Re: [Samba] Streaming large videos causes server's networking to crash
Which network device are you using? when it happens, do a dmesg|tail on the server. Anything interesting there? I had a similar symptoms which turned out to be caused by the Realtek device on my motherboard and the driver in my Linux distro. (and when I fixed that by using another driver, my machine was still not stable so I swapped the motherboard out for an older one - that's when I found I also had a faulty sata data cable... Just be warned that problems don't always come alone) 2009/7/29 Paul Accisano > Greetings all; I really hope someone can help me. I recently upgraded > to the most recent version (from a year-old version) of Samba, on a > server now running on Ubuntu Server Jaunty Jackalope x64. After > upgrading, whenever I play large media files on my Vista machine > streamed from the Samba server, the networking functionality on the > server drops out. Sometimes it happens after playing a video for 2 > minutes, sometimes it takes 2 hours. After it drops out, running > /etc/init.d/networking restart on the local terminal restores networking > functionality. Rebooting also has this effect. This never happened > before I upgraded, so I doubt it's a hardware problem. I see the > following in the log for the computer the video was being viewed on: > > [2009/07/29 01:13:21, 0] lib/util_sock.c:write_data(1136) > [2009/07/29 01:13:21, 0] lib/util_sock.c:get_peer_addr_internal(1676) > getpeername failed. Error was Transport endpoint is not connected > write_data: write failure in writing to client 0.0.0.0. Error > Connection reset by peer > [2009/07/29 01:13:21, 0] smbd/process.c:srv_send_smb(74) > Error writing 4159 bytes to client. -1. (Transport endpoint is not > connected) > [2009/07/29 01:13:21, 1] smbd/service.c:close_cnum(1323) > murahime (:::192.168.1.100) closed connection to service Paul's Folder > > and the following in log.nmbd: > > [2009/07/29 01:13:23, 0] > nmbd/nmbd_become_lmb.c:become_local_master_stage2(395) > * > > Samba name server DITE is now a local master browser for workgroup > WORKGROUP on subnet 192.168.1.200 > > * > > Any ideas? > > --Paul Accisano > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Streaming large videos causes server's networking to crash
Greetings all; I really hope someone can help me. I recently upgraded to the most recent version (from a year-old version) of Samba, on a server now running on Ubuntu Server Jaunty Jackalope x64. After upgrading, whenever I play large media files on my Vista machine streamed from the Samba server, the networking functionality on the server drops out. Sometimes it happens after playing a video for 2 minutes, sometimes it takes 2 hours. After it drops out, running /etc/init.d/networking restart on the local terminal restores networking functionality. Rebooting also has this effect. This never happened before I upgraded, so I doubt it's a hardware problem. I see the following in the log for the computer the video was being viewed on: [2009/07/29 01:13:21, 0] lib/util_sock.c:write_data(1136) [2009/07/29 01:13:21, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/07/29 01:13:21, 0] smbd/process.c:srv_send_smb(74) Error writing 4159 bytes to client. -1. (Transport endpoint is not connected) [2009/07/29 01:13:21, 1] smbd/service.c:close_cnum(1323) murahime (:::192.168.1.100) closed connection to service Paul's Folder and the following in log.nmbd: [2009/07/29 01:13:23, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(395) * Samba name server DITE is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.200 * Any ideas? --Paul Accisano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
Do I take it that there is no good way to have a mix of local & roaming profiles? IE: where if the user has a profile on the server they get it, otherwise they use a local? You will benefit a lot by reading the section about redirected profile folders. I suppose it will do what you want. I sometimes use local profiles for my users except for the "My Documents", "Desktop", "Favorites", "Application Settings", etc. which are redirected and reside on the PDC. Besides some particular cases, the use of full roaming profiles is just not convenient these days because users keep gigabytes of files in their folders. The workstation would take a eternity to login to the domain. Redirected folders solve this problem since the files never leave the server and are available to all workstations from which the user logs in. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
Ah. I thought that the stanza would just disable roaming profiles. logon path = I misunderstood your question because your subject line says "How to use local profiles in samba PDC". Well, you must have a "netlogon" share containing a "Default User" profile. The process is described in the Samba documents I pointed you to. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Reverse Veto Files - let's try again!
On Tue, Jul 28, 2009 at 09:43:37PM +0100, Illtud Daniel wrote: > Since the list responsiveness seems to be at a high, le me > take the opportunity to repost a message that got no > answers in March: > > > I've searched the list, and I can't find reference to this being > implemented: > > reverse veto files - a list of files *allowed* rather than > the current list of files *denied*. Possibly implemented by > just allowing a ! in the veto files directive. > > eg: > > veto files = /!*.png/!*.gif/ > > = only allow pngs and gifs to be read or written through that > share. > > (though that's probably not the best syntax) > > I still think it's a good idea that I would find really > valuable. It's doable, but I wouldn't use that syntax. I'd use an "allowed files = /XXX/" style. > Was this discussed further? Has it been implemented under > another directive that I've missed? Has my google-foo let > me down? Not been implemented yet Patch welcome :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
logon path = will disable automatic roaming profile settings. You can still define roaming (or mandatory) profiles on a per user basis using "user manager" from the NT admin tools. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 "Don't Blend in..." -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Kyle Schmitt Sent: Tuesday, July 28, 2009 4:17 PM Cc: samba Subject: Re: [Samba] How to use local profiles in samba PDC? On Tue, Jul 28, 2009 at 3:56 PM, Miguel Medalha wrote: > >> How do you enable local profile creation on machines connected to a samba >> PDC? >> > > In smb.conf: > > logon path = [meaning nothing after the "=" sign] Ah. I thought that the stanza would just disable roaming profiles. logon path = Do I take it that there is no good way to have a mix of local & roaming profiles? IE: where if the user has a profile on the server they get it, otherwise they use a local? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Reverse Veto Files - let's try again!
