Re: [Samba] * Reloading /etc/samba/smb.conf smbd only
Bruce Borah wrote: This phenomenon is due to the lease being renewed. The use of dhcp on a server is the root problem. With all due respect I have difficulty with this claim. I have implemented Samba at hundreds of sites that use DHCP without ever noticing the problem reported below. I would dearly like to see evidence that supports a relationship between DHCP and smb.conf re-reads. cheers, John T. See this thread on the Ubuntu Forum: http://ubuntuforums.org/showthread.php?t=1140094 -Bruce Olivier Nicole wrote: but should the message *Reloading /etc/samba/smb.conf smbd only appear right on the command every five minutes? that surely cannot be normal behavior. Must be depending on how you started samba and what you configured as a log file. If you started samba on command line and have no log configured, all the messages will come on your command line... Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: RESOLVED: (sorta) Re: [Samba] Oplocks question
Toby Bluhm wrote: Terry Haley wrote: Actually Dan that helps a lot. It tells me the amount of work and effort it takes to bend this application in order to fit a mold it was not intended for. In the end, I decided to bite the bullet and make my PDC double as my primary file server. 45 mins of swapping an FC-nic, remapping the lvm's and reconfiguring the smb.conf in order to make this a non-issue and prevent more complexity proliferation is well worth it. It's a shame it doesn't handle remote file systems more elegantly. Here are the steps: configure the 2nd samba server as a client, join it to the domain, add a dfs enabled share, dfs enable the PDC, create the filesystem link(s), done. Should take 5 minutes. True. But keep in mind that Mac OS X machines won't follow DFS links. At least until 10.5.6. -Remy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: TOSHARG-PDC.xml translate finish and some bug found
Hi, On Wed, Jun 10, 2009 at 12:01:46PM +0900, OPC oota wrote: Now,TOSHARG-PDC.xml translate to Japanese finished. and Some bug found. --- listitempara indextermprimaryNexus.exe/primary/indexterm Management of users and groups via the User Manager for Domains. This can be done on any MS Windows client using the filenameNexus.exe/filename toolkit for Windows 9x/Me, or using the SRVTOOLS.EXE package for MS Windows NT4/200x/XP platforms. These packages are available from Microsoft's Web site. /para/listitem SRVTOOLS can't run on Windows Vista/Windows 7. SSO implementations utilize centralization of all user account information. Depending on environmental complexity and the age of the systems over which a SSO solution is implemented, it may not be possible to change the solution architecture so as to accomodate a new identity management and user authentication system. -- accommodate? Many SSO solutions involving legacy systems consist of a new super-structure that handles authentication on behalf of the user. The software that gets layered over the old system may simply implement a proxy authentication system. This means that the addition of SSO increases over-all information systems complexity. Ideally, the implementation of SSO should reduce complexity and reduce administative overheads. converge when the SAML 2.0 standard is introduced. A few Web access-management products support SAML today, but implemention of the technology mostly requires customization to integrate applications and develop user implementation? interfaces. In a nust-shell, that is why FIM is a big and growing industry. In a nutshell ? New to Samba-3 is the ability to use a backend database that holds the same type of data as the NT4-style SAM database (one of the registry files)footnoteparaSee also link linkend=passdbAccount Information Databases/link./para./footnote - period duplicate Domain member machines have a machine trust account in the domain accounts database. A special procedure must be followed on each machine to effect domain membership. This procedure, which can be done only by the local machine Administrator account, creates the domain machine account (if it does not exist), and then initializes that account. When the client first logs onto the - logon to? to log onto the domain./para/listitem --- logon to? listitemparaPlacing Windows 9x/Me clients in user-level security smbmdash; if it is desired to allow all client-share access to be controlled according to domain user/group identities./para/listitem listitemparaAdding and managing domain user accounts./para/listitem /itemizedlist notepara indextermprimaryroaming profiles/primary/indexterm MS Windows XP Home Edition does not have the ability to join