
166.068787 192.168.97.5 -> 192.168.97.2 SMB Tree Connect AndX Response
---
Winbind gives following error, not sure if this is significant for I can
access the AD via "wbinfo"
[2008/11/26 15:22:58, 1]
libsmb/cliconnect.c:cli_session_setup_kerberos(626)
cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find
KDC for requested realm
Please see attached for configuration detail + detailed error log. Googling
helped me to get so far, but not completely resolve this issue.
Please advise.
Thanks in Advance,
-Kums
i) Software Version
samba-client-3.2.3
samba-common-3.2.3
samba-3.2.3
samba-doc-3.2.3
samba-winbind-32bit-3.2.3
samba-swat-3.2.3
samba-debuginfo-3.2.3
krb5-workstation-1.5-17
krb5-libs-1.5-17
krb5-devel-1.5-17
krb5-auth-dialog-0.7-1
pam_krb5-2.2.11-1
krb5-devel-1.5-17
krb5-libs-1.5-17
pam_krb5-2.2.11-1
ii) Configure Kerberos
cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TESTDOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
TESTDOMAIN.LOCAL = {
kdc = 172.16.4.10
default_domain = TESTDOMAIN.LOCAL
}
[domain_realm]
.testdomain = TESTDOMAIN.LOCAL
testdomain = TESTDOMAIN.LOCAL
.localdomain = TESTDOMAIN.LOCAL
localdomain = TESTDOMAIN.LOCAL
sol.datadirectnet.com = TESTDOMAIN.LOCAL
testdomain.local = TESTDOMAIN.LOCAL
.testdomain.local = TESTDOMAIN.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
iii) Authenticate a user against AD via Kerberos
kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
iv) List Kerberos Tickets
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
11/26/08 14:54:36 11/27/08 00:54:39 krbtgt/[EMAIL PROTECTED]
renew until 11/27/08 14:54:36
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
v) Configure WinBind +PAM
/etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid >= 500 quiet
authsufficientpam_winbind.so use_first_pass
authrequired pam_deny.so
account required pam_unix.so broken_shadow
account sufficientpam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
passwordrequisite pam_cracklib.so try_first_pass retry=3
passwordsufficientpam_unix.so md5 shadow nullok try_first_pass
use_authtok
passwordsufficientpam_winbind.so use_authtok
passwordrequired pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
session optional pam_mkhomedir.so skel=/etc/skel umask=0644
session required pam_unix.so
vi) Windbind started and can see users in AD
/etc/init.d/winbind status
winbindd (pid 14574 14562 14561 14459 14458) is running...
wbinfo -t
checking the trust secret via RPC calls succeeded
wbinfo -u list
D1950-01+kums
D1950-01+tristan
TESTDOMAIN+administrator
TESTDOMAIN+guest
TESTDOMAIN+krbtgt
TESTDOMAIN+testuser
wbinfo -g
TESTDOMAIN+domain computers
TESTDOMAIN+domain controllers
TESTDOMAIN+schema admins
TESTDOMAIN+enterprise admins
TESTDOMAIN+cert publishers
TESTDOMAIN+domain admins
TESTDOMAIN+domain users
wbinfo -
[Samba] Re: Logon privilege denied using Samba PDC with terminalservices
Finally managed to figure out what the problem was! Somehow in my LDAP database I had a corrupted SambaMungedDial entry which the cause of all my troubles. I remember vaguely that it was generated by same ldap tool and I (foolishly) not knowing what it was just copied (in a wrong format) to all the other users. Actually could anybody point me to some documentation about the purpose of the SambaMungedDial entry in the LDAP database? I wasn't able to find any useful information in the Samba documentation other than that it's an attribute in the samba schema. Is it necessary for joining Windows machines to a Samba PDC? Thanks, Patrick "Patrick Camilleri" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello everybody, > > > > I have a Windows Server 2008 with terminal services enabled joined to a > Samba domain (SuSe server) and I'm able to login as 'domain\user' when I'm > physically sitting at the Windows Server 2008 box. The problem arises when > I > > try to logon via RDP using 'domain\user' onto the Windows Server machine. > I > get an error message telling me that 'Your interactive logon privilege has > been disabled. Please contact your administrator.' > > I also tried this with a Windows Server 2003 machine with a similar > outcome. > > The error message this time was 'You have been denied permissions to log > on > to terminal servers. To resolve this problem, your administrator must > clear > the Deny this user permissions to log on to any terminal server check box > in > > the Terminal Server Profile settings tab.' Of course when checking in the > 'Group Policy Object Editor' I don't find any restrictions. I'm checking > at > this particular location: Local Computer Policy->Computer > Configuration->Windows Settings->Security Settings->Local Policies->User > Rights Assignment->Deny log on through Terminal Services. > > I did add the Samba LDAP group (of the users that I want to give RDP > access) > > to the 'Remote Desktop Users' group on the Windows Server (2008 as well as > 2003) machine, i.e. the domain users DO have permission to access the > Windows > Server over RDP but to no avail. The only user I was able to get to logon > via > RDP was the user 'domain\root'. > > Could this problem be related to the default groups that need to be > defined > in the Samba PDC, mainly Domain Admins, Domain Users and Domain Guests? Or > maybe because I'm not setting up any policies in the netlogon Samba > folder? > > Any help greatly appreciated! > > Thanks, > Patrick > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: vampire account migration (3.026)