Since the list responsiveness seems to be at a high, le me take the opportunity to repost a message that got no answers in March: I've searched the list, and I can't find reference to this being implemented: reverse veto files - a list of files *allowed* rather than the current list of files *denied*. Possibly implemented by just allowing a ! in the veto files directive. eg: veto files = /!*.png/!*.gif/ = only allow pngs and gifs to be read or written through that share. (though that's probably not the best syntax) I still think it's a good idea that I would find really valuable. Was this discussed further? Has it been implemented under another directive that I've missed? Has my google-foo let me down? -- Illtud Daniel illtud.dan...@llgc.org.uk Prif Swyddog Technoleg Chief Technical Officer Llyfrgell Genedlaethol Cymru National Library of Wales -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
On Tue, Jul 28, 2009 at 3:56 PM, Miguel Medalha wrote: > >> How do you enable local profile creation on machines connected to a samba >> PDC? >> > > In smb.conf: > > logon path = [meaning nothing after the "=" sign] Ah. I thought that the stanza would just disable roaming profiles. logon path = Do I take it that there is no good way to have a mix of local & roaming profiles? IE: where if the user has a profile on the server they get it, otherwise they use a local? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
How do you enable local profile creation on machines connected to a samba PDC? In smb.conf: logon path = [meaning nothing after the "=" sign] Samba HOWTO Collection Desktop Profile Management http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html Samba 3 by Example: Windows Client Configuration http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html#id2581407 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
[r...@vmsamba ~]# net rpc join -D MyDomain -Uadministrator%adminpasswd Joined domain MyDomain. Webmin is yet another admin tool but the command line returns domain joining success. The system shows up as a domain member in all of my Admin toolsI can access the account database information (users and groups) from the LDAP db residing on the PDC.wbinfo however is not returning information. I was of the understanding that winbind was not neccesary when utilizing an LDAP account database,has that changed? _ Windows Live™ Hotmail®: Search, add, and share the web’s latest sports videos. Check it out. http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_sports_videos_072009&cat=sports -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind issue connecting to trusted domain controllers
> > > So, is there a way I can specify that winbind only uses the CSS domain and > does not try and connect to the other trusted domains? > allow trusted domains = no > > > I'm running CentOS 5.3 with Samba 3.0.33-3.7.el5 with the following > smb.conf: > > [global] >workgroup = CSS >realm = CSS.AD.EXAMPLE.COM >server string = Samba Server Version %v >security = ADS >passdb backend = tdbsam >preferred master = No >winbind use default domain = Yes > > Any help much appreciated!!! > > Thanks > > Julian > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
On Tue, Jul 28, 2009 at 4:03 PM, Wikked one wrote: > Even though I have joined the domain with a net rpc join command > I can getent passwd just fine > wbinfo fails > > using webmin to attempt to bind to the domain but it fails > > Now I am truly confused! > If the wbinfo -t fails, then the host is not joined to the domain. I am not familiar with webmin. Login to the shell as root, and run the below command and post the output. Substitute accordingly. net join -d 2 -w -S -U > > > > I know you are typing administrator password, but if you look at the error > message, it says the user name administrator doesn't exist at all. > > Do you see a user administrator on wbinfo -u output? > > If yes, can you test winbind auth using wbinfo -K > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to use local profiles in samba PDC?
How do you enable local profile creation on machines connected to a samba PDC? I thought it would be automatic, but it doesn't seem to be. If there isn't a roving profile, windows complains it can't find your profile on the server, then instead of creating a local one, it throws up this message: "Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off." I thought perhaps it needed a "Default User" profile served over the network, but adding such a profile to my config didn't help anything. I wouldn't think it was something to do in my smb.conf, but it's below, just in case it helps. Thanks --Kyle [global] workgroup = DEVDOMAIN passdb backend = ldapsam log level = 1 name resolve order = wins lmhosts hosts bcast logon script = logon.bat #This is used for roaming profiles logon path = \\dvpdc01.testcompany.com\profiles\%U logon drive = U: logon home = \\dvpdc01.testcompany.com\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=devdomain,dc=com ldap delete dn = Yes ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap suffix = dc=devdomain,dc=com ldap user suffix = ou=users ldap password sync = yes idmap domains = DEVDOMAIN idmap backend = ldap:ldap://localhost idmap alloc backend = ldap winbind use default domain = Yes idmap