any type of domain security facility. Unlike MS Windows 9x/Me, MS Windows XP Home Edition also completely lacks the ability to log onto a network. logon to? Workstation Machine Trust Accounts work only with the domain (or network) SID. If this SID changes, domain members (workstations) will not be able to log onto the domain. The original domain SID logon to? can be recovered from the secrets.tdb file. The alternative is to visit each workstation to rejoin it to the domain. sect2 titleCannot Log onto Domain Member Workstation After Joining Domain/title Logon to? para indextermprimaryschannel/primary/indexterm indextermprimarysigning/primary/indexterm thanks a lot for reporting! :-) The first issues should be fixed by commit ad0d8032 in master. I am not sure about the log onto things. At least according to my dictionary, it seems to be right. Maybe one of the native speakers would like to comment... Cheers, Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org pgp6M2NjaO95V.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] access shares form 2 diff domains issue
Hi All, Below in my smb.conf file === [global] netbios name = AA-FTP workgroup = airarabia realm = airarabia.com server string = Samba File Server encrypt passwords = yes security = ADS password server = 10.200.2.22 log level = 3 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap preferred master = No passdb backend = tdbsam domain master = no dns proxy = yes ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind use default domain = yes cups options = raw vfs object = vscan-clamav preserve case = yes short preserve case = yes vscan-clamav: config-file = /etc/samba/vscan-clamav.conf username map = /etc/samba/smbusers hide unreadable = Yes create mask = 0664 directory mask = 0775 force create mode = 0660 force directory mode = 2770 force security mode = 0600 inherit acls = yes inherit permissions = yes inherit owner = yes [I T] comment = IT path = /home/IT browseable = yes writeable = yes == Now I have create a NEW domain as airarabiauae My samba server is still joined to the old domain i.e airarabia Situation 1.1) When I access the IT share from windows XP system as user airarabia\xyz I can read wirte delete Situation 1.2) When I access the IT share from windows XP system as user airarabiauae \xyz I can only read and wirte but cannot delete Situation 2.1) When I access the IT share from Ubuntu 9.04 system as user airarabia\xyz I can read wirte delete Situation 2.2) When I access the IT share from Ubuntu 9.04 system as user airarabiauae \xyz I can read wirte delete Would like to know the following. 1) why does it accepts the users from new domain? 2) why does Situation 1.2 delete not working == samba-3.0.28-1.el5_2.1 == //Remy -- Disclaimer and Confidentiality This material has been checked for computer viruses and although none has been found, we cannot guarantee that it is completely free from such problems and do not accept any liability for loss or damage which may be caused. Please therefore check any attachments for viruses before using them on your own equipment. If you do find a computer virus please inform us immediately so that we may take appropriate action. This communication is intended solely for the addressee and is confidential. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The views expressed in this message are those of the individual sender, and may not necessarily be that of ISA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind is very slow. log.winbind shows errors
Hi, Server: Debian Lenny with Samba 3.3.4 . log.winbindd shows this: [2009/06/10 09:01:13, 0] libsmb/namequery.c:saf_store(75) saf_store: refusing to store 0 length domain or servername! [2009/06/10 09:01:23, 0] libsmb/clientgen.c:cli_receive_smb(165) Receiving SMB: Server stopped responding [2009/06/10 09:01:23, 1] winbindd/winbindd_cm.c:cm_prepare_connection(967) failed tcon_X with NT_STATUS_IO_TIMEOUT [2009/06/10 09:01:26, 0] libsmb/namequery.c:saf_store(75) saf_store: refusing to store 0 length domain or servername! [2009/06/10 09:01:36, 0] libsmb/clientgen.c:cli_receive_smb(165) Receiving SMB: Server stopped responding [2009/06/10 09:01:36, 1] winbindd/winbindd_cm.c:cm_prepare_connection(967) failed tcon_X with NT_STATUS_IO_TIMEOUT [2009/06/10 09:01:39, 0] libsmb/namequery.c:saf_store(75) saf_store: refusing to store 0 length domain or servername! [2009/06/10 09:01:48, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(755) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host REY-SERVER, pipe \lsarpc, fnum 0x7445! Any Ideas? I dont know what to do with these messages. Thank you, JonnyD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to get rid of previous device settings for printer driver
