Re: [Samba] Tuning the performance of Samba over LAN network to improve I/O performance

[Helmut Hullen]

Hallo, Jeremy,

Du meintest am 05.08.09:

>> For the numbers I am gettingWriting averages around 23Mbytes/sec
>> and Reading averages around 33Mbytes/sec. I am aiming for 30 plus
>> for writing and around 40 for reading. Both seem to be reasonable.

> True, but first use hdparm to see what your
> raw disk numbers should be. Also you first
> posted Mbits/sec, not Mbytes, which were *very* low
> numbers :-).

And if he uses PCI network cards then there's a PCI bus limit to about  
33 MByte/s. Even with Gigabit cards.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Tuning the performance of Samba over LAN network to improve I/O performance

[Helmut Hullen]

Hallo, Himanshu,

Du meintest am 05.08.09:

> The approximate average numbers I am getting over LAN are:

> Write: around 23Mbits/sec
> Read: around 33Mbits/sec

Try "netio" for checking the possible transfer rate:

   http://arktur.de/Wiki/Zusatzprogramme:netio

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Tuning the performance of Samba over LAN network to improve I/O performance

[Miguel Medalha]

How can I go about configuring my LAN hardware to use Jumbo Frames?



That would be a too long conversation and now I don't have the necessary 
energy.
You can Google for Linux Jumbo Frames. You must identify your LAN card 
and see its specifications. Also, you need to be sure that your switches 
support Jumbo Frames.


I am on a Red Hat system and in my case the file 
"/etc/sysconfig/networking/devices/ifcfg-eth#" contains the following line:


MTU=9014

This is for a Intel Gigabit LAN card.

I don't know it resides in the same place with Ubuntu.

Look for the ifconfig command and study its parameters.


As for hdparm:
You can see your hard disks transfer rates by executing the following:

hdparm -t /dev/hd(x) where x is the letter of your particular drive.

This is for ATA drive. In the case of SATA or SCSI, it would be /dev/sd(x).

This will give you the throughput of your drive *inside* your system. 
You can now try to make your LAN transfers get as close to that as possible.


As an example, in one of my systems the command "hdparm -t /dev/sda" 
gives me the following output:


/dev/sda:
Timing buffered disk reads:  350 MB in  3.01 seconds = 116.18 MB/sec

I am not in a position now to give you the LAN throughput of this system.

I hope that this helps somewhat.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Tuning the performance of Samba over LAN network to improve I/O performance

[Jeremy Allison]

On Wed, Aug 05, 2009 at 07:34:51PM -0500, Himanshu Thapar wrote:
> Thank youOkay..can you explain how can I go about with hdparm or
> guide me to an appropriate link. Also how will this help me in diagnosing
> the current problem?

Sorry, you need to learn to use hdparm before you
can do any performance diagnostics. Google for the
command, and read up on it.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] wbinfo returns no domain users

[Jeremy Allison]

On Mon, Jul 27, 2009 at 05:51:45PM -0300, Herbert G. Fischer wrote:
> Hi,
>
> I've spent two days trying to figure out how to solve this, researching 
> on the web, etc, and found no answer... :S
>
> I've setup a Ubuntu 9.04 with Samba and Winbind, joined the domain  
> (using RPC) and when I try to list users and groups using wbinfo I got  
> nothing.
>
> I already tryed deleting tdb files from /var/lib/samba and restarting  
> samba and winbind, joined the domain again, etc, and nothing changed  
> this behavior. Any idea on where may be the problem and how to solve it?

I think Guenther just checked a fix for this into the 3.3 and
3.2 trees.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Tuning the performance of Samba over LAN network to improve I/O performance

[Jeremy Allison]

On Wed, Aug 05, 2009 at 07:11:54PM -0500, Himanshu Thapar wrote:
> For the numbers I am gettingWriting averages around 23Mbytes/sec and
> Reading averages around 33Mbytes/sec. I am aiming for 30 plus for writing
> and around 40 for reading. Both seem to be reasonable.

True, but first use hdparm to see what your
raw disk numbers should be. Also you first
posted Mbits/sec, not Mbytes, which were *very* low
numbers :-).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Tuning the performance of Samba over LAN network to improve I/O performance

[Miguel Medalha]

The approximate average numbers I am getting over LAN are:

Write: around 23Mbits/sec
Read: around 33Mbits/sec

  


Do you really mean Megabits? Or MegaBytes? 33 Megabits (about 4 MB/sec) 
would be VERY abnormal!