alloc config:range = 5-50 idmap alloc config:ldap_url = ldap://localhost idmap alloc config:ldap_user_dn = cn=admin,dc=devdomain,dc=com idmap alloc config:ldap_base_dn = ou=idmap,dc= devdomain,dc=com idmap config DEVDOMAIN:range = 5-50 idmap config DEVDOMAIN:ldap_url = ldap://localhost idmap config DEVDOMAIN:ldap_user_dn = cn=admin,dc= devdomain,dc=com idmap config DEVDOMAIN:ldap_base_dn = ou=idmap,dc= devdomain,dc=com idmap config DEVDOMAIN:default = yes idmap config DEVDOMAIN:readonly = no idmap config DEVDOMAIN:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes #Templates template homedir = /home/%U template shell = /bin/false [homes] comment = Home Directories valid users = %S read only = No create mask = 0640 directory mask = 0750 browseable = No [IT] path = /home/IT comment= IT stuff valid users = @IT read only = no create mask = 0660 directory mask = 0770 browseable = yes [netlogon] path = /var/lib/samba/netlogon browseable = no write list = @wheel @domadmins [profiles] path = /var/lib/samba/profiles writeable = yes create mask = 0700 directory mask = 0700 browsable = no valid users = @wheel @domusers @domadmins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
Even though I have joined the domain with a net rpc join command I can getent passwd just fine wbinfo fails using webmin to attempt to bind to the domain but it fails Now I am truly confused! I know you are typing administrator password, but if you look at the error message, it says the user name administrator doesn't exist at all. Do you see a user administrator on wbinfo -u output? If yes, can you test winbind auth using wbinfo -K _ NEW mobile Hotmail. Optimized for YOUR phone. Click here. http://windowslive.com/Mobile?ocid=TXT_TAGLM_WL_CS_MB_new_hotmail_072009 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] wbinfo returns no domain users
On Tue, Jul 28, 2009 at 9:16 AM, Herbert G. Fischer < herbert.fisc...@locaweb.com.br> wrote: > Hi David, > > I'm not 100% shure about my answer but I think it's a Windows 2003 Server > SP2 working as AD. > > > On 27/julho/2009, at 20:54, David Markey wrote: > > What is the domain controller, Samba, AD, or an NT domain? >> >> >> >> On Mon, 27 Jul 2009 17:51:45 -0300, "Herbert G. Fischer" >> wrote: >> >>> Hi, >>> >>> I've spent two days trying to figure out how to solve this, >>> researching on the web, etc, and found no answer... :S >>> >>> I've setup a Ubuntu 9.04 with Samba and Winbind, joined the domain >>> (using RPC) and when I try to list users and groups using wbinfo I got >>> nothing. >>> >>> I already tryed deleting tdb files from /var/lib/samba and restarting >>> samba and winbind, joined the domain again, etc, and nothing changed >>> this behavior. Any idea on where may be the problem and how to solve it? >>> >>> # wbinfo -t >>> checking the trust secret via RPC calls succeeded >>> >>> # wbinfo -u >>> # wbinfo -g >>> >>> smb.conf >>> [global] >>>server string = %h >>>workgroup = WEB-NET >>>realm = web-net..com.br >>>domain master = no >>>password server = xm850..com.br >>>wins server = xm850..com.br >>>security = domain >>>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>>interfaces = eth0 >>>bind interfaces only = yes >>>log level = 5 >>>log file = /var/log/samba/log.%m >>>max log size = 1000 >>>syslog = 0 >>># disable printers >>>load printers = no >>>printing = bsd >>>printcap name = /dev/null >>>disable spoolss = yes >>>encrypt passwords = true >>>idmap backend = tdb >>>idmap uid = 5-55000 >>>idmap gid = 5-55000 >>>template shell = /bin/bash >>>template homedir = /home/web-net/%U >>>winbind use default domain = yes >>>winbind separator = \\ >>>winbind enum users = yes >>>winbind enum groups = yes >>>winbind cache time = 15 >>> >>> >>> === log.winbind >>> [2009/07/27 17:43:31, 3] winbindd/ >>> winbindd_misc.c:winbindd_interface_version(754) >>> [12377]: request interface version >>> [2009/07/27 17:43:31, 3] winbindd/ >>> winbindd_misc.c:winbindd_priv_pipe_dir(787) >>> [12377]: request location of privileged pipe >>> [2009/07/27 17:43:31, 2] winbindd/winbindd.c:remove_client(744) >>> final write to client failed: Broken pipe >>> [2009/07/27 17:43:31, 3] winbindd/ >>> winbindd_misc.c:winbindd_list_ent(127) >>> [12377]: list users >>> [2009/07/27 17:43:31, 5] winbindd/winbindd_misc.c:listent_recv(203) >>> listent_recv: XM2012 returned no users. >>> [2009/07/27 17:43:31, 5] winbindd/winbindd_misc.c:listent_recv(203) >>> listent_recv: BUILTIN returned no users. >>> [2009/07/27 17:43:31, 1] winbindd/winbindd_util.c:trustdom_recv(303) >>> Could not receive trustdoms >>> [2009/07/27 17:43:32, 5] winbindd/winbindd_async.c:listent_recv(465) >>> list_ent() failed! >>> [2009/07/27 17:43:32, 5] winbindd/winbindd_misc.c:listent_recv(203) >>> listent_recv: WEB-NET returned no users. >>> [2009/07/27 17:43:32, 2] winbindd/winbindd.c:remove_client(744) >>> final write to client failed: Broken pipe >>> === >>> best regards, >>> >>> >>> >>> Herbert G. Fischer >>> >> > Herbert G. Fischer > Locaweb > Eleita pela INFO Exame 2008 o melhor Data Center do Brasil. > Geral: + 55 11 3544-0444 R568 > > Try this rm -rf /var/lib/samba/* /etc/init.d/winbind restart wbinfo -t wbinfo -g wbinfo -u -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: Samba-3.0.34 can ADS join but not non-ADS join.