Hi, I am in the process of changing the Samba printers from using client driver to using server driver. I think I finally got it working except that after I have uploaded the driver on Samba server and after I have configured the device settings for that driver (define duplex, additionnal tray, paper size), every time I install the printer on a new PC, it comes with a different setting. I think it may be due to the fact that the same orinter was existing previously on the client PC, but defined to use client driver, and there may be a mix-up between old and new configuration. How to forcefully remove any thing from the old driver before installing the new one? Old and new samba printers have the same name, use basically the same driver. TIA, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC autolocking domain administrator account
Hello! Some days ago we migrated our production domain from Windows NT 4.0 to Samba 3.3.4 (Yes - such migrations still happen these days :-)). After migration we noticed, that from time to time the domain adminstrator account gets locked - pdbedit shows the flags [UXL]. It is easy to activated the account again, but nevertheless it unexpected and unwanted. To my knowledge, the domain administrator is not affected by the automatic locking mechanism which comes into effect following repeated login attempts using an incorrect password. In addition, the behaviour is not reproduceable in a seperated test-network, that was cleanly built up from scratch and uses the same software versions (Operating system, smbldap- tools, slapd from Debian 5.0.1, Sernet-Samba-3.3.4). Since production and test network are both LDAP-based I compared the ldifs of both accounts. Differences found so far: The account in the test system has the attributes sambaBadPasswordCount and sambaBadPasswordTime unset while in production system they have a value of 0. Adopting the values does not change the behaviour. Does anyone know, what other criteria/attributes/circumstances might dispose Samba to autolock the account? Thanks and greetings from Biefeld, Stefan Oberwahrenbrock -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] * Reloading /etc/samba/smb.conf smbd only
Please read the Ubuntu Forums thread. Specifically from post #18 on. I believe it is the Ubuntu script for the DHCP client that is the culprit. -Bruce John H Terpstra - Samba Team wrote: Bruce Borah wrote: This phenomenon is due to the lease being renewed. The use of dhcp on a server is the root problem. With all due respect I have difficulty with this claim. I have implemented Samba at hundreds of sites that use DHCP without ever noticing the problem reported below. I would dearly like to see evidence that supports a relationship between DHCP and smb.conf re-reads. cheers, John T. See this thread on the Ubuntu Forum: http://ubuntuforums.org/showthread.php?t=1140094 -Bruce Olivier Nicole wrote: but should the message *Reloading /etc/samba/smb.conf smbd only appear right on the command every five minutes? that surely cannot be normal behavior. Must be depending on how you started samba and what you configured as a log file. If you started samba on command line and have no log configured, all the messages will come on your command line... Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: TOSHARG-PDC.xml translate finish and some bug found
Karolin Seeger wrote: Hi, On Wed, Jun 10, 2009 at 12:01:46PM +0900, OPC oota wrote: Now,TOSHARG-PDC.xml translate to Japanese finished. and Some bug found. --- listitempara indextermprimaryNexus.exe/primary/indexterm Management of users and groups via the User Manager for Domains. This can be done on any MS Windows client using the filenameNexus.exe/filename toolkit for Windows 9x/Me, or using the SRVTOOLS.EXE package for MS Windows NT4/200x/XP platforms. These packages are available from Microsoft's Web site. /para/listitem SRVTOOLS can't run on Windows Vista/Windows 7. SSO implementations utilize centralization of all user account information. Depending on environmental complexity and the age of the systems over which a SSO solution is implemented, it may not be possible to change the solution architecture so as to accomodate a new identity management and user authentication system. -- accommodate? Many SSO solutions involving legacy systems consist of a new super-structure that handles authentication on behalf of the user. The software that gets layered over the old system may simply implement a proxy authentication system. This means that the addition of SSO increases over-all information systems