Do you have "use sendfile = yes" in your smb.conf? It can be a global 
option or a per-share option.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Tuning the performance of Samba over LAN network to improve I/O performance

[Jeremy Allison]

On Wed, Aug 05, 2009 at 06:42:07PM -0500, Himanshu Thapar wrote:
> 
> I tried playing around with the smb.conf file including all possible
> variations like,
> 
> socket options = TCP_NODELAY SO_RCVBUF=(tried values like 8192, 65535,
> 131070) SO_SNDBUF=(tried 8192, 65535, 131070)

Remove these. You won't second guess the kernel.

> log level = 0 or 1
> max xmit = used different numbers ( like 8192 to 65535)

Also, don't touch the above, expecially max xmit.

> I also tried using
> read raw = yes
> write raw = yes

Not used on an XP client.

> My setup is as follows:
> I have a Linux machine running ubuntu which is the host and I have it
> connected to a Windows XP machine over the network and there is also an
> E-SATA which I mount and try to test on. There is Iozone3 and samba server
> running on linux.
> I also have samba on the network.
> 
> The approximate average numbers I am getting over LAN are:
> 
> Write: around 23Mbits/sec
> Read: around 33Mbits/sec

Seems low, what filesystem/network card are you using ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Tuning the performance of Samba over LAN network to improve I/O performance

[Himanshu Thapar]

Hello friends,

I am trying to test NAS I/O performance over a network and trying to see the
numbers for write and read speed. I have successfully configured and ran a
lot of tests. However the numbers have not increased, I have reached a
bottleneck.

I tried playing around with the smb.conf file including all possible
variations like,

socket options = TCP_NODELAY SO_RCVBUF=(tried values like 8192, 65535,
131070) SO_SNDBUF=(tried 8192, 65535, 131070)
log level = 0 or 1
max xmit = used different numbers ( like 8192 to 65535)

I also tried using
read raw = yes
write raw = yes
but the numbers or the write and read performance does not improve.

My setup is as follows:
I have a Linux machine running ubuntu which is the host and I have it
connected to a Windows XP machine over the network and there is also an
E-SATA which I mount and try to test on. There is Iozone3 and samba server
running on linux.
I also have samba on the network.

The approximate average numbers I am getting over LAN are:

Write: around 23Mbits/sec
Read: around 33Mbits/sec

Please let me know of cases I can try and shoot up the performance.

Any help is appreciated.

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba HA issue

[David Christensen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Markey wrote:
> Yup unfortunately rights granted using net sam/rpc and usrmgr are saved
> locally in a TDB file(account_policy), this should probably be in LDAP, i
> suppose it sould be possible to rsync the tdb file.
> 
> 
> On Wed, 5 Aug 2009 17:10:54 -0500, David Christensen
>  wrote:
> John Du wrote:
 David Christensen wrote:

 Liutauras Adomaitis wrote:


 On Tue, Aug 4, 2009 at 7:39 PM, David

>> Christensen
 wrote:


 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 With samba configured for high availability using heartbeat, I am not
 able to join new computers to the domain after a fail over.  If I fail
 back to the "main" samba instance I can join the computer to the domain.

 However With samba in a fail over state and running on the backup PDC
 users can still authenticate and gain access to their shares.

 I have the two instances of samba configured nearly identical except for
 having them pointed to the instance of ldap that is running on the
 server itself (which is being replicated).  Is there something else,
 some tdb file etc,  that needs to be shared between the two instances of
 samba so a fail over appears identical to the ldap backend?

 Thanks.


 If you are running PDC+BDC configuration with LDAP backend with
 replication, then you must have master to master replication. In case
 of master - slave replication you canot write ot slave while your
 muster is not accessible. Usual slave has a redirection to master for
 write operations. Slave is readonly and thats why you can authenticate
 to BDC, but cannot join new machines to the domain.
 This may be your case

 Liutauras



 Liutauras,

 I have ldap using master-master replication so writing to either ldap
 instance is no problem.  In addition I have both instances of samba
 configured as PDC's (the smb.conf file is identical on both PDC's except
 for two things, the ldap each talks to and the host name of the PDC
 itself; not using the netbios parameter), however only one of them is
 running at a time.  The issue occurs when the 2nd PDC comes online.
 Based on the ldap logs the query I am seeing from the 2nd PDC in a
 failed over state is not the same query that the "primary" PDC does when
 I add a new computer successfuly.  I never see the lookup for the admin
 user who has the right to add a computer, along with other missing
 search strings.

 Is there some SID or some other serial number etc. that the 2nd PDC is
 lacking that is causing this symptom?  Why would a query from a near
 identical instance of samba to the same ldap DB be so different?


 I had the same problem with samba 3.0.28 on rhel 4.  I fixed my problem
 by issuing "net rpc grant .." commands on the backup PDC.  I never
 understood why it behaved that way but those commands worked for me.  I
 thought those rights were in the LDAP database but it seemed that those
 rights are stored on the individual servers somehow.