On Tue, Jul 28, 2009 at 1:07 PM, Jeremiah Martell wrote: > I haven't had any responses to this yet. > > Is there any other information that would help diagnose the problem? > > To recap: > Using the same network, the same computer, and the same smb.conf (with > the exception of an added interefaces line for Samba-3.0.34) I am able > to non-ADS join with Samba-3.0.14a but not Samba-3.0.34. > Samba-3.0.34 first complained about an interfaces line in my smb.conf. > But after adding the interfaces line joining still fails with "cannot > join as standalone machine". > > Any suggestions? Any other information I need to provide? > > Thanks, > - Jeremiah > > > -- Forwarded message -- > From: Jeremiah Martell > Date: Mon, Jul 27, 2009 at 9:04 AM > Subject: Samba-3.0.34 can ADS join but not non-ADS join. > To: samba@lists.samba.org > > > I was using Samba-3.0.14a perfectly fine. > Now, I'm trying to use Samba-3.0.34. > > I can do an "ADS" join fine with Samba-3.0.34, but I cannot do my old > non-ADS join anymore. Winbindd starts and stays running fine, but when > I run net to do the non-ADS join I'm running into a strange "interfaces" > issue. > > It now wants an "interfaces" line in the smb.conf file when I attempt > to join a domain (using all the same old smb.conf settings I was with > Samba-3.0.14a). > > So I give an "interfaces = eth0" in my smb.conf file, but it does not > join. It fails with a "cannot join as standalone machine". > > Running net with debug level 3 during this gives two interesting things: > > It cannot load ANSI_X3.4-1968.so > > And this... > > [2009/07/24 14:27:57, 3] source/lib/util.c:interpret_addr(1310) > sys_gethostbyname: Unknown host. eth0 > [2009/07/24 14:27:57, 2] source/lib/interface.c:interpret_interface(130) > can't determine netmask for eth0 > [2009/07/24 14:27:57, 0] source/lib/interface.c:load_interfaces(229) > WARNING: no network interfaces found > [2009/07/24 14:27:57, 3] source/libsmb/namequery.c:get_dc_list(1557) > get_dc_list: preferred server list: ", abc.example.com" > [2009/07/24 14:27:57, 1] source/libads/cldap.c:recv_cldap_netlogon(247) > Failed to parse cldap reply > [2009/07/24 14:27:57, 3] source/libads/ldap.c:ads_try_connect(194) > ads_try_connect: CLDAP request 123.456.789.0 failed. > cannot join as standalone machine > [2009/07/24 14:27:57, 2] source/utils/net.c:main(1088) > return code = -1 > > Using Wireshark shows multiple DNS lookups for "eth0.example.com", and a > single > CLDAP search, > (&(&(DnsDomain=06:00:00:00)(Host=ABCABC))(NtVer=06:00:00:00)), > that was successful but with no results. > > I ruled out any network issues because I can still non-ADS join on > the same machine on the same network with my old Samba-3.0.14a code. > > I looked at the latest Samba-3.4.0 and noticed that the interface.c > and interfaces.c are pretty different from Samba-3.0.34. Is this a known > bug > that was fixed in revisions post-Samba-3.0.34? Am I not understanding the > "interfaces" line in my smb.conf file correctly? > > I'm not sure what the "CLDAP request failed" and "cannot join as > standalone machine" would suggest. > > Any other questions/suggestions? > > Thanks, > > -- > - Jeremiah Martell > http://inlovewithGod.com > > > Can you post your ifconfig eth0 output? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
On Tue, Jul 28, 2009 at 2:45 PM, Linux Addict wrote: > > > On Tue, Jul 28, 2009 at 2:41 PM, John Drescher wrote: >> >> On Tue, Jul 28, 2009 at 2:37 PM, Wikked one wrote: >> > >> > Log level 10 >> > Created a lot more noise still not able to isolate the problem >> > Here's some highlights of the huge log fileThis is also where I begin >> > to question the error messages... >> > >> > [2009/07/26 10:33:58, 0] auth/auth_domain.c:domain_client_validate(326) >> > domain_client_validate: unable to validate password for user >> > administrator' in domain 'MYDomain to Domain controller AMPERE. Error was >> > NT_STATUS_NO_SUCH_USER. >> > >> > I'm quite able to log into the domain with the account from numerous >> > client systems,including the notoriously fussy NT4 boxes. I've cherry >> > picked >> > the log because it's quite extensive. >> > No password changes,no policy changes, I'd post the entire log except >> > it's extensive and I'm not sure anyone wants to view it. >> > >> >> administrator' >> >> is puzzling to me. >> >> >> John >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > > I know you are typing administrator password, but if you look at the error > message, it says the user name administrator doesn't exist at all. > Do you see a user administrator on wbinfo -u output? > If yes, can you test winbind auth using wbinfo -K > Wouldn't it be complaining about administrator instead of administrator' then? John -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
On Tue, Jul 28, 2009 at 2:41 PM, John Drescher wrote: > On Tue, Jul 28, 2009 at 2:37 PM, Wikked one wrote: > > > > Log level 10 > > Created a lot more noise still not able to isolate the problem > > Here's some highlights of the huge log fileThis is also where I begin > > to question the error messages... > > > > [2009/07/26 10:33:58, 0] auth/auth_domain.c:domain_client_validate(326) > > domain_client_validate: unable to validate password for user > administrator' in domain 'MYDomain to Domain controller AMPERE. Error was > NT_STATUS_NO_SUCH_USER. > > > > I'm quite able to log into the domain with the account from numerous > client systems,including the notoriously fussy NT4 boxes. I've cherry picked > the log because it's quite extensive. > > No password changes,no policy changes, I'd post the entire log except > it's extensive and I'm not sure anyone wants to view it. > > > > administrator' > > is puzzling to me. > > > John > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > I know you are typing administrator password, but if you look at the error message, it says the user name administrator doesn't exist at all. Do you see a user administrator on wbinfo -u output? If yes, can you test winbind auth using wbinfo -K -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
On Tue, Jul 28, 2009 at 2:37 PM, Wikked one wrote: > > Log level 10 > Created a lot more noise still not able to isolate the problem > Here's some highlights of the huge log fileThis is also where I begin > to question the error messages... > > [2009/07/26 10:33:58, 0] auth/auth_domain.c:domain_client_validate(326) > domain_client_validate: unable to validate password for user administrator' > in domain 'MYDomain to Domain controller AMPERE. Error was > NT_STATUS_NO_SUCH_USER. > > I'm quite able to log into the domain with the account from numerous client > systems,including the notoriously fussy NT4 boxes. I've cherry picked the log > because it's quite extensive. > No password changes,no policy changes, I'd post the entire log except it's > extensive and I'm not sure anyone wants to view it. > administrator' is puzzling to me. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