complexity. Ideally, the implementation of SSO should reduce complexity and reduce administative overheads. converge when the SAML 2.0 standard is introduced. A few Web access-management products support SAML today, but implemention of the technology mostly requires customization to integrate applications and develop user implementation? interfaces. In a nust-shell, that is why FIM is a big and growing industry. In a nutshell ? New to Samba-3 is the ability to use a backend database that holds the same type of data as the NT4-style SAM database (one of the registry files)footnoteparaSee also link linkend=passdbAccount Information Databases/link./para./footnote - period duplicate Domain member machines have a machine trust account in the domain accounts database. A special procedure must be followed on each machine to effect domain membership. This procedure, which can be done only by the local machine Administrator account, creates the domain machine account (if it does not exist), and then initializes that account. When the client first logs onto the - logon to? to log onto the domain./para/listitem --- logon to? listitemparaPlacing Windows 9x/Me clients in user-level security smbmdash; if it is desired to allow all client-share access to be controlled according to domain user/group identities./para/listitem listitemparaAdding and managing domain user accounts./para/listitem /itemizedlist notepara indextermprimaryroaming profiles/primary/indexterm MS Windows XP Home Edition does not have the ability to join any type of domain security facility. Unlike MS Windows 9x/Me, MS Windows XP Home Edition also completely lacks the ability to log onto a network. logon to? Workstation Machine Trust Accounts work only with the domain (or network) SID. If this SID changes, domain members (workstations) will not be able to log onto the domain. The original domain SID logon to? can be recovered from the secrets.tdb file. The alternative is to visit each workstation to rejoin it to the domain. sect2 titleCannot Log onto Domain Member Workstation After Joining Domain/title Logon to? para indextermprimaryschannel/primary/indexterm indextermprimarysigning/primary/indexterm thanks a lot for reporting! :-) The first issues should be fixed by commit ad0d8032 in master. I am not sure about the log onto things. At least according to my dictionary, it seems to be right. Maybe one of the native speakers would like to comment... Cheers, Karolin I believe either is acceptable English. I originally had logon to but the copy editor changed it. cheers, John T. -- John H Terpstra If at first you don't succeed, don't go sky-diving! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] * Reloading /etc/samba/smb.conf smbd only
Posts #25 and #26 from the ubuntu thread (http://ubuntuforums.org/showthread.php?t=1140094page=3) were written by me. From what I'm experiencing and noticing in the logs, I have to agree that this problem is caused (or at least initiated) by dhclient. Post #20 describes adding /dev/null to the reload call making the last line of the file /etc/dhcp3/dhclient-enter-hooks.d/samba look like this: [ -x /etc/init.d/samba ] /usr/sbin/invoke-rc.d samba reload /dev/null This would suppress the reload call and therefore cause the message * Reloading /etc/samba/smb.conf smbd only (which is found in /etc/init.d/samba) not to appear. However, I don't think suppressing the reload call to prevent /etc/init.d/samba from reloading and therefore causing the message not to appear is hardly the real solution. For some reason the message comes up right on the command line output every ~5 minutes, which is frustrating when someone is trying to use the command line and this message keeps getting in the way. Do we have to somehow force this message to output to a log file instead of the screen??? On Wed, Jun 10, 2009 at 7:56 AM, Bruce Borahbabo...@gmail.com wrote: Please read the Ubuntu Forums thread. Specifically from post #18 on. I believe it is the Ubuntu script for the DHCP client that is the culprit. -Bruce John H Terpstra - Samba Team wrote: Bruce Borah wrote: This phenomenon is due to the lease being renewed. The use of dhcp on a server is the root problem. With all due respect I have difficulty with this claim. I have implemented Samba at hundreds of sites that use DHCP without ever noticing the problem reported below. I would dearly like to see evidence that supports a relationship between DHCP and smb.conf re-reads. cheers, John T. See this thread on the Ubuntu Forum: http://ubuntuforums.org/showthread.php?t=1140094 -Bruce Olivier Nicole wrote: but should the message *Reloading /etc/samba/smb.conf smbd only appear right on the command every five minutes? that surely cannot be normal behavior. Must be depending on how you started samba and what you configured as a log file. If you started samba on command line and have no log configured, all the messages will come on your command line... Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1 UNKNOWN_CREATE_KEY_FUNCTIONS