> John,
> 
> Not familiar with net rpc grant, where is the invoked or added?
David,

I did a diff between the two account_policy files on either instance of
samba and they are identical.  Is this the only file where server rights
are stored?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkp6GLYACgkQ5B+8XEnAvqtsWACbBtwRsTEalBLedSuyx2TcZUNm
wWYAnjZr8kE0iLZWeUtJa3rrNntLiV5b
=qYik
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba HA issue

[John Du]

David Markey wrote:

Yup unfortunately rights granted using net sam/rpc and usrmgr are saved
locally in a TDB file(account_policy), this should probably be in LDAP, i
suppose it sould be possible to rsync the tdb file.


On Wed, 5 Aug 2009 17:10:54 -0500, David Christensen
 wrote:
  

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Du wrote:


David Christensen wrote:

Liutauras Adomaitis wrote:


On Tue, Aug 4, 2009 at 7:39 PM, David

  

Christensen
  

wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

With samba configured for high availability using heartbeat, I am not
able to join new computers to the domain after a fail over.  If I fail
back to the "main" samba instance I can join the computer to the domain.

However With samba in a fail over state and running on the backup PDC
users can still authenticate and gain access to their shares.

I have the two instances of samba configured nearly identical except for
having them pointed to the instance of ldap that is running on the
server itself (which is being replicated).  Is there something else,
some tdb file etc,  that needs to be shared between the two instances of
samba so a fail over appears identical to the ldap backend?

Thanks.


If you are running PDC+BDC configuration with LDAP backend with
replication, then you must have master to master replication. In case
of master - slave replication you canot write ot slave while your
muster is not accessible. Usual slave has a redirection to master for
write operations. Slave is readonly and thats why you can authenticate
to BDC, but cannot join new machines to the domain.
This may be your case

Liutauras



Liutauras,

I have ldap using master-master replication so writing to either ldap
instance is no problem.  In addition I have both instances of samba
configured as PDC's (the smb.conf file is identical on both PDC's except
for two things, the ldap each talks to and the host name of the PDC
itself; not using the netbios parameter), however only one of them is
running at a time.  The issue occurs when the 2nd PDC comes online.
Based on the ldap logs the query I am seeing from the 2nd PDC in a
failed over state is not the same query that the "primary" PDC does when
I add a new computer successfuly.  I never see the lookup for the admin
user who has the right to add a computer, along with other missing
search strings.

Is there some SID or some other serial number etc. that the 2nd PDC is
lacking that is causing this symptom?  Why would a query from a near
identical instance of samba to the same ldap DB be so different?


I had the same problem with samba 3.0.28 on rhel 4.  I fixed my problem
by issuing "net rpc grant .." commands on the backup PDC.  I never
understood why it behaved that way but those commands worked for me.  I
thought those rights were in the LDAP database but it seemed that those
rights are stored on the individual servers somehow.



  

John,

Not familiar with net rpc grant, where is the invoked or added?

These commands are documented at 
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html.





-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkp6A20ACgkQ5B+8XEnAvquDfACfZoxcbLHuoVAbqrUQauCbPD8R
VDYAn3Tz+0TfwD+Ip2HIKtVj5bG5reMc
=25vc
-END PGP SIGNATURE-



  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba HA issue

[David Markey]

Yup unfortunately rights granted using net sam/rpc and usrmgr are saved
locally in a TDB file(account_policy), this should probably be in LDAP, i
suppose it sould be possible to rsync the tdb file.