Log level 10 Created a lot more noise still not able to isolate the problem Here's some highlights of the huge log fileThis is also where I begin to question the error messages... [2009/07/26 10:33:58, 0] auth/auth_domain.c:domain_client_validate(326) domain_client_validate: unable to validate password for user administrator' in domain 'MYDomain to Domain controller AMPERE. Error was NT_STATUS_NO_SUCH_USER. I'm quite able to log into the domain with the account from numerous client systems,including the notoriously fussy NT4 boxes. I've cherry picked the log because it's quite extensive. No password changes,no policy changes, I'd post the entire log except it's extensive and I'm not sure anyone wants to view it. [2009/07/26 10:33:58, 5] auth/auth.c:check_ntlm_password(272) check_ntlm_password: winbind authentication for user [administrator'] FAILED with error NT_STATUS_NO_SUCH_USER [2009/07/26 10:33:58, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [administrator'] -> [administrator'] FAILED with error NT_STATUS_NO_SUCH_USER [2009/07/26 10:33:58, 5] auth/auth_util.c:free_user_info(2103) attempting to free (and zero) a user_info structure [2009/07/26 10:33:58, 10] auth/auth_util.c:free_user_info(2107) structure was created for administrator' [2009/07/26 10:33:58, 3] smbd/error.c:error_packet_set(61) error packet at smbd/sesssetup.c(1728) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2009/07/26 10:33:58, 5] lib/util.c:show_msg(645) [2009/07/26 10:33:58, 5] lib/util.c:show_msg(655) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=128 smb_flg2=49153 smb_tid=0 smb_pid=11008 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=0 [2009/07/26 10:33:58, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2009/07/26 10:33:58, 10] smbd/process.c:receive_smb_raw_talloc(280) receive_smb_raw: NT_STATUS_END_OF_FILE [2009/07/26 10:33:58, 3] smbd/process.c:smbd_process(1930) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2009/07/26 10:33:58, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2009/07/26 10:33:58, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2009/07/26 10:33:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/07/26 10:33:58, 5] auth/token_util.c:debug_nt_user_token(522) NT user token: (NULL) [2009/07/26 10:33:58, 5] auth/token_util.c:debug_unix_user_token(548) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/07/26 10:33:58, 5] smbd/uid.c:change_to_root_user(370) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/07/26 10:33:58, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2009/07/26 10:33:58, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 5C18 [2009/07/26 10:33:58, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x97b8050 [2009/07/26 10:33:58, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 5C18 [2009/07/26 10:33:58, 3] smbd/server.c:exit_server_common(967) Server exit (normal exit) _ Windows Live™ Hotmail®: Celebrate the moment with your favorite sports pics. Check it out. http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_sports_photos_072009&cat=sports -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Samba-3.0.34 can ADS join but not non-ADS join.
I haven't had any responses to this yet. Is there any other information that would help diagnose the problem? To recap: Using the same network, the same computer, and the same smb.conf (with the exception of an added interefaces line for Samba-3.0.34) I am able to non-ADS join with Samba-3.0.14a but not Samba-3.0.34. Samba-3.0.34 first complained about an interfaces line in my smb.conf. But after adding the interfaces line joining still fails with "cannot join as standalone machine". Any suggestions? Any other information I need to provide? Thanks, - Jeremiah -- Forwarded message -- From: Jeremiah Martell Date: Mon, Jul 27, 2009 at 9:04 AM Subject: Samba-3.0.34 can ADS join but not non-ADS join. To: samba@lists.samba.org I was using Samba-3.0.14a perfectly fine. Now, I'm trying to use Samba-3.0.34. I can do an "ADS" join fine with Samba-3.0.34, but I cannot do my old non-ADS join anymore. Winbindd starts and stays running fine, but when I run net to do the non-ADS join I'm running into a strange "interfaces" issue. It now wants an "interfaces" line in the smb.conf file when I attempt to join a domain (using all the same old smb.conf settings I was with Samba-3.0.14a). So I give an "interfaces = eth0" in my smb.conf file, but it does not join. It fails with a "cannot join as standalone machine". Running net with debug level 3 during this gives two interesting things: It cannot load ANSI_X3.4-1968.so And this... [2009/07/24 14:27:57, 3] source/lib/util.c:interpret_addr(1310) sys_gethostbyname: Unknown host. eth0 [2009/07/24 14:27:57, 2] source/lib/interface.c:interpret_interface(130) can't determine netmask for eth0 [2009/07/24 14:27:57, 0] source/lib/interface.c:load_interfaces(229) WARNING: no network interfaces found [2009/07/24 14:27:57, 3] source/libsmb/namequery.c:get_dc_list(1557) get_dc_list: preferred server list: ", abc.example.com" [2009/07/24 14:27:57, 1] source/libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2009/07/24 14:27:57, 3] source/libads/ldap.c:ads_try_connect(194) ads_try_connect: CLDAP request 123.456.789.0 failed. cannot join as standalone machine [2009/07/24 14:27:57, 2] source/utils/net.c:main(1088) return code = -1 Using Wireshark shows multiple DNS lookups for "eth0.example.com", and a single CLDAP search, (&(&(DnsDomain=06:00:00:00)(Host=ABCABC))(NtVer=06:00:00:00)), that was successful but with no results. I ruled out any network issues because I can still non-ADS join on the same machine on the same network with my old Samba-3.0.14a code. I looked at the latest Samba-3.4.0 and noticed that the interface.c and interfaces.c are pretty different from Samba-3.0.34. Is this a known bug that was fixed in revisions post-Samba-3.0.34? Am I not understanding the "interfaces" line in my smb.conf file correctly? I'm not sure what the "CLDAP request failed" and "cannot join as standalone machine" would suggest. Any other questions/suggestions? Thanks, -- - Jeremiah Martell http://inlovewithGod.com -- - Jeremiah Martell http://inlovewithGod.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