It's been a while (probably almost a year now) since I tried building Samba against IBM's krb5 ... and I had the same luck as Bill (no luck). Eventually, I gave up and we have been (happily) using Bill's pware bundles since then. -Claus -Original Message- From: samba-bounces+claus.lund=state.vt...@lists.samba.org [mailto:samba-bounces+claus.lund=state.vt...@lists.samba.org] On Behalf Of Benjamin Huntsman Sent: Tuesday, June 09, 2009 8:32 PM To: William Jojo Cc: samba@lists.samba.org Subject: RE: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1 UNKNOWN_CREATE_KEY_FUNCTIONS Bill- Thanks for the quick response! If it's found by the script, why isn't it listed in the any of the -I options below? IBM puts krb5.h, etc in /usr/include. Only the libs live in /usr/krb5: $ ls /usr/krb5 COPYRIGHT README.ZH_TW README.ko_KR bin scripts README.KO_KR README.Zh_CN README.pt_BR ldif README.PT_BR README.Zh_TW README.zh_CN lib README.ZH_CN README.en_US README.zh_TW sbin $ ls /usr/include/krb5.h /usr/include/krb5.h $ If you're using AD, you're likely going to want winbindd (and maybe WINBIND LAM) unless there is another way you plan on mapping SIDs to Unix user/group id values. Yes, you're right. That's my mistake. I will change that to --with-winbind. I'm not sure that adding winbind will fix the build error, but we'll see. I'm reconfiguring now... this generally takes 2 hours on our build box. Thanks again!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1UNKNOWN_CREATE_KEY_FUNCTIONS
As I suspected, changing a few things like winbind makes no difference. At the bottom of this message is the error I get. Reading through the IBM-supplied krb5.h shows a MIT copyright, so it ought to be compatible. Given the errors in the build, can we determine where it's choking or what its missing from krb5.h? IBM has documentation on how to make their Kerberos talk to Active Directory, so it's obviously capable... Can I look for something? I'll happily post the IBM-supplied krb5.h if no one here thinks that'd be a copyright violation. I don't see much documentation on it around, but it looks like it's not finding what encryption protocols the IBM Kerberos supports. I'm still hoping this can work, because I really don't want to have to replace the IBM Kerberos unless we discover that it's absolutely necessary. (Plus that'll be good for the community to have a definite no, it won't work for AIX). Many thanks all for your help! -Ben ... Compiling libsmb/clikrb5.c libsmb/clikrb5.c:258:2: #error UNKNOWN_CREATE_KEY_FUNCTIONS libsmb/clikrb5.c:1011:2: #error UNKNOWN_KRB5_VERIFY_CHECKSUM_FUNCTION libsmb/clikrb5.c: In function `handle_krberror_packet': libsmb/clikrb5.c:1527: error: `ERROR_TABLE_BASE_krb5' undeclared (first use in t his function) libsmb/clikrb5.c:1527: error: (Each undeclared identifier is reported only once libsmb/clikrb5.c:1527: error: for each function it appears in.) libsmb/clikrb5.c:1608:2: #error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION The following command failed: gcc -I. -I/bk/compile/samba-3.3.4/build/source -I/bk/compile/samba-3.3.4/openld ap/include -O -D_SAMBA_BUILD_=3 -I/bk/compile/samba-3.3.4/build/source/popt -I/b k/compile/samba-3.3.4/build/source/iniparser/src -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -DHAV E_CONFIG_H -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib /tdb/include -I./libaddns -I./librpc -I./popt -DLDAP_DEPRECATED -I/include -I/ bk/compile/samba-3.3.4/build/source/lib -D_SAMBA_BUILD_=3 -c libsmb/clikrb5.c - o libsmb/clikrb5.o make: 1254-004 The error code from the last command is 1. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1 UNKNOWN_CREATE_KEY_FUNCTIONS
Hi Benjamin, On 2009-06-09 at 15:48 -0700 Benjamin Huntsman sent off: Perhaps someone here could tell me if this has been seen before. can you please file a bug at bugzilla.samba.org including what you wrote here and in addition to that the config.log? Thanks! Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading from NT to AD