Hello, Using vampire to migrate accounts from an NT box and found that machine names were not created. Creating account: IT-NT$ Could not create posix account info for 'IT-NT$' Creating account: PDC$ Could not create posix account info for 'PDC$' And seemingly random user accounts were also not created. ~ Hello, Solved the problem for the missing user accounts, however I am still not sure why the machine names didn't migrate over. Now trying to connect a Linux workstation to authenticate against the domain, smb & nmb are running, but I am not able to join the domain [2008/11/26 09:26:58, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) _net_auth2: failed to get machine password for account SQL-TEST2$: NT_STATUS_ACCESS_DENIED [2008/11/26 09:27:25, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation SQL-TEST2$: no account in domain [2008/11/26 09:27:25, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) _net_auth2: failed to get machine password for account SQL-TEST2$: NT_STATUS_ACCESS_DENIED [2008/11/26 09:27:25, 1] auth/auth_util.c:make_server_info_sam(566) User Administrator in passdb, but getpwnam() fails! [2008/11/26 09:27:25, 0] auth/auth_sam.c:check_sam_security(352) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2008/11/26 09:28:01, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation SQL-TEST2$: no account in domain [2008/11/26 09:28:01, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) _net_auth2: failed to get machine password for account SQL-TEST2$: NT_STATUS_ACCESS_DENIED [2008/11/26 09:28:01, 1] auth/auth_util.c:make_server_info_sam(566) User Administrator in passdb, but getpwnam() fails! [2008/11/26 09:28:01, 0] auth/auth_sam.c:check_sam_security(352) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' The logs show that although the Administrator account exists, the 'getpwnam' fails. Using tbdsam on the backend. Any clues on how I ca nfix this? Thank you, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SLES10 SP1 3.0.32 - Excel files set read only
After recent Samba updates to one of our SLES10 SP1 systems users who open and save Excel 2007 files end up with the Read-only attribute set on the file. I had this same problem with the 3.0.28 update and the only solution I found was to roll back to the previous version. My understanding was that 3.0.32 should fix this. Did I miss something? Are there smb.conf changes that need to be made also? Any help would be GREATLY appreciated! Bob Dehn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AIX 53TL8 Samba 3.2.4 Active Directory Win2k3 - "session setup failed: Call returned zero bytes (EOF)"
On Wed, Nov 26, 2008 at 12:03:32PM -0800, Mark Taylor wrote: > > Hi All, > > I am using Samba 3.2.4 compiled from source on AIX 5.3 TL8 and using > "security = SERVER" in the smb.conf works fine, however I am having > some issues when using "security = ADS" .. > > I have followed numerous HOWTOs and newsgroup listings and seem to be > going round in circles .. > > I think I can authenticate ok against the domain win2k3 server, but > then Samba bombs out with the following errors fvrom smbclient on the > host: > > $ LIBPATH=/opt/pware/lib:/usr/local/samba/lib /usr/local/samba/bin/ > smbclient -L myhostname -U UK+myusername > Enter UK+myusername's password: mypassword > Receiving SMB: Server stopped responding > session setup failed: Call returned zero bytes (EOF) > > Also mapping from a windows system just gives the message "The mapped > network drive could not be created because the following error has > occured: The specified network name is no longer available." > > Excuse the LIBPATH stuff it is to get around kinit and klist not > working if I set the variable permanently. I was originally using > 3.0.28 pre-compiled from samba.org and got the same issues. > > So, I think I am authenticating ok .. but where to go from here > because I get the "session setup failed: Call returned zero bytes > (EOF)" error and I can see the following errors in the "smbd.log" > > $ cat smbd.log > > [2008/11/25 14:49:43, 2] lib/messages_local.c:message_notify(270) > message to process 94214 failed - No such process > [2008/11/25 14:49:43, 2] lib/messages_local.c:messaging_tdb_send(358) > pid 94214 doesn't exist - deleting messages record > [2008/11/25 14:49:43, 2] lib/messages.c:traverse_fn(127) > pid 94214 doesn't exist - deleting connections -1 [] > Post a debug level 10 log, there isn't enough information here to understand what's going on. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AIX 53TL8 Samba 3.2.4 Active Directory Win2k3 - "session setup failed: Call returned zero bytes (EOF)"
Hi All,
I am using Samba 3.2.4 compiled from source on AIX 5.3 TL8 and using
"security = SERVER" in the smb.conf works fine, however I am having
some issues when using "security = ADS" ..