On Tue, Jul 28, 2009 at 11:45 AM, Wikked one wrote: > > > > > > > > Presently we are not using SSL and this parameter once again restored > access to > the shares. > However when I make an attempt to access another Samba server I get the > following error on the PDC. > [2009/07/28 11:42:02, 0] > passdb/passdb.c:pdb_increment_bad_password_count(1477) > pdb_increment_bad_password_count: pdb_get_account_policy failed. > > > > > > Date: Tue, 28 Jul 2009 11:19:07 -0400 > > Subject: Re: [Samba] No responses, not a one? > > From: dresche...@gmail.com > > To: wikk...@hotmail.com > > CC: samba@lists.samba.org > > > > On Tue, Jul 28, 2009 at 11:14 AM, Wikked one wrote: > > > > > > > > > > > > > > > > > > > > > > > > Good Morning List, > > >After an upgrade to 3.3.6 on my CentOS 5.3 system I > now cannot access the share at all. I get the following console error > message : > > > [2009/07/26 08:35:52, 0] lib/smbldap.c:smb_ldap_start_tls(656) > > > Failed to issue the StartTLS instruction: Connect error > > > > > > I looked for this parameter in the smb.conf file (Start TLS) but I > think it's an LDAP config file > > > (slapd.conf ?) If some can save me the trouble ,at any rate I can't > access this system with any client(hopefully it's related to the TLS > option?) > > > Thanks > > > > > > > It should be. I mean if samba can not talk to ldap your shares should > > not work. Do your other systems use SSL to connect to the ldap > > servers? If not then > > > > > > ldap ssl = off > > > > John > > _ > NEW mobile Hotmail. Optimized for YOUR phone. Click here. > http://windowslive.com/Mobile?ocid=TXT_TAGLM_WL_CS_MB_new_hotmail_072009 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > *"pdb_increment_bad_password_count*: pdb_get_account_policy failed. " Obviously this has something to do with password policies. Did you make any changes recently. Set the log level to 10 and try accessing share. It will give you enough information to see what is going on. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
Additionally here's an error from the target system when I make an attempt to mount CIFS from another system. To refresh I am currently mounting a share with the mount -t smbfs.in order to backup to it, I have been unable to mount the share with either command. As I look at the error message I notice CIFS_LINUX_DOMAIN...should this have my actual domain name ? [2009/07/26 09:10:49, 0] auth/auth_domain.c:domain_client_validate(326) domain_client_validate: unable to validate password for user 'administrator' in domain CIFS_LINUX_DOM to Domain controller AMPERE. Error was NT_STATUS_NO_SUCH_USER. Thanks _ Windows Live™ Hotmail®: Celebrate the moment with your favorite sports pics. Check it out. http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_sports_photos_072009&cat=sports -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.4.0: point'n'print does not work
Le mardi 28 juillet 2009 16:55:08, vous avez écrit : > >> Greetings, > >> > >> I upgraded my samba v3.2.4 to v3.4.0. > >> > >> Now point'n'print does not work. I get the error 'Windows cannot > >> connect to the printer. Operation could not be completed (error > >> 0x06f7)' when I try to connect to any printer share from a vista > >> 32bit client. > > > > For me 3.4.0 has solved a lot of problem for click'and'print > > The only "new" thing was that I needed a share named "prnproc$" which has > > the same definition than "print$". At least can I upload all these > > drivers from HP which couldn't be added correctly before > > > > Emmanuel > > Thanks for the reply. > > hmm, haven't heard of a prnproc$ definition before. Where did you come > across this? > > Couldn't find a reference to it on their site: > http://us1.samba.org/samba/docs/man/manpages-3/smb.conf.5.html Yes nowhere in smb.conf and related I saw that. But logs from server during the first try to upload driver were referencing this share. googling around this , I saw some references related to print server, with the same directory structure After creating this share all went fine Emmanuel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On 7/25/2009 12:10 PM, Volker Lendecke wrote: As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for about 3 years with 2000 users on member server configuration authenticating AD 2003. Occasionally I had db corrupt issues, but restarting winbind resolved most of the times. >>> No argument with that statement - agreed. >> Is it common to have occasional db corruption? And is simply restarting >> winbind the proper way to fix it? What if it doesn't? > What kind of db corruption do you have? This is certainly > not common, and restarting winbind is a very unusual way to > fix that. I'm not... I was responding to Johns response to the OP about having occasional corrupt db issues - Johns said 'No argument - agreed'... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
Presently we are not using SSL and this parameter once again restored access to the shares. However when I make an attempt to access another Samba server I get the following error on the PDC. [2009/07/28 11:42:02, 0] passdb/passdb.c:pdb_increment_bad_password_count(1477) pdb_increment_bad_password_count: pdb_get_account_policy failed. > Date: Tue, 28 Jul 2009 11:19:07 -0400 > Subject: Re: [Samba] No responses, not a one? > From: dresche...@gmail.com > To: wikk...@hotmail.com > CC: samba@lists.samba.org > > On Tue, Jul 28, 2009 at 11:14 AM, Wikked one wrote: > > > > > > > > > > > > > > > > Good Morning List, > >After an upgrade to 3.3.6 on my CentOS 5.3 system I now > > cannot access the share at all. I get the following console error message : > > [2009/07/26 08:35:52, 0] lib/smbldap.c:smb_ldap_start_tls(656) > > Failed to issue the StartTLS instruction: Connect error > > > > I looked for this parameter in the smb.conf file (Start TLS) but I think > > it's an LDAP config file > > (slapd.conf ?) If some can save me the trouble ,at any rate I can't access > > this system with any client(hopefully it's related to the TLS option?) > > Thanks > > > > It should be. I mean if samba can not talk to ldap your shares should > not work. Do your other systems use SSL to connect to the ldap > servers? If not then > > > ldap ssl = off > > John _ NEW mobile Hotmail. Optimized for YOUR phone. Click here. http://windowslive.com/Mobile?ocid=TXT_TAGLM_WL_CS_MB_new_hotmail_072009 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On Tue, Jul 28, 2009 at 10:18:43AM -0400, Linux Addict wrote: > I dont know about other distros, but it certainly happens on Redhat > Enterprise and their KB says its a known problem. With the next version Samba 99% of these problems should go away. At least the idmap cache problems are fixed, see for example Samba bug 5105, the idmap cache moved to gencache.tdb, and this is now protected by transactions. If you need it, contact RedHat to port the relevant patches back to a version supported by them. What I still don't get though is how a winbind restart would help with a corrupt passdb.tdb. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