Hi Samba users, Could someone point me toward documentation on the impact to Samba of upgrading from an NT domain to Active Directory? I've found docs on Samba with NT domains and docs on Samba with AD, but not so much on the upgrade process. I'd like to know exactly what I'm doing before I do anything that could cut my Windows users off from the file servers. Whether it's as easy as do the upgrade and your Samba servers will automatically make the transition, or I have to set up Kerberos and make changes to smb.conf, I want to be sure I know all the steps involved. Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1UNKNOWN_CREATE_KEY_FUNCTIONS
Björn- Many thanks for your assistance. Per your request, I have submitted the relevant information from this thread to Bugzilla. This is now Bugzilla Bug 6464. Please keep me posted. I'd really like to see this work with IBM's Kerberos, as it would be ideal in our situation to avoid replacing IBM-supplied components unless strictly necessary. Thanks! -Ben -Original Message- From: Björn Jacke [mailto:b...@sernet.de] Sent: Wed 6/10/2009 2:25 PM To: Benjamin Huntsman Cc: samba@lists.samba.org Subject: Re: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1UNKNOWN_CREATE_KEY_FUNCTIONS Hi Benjamin, On 2009-06-09 at 15:48 -0700 Benjamin Huntsman sent off: Perhaps someone here could tell me if this has been seen before. can you please file a bug at bugzilla.samba.org including what you wrote here and in addition to that the config.log? Thanks! Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Server Upgrade
Hi, I have just upgraded our server. Ubuntu 9.04 Samba 2:3.3.2-1ubuntu3 I gave samba a few tests and it seemed to work OK so I went ahead. Next day Users lost there roaming profile and were logged into a local profile. So I rejoined them to the domain. This worked OK - sort of. I am using smbpasswd file and noticed that suddenly the passwords were getting changed by something and became the Unix password. Didn't ask for this as I have in some cases a better passwords for email accounts and weak passwords for Windows users. I think that I have tracked it down to /etc/pam.d/common-auth Commented out: auth optionalpam_smbpass.so migrate However the passwords are no longer changing but something is still updating the smbpasswd file which did not happen before the upgrade. Question:. What is modifying smbpasswd and why, is it required? Probably caused myself lots of trouble by creaming /var/lib/samba/*tdb and changing parameters in /etc/samba/smb.conf as part of the process of putting out fires. OK so now things are working OK for many users but some machines keep on dropping off the domain. I can tell which ones as I see by: tail -n1 -f /var/log/samba/* | grep netlogon_creds_server_check _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client GRINDING-3 machine account GRINDING-3$ _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client GB-SUPERVISOR machine account GB-SUPERVISOR$ _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client GLASSBLOWING4 machine account GLASSBLOWING4$ _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client QC3 machine account QC3$ It seems to be a few machines but not all that are repeat offenders. This may coincide with when I commented out: auth optionalpam_smbpass.so migrate This is obviously driving me nuts because it is embarrassing after an upgrade to have instability and it takes time to rejoin the domain for each offending machine. Help is much appreciated Thanks Grahame Jordan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Upgrading from NT to AD
Could someone point me toward documentation on the impact to Samba of upgrading from an NT domain to Active Directory? I've found docs on Samba with NT domains and docs on Samba with AD, but not so much on the upgrade process. I'd like to know exactly what I'm doing before I do anything that could cut my Windows users off from the file servers. Whether it's as easy as do the upgrade and your Samba servers will automatically make the transition, or I have to set up Kerberos and make changes to smb.conf, I want to be sure I know all the steps involved. I don't know any such documentation (and good luck to you finding it) - I would think maybe you'll find something going from 2003 to 2008 ... but from NT to AD ... phew doggy... Anyway - I do have some advice for you. Find some way to attach a new hard drive to the windows server. Boot from something like centos cd1 in rescue mode. Use dd to backup the OS hard drive to a file on the new HD. If the OS hard drive is software mirrored, make separate dd's for each of the 2 hard drives. That way, you're free to do what you need to do, and you always have a safetynet. Assuming you're using Kerberos, my expectation is that you don't need to do anything at all on the samba server. But don't hold me to it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: nmbd: broadcast packet send FAILURE: Invalid argument.