I have followed numerous HOWTOs and newsgroup listings and seem to be
going round in circles ..
I think I can authenticate ok against the domain win2k3 server, but
then Samba bombs out with the following errors fvrom smbclient on the
host:
$ LIBPATH=/opt/pware/lib:/usr/local/samba/lib /usr/local/samba/bin/
smbclient -L myhostname -U UK+myusername
Enter UK+myusername's password: mypassword
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes (EOF)
Also mapping from a windows system just gives the message "The mapped
network drive could not be created because the following error has
occured: The specified network name is no longer available."
Excuse the LIBPATH stuff it is to get around kinit and klist not
working if I set the variable permanently. I was originally using
3.0.28 pre-compiled from samba.org and got the same issues.
So, I think I am authenticating ok .. but where to go from here
because I get the "session setup failed: Call returned zero bytes
(EOF)" error and I can see the following errors in the "smbd.log"
$ cat smbd.log
[2008/11/25 14:49:43, 2] lib/messages_local.c:message_notify(270)
message to process 94214 failed - No such process
[2008/11/25 14:49:43, 2] lib/messages_local.c:messaging_tdb_send(358)
pid 94214 doesn't exist - deleting messages record
[2008/11/25 14:49:43, 2] lib/messages.c:traverse_fn(127)
pid 94214 doesn't exist - deleting connections -1 []
###-###
... some back ground and config ..
######
$ cat /etc/smb.conf
# Samba config file created using SWAT
# from ##.##.223.72 (##.##.223.72)
# Date: 2008/11/21 16:29:18
[global]
workgroup = UK
realm = UK.DOMAIN.NET
netbios name = myhostname
netbios aliases = MYHOSTNAME
server string = Samba: version %v, host %h
security = ADS
encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 10
max log size = 2048
auth methods = winbind
password server = my_password_server.uk.domain.net
max log size = 2048
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
passdb backend = tdbsam
idmap backend = ad
idmap uid = 1-2
idmap gid = 1-2
winbind nss info = rfc2307
winbind separator = +
winbind use default domain = Yes
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/ksh
ldap suffix = "dc=uk,dc=domain.net"
client use spnego = yes
client signing = yes
[sambatest]
path = /tmp/sambatest
valid users = UK+username
read only = No
writable=yes
browseable=yes
create mask = 0770
[homes]
comment = Home Directories
browseable = no
writeable = yes
create mask = 0640
$ cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = UK.DOMAIN.NET
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
[realms]
UK.DOMAIN.NET = {
kdc = my_password_server.uk.domain.net
admin_server = my_password_server.uk.domain.net
default_domain = uk.domain.net
}
[domain_realm]
.uk.domain.net = UK.DOMAIN.NET
uk.domain.net = UK.DOMAIN.NET
$ cat /usr/lib/security/methods.cfg
WINBIND:
program = /usr/lib/security/WINBIND
options = debug
KRB5A:
program = /usr/lib/security/KRB5A
options = authonly
KRB5Afiles:
options = db=BUILTIN,auth=KRB5A
## WINBIND copied in from /usr/local/samba/sbin
$ ls -l /usr/lib/security/WINBIND
-rwxr-xr-x1 root system 9381212 25 Nov 09:57 /usr/lib/
security/WINBIND
$ grep -p WINBIND /etc/security/user
default:
admin = false
login = true
su = false
daemon = true
rlogin = false
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 027
expires = 0
SYSTEM = "WINBIND or compat"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 5
histexpire = 0
histsize = 4
minage = 0
maxage = 12
maxexpired = -1
minalpha = 1
minother = 1
minlen = 8
mindiff = 0
maxrepeats = 4
dictionlist =
pwdchecks =
$ echo
[Samba] Odd Samba behavior
Greetings, Samba 3.0.28a running on Ubuntu 8.3. I have 2 shares and have them mounted on Windows Vista, Windows XP, Windows 2000 Server, and Slackware Linux. In my syslog, I recieve the following: Nov 26 11:57:54 NAS winbindd[23761]: [2008/11/26 11:57:54, 0] lib/util_sock.c:read_socket_with_timeout(497) Nov 26 11:57:54 NAS winbindd[23761]: read_socket_with_timeout: timeout read. read error = Connection reset by peer. Nov 26 11:57:54 NAS winbindd[23761]: [2008/11/26 11:57:54, 0] libsmb/clientgen.c:cli_receive_smb(111) Nov 26 11:57:54 NAS winbindd[23761]: Receiving SMB: Server stopped responding Nov 26 11:57:54 NAS winbindd[23761]: [2008/11/26 11:57:54, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Nov 26 11:57:54 NAS winbindd[23761]: rpc_api_pipe: Remote machine