On Tue, Jul 28, 2009 at 11:14 AM, Wikked one wrote: > > > > > > > > Good Morning List, > After an upgrade to 3.3.6 on my CentOS 5.3 system I now > cannot access the share at all. I get the following console error message : > [2009/07/26 08:35:52, 0] lib/smbldap.c:smb_ldap_start_tls(656) > Failed to issue the StartTLS instruction: Connect error > > I looked for this parameter in the smb.conf file (Start TLS) but I think it's > an LDAP config file > (slapd.conf ?) If some can save me the trouble ,at any rate I can't access > this system with any client(hopefully it's related to the TLS option?) > Thanks > It should be. I mean if samba can not talk to ldap your shares should not work. Do your other systems use SSL to connect to the ldap servers? If not then ldap ssl = off John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
Good Morning List, After an upgrade to 3.3.6 on my CentOS 5.3 system I now cannot access the share at all. I get the following console error message : [2009/07/26 08:35:52, 0] lib/smbldap.c:smb_ldap_start_tls(656) Failed to issue the StartTLS instruction: Connect error I looked for this parameter in the smb.conf file (Start TLS) but I think it's an LDAP config file (slapd.conf ?) If some can save me the trouble ,at any rate I can't access this system with any client(hopefully it's related to the TLS option?) Thanks _ Windows Live™ SkyDrive™: Store, access, and share your photos. See how. http://windowslive.com/Online/SkyDrive?ocid=TXT_TAGLM_WL_CS_SD_photos_072009 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.4.0: point'n'print does not work
Greetings, I upgraded my samba v3.2.4 to v3.4.0. Now point'n'print does not work. I get the error 'Windows cannot connect to the printer. Operation could not be completed (error 0x06f7)' when I try to connect to any printer share from a vista 32bit client. For me 3.4.0 has solved a lot of problem for click'and'print The only "new" thing was that I needed a share named "prnproc$" which has the same definition than "print$". At least can I upload all these drivers from HP which couldn't be added correctly before Emmanuel Thanks for the reply. hmm, haven't heard of a prnproc$ definition before. Where did you come across this? Couldn't find a reference to it on their site: http://us1.samba.org/samba/docs/man/manpages-3/smb.conf.5.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On Sat, Jul 25, 2009 at 12:10 PM, Volker Lendecke wrote: > On Sat, Jul 25, 2009 at 09:49:55AM -0400, Charles Marcus wrote: > > On 7/24/2009, John H Terpstra - Samba Team (j...@samba.org) wrote: > > >> As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend > for > > >> about 3 years with 2000 users on member server configuration > authenticating > > >> AD 2003. Occasionally I had db corrupt issues, but restarting winbind > > >> resolved most of the times. > > > > > No argument with that statement - agreed. > > > > Is it common to have occasional db corruption? And is simply restarting > > winbind the proper way to fix it? What if it doesn't? > > What kind of db corruption do you have? This is certainly > not common, and restarting winbind is a very unusual way to > fix that. > > Volker > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkprLnUACgkQbsgDfmnSbrZYXQCgh8uuAA5O4T3BzTwyxgD9dQlg > Tt4AniqNeA0StVxwaloxyVv/CCt4584Z > =mv0E > -END PGP SIGNATURE- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > I dont know about other distros, but it certainly happens on Redhat Enterprise and their KB says its a known problem. So I far I am able to live up with occasional winbind restarts, but eventually I wanted to move to ldap backend. When I implemenetd samba years back(3.0.x), ldap backend would not support id mapping for trusted domains. http://kbase.redhat.com/faq/docs/DOC-4842 "TDB file corruption is a known problem with Samba, which is difficult or impossible to prevent from occuring. " "When winbind's TDB files become corrupted, it is often necessary to stop the winbind service, delete winbind-specific TDB files in /var/cache/samba, and start the winbind service back up to re-generate a new idmap." Let me know what you think. ~LA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] wbinfo returns no domain users
Hi David, I'm not 100% shure about my answer but I think it's a Windows 2003 Server SP2 working as AD. On 27/julho/2009, at 20:54, David Markey wrote: What is the domain controller, Samba, AD, or an NT domain? On Mon, 27 Jul 2009 17:51:45 -0300, "Herbert G. Fischer" wrote: Hi, I've spent two days trying to figure out how to solve this, researching on the web, etc, and found no answer... :S I've setup a Ubuntu 9.04 with Samba and Winbind, joined the domain (using RPC) and when I try to list users and groups using wbinfo I got nothing. I already tryed deleting tdb files from /var/lib/samba and restarting samba and winbind, joined the domain again, etc, and nothing changed this behavior. Any idea on where may be the problem and how to solve it? # wbinfo -t checking the trust secret via RPC calls succeeded # wbinfo -u # wbinfo -g smb.conf [global] server string = %h workgroup = WEB-NET realm = web-net..com.br domain master = no password server = xm850..com.br wins server = xm850..com.br security = domain socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0 bind interfaces only = yes log level = 5 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 # disable printers load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes encrypt passwords = true idmap backend = tdb idmap uid = 5-55000 idmap gid = 5-55000 template shell = /bin/bash template homedir = /home/web-net/%U winbind use default domain = yes winbind separator = \\ winbind enum users = yes winbind enum groups = yes winbind cache time = 15 === log.winbind [2009/07/27 17:43:31, 3] winbindd/ winbindd_misc.c:winbindd_interface_version(754) [12377]: request interface version [2009/07/27 17:43:31, 3] winbindd/ winbindd_misc.c:winbindd_priv_pipe_dir(787) [12377]: request location of privileged pipe [2009/07/27 17:43:31, 2] winbindd/winbindd.c:remove_client(744) final write to client failed: Broken pipe [2009/07/27 17:43:31, 3] winbindd/ winbindd_misc.c:winbindd_list_ent(127) [12377]: list users [2009/07/27 17:43:31, 5] winbindd/winbindd_misc.c:listent_recv(203) listent_recv: XM2012 returned no users. [2009/07/27 17:43:31, 5] winbindd/winbindd_misc.c:listent_recv(203) listent_recv: BUILTIN returned no users. [2009/07/27 17:43:31, 1] winbindd/winbindd_util.c:trustdom_recv(303) Could not receive trustdoms [2009/07/27 17:43:32, 5] winbindd/winbindd_async.c:listent_recv(465) list_ent() failed! [2009/07/27 17:43:32, 5] winbindd/winbindd_misc.c:listent_recv(203) listent_recv: WEB-NET returned no users. [2009/07/27 17:43:32, 2] winbindd/winbindd.c:remove_client(744) final write to client failed: Broken pipe === best regards, Herbert G. Fischer Herbert G. Fischer Locaweb Eleita pela INFO Exame 2008 o melhor Data Center do Brasil. Geral: + 55 11 3544-0444 R568 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind issue connecting to trusted domain controllers
Hi
I'm following up my original message with more information, but unfortunately
no real progress.