On Wed, 5 Aug 2009 17:10:54 -0500, David Christensen
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> John Du wrote:
>> David Christensen wrote:
>> 
>> Liutauras Adomaitis wrote:
>> 
>> 
>> On Tue, Aug 4, 2009 at 7:39 PM, David
>>
Christensen
>> wrote:
>> 
>> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> With samba configured for high availability using heartbeat, I am not
>> able to join new computers to the domain after a fail over.  If I fail
>> back to the "main" samba instance I can join the computer to the domain.
>> 
>> However With samba in a fail over state and running on the backup PDC
>> users can still authenticate and gain access to their shares.
>> 
>> I have the two instances of samba configured nearly identical except for
>> having them pointed to the instance of ldap that is running on the
>> server itself (which is being replicated).  Is there something else,
>> some tdb file etc,  that needs to be shared between the two instances of
>> samba so a fail over appears identical to the ldap backend?
>> 
>> Thanks.
>> 
>> 
>> If you are running PDC+BDC configuration with LDAP backend with
>> replication, then you must have master to master replication. In case
>> of master - slave replication you canot write ot slave while your
>> muster is not accessible. Usual slave has a redirection to master for
>> write operations. Slave is readonly and thats why you can authenticate
>> to BDC, but cannot join new machines to the domain.
>> This may be your case
>> 
>> Liutauras
>> 
>> 
>> 
>> Liutauras,
>> 
>> I have ldap using master-master replication so writing to either ldap
>> instance is no problem.  In addition I have both instances of samba
>> configured as PDC's (the smb.conf file is identical on both PDC's except
>> for two things, the ldap each talks to and the host name of the PDC
>> itself; not using the netbios parameter), however only one of them is
>> running at a time.  The issue occurs when the 2nd PDC comes online.
>> Based on the ldap logs the query I am seeing from the 2nd PDC in a
>> failed over state is not the same query that the "primary" PDC does when
>> I add a new computer successfuly.  I never see the lookup for the admin
>> user who has the right to add a computer, along with other missing
>> search strings.
>> 
>> Is there some SID or some other serial number etc. that the 2nd PDC is
>> lacking that is causing this symptom?  Why would a query from a near
>> identical instance of samba to the same ldap DB be so different?
>> 
>> 
>> I had the same problem with samba 3.0.28 on rhel 4.  I fixed my problem
>> by issuing "net rpc grant .." commands on the backup PDC.  I never
>> understood why it behaved that way but those commands worked for me.  I
>> thought those rights were in the LDAP database but it seemed that those
>> rights are stored on the individual servers somehow.
>> 
>> 
>> 
> John,
> 
> Not familiar with net rpc grant, where is the invoked or added?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkp6A20ACgkQ5B+8XEnAvquDfACfZoxcbLHuoVAbqrUQauCbPD8R
> VDYAn3Tz+0TfwD+Ip2HIKtVj5bG5reMc
> =25vc
> -END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba HA issue

[David Christensen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Du wrote:
> David Christensen wrote:
> 
> Liutauras Adomaitis wrote:
> 
> 
> On Tue, Aug 4, 2009 at 7:39 PM, David
> Christensen
>  wrote:
> 
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> With samba configured for high availability using heartbeat, I am not
> able to join new computers to the domain after a fail over.  If I fail
> back to the "main" samba instance I can join the computer to the domain.
> 
> However With samba in a fail over state and running on the backup PDC
> users can still authenticate and gain access to their shares.
> 
> I have the two instances of samba configured nearly identical except for
> having them pointed to the instance of ldap that is running on the
> server itself (which is being replicated).  Is there something else,
> some tdb file etc,  that needs to be shared between the two instances of
> samba so a fail over appears identical to the ldap backend?
> 
> Thanks.
> 
> 
> If you are running PDC+BDC configuration with LDAP backend with
> replication, then you must have master to master replication. In case
> of master - slave replication you canot write ot slave while your
> muster is not accessible. Usual slave has a redirection to master for
> write operations. Slave is readonly and thats why you can authenticate
> to BDC, but cannot join new machines to the domain.
> This may be your case
> 
> Liutauras
> 
> 
> 
> Liutauras,
> 
> I have ldap using master-master replication so writing to either ldap
> instance is no problem.  In addition I have both instances of samba
> configured as PDC's (the smb.conf file is identical on both PDC's except
> for two things, the ldap each talks to and the host name of the PDC
> itself; not using the netbios parameter), however only one of them is
> running at a time.  The issue occurs when the 2nd PDC comes online.
> Based on the ldap logs the query I am seeing from the 2nd PDC in a
> failed over state is not the same query that the "primary" PDC does when
> I add a new computer successfuly.  I never see the lookup for the admin
> user who has the right to add a computer, along with other missing
> search strings.
> 
> Is there some SID or some other serial number etc. that the 2nd PDC is
> lacking that is causing this symptom?  Why would a query from a near
> identical instance of samba to the same ldap DB be so different?
> 
> 
> I had the same problem with samba 3.0.28 on rhel 4.  I fixed my problem by 
> issuing "net rpc grant .." commands on the backup PDC.  I never understood 
> why it behaved that way but those commands worked for me.  I thought those 
> rights were in the LDAP database but it seemed that those rights are stored 
> on the individual servers somehow.
> 
> 
> 
John,

Not familiar with net rpc grant, where is the invoked or added?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkp6A20ACgkQ5B+8XEnAvquDfACfZoxcbLHuoVAbqrUQauCbPD8R
VDYAn3Tz+0TfwD+Ip2HIKtVj5bG5reMc
=25vc
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba HA issue

[John Du]

David Christensen wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Liutauras Adomaitis wrote:
  

On Tue, Aug 4, 2009 at 7:39 PM, David
Christensen wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

With samba configured for high availability using heartbeat, I am not
able to join new computers to the domain after a fail over.  If I fail
back to the "main" samba instance I can join the computer to the domain.