Previously I wrote (abbreviated msg summary): nmbd: become_domain_master_browser_bcast: Attempting to become dom mast \ browser, wrkgrp BLISS, subnet 192.168.3.1; nmbd/nmbd_become_dmb.c: \ become_domain_master_browser_bcast(304) become_dom_master_browser_bcast: querying subnet 192.168.3.1 for \ dom mastr brwsr on wrkgrp BLISS 2 x { libsmb/nmblib.c:send_udp(839); Packet send failed to 192.168.3.255(137) \ ERRNO=Invalid argument; nmbd/nmbd_packets.c:send_netbios_packet(160) } } send_netbios_packet: send_packet() to IP 192.168.3.255 port 137 failed nmbd/nmbd_namequery.c:query_name(244); query_name: Failed to send \ pckt trying to query name BLISS1d Looking at traffic from the originating machine, on port 137, I see: Source Dest. Proto Info 4 x { #Note: ISHTAR=primary hostname, others are aliases for $HOSTNAME$ in ISHTAR, WEB-PROXY, CLOCK, WPAD; see { Ishtar bcast NBNSRegistration NB $HOSTNAME$20 Ishtar bcast NBNSRegistration NB $HOSTNAME$03 Ishtar bcast NBNSRegistration NB $HOSTNAME$00 } Then 3 lines for $HOSTNAME$=BLISS (domain name), but with suffix values of: 00, 1e, 1c } About 31 seconds later, I see some client interaction with some valid and an 'invalid' (or potentially misleading) response(?): Source Dest. Proto Info Athena Ishtar NBNSName query NB BLISS1c Ishtar Athena NBNSName query response NB 192.168.3.1 Athena Ishtar NBNSName query NB BLISS1b Ishtar Athena NBNSName query response NB 127.0.0.2 At about 608.2 second intervals, there were 4 repetitions of the above 4 lines (when I terminated monitoring). 1st Observation -- There is nothing on the line indicating what the parameter ERROR is that is being returned in the log 2) Should NMBD be 'advertising' to other hosts that it is a master browser for 127.0.0.2? It seems it should limit that information to any 'clients' on the host, but not broadcast that to other hosts, as their 'localnet', if it had more than one host (i.e. virtual hosts) would be 'local' to those other hosts -- i.e. I'm not sure it would be a global NBNS for other host's local subnets (which would be virtual 'vmnets', I believe...no?) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2219-gb152afe
The branch, master has been updated via b152afeadee32c7421db49305a1851cd19cf3c10 (commit) via 27bb7ac5d1ae1b22954024d74c02d9ffdb283def (commit) from dc5c7b7f98345621f4cf1b9992ebbe9144e14ebb (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b152afeadee32c7421db49305a1851cd19cf3c10 Author: Günther Deschner g...@samba.org Date: Wed Jun 10 21:23:12 2009 +0200 s3-libwbclient: fix unresolved symbols in libwbclient. Kai, please check. Guenther commit 27bb7ac5d1ae1b22954024d74c02d9ffdb283def Author: Günther Deschner g...@samba.org Date: Wed Jun 10 21:22:33 2009 +0200 lib-util: move set_blocking() call into own file. Guenther --- Summary of changes: lib/util/blocking.c | 62 +++ lib/util/config.mk |1 + lib/util/util.c | 31 - source3/Makefile.in |9 +- 4 files changed, 70 insertions(+), 33 deletions(-) create mode 100644 lib/util/blocking.c Changeset truncated at 500 lines: diff --git a/lib/util/blocking.c b/lib/util/blocking.c new file mode 100644 index 000..f5933cc --- /dev/null +++ b/lib/util/blocking.c @@ -0,0 +1,62 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Jeremy Allison 2001-2002 + Copyright (C) Simo Sorce 2001 + Copyright (C) Jim McDonough (j...@us.ibm.com) 2003. + Copyright (C) James J Myers 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include system/network.h +#include system/filesys.h +#include system/locale.h +#undef malloc +#undef strcasecmp +#undef strncasecmp +#undef strdup +#undef realloc + +/** + Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, + else + if SYSV use O_NDELAY + if BSD use FNDELAY +**/ + +_PUBLIC_ int set_blocking(int fd, bool set) +{ + int val; +#ifdef O_NONBLOCK +#define FLAG_TO_SET O_NONBLOCK +#else +#ifdef SYSV +#define FLAG_TO_SET O_NDELAY +#else /* BSD */ +#define FLAG_TO_SET FNDELAY +#endif +#endif + + if((val = fcntl(fd, F_GETFL, 0)) == -1) + return -1; + if(set) /* Turn blocking on - ie. clear nonblock flag */ + val = ~FLAG_TO_SET; + else + val |= FLAG_TO_SET; + return fcntl( fd, F_SETFL, val); +#undef FLAG_TO_SET +} diff --git a/lib/util/config.mk b/lib/util/config.mk index 3bda8ec..ad39096 100644 --- a/lib/util/config.mk +++ b/lib/util/config.mk @@ -22,6 +22,7 @@ LIBSAMBA-UTIL_OBJ_FILES = $(addprefix $(libutilsrcdir)/, \ util_file.o \ data_blob.o \ util.o \ + blocking.o \ util_net.o \ fsusage.o \ ms_fnmatch.o \ diff --git a/lib/util/util.c b/lib/util/util.c index 0148bdb..29b47f5 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -146,37 +146,6 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname, uid_t uid, /** - Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, - else - if SYSV use O_NDELAY - if BSD use FNDELAY -**/ - -_PUBLIC_ int set_blocking(int fd, bool set) -{ - int val; -#ifdef O_NONBLOCK -#define FLAG_TO_SET O_NONBLOCK -#else -#ifdef SYSV -#define FLAG_TO_SET O_NDELAY -#else /* BSD */ -#define FLAG_TO_SET FNDELAY -#endif -#endif - - if((val = fcntl(fd, F_GETFL, 0)) == -1) - return -1; - if(set) /* Turn blocking on - ie. clear nonblock flag */ - val = ~FLAG_TO_SET; - else - val |= FLAG_TO_SET; - return fcntl( fd, F_SETFL, val); -#undef FLAG_TO_SET -} - - -/** Sleep for a specified number of milliseconds. **/ diff --git a/source3/Makefile.in b/source3/Makefile.in index d93c7a7..32fe908 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -356,7 +356,8 @@ UTIL_OBJ = ../lib/util/rbtree.o ../lib/util/signal.o ../lib/util/time.o \ ../lib/util/genrand.o ../lib/util/util_net.o \ ../lib/util/become_daemon.o ../lib/util/system.o \ ../lib/util/tevent_unix.o ../lib/util/tevent_ntstatus.o \ -