SERVER-1 pipe \lsarpc fnum 0x8000returned critical error. Error was Read error: Connection reset by peer Nov 26 12:05:03 NAS smbd[24743]: [2008/11/26 12:05:03, 0] lib/util_sock.c:read_data(534) Nov 26 12:05:03 NAS smbd[24743]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer Nov 26 12:15:39 NAS smbd[24750]: [2008/11/26 12:15:39, 0] lib/util_sock.c:read_data(534) Nov 26 12:15:39 NAS smbd[24750]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer Nov 26 11:57:54 NAS winbindd[23761]: Receiving SMB: Server stopped responding Nov 26 11:57:54 NAS winbindd[23761]: [2008/11/26 11:57:54, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Nov 26 11:57:54 NAS winbindd[23761]: rpc_api_pipe: Remote machine SERVER-1 pipe \lsarpc fnum 0x8000returned critical error. Error was Read error: Connection reset by peer Nov 26 12:05:03 NAS smbd[24743]: [2008/11/26 12:05:03, 0] lib/util_sock.c:read_data(534) Nov 26 12:05:03 NAS smbd[24743]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer Nov 26 12:15:39 NAS smbd[24750]: [2008/11/26 12:15:39, 0] lib/util_sock.c:read_data(534) Nov 26 12:15:39 NAS smbd[24750]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer Nov 26 12:27:33 NAS smbd[24756]: [2008/11/26 12:27:33, 0] lib/util_sock.c:read_data(534) Nov 26 12:27:33 NAS smbd[24756]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer Nov 26 12:44:55 NAS smbd[24766]: [2008/11/26 12:44:55, 0] lib/util_sock.c:read_data(534) Nov 26 12:44:55 NAS smbd[24766]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer Nov 26 12:55:30 NAS smbd[24808]: [2008/11/26 12:55:30, 0] lib/util_sock.c:read_data(534) Nov 26 12:55:30 NAS smbd[24808]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer Nov 26 13:06:06 NAS smbd[24813]: [2008/11/26 13:06:06, 0] lib/util_sock.c:read_data(534) Nov 26 13:06:06 NAS smbd[24813]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer Nov 26 13:16:42 NAS smbd[24818]: [2008/11/26 13:16:42, 0] lib/util_sock.c:read_data(534) Nov 26 13:16:42 NAS smbd[24818]: read_data: read failure for 4 bytes to client 10.0.0.2. Error = Connection reset by peer The result of these errors is that a share can be working just fine one minute, and then become inaccessible the next. This affects all the Windows boxes, and affects the Linux box if I use the smbclient, but doesn't seem to be an issue when i use "mount -t smbfs ", though I haven't tested this as thoroughly as I've tested the other methods yet. Windows reports an error regarding the network path being invalid. I've rewritten my smb.conf file about 60 times, read every document that mentions anything regarding this error.. and I'm fresh out of ideas. I'm also experiencing very, very slow transfers TO the NAS via SMB (gigabit lan, transfers to the NAS peak at about 5.5mbytes/sec). Any help, ideas, thoughts, whatever would be greatly appreciated. Thanks! - Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to allow users to empty their recycle bins (VFS recyle)
Hi all, I recently configured Samba (Version 3.0.22-13.30-1290-SUSE-CODE1) to use recycle bins. Everything seems to be working fine. However, users are currently unable to empty their recycle bins. Here are the relevant lines of the configuration file: [...] vfs objects = recycle full_audit [removed audit configuration lines] recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsixe = 0 #recycle:exclude = *.tmp recycle:exclude_dir = @Bin,[EMAIL PROTECTED] [some share] read only = No create mask = 0660 directory mask = 0771 path = %H inherit acls = Yes vfs objects = recycle full_audit recycle:repository = %H/@Bin recycle:directory_mode = 0771 [...] When a user enters his/hers @Bin directory after deleting some file or directory, the complete tree is there, with the removed item, as required. When the user tries to remove the topmost directory of this tree, say @Bin/Dir, it is deleted, but it is still inserted into the recycle bin, though now as @Bin/@Bin/Dir. Hence, users cannot get rid of their own trash, which is extremely annoying to them, as well as inconvenient: since the disk occupation grows more rapidly, we have to reduce the amount of time items may remain in the recycle bin. Are there any solutions for this problem? Best regards, Manuel smime.p7s Description: S/MIME cryptographic signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] false local printer settings
Hi, I installed a printer via cups, did the driver installation as described in Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers (Samba-3 by Example). I changed the paper-size in the printer-settings and the device-settings from letter to A4. After the installation of the printer on a workstation, I got the wrong local printer settings (again letter instead of A4). Best regards, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [Bug 299306] [NEW] Permission denied of usershares statfile in Samba 3.0.28a-1ubuntu4.7
This bug report can be closed The Problem was an error in mapping user and group ID to the LDAP UID/GID! I have set the right UID/GID in the smb.conf with uid map = 1-2 gid map = 500-600 -> no errors in config!! Meslo wrote: > Public bug reported: > > Hello, > > I have migrate my running Samba-PDC Setup with LDAP from Debian Etch to > Ubuntu Hardy Server 8.04. > > LDAP ist running correct. Samba Setup ist working right, but acces to > Users Home has a poor performance. Access to a "PUBLIC" Folder is much > faster! > > The Usershare Folder: > drwxrwx--T 2 root sambashare 4096 Nov 17 20:10 usershares > > > Error in log.PC09:stands for the login user > > 2008/11/18 02:32:31, 3] smbd/process.c:process_smb(1069) > Transaction 17 of length 110 > [2008/11/18 02:32:31, 3] smbd/process.c:switch_message(927) > switch message SMBtrans2 (pid 915) conn 0x8535d40 > [2008/11/18 02:32:33, 3] smbd/service.c:find_service(286) > checking for home directory gave (NULL) > [2008/11/18 02:32:33, 0] param/loadparm.c:process_usershare_file(4606) > process_usershare_file: stat of /var/lib/samba/usershares/ > failed. Permission denied > [2008/11/18 02:32:33, 3] smbd/service.c:find_service(360) > find_service() failed to find service > [2008/11/18 02:32:33, 3] smbd/error.c:error_packet_set(106) > error packet at smbd/trans2.c(6307) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND > [2008/11/18 02:32:33, 3] smbd/process.c:process_smb(1069) > Transaction 307 of length 104 > [2008/11/18 02:32:33, 3] smbd/process.c:switch_message(927) > switch message SMBntcreateX (pid 914) conn 0x8515a18 > [2008/11/18 02:32:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (31033, 544) - sec_ctx_stack_ndx = 0 > > > /etc/samba/smb.conf > > [profiles] > path= /srv/profiles/ > browseable = no > writeable = yes > guest ok= yes > hide files = /desktop.ini/ntuser.ini/NTUSER.*/thumbs.db/ > write list = %U, @"Domain Users", @"Domain Admins" > create mode = 0600 > directory mode = 0700 > default case= lower > preserve case = no > case sensitive = no > force group = "Domain Users" > > [homes] > comment = Home Directory %U, %u > path= /srv/user-homes/%U > browseable = no >valid users = %S > read only = no > writeable = yes > guest ok= no > inherit permissions = yes > create mask = 0644 > directory mask = 0775 > force user = root > force group = "Domain Users" > > ** Affects: samba (Ubuntu) > Importance: Undecided > Status: New > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba + Vista Issue
I have not found a solution so far. The only thing that I have found is that my home Vista computer not attached to a domain connecting via IP & DNS works fine. My company laptop attached to a domain IP works fine but not DNS. I will at some other point try another vista computer that is attached to the domain at work. If it doesn't I will try the same computer as a workgroup. If you want to try out my theory, can you let me know the results. Regards Adam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Allison Sent: 26 November 2008 10:02 To: samba list Subject: RE: [Samba] Re: Samba + Vista Issue >Hi, > >Name resolution is working correctly, this is something I checked very >early in my investigation. > >If I use net use with the ip address the drive is mapped straight away. >If I use net use with the dns name I am prompted to enter my >credentials. > >Regards > >Adam > >>-Original Message- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On >>Behalf Of Peter Slickers >>>Sent: 18 November 2008 23:34 >>To: samba list >>Subject: [Samba] Re: Samba + Vista Issue >> >>Adam Stirk wrote: >> >> I'm experiencing a problem with samba v3.2.4 and windows vista. If I >> access my samba share via the ip address e.g. \\192.168.0.1\share >> windows will authenticate against the >> samba server and bring the share up, but if I use the dns name e.g. >> \\server.domain.local\share i'm >> faced with the logon box. > >I guess that name resolution is not working properly. > >Please open the command line interface on your Vista box and >type the following commands: > > ping server.domain.local > ping server > >If that is successful, try the 'net use' command: > net use server >Peter >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba Hi, we're having exactly the same problem here - only with Vista... and solutions found? I've tryed all of the usual Vista fixes to no avail, DNS works fine Thanks Howard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba + Vista Issue
>Hi, > >Name resolution is working correctly, this is something I checked very >early in my investigation. > >If I use net use with the ip address the drive is mapped straight away. >If I use net use with the dns name I am prompted to enter my >credentials. > >Regards > >Adam > >>-Original Message- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On >>Behalf Of Peter Slickers >>>Sent: 18 November 2008 23:34 >>To: samba list >>Subject: [Samba] Re: Samba + Vista Issue >> >>Adam Stirk wrote: >> >> I'm experiencing a problem with samba v3.2.4 and windows vista. If I >> access my samba share via the ip address e.g. \\192.168.0.1\share >> windows will authenticate against the >> samba server and bring the share up, but if I use the dns name e.g. >> \\server.domain.local\share i'm >> faced with the logon box. > >I guess that name resolution is not working properly. > >Please open the command line interface on your Vista box and >type the following commands: > > ping server.domain.local > ping server > >If that is successful, try the 'net use' command: > net use server >Peter >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba Hi, we're having exactly the same problem here - only with Vista... and solutions found? I've tryed all of the usual Vista fixes to no avail, DNS works fine Thanks Howard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot Delete File
I;ve discovered that a user can delete a file if the user owns the parent directory. I've also found this in the logs trish opened file N984Z9~L read=Yes write=No (numopen=2) [2008/11/26 04:14:42, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(138) linux_set_kernel_oplock: Refused oplock on file N984Z9~L, fd = 30, file_id = f e04:714d. (Permission denied) It looks like the file are being opened read only and oplocks are being denied. Robert Steinmetz wrote: I just upgraded my Member Server to 3.2.4 on Ubuntu. I have a permissions problem. Users can create files on the Samba shares but they cannot delete files. Here is a typical share definition. [Testing] comment = Test for Samba path = /files/test browseable = yes writeable = yes create mask = 0764 directory mask = 0775 On the Linux side I can do whatever I want. On windows I can create directories and delete them, I can create files, open them, modify them and save them back, but any attempt to delete them fails with the error "Cannot delete : Access is denied The source file may be in use." On windows XP the file shows the domain user had Full Control and the Domain User Group has read write control. The Linux permissions are 764 although some files are 770 even files with 777 permissions fail.. -- Robert Steinmetz, AIA Principal Steinmetz & Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.2.4 WINs problem
Hello All, i have a PDC running on subnet 192.168.100.x, and i have set wins support = yes. i have another subnet 192.168.101.x where all my client windows 2k/XP/2003/samba clients reside. For some reason the WINs server doesn't update its entries whenever a client changes IP address -- it still serves up the previous ip address mapping. This only seems to be a problem with samba-based clients; i've tried changing ip addresses on windows clients, and the WINs seems to detect the ip address changes immediately. For example, when i change the ip address for samba server serverA, from 192.168.101.1 to 192.168.101.2, an 'nmbloookup -R -U PDC serverA' returns 192.168.101.1, but an 'nmblookup serverA' returns 192.168.101.2. Upon suggestion from previous posts, the workaround now is to manually edit wins.dat on the WINS/PDC. While it does work well enough, i'm concerned that this may become a very big problem once i deploy this -- we have around 300 servers/VMs as of writing. Any advice? tia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