However With samba in a fail over state and running on the backup PDC
users can still authenticate and gain access to their shares.

I have the two instances of samba configured nearly identical except for
having them pointed to the instance of ldap that is running on the
server itself (which is being replicated).  Is there something else,
some tdb file etc,  that needs to be shared between the two instances of
samba so a fail over appears identical to the ldap backend?

Thanks.
  

If you are running PDC+BDC configuration with LDAP backend with
replication, then you must have master to master replication. In case
of master - slave replication you canot write ot slave while your
muster is not accessible. Usual slave has a redirection to master for
write operations. Slave is readonly and thats why you can authenticate
to BDC, but cannot join new machines to the domain.
This may be your case

Liutauras



Liutauras,

I have ldap using master-master replication so writing to either ldap
instance is no problem.  In addition I have both instances of samba
configured as PDC's (the smb.conf file is identical on both PDC's except
for two things, the ldap each talks to and the host name of the PDC
itself; not using the netbios parameter), however only one of them is
running at a time.  The issue occurs when the 2nd PDC comes online.
Based on the ldap logs the query I am seeing from the 2nd PDC in a
failed over state is not the same query that the "primary" PDC does when
I add a new computer successfuly.  I never see the lookup for the admin
user who has the right to add a computer, along with other missing
search strings.

Is there some SID or some other serial number etc. that the 2nd PDC is
lacking that is causing this symptom?  Why would a query from a near
identical instance of samba to the same ldap DB be so different?
  
I had the same problem with samba 3.0.28 on rhel 4.  I fixed my problem 
by issuing "net rpc grant .." commands on the backup PDC.  I never 
understood why it behaved that way but those commands worked for me.  I 
thought those rights were in the LDAP database but it seemed that those 
rights are stored on the individual servers somehow.




-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkp5/W0ACgkQ5B+8XEnAvqsohQCeK6w0icqAS9d2acH0tLf0FphL
vpYAn2YVsxoCZ729gDnxsZCVY6TPZwp9
=zlN2
-END PGP SIGNATURE-
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba HA issue

[David Christensen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Liutauras Adomaitis wrote:
> On Tue, Aug 4, 2009 at 7:39 PM, David
> Christensen wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> With samba configured for high availability using heartbeat, I am not
>> able to join new computers to the domain after a fail over.  If I fail
>> back to the "main" samba instance I can join the computer to the domain.
>>
>> However With samba in a fail over state and running on the backup PDC
>> users can still authenticate and gain access to their shares.
>>
>> I have the two instances of samba configured nearly identical except for
>> having them pointed to the instance of ldap that is running on the
>> server itself (which is being replicated).  Is there something else,
>> some tdb file etc,  that needs to be shared between the two instances of
>> samba so a fail over appears identical to the ldap backend?
>>
>> Thanks.
> 
> If you are running PDC+BDC configuration with LDAP backend with
> replication, then you must have master to master replication. In case
> of master - slave replication you canot write ot slave while your
> muster is not accessible. Usual slave has a redirection to master for
> write operations. Slave is readonly and thats why you can authenticate
> to BDC, but cannot join new machines to the domain.
> This may be your case
> 
> Liutauras

Liutauras,

I have ldap using master-master replication so writing to either ldap
instance is no problem.  In addition I have both instances of samba
configured as PDC's (the smb.conf file is identical on both PDC's except
for two things, the ldap each talks to and the host name of the PDC
itself; not using the netbios parameter), however only one of them is
running at a time.  The issue occurs when the 2nd PDC comes online.
Based on the ldap logs the query I am seeing from the 2nd PDC in a
failed over state is not the same query that the "primary" PDC does when
I add a new computer successfuly.  I never see the lookup for the admin
user who has the right to add a computer, along with other missing
search strings.

Is there some SID or some other serial number etc. that the 2nd PDC is
lacking that is causing this symptom?  Why would a query from a near
identical instance of samba to the same ldap DB be so different?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkp5/W0ACgkQ5B+8XEnAvqsohQCeK6w0icqAS9d2acH0tLf0FphL
vpYAn2YVsxoCZ729gDnxsZCVY6TPZwp9
=zlN2
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] problem with samba and ldap

[Theodoro]

hi,


On Wed, Aug 5, 2009 at 4:42 PM, Miguel Medalha wrote:

> In order to help you, I must know the following:
>
> Are you using nss with ldap?


yes


>
> What is your samba version?


I tried with 3.0.33 on RHEL5.3 and now with 3.3.7


>
>
> Your version of the smbldap scripts is too old. Version 0.9.5 resides here.