I've updated to Samba 3.4.0 and winbindd -V now reports: Version
3.4.0-SerNet-RedHat
I've also tried setting "password server = 10.1.10.120" which is the IP address
of one of my local domain controllers. However, following the logs, I'm still
watching Winbind cycle through the list of all trusted domains and the domain
controllers within those domains (as detailed below), even when my Samba server
is unable to connect to those servers.
I can't believe we are the only organisation to want to use Samba in a site
with links to other, trusted domains, but my Google skills are failing me. Is
this a configuration problem with the Samba server, or a configuration problem
with Active Directory itself?
I'm now stuck and don't know how to progress this, so would really appreciate
some input from the gurus on this list.
Many thanks in anticipation.
Julian
From: "jrmailgate-sa...@yahoo.co.uk"
To: samba@lists.samba.org
Sent: Thursday, 23 July, 2009 13:12:37
Subject: [Samba] Winbind issue connecting to trusted domain controllers
Hi.
The quick question: Is there a way of forcing a Samba server that is an Active
Directory member server to limit lookups to it's local domain only and not all
trusted domains?
The question in more detail:
I have a Samba server that is joined to my local AD domain
("css.ad.example.com"). There are other domains under ad.example.com such as
lps.ad.example.com and mat.ad.example.com within the same forest, and
additional trusts setup to external domains. The problem I have is that
authentication works "some" of the time and then fails for seemingly random
amounts of time before working again. I've managed to reproduce this behaviour
through running wbinfo numerous times in succession and monitoring the output.
Running wbinfo -t returns the following:
checking the trust secret via RPC calls succeeded
However, running wbinfo -u returns:
Error looking up domain users
Having done some debugging with the Samba debug level set to 10, and performing
packet captures with tcpdump/wireshark, I believe the following is happening:
Winbind is obtaining a list of of trusted domains and is adding them to a list
using add_trusted_domain.
[2009/07/23 12:09:28, 2] nsswitch/winbindd_util.c:add_trusted_domain(172)
Added domain CSS CSS.AD.EXAMPLE.COM
S-1-5-21-2722945677-2571981173-1559263515
[2009/07/23 12:09:28, 2] nsswitch/winbindd_util.c:add_trusted_domain(172)
Added domain CENTRAL central.ad.example.com
S-1-5-21-1546731521-1604605983-311576647
[2009/07/23 12:09:28, 2] nsswitch/winbindd_util.c:add_trusted_domain(172)
Added domain GRP grp.ad.example.com
S-1-5-21-4165802252-723863699-2563104143
[2009/07/23 12:09:28, 2] nsswitch/winbindd_util.c:add_trusted_domain(172)
Added domain MMSC mmsc-example.com
S-1-5-21-3925889671-1378681824-3250279791
[2009/07/23 12:09:28, 2] nsswitch/winbindd_util.c:add_trusted_domain(172)
Added domain LPS lps.ad.example.com
S-1-5-21-3593956825-942678665-1239839976
[2009/07/23 12:09:28, 2] nsswitch/winbindd_util.c:add_trusted_domain(172)
Added domain MAT mat.ad.example.com
S-1-5-21-227787951-1760200910-3128242332
The last added entry "MAT mat.ad.example.com" is then set as the domain(?):
[2009/07/23 12:09:41, 4] libsmb/namequery_dc.c:ads_dc_name(73)
ads_dc_name: domain=MAT
Winbind then attempts to get a list of all the domain controllers:
[2009/07/23 12:09:41, 3] libsmb/namequery.c:get_dc_list(1495)
get_dc_list: preferred server list: ", *"
Winbind attempts to locate the LDAP server in the MAT domain, but fails:
[2009/07/23 12:10:01, 3] libads/dns.c:dns_send_req(303)
ads_dns_lookup_srv: Failed to resolve
_ldap._tcp.dc._msdcs.mat.ad.example.com (Connection timed out)
[2009/07/23 12:10:01, 3] libads/dns.c:ads_dns_lookup_srv(363)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_IO_TIMEOUT)
[2009/07/23 12:10:01, 4] libsmb/namequery.c:get_dc_list(1522)
get_dc_list: no servers found
Having failed to obtain the LDAP address by DNS, Winbind then tries to resolve
the address using lmhosts and WINS. Both fail because although the trusts are
in place, the Samba server does not have network access to the MAT domain.
After Winbind exhausts the various options of resolving the MAT domain, it then
attempts the same with the LPS domain. LPS was the entry added immediately
before MAT so it appears to be traversing the list of trusted :
[2009/07/23 12:10:24, 4] libsmb/namequery_dc.c:ads_dc_name(73)
ads_dc_name: domain=LPS
[2009/07/23 12:10:24, 3] libsmb/namequery.c:get_dc_list(1495)
get_dc_list: preferred server list: ", *"
[2009/07/23 12:10:24, 4] libsmb/namequery.c:get_dc_list(1605)
get_dc_list: returning 21 ip addresses in an ordered list
[2009/07/23 12:10:2
[Samba] Information about password complexity for users
Hello, I want to use crackcheck to check password complexity, but users (when password change failed) gets only information about valid password length, password history. I think that may be a problem for users. How can I (or Can I?) give them information about expected complexity. Crackcheck exits with error -4, and writes information to stderr, maybe can I use that and send it somehow to the client or force Windows XP to display standard message about password complexity? Regards and many thanks. Radek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