I'm using  0.9.5



>
>
> http://download.gna.org/smbldap-tools/0.9.2-1packages/
>
> The project page can be found here:
>
> https://gna.org/projects/smbldap-tools/
>
>


-- 
Daniel Theodoro
9399-3364

(LPIC-1) Junior Level Linux Professional
(LPIC-2) Advanced Level Linux Professional
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] problem with samba and ldap

[Norberto Bensa]

On Wed, Aug 5, 2009 at 4:28 PM, Theodoro wrote:
> Does anybody know what might be happening?

In /etc/ldap.conf, I bet your nss_base_passwd is
"ou=users,dc=test,dc=com,dc=br". It should be "dc=test,dc=com,dc=br".
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problem with samba and ldap

[Theodoro]

hi,

I have a problem with samba and ldap, when I add a machine in a domain,
samba is not searching on *ou=machine*, but on *ou=users*.
But if i change in smbldap.conf *computersdn="ou=machine,${suffix}"* to *
computersdn="ou=users,${suffix}"* it works.

bellow is my smb.conf


[global]
workgroup = TEST
netbios name = PDC
server string = Samba Server
passdb backend = ldapsam:ldap://127.0.0.1
log file = /var/log/samba/log.%m
max log size = 500
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=test,dc=com,dc=br
ldap delete dn = Yes
ldap group suffix = ou=group
ldap idmap suffix = ou=users
ldap machine suffix = ou=machine
ldap passwd sync = yes
ldap suffix = dc=test,dc=com,dc=br
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
admin users = root


Does anybody know what might be happening?

-- 
Daniel Theodoro

(LPIC-1) Junior Level Linux Professional
(LPIC-2) Advanced Level Linux Professional
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] LDAP Account Manager 2.7.0 released

[Roland Gruber]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


LDAP Account Manager (LAM) 2.7.0 - August 5th, 2009
===

LAM is a web frontend for managing accounts stored in an LDAP directory.


Announcement:
- -

LAM Pro now allows you to execute custom scripts on
create/modify/delete. This release also adds compatibility for memcache
session storage and allows you to disable Samba LM password hashes.

Full changelog:

http://lam.sourceforge.net/changelog/index.htm


Features:
- -

* management of Unix user and group accounts (posixAccount/posixGroup)
* management of Samba 2.x/3 user and host accounts
  (sambaAccount/sambaSamAccount)
* management of Kolab 2 accounts (kolabInetorgPerson)
* profiles for account creation
* account creation via file upload
* automatic creation/deletion of home directories
* setting quotas
* PDF output for all accounts
* editor for organizational units (OU)
* schema browser
* tree view
* multiple configuration files
* multi-language support: Catalan, Chinese (Traditional + Simplified),
  Czech, Dutch, English, French, German, Hungarian, Italian, Japanese,
  Polish, Portuguese, Russian and Spanish
* support for LDAP+SSL/TLS


Availability:
- -

This software is available under the GNU General Public License V2.0.

You can get the newest version at http://lam.sf.net.

File formats: DEB, RPM, tar.gz

There is also a FreeBSD port.

Debian users may use the packages in unstable.


Demo installation:
- --

You can try our demo installation online.

http://lam.sf.net/live-demo/index.htm


Support:
- 

If you find a bug please file a bug report. For questions or
implementing new features please use the forum and feature request
tracker at our Sourceforge homepage http://www.sf.net/projects/lam.



Authors & Copyright:
- 

Copyright (C) 2003 - 2009:
Michael Duergner 
Roland Gruber 
Tilo Lutz 


LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkp50N0ACgkQq/ywNCsrGZ7BpACeL1KzfrgfonoahUYQjAVrC1qK
nWQAmwQkyR8oG/Czd6nviO07LMgR7dv1
=XGh4
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Delay of group membership modifications

[Henry Jensen]

Hello,


On Wed, 05 Aug 2009 12:29:38 -0400
Adam Tauno Williams  wrote:

> Is the host running nscd?  If so, stop the nscd service.

Yes, that was it. It seems that nscd was installed as a dependency 
along with libnss-ldap.

# apt-cache show libnss-ldap |grep ^Recommends
Recommends: nscd, libpam-ldap

After stopping nscd and restart of samba changing of group memberships
are recognized immediately by samba now.

What I still find curious is, that getent(1) was aware of the modification 
and samba not. 

Since it is recommended to use nscd when using LDAP (for performance reasons),
instead of stopping or even deinstalling nscd one should better call nscd
with the --invalidate option (e. g. "nscd --invalidate group") after making
modifications in the LDAP tree.

I don't believe, that I am the only who stumbled upon this problem. Perhaps
this should be mentioned somewhere in the documentation/Samba HOWTO collection?

(You know this cases: your boss is calling you and tells you, that Mr. Miller
needs access to this folder right now.)

Regards,

Henry



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Delay of group membership modifications

[Adam Tauno Williams]

>But when the user tried to access the directory, access was denied.
>When I checked with "net RPC GROUP MEMBERS projekt-my-test-rw", the user was 
>not 
>listed as a group member.
>After I waited for about half an hour, the user suddenly could access the 

Is the host running nscd?  If so, stop the nscd service.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Delay of group membership modifications

[Henry Jensen]

Hello,

We use samba 3.2.5 on Debian Lenny with LDAP backend (OpenLDAP 2.4.11).
Access to files and directories are granted via ACLs.

For example, we have a directory "projekt-my-test":

# getfacl projekt-my-test

# file: projekt-my-test/
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:projekt-my-test-rw:rwx
mask::rwx
other::---

So, I added a user to the group "projekt-my-test-rw" in the LDAP tree. 
I could confirm with "getent group" that the user was now member of the group.

But when the user tried to access the directory, access was denied.

When I checked with "net RPC GROUP MEMBERS projekt-my-test-rw", the user was 
not 
listed as a group member.

After I waited for about half an hour, the user suddenly could access the 
directory. And really, when I checked now with the net RPC GROUP MEMBERS,
the user was listed as a member.

I did some research if samba does some caching regarding user and group 
information
from a LDAP server, but hadn't found anything.

So I wanted to ask the experts on the list: What is causing this delay of about 
30 minutes of group membership modification in the LDAP database and the 
recognition by
Samba? And how can I prevent it, i. e. how can I force samba, to 
re-read/refresh group
information from LDAP (besides from a restart of the service)?

Regards,

Henry





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] "inotify_handler No data on inotify fd?"

[Andrew Masterson]

> -Original Message-
> From: samba-boun...@lists.samba.org
[mailto:samba-boun...@lists.samba.org]
> On Behalf Of Kyle Schmitt
> Sent: Wednesday, August 05, 2009 8:07 AM
> To: samba
> Subject: [Samba] "inotify_handler No data on inotify fd?"
> 
> I've got a samba server that's occasionally spewing inotify errors.
> 
> The classic, "smbd/notify_inotify.c:inotify_handler No data on inotify
> fd?" type errors solved by
> kernel change notify = false
> 
> Now, everything is working perfectly on this box unless one or two
> users leave files open from specific machines (this is as far as I can
> tell, it's hard to get good info from the users sometimes, but it's
> what the logs indicate).
> 
> Because of this, I would rather not put in the "kernel change notify =
> false" line, so I'm wondering if there's another good solution.
> 
> When I logged into the server, lsof told me the offending client had a
> single Excel file open about 1300 times, and I found their samba
> process had been running for 14 hours.
> 
> What if I set limits, lets say hard and soft limits for open files to
> 512, or 128, and cpu time limits of 4 hours or so.
> Would that cause issues for my users?
> Would that have killed the misbehaving client, or at least kept it
> from choking my system?
> Will samba behave OK, if a user's samba process runs out of open file
> handles, or will it instead fill my logs even faster?
> 
> Thanks
> --Kyle

>From what I understand changing the kernel notify options only affects
users viewing files created locally (i.e. root logged on to the server
creates a file) - not via smb connections.  And in the worst case they
have to hit "refresh" to get an updated list from the server.

I would just turn it off and save yourself the headache.

-=Andrew
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] "inotify_handler No data on inotify fd?"

[Kyle Schmitt]

I've got a samba server that's occasionally spewing inotify errors.

The classic, "smbd/notify_inotify.c:inotify_handler No data on inotify
fd?" type errors solved by
kernel change notify = false

Now, everything is working perfectly on this box unless one or two
users leave files open from specific machines (this is as far as I can
tell, it's hard to get good info from the users sometimes, but it's
what the logs indicate).

Because of this, I would rather not put in the "kernel change notify =
false" line, so I'm wondering if there's another good solution.

When I logged into the server, lsof told me the offending client had a
single Excel file open about 1300 times, and I found their samba
process had been running for 14 hours.

What if I set limits, lets say hard and soft limits for open files to
512, or 128, and cpu time limits of 4 hours or so.
Would that cause issues for my users?
Would that have killed the misbehaving client, or at least kept it
from choking my system?
Will samba behave OK, if a user's samba process runs out of open file
handles, or will it instead fill my logs even faster?

Thanks
--Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba HA issue

[Liutauras Adomaitis]

On Tue, Aug 4, 2009 at 7:39 PM, David
Christensen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> With samba configured for high availability using heartbeat, I am not
> able to join new computers to the domain after a fail over.  If I fail
> back to the "main" samba instance I can join the computer to the domain.
>
> However With samba in a fail over state and running on the backup PDC
> users can still authenticate and gain access to their shares.
>
> I have the two instances of samba configured nearly identical except for
> having them pointed to the instance of ldap that is running on the
> server itself (which is being replicated).  Is there something else,
> some tdb file etc,  that needs to be shared between the two instances of
> samba so a fail over appears identical to the ldap backend?
>
> Thanks.

If you are running PDC+BDC configuration with LDAP backend with
replication, then you must have master to master replication. In case
of master - slave replication you canot write ot slave while your
muster is not accessible. Usual slave has a redirection to master for
write operations. Slave is readonly and thats why you can authenticate
to BDC, but cannot join new machines to the domain.
This may be your case

Liutauras
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Additional file info (Properties->Summary)

[Volker Lendecke]

On Wed, Aug 05, 2009 at 12:58:24PM +0200, kubek1982 wrote:
> Could You please let me know how can I make samba (or Windows) enable  
> users to access and/or modify the additional file fields which work with  
> MS Office well?

What you need are alternate data streams. Look at the
streams_xattr module in Samba 3.3.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Additional file info (Properties->Summary)

[kubek1982]

Hello all,

I am dealing with a following problem - I can't see additional 
information about few file types stored in samba share.
I mean file fields like "Author" and "Subject" which are accessible from 
Windows - Properties->Summary.
I can put data to these fields when the file is stored on Windows File 
System. But whenever I transfer it to samba share, these values are 
lost. What is more, tab Properties->Summary is no longer accesible (so I 
could put proper values once more). This concerns inter alia the 
following file types:

*.txt
*.msg / *.eml
*.mpg
etc...

What is more, i.e. for *.pdf files, data in fields "Author" and 
"Subject" is not lost, but is not editable when the file is on samba share.


For *.doc, *.xls (MS Office) it is possible to access and modify 
"Properties->Summary" tab even for files from samba share.


Could You please let me know how can I make samba (or Windows) enable 
users to access and/or modify the additional file fields which work with 
MS Office well?


Thanks in advance for Your help,

Chris

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Announce] Samba 3.0.36 Maintenance Release Available

[Karolin Seeger]

"Because things are the way they are,
 things will not stay the way they are."

 Bertolt Brecht


Release Announcements
=


This is the latest bugfix release of the Samba 3.0 series.

Please note, that the 3.0 series will be DISCONTINUED after this release!
There will be neither any bugfix release nor any security release. Updating
to the latest release series is strongly recommended. For more information
on current Samba releases, please see

http://wiki.samba.org/index.php/Samba3_Release_Planning


Major enhancements included in Samba 3.0.36 are:

   o Fix Winbind crash on 'getent group' (bug #5906).
   o Excel save operation corrupts file ACLs (bug #4308).
   o Prevent segmentation fault on joining a very long domain name.


##
Changes
###

Changes since 3.0.35



o   Michael Adam 
* BUG 5906: Fix Winbind crash on 'getent group'.
* BUG 6066: netinet/ip.h present but cannot be compiled on Solaris.


o   Jeremy Allison 
* BUG 4308: Excel save operation corrupts file ACLs.
* BUG 6099: In order to allow Win7 to connect to a Samba NT style
* BUG 6279: Fix Winbind crash.
  PDC we set the flags before we know if it's an error or not.
* Fix logic error in try_chown.
* Correctly use chroot().
* Fix bug in processing of open modes in POSIX open.


o   Günther Deschner 
* Don't install the cifs.upcall binary twice.


o   Steve French 
* BUG 4640: Fix guest mounts in mount-cifs.
* Fix mount.cifs handling of -V option.


o   Bhaskar Jain (bhajain) 
* Prevent segmentation fault on joining a very long domain name.


o   Günter Kukkukk 
* Don't try and delete a default ACL from a file.


o   Volker Lendecke 
* Add workaround for MS KB932762.


o   Shirish Pargaonkar 
* BUG 4370: Clean-up entries in /etc/mtab after unmount.
* Add fakemount (-f) and nomtab (-n) flags to mount.cifs.


o   Ted Percival 
* Fix a crash during name resolution when log level >= 10
  and libc segfaults if printf is passed NULL for a "%s" arg
 (eg. Solaris).


o   Miguel Suarez 
* BUG 6085: Fix build of vfs_default.


o   Yasuma Takeda 
* BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work
  correctly.

##
Reporting bugs & Development Discussion
###

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 3.0 product in the project's Bugzilla
database (https://bugzilla.samba.org/).


==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==



Download Details


The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/ftp/history/samba-3.0.36.html

Binary packages will be made available on a volunteer basis from

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team




pgpWH6MdRRMp2.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba