Re: [Samba] Unknown panic actions
2009/10/22 Ralph Kutschera : > Michael Wood schrieb: >> >> Basically when a process crashes on Unix from a segmentation fault (or >> for a couple of other reasons) the operating system can take a >> snapshot of the memory of the process and write it to a "core" file. >> Whether the OS will actually do this is controlled by things like the >> RLIMIT_CORE which can be set with "ulimit -c" and in the case of Linux >> by some stuff in /proc. >> >> See http://kbase.redhat.com/faq/docs/DOC-4897 for more details. > > Ok. > > So I put the following into the startup script of the samba daemon and > assume this works: > >> ulimit -H -c unlimited >> echo "/var/log/coredumps/core.%e.%p" > /proc/sys/kernel/core_pattern > > Nonetheless I'm getting no coredumps what makes me think about whether samba > really crashes. Try adding in "ulimit -S -c unlimited" as well to change the soft limit. > If it does, will it be restarted automatically? I couldn't find a reason for > that within the Debian startup scripts. > > Ralph -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
- Original Message - From: "KJS" Newsgroups: linux.samba Sent: Thursday, October 22, 2009 9:00 AM Subject: Re: [Samba] UID - high need to lower it for a test user - active directory auth Hi Guys, I am having some problems with Active Directory users using a bit of software on our server, my AD users are authing via Winbind this works fine and the only difference I can see between a local user and an AD user is the fact the AD user has a MUCH higher UID, how can I create a user with a low UID to test this? I don't want to change them all yet as it might not be this that is causing the problem. Many Thanks, KJS What sort of problem are you having? The higher UID for non-local users is normal and shouldn't be touched in most cases. This is to keep the local UIDs different significantly from the ones that are not local. The only problem you may be having would be if you have a huge number of local users. In which case you would have to determine if it would be better to create all local account for everyone on the domain to keep from having problems. But, I seriously doubt this is the problem. James K. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 12:13:22PM +1300, Jason Haar wrote: > On 10/23/2009 11:45 AM, Robert LeBlanc wrote: > > I'm using 3.4.2 right now and I'm seeing a similar problem. We are > > using winbind to authenticate our users on our Linux cluster. The > > worker and interactive nodes are on a private subnet that is NATed to > > the local LAN. Two head nodes provide failover for the NATing. When > > failover is happening, winbind whacks out. The system is not unusable, > > but no authentication happens for about 30 minutes after the failover. > > I'm going to see if I can get iptables to share state between machines > > to help prevent this, but there needs to be a faster reconnection > > after domain controllers seem to be down. > > What I see (as a winbind-laptop user) is that sometimes winbind thinks > it has working connections to domain controllers when either the network > is down or is no longer the corporate network. e.g. I can be logged in > at work, sleep my laptop and take it home. After coming out of sleep, > "netstat -t" shows that there are still ESTABLISHED tcp sessions to > domain controllers - even though my home network has no access to my > work network. I think winbind then gets into a state where it is > continually trying to talk to these non-available domain controllers and > it never gives up - and so the offline mode never kicks in. > > It's got so bad that I now have scripts that run whenever a network > change occurs, to check if winbind is "stuck" and restart accordingly. Hmmm. If netstat -t shows an established TCP connection then that's active in the kernel. winbindd will then use that connection (as it think's it's ok). It should correctly time out (20 - 30 seconds) and then tear down and re-establish if the DC isn't responding. Can you post debug level 10 logs from winbindd in this state to your bug report (apologies if you've already done so, I've been triaging 3.4.3 blocker bugs this week). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On 10/23/2009 11:45 AM, Robert LeBlanc wrote: > I'm using 3.4.2 right now and I'm seeing a similar problem. We are > using winbind to authenticate our users on our Linux cluster. The > worker and interactive nodes are on a private subnet that is NATed to > the local LAN. Two head nodes provide failover for the NATing. When > failover is happening, winbind whacks out. The system is not unusable, > but no authentication happens for about 30 minutes after the failover. > I'm going to see if I can get iptables to share state between machines > to help prevent this, but there needs to be a faster reconnection > after domain controllers seem to be down. What I see (as a winbind-laptop user) is that sometimes winbind thinks it has working connections to domain controllers when either the network is down or is no longer the corporate network. e.g. I can be logged in at work, sleep my laptop and take it home. After coming out of sleep, "netstat -t" shows that there are still ESTABLISHED tcp sessions to domain controllers - even though my home network has no access to my work network. I think winbind then gets into a state where it is continually trying to talk to these non-available domain controllers and it never gives up - and so the offline mode never kicks in. It's got so bad that I now have scripts that run whenever a network change occurs, to check if winbind is "stuck" and restart accordingly. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind lookup performance
On Thu, Oct 22, 2009 at 12:29 PM, Matthew J. Salerno < vagabond_k...@yahoo.com> wrote: > > I removed winbind enum users = Yes and winbind enum groups = Yes and it > seems to be much faster. Now I just need ot make sure everything else is > still working as expected. > > When dealing with a large amount of objects, you will want enum users and groups off. We don't use it here and everything works fine. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
I'm using 3.4.2 right now and I'm seeing a similar problem. We are using winbind to authenticate our users on our Linux cluster. The worker and interactive nodes are on a private subnet that is NATed to the local LAN. Two head nodes provide failover for the NATing. When failover is happening, winbind whacks out. The system is not unusable, but no authentication happens for about 30 minutes after the failover. I'm going to see if I can get iptables to share state between machines to help prevent this, but there needs to be a faster reconnection after domain controllers seem to be down. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University On Thu, Oct 22, 2009 at 1:55 AM, Clayton Hill wrote: > Hi Jason, > > Yup you got the same problem - just going about it a sorta different way > - ouch that must really suck having winbind\ADdomain own the account you > are logged in as. bummer! > My problem is slightly less serious as I am trying to use my local accounts > (such as root) and I just use samba as a domain member to host files with AD > ACLs in the filesystem permissions... but we see the same bug. because > winbind (even caching) kills access to my local accounts. > I hope this is fixed in 3.4 (I just installed it yesterday) I haven't had a > chance to run the same test on 3.4 > > possibilities: > winbind is not caching right to allow smooth operation when the DC is > offline and the system is virtually locked up > winbind doesnt know the moment it cant connect to the DC that it should > really use cache or just buzz off and die somehow > winbind may or may not connect back up to the DC immediately > > I need to play with parameters and see what the new winbind options in 3.4 > do. I have been on 3.2 until yesterday. > > > Thanks for the info on the bug report.. > > Cheers, > -Clayton > > Jason Haar wrote: > >> Just a FYI, but this looks an awful lot like the bug I reported months ago >> >> https://bugzilla.samba.org/show_bug.cgi?id=6103 >> >> Basically I'm running Fedora11 with no local accounts (beyond root) - >> relying on winbind. On occasion winbind appears to "hang" - and no local >> access works - including root - which shouldn't need winbind to succeed! >> Normally I have to reboot to fix, however if I was lucky enough for it >> to happen before my screensaver kicked in, then simply restarting >> winbind fixes the problem. >> >> >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] vfs_zfsacl
I'm attempting to get zfs acls to work on Freebsd8.0 rc1. As far as I can tell zfs acls support is available. However, building samba 3.3.8 last night kicked this out during make: The following command failed: cc -I. -I/usr/ports/net/samba33/work/samba-3.3.8/source -I/usr/ports/net/samba33/work/samba-3.3.8/source/iniparser/src -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -DHAVE_CONFIG_H -I/usr/local/include -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -I./popt -I/usr/local/include -DLDAP_DEPRECATED -O2 -pipe -DLDAP_DEPRECATED -fno-strict-aliasing -O -D_SAMBA_BUILD_=3 -I/usr/ports/net/samba33/work/samba-3.3.8/source/lib -D_SAMBA_BUILD_=3 -fPIC -DPIC -c modules/vfs_zfsacl.c -o modules/vfs_zfsacl.o gmake: *** [modules/vfs_zfsacl.o] Error 1 *** Error code 1 My guess is I'm missing something in my build. But I was too tired to debug it last night. Anyone familiar with this build point me at a clue. TIA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help needed with log.winbindd errors
Problem: Trying to finish creation of Samba 3.3.2 domain server on new 9.04 Ubuntu server. Did default Ubuntu installation of LAMP and Samba during installation. Successfully edited smb.conf, built users, server and resources visible in smbclient and in windows test workstation. Can login as different users, and join machines to the domain via windows. However, the whole system was INCREDIBLY slow! Question: Started checking the log files and noticed I was getting winbind errors. After starting samba & winbind, I get repeating errors in /var/log/samba/log.winbindd. (see file below) I've searched many forums and sites for the error msgs and can't find references. Can you clue me in why these are generated and where/what I need to reconfig? FYI, log.winbindd and smb.conf is below. Let me know if you need more resources. Regards, --mdutch >>/var/log/samba/log.winbindd<< [2009/10/22 12:44:01, 0] winbindd/winbindd.c:main(1125) winbindd version 3.3.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2009/10/22 12:44:01, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2577) initialize_winbindd_cache: clearing cache and re-creating with version number 1 >>ERRORS START [2009/10/22 12:44:42, 0] libsmb/namequery.c:saf_store(75) saf_store: refusing to store 0 length domain or servername! [2009/10/22 12:44:52, 0] libsmb/clientgen.c:cli_receive_smb(165) Receiving SMB: Server stopped responding [2009/10/22 12:44:52, 1] winbindd/winbindd_cm.c:cm_prepare_connection(967) failed tcon_X with NT_STATUS_IO_TIMEOUT >>THEN THE THREE ERRORS REPEAT every 10-20 sec<< [2009/10/22 12:45:02, 0] libsmb/namequery.c:saf_store(75) saf_store: refusing to store 0 length domain or servername! [2009/10/22 12:45:12, 0] libsmb/clientgen.c:cli_receive_smb(165) Receiving SMB: Server stopped responding [2009/10/22 12:45:12, 1] winbindd/winbindd_cm.c:cm_prepare_connection(967) failed tcon_X with NT_STATUS_IO_TIMEOUT >>etc.etc.<< http://www.tek-tips.com/viewthread.cfm?qid=1575492&page=1 (my smb.conf is posted in this msg on Andrew T's Samba Forum) -- View this message in context: http://www.nabble.com/Help-needed-with-log.winbindd-errors-tp26015170p26015170.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind lookup performance
- Original Message From: Matthew J. Salerno To: samba@lists.samba.org Sent: Thu, October 22, 2009 1:19:59 PM Subject: [Samba] Winbind lookup performance Redhat 5.2 x86_64 samba-3.0.28-0.el5.8 My system is fully AD integrated, the only issue I have is that when I look up a users group (id, groups, etc.) it takes forever. This is causing issues due to the fact that I have pam policies in place to allow only users from a specific groups to log in, sudo and/or su. When the cache expires, it can take over 2 minutes to perform the lookup. I'm sure it doesn't help that my AD user account is a member of 120 different groups. I would imagine that if I could use a custom, more exclusive LDAP filter for the winbind module I could improve performance, but I don't believe that option is available. Is there a way for speeding up the lookup process? Thanks [global] workgroup = DOMAIN realm = DOMAIN.NET server string = Samba file and print server security = ADS log level = 3 max log size = 4192 large readwrite = No max xmit = 65535 client signing = Yes server signing = Yes deadtime = 15 socket options = TCP_NODELAY IPTOS_LOWDELAY TCP_NODELAY printcap name = cups preferred master = No idmap domains = DOMAIN idmap backend = tdb idmap alloc backend = tdb idmap cache time = 302400 idmap negative cache time = 600 template shell = /bin/bash winbind separator = + winbind cache time = 1800 winbind enum users = Yes winbind enum groups = Yes winbind nested groups = No winbind refresh tickets = Yes winbind offline logon = Yes winbind normalize names = Yes idmap config DOMAIN:default = yes idmap config DOMAIN:backend = rid idmap config DOMAIN:range = 5000-999 idmap config DOMAINN:cache time = 1800 idmap alloc config:range = 4000 - 4999 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I removed winbind enum users = Yes and winbind enum groups = Yes and it seems to be much faster. Now I just need ot make sure everything else is still working as expected. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] map acl inherit stopped working
On Thu, Oct 22, 2009 at 10:46:40AM +0200, Peter Rindfuss wrote: > On 2009-10-22 01:36, Jeremy Allison wrote: > > >> I'm guessing this is the version 1 to version 2 upgrade. >> (From posix_acls.c) >> > > Thank you for your reply. > > The posix_acls.c code says that version 2 SAMBA_PAI is always written > now. But apparently it is not interpreted correctly as opposed to > existing version 1 entries. > > As far as I can tell, it is not the mix of v1 and v2 that causes the > problems. It also happens on a fresh empty share with no v1. > > So what can I do about it (if I can) ? OPk, this is where you log a bug on it with *exact* details on how to reproduce, and I fix it for you :-). Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind lookup performance
Redhat 5.2 x86_64 samba-3.0.28-0.el5.8 My system is fully AD integrated, the only issue I have is that when I look up a users group (id, groups, etc.) it takes forever. This is causing issues due to the fact that I have pam policies in place to allow only users from a specific groups to log in, sudo and/or su. When the cache expires, it can take over 2 minutes to perform the lookup. I'm sure it doesn't help that my AD user account is a member of 120 different groups. I would imagine that if I could use a custom, more exclusive LDAP filter for the winbind module I could improve performance, but I don't believe that option is available. Is there a way for speeding up the lookup process? Thanks [global] workgroup = DOMAIN realm = DOMAIN.NET server string = Samba file and print server security = ADS log level = 3 max log size = 4192 large readwrite = No max xmit = 65535 client signing = Yes server signing = Yes deadtime = 15 socket options = TCP_NODELAY IPTOS_LOWDELAY TCP_NODELAY printcap name = cups preferred master = No idmap domains = DOMAIN idmap backend = tdb idmap alloc backend = tdb idmap cache time = 302400 idmap negative cache time = 600 template shell = /bin/bash winbind separator = + winbind cache time = 1800 winbind enum users = Yes winbind enum groups = Yes winbind nested groups = No winbind refresh tickets = Yes winbind offline logon = Yes winbind normalize names = Yes idmap config DOMAIN:default = yes idmap config DOMAIN:backend = rid idmap config DOMAIN:range = 5000-999 idmap config DOMAINN:cache time = 1800 idmap alloc config:range = 4000 - 4999 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unknown panic actions
Michael Wood schrieb: Basically when a process crashes on Unix from a segmentation fault (or for a couple of other reasons) the operating system can take a snapshot of the memory of the process and write it to a "core" file. Whether the OS will actually do this is controlled by things like the RLIMIT_CORE which can be set with "ulimit -c" and in the case of Linux by some stuff in /proc. See http://kbase.redhat.com/faq/docs/DOC-4897 for more details. Ok. So I put the following into the startup script of the samba daemon and assume this works: > ulimit -H -c unlimited > echo "/var/log/coredumps/core.%e.%p" > /proc/sys/kernel/core_pattern Nonetheless I'm getting no coredumps what makes me think about whether samba really crashes. If it does, will it be restarted automatically? I couldn't find a reason for that within the Debian startup scripts. Ralph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
On Thu, Oct 22, 2009 at 04:27:52PM +0200, Koenraad Lelong wrote: > Koenraad Lelong schreef: >> Koenraad Lelong schreef: > >>> Hi, >>> Thanks for your suggestions, but it didn't help. >>> >>> I'm setting up another samba-server to test. >>> In the mean time I tried the application on a linux-box with dosemu >>> (it is a DOS application). The linux-box is connected to the >>> samba-server with samba client-software. >>> Guess what : it's running like it should : very responsive. >>> >>> What's this telling me ? >> > Hi, > > I think I have a (temporary ?) solution : if I enable "fake oplocks" the > application works fast. Since I was thinking of giving that application > and it's database-files it's own share I think it will work. > I don't like to give the other shares those fake oplocks. > > Comments ? If you guarantee that only one user will ever use that db simultaneously, you're probably fine. If you have multi-user access, "fake oplocks" will make the application eat your data. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
Koenraad Lelong schreef: Koenraad Lelong schreef: Hi, Thanks for your suggestions, but it didn't help. I'm setting up another samba-server to test. In the mean time I tried the application on a linux-box with dosemu (it is a DOS application). The linux-box is connected to the samba-server with samba client-software. Guess what : it's running like it should : very responsive. What's this telling me ? Hi, I think I have a (temporary ?) solution : if I enable "fake oplocks" the application works fast. Since I was thinking of giving that application and it's database-files it's own share I think it will work. I don't like to give the other shares those fake oplocks. Comments ? Regards, Koenraad Lelong. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can SAMBA use ADS and files for Auth ?
On Thu, Oct 22, 2009 at 03:13:10PM +0100, andy.m...@bt.com wrote: > Cheers Volker > > I think I mean share level; > > The server is currently setup with security=share , using smbpasswd and > assoicated files. > > I would like to keep those users but also join an AD and allow AD users > also. That's not possible, sorry. You might want to play with virtual IP addresses and a second instance of the Samba server using "security=ads" or "security=domain". Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can SAMBA use ADS and files for Auth ?
Cheers Volker I think I mean share level; The server is currently setup with security=share , using smbpasswd and assoicated files. I would like to keep those users but also join an AD and allow AD users also. Regards Andy -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: 22 October 2009 15:10 To: Marr,A,Andy,DGE62 C Cc: samba@lists.samba.org Subject: Re: [Samba] Can SAMBA use ADS and files for Auth ? On Thu, Oct 22, 2009 at 02:56:11PM +0100, andy.m...@bt.com wrote: > I'm running SAMBA 3.0.33 on Solaris 10 Sparc. > > Can anyone tell me if I can use ADS and share level (local files) for > authentication at the same time ? > > I have a server that contains share level users , but would like to be > in AD domain for any new users. Not on the same IP. You are sure that you mean share level? This is really, really weird these days. If you want no-password access for certain shares, for a certain group of hosts or so, there are other ways to achieve that. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can SAMBA use ADS and files for Auth ?
On Thu, Oct 22, 2009 at 02:56:11PM +0100, andy.m...@bt.com wrote: > I'm running SAMBA 3.0.33 on Solaris 10 Sparc. > > Can anyone tell me if I can use ADS and share level (local files) for > authentication at the same time ? > > I have a server that contains share level users , but would like to be > in AD domain for any new users. Not on the same IP. You are sure that you mean share level? This is really, really weird these days. If you want no-password access for certain shares, for a certain group of hosts or so, there are other ways to achieve that. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can SAMBA use ADS and files for Auth ?
Hi All I'm running SAMBA 3.0.33 on Solaris 10 Sparc. Can anyone tell me if I can use ADS and share level (local files) for authentication at the same time ? I have a server that contains share level users , but would like to be in AD domain for any new users. Cheers Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
Koenraad Lelong schreef: Johan Hendriks schreef: A long shot, interfaces = 192.168.0.0/20, lo bind interfaces only = Yes try to set interfaces to just the interface name and the ipadres. Maybe it is a network problem. Hi, Thanks for your suggestions, but it didn't help. I'm setting up another samba-server to test. In the mean time I tried the application on a linux-box with dosemu (it is a DOS application). The linux-box is connected to the samba-server with samba client-software. Guess what : it's running like it should : very responsive. What's this telling me ? Hi, I was looking at the samba-status with swat. When I run the application with dosemu (i.e. fast respone), the database-files are opened with an exclusive oplock. When I run the app in Windows, there is no (none) oplock. Does this ring any bells ? P.S. is it possible there's a bug in swat ? The headers of Open Files are not all OK, and the user-id is not "reverse resolved". Or is it Webmin that does this ? Regards, Koenraad Lelong. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Reliability issues when using Windows 7
> Apparently Windows is unhappy with one of our network packets. We > need to see the packet which Windows 7 does not like, and the > natural source for that information is a packet trace. Are you > aware that tshark is able to split packet traces in chunks while > taking them? So you could run it arbitrarily long without filling > your disk if you delete old ones? As a long-time Wireshark, née Ethereal, fan, that is exactly what I was going to suggest. :) and tshark makes going through huge packet traces very, very easy. For someone who knows what they're looking at and knows how to effectively use tshark's filters, the bad packet can be spotted in minutes even for very, very large traces. Also, you can filter your packet capture so you're just getting CIFS packets and not everything else. Message sent via Atmail Open - http://atmail.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
Hi Guys, I am having some problems with Active Directory users using a bit of software on our server, my AD users are authing via Winbind this works fine and the only difference I can see between a local user and an AD user is the fact the AD user has a MUCH higher UID, how can I create a user with a low UID to test this? I don't want to change them all yet as it might not be this that is causing the problem. Many Thanks, KJS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to automount password less samba share in linux ?
Dear list, I have a password-less samba shared and it is used successfully from window PCs. I also like to make an auto-mount for linux pcs so that it can be used from linux boxes. To achieve this I have made an entry in /etc/fstab as ``` //192.168.1.1/shared /home/test/serverdisk cifs user,rw 0 0 As root I can mount it and see all the contents of remote folder. It though asked for a password but simply giving an *enter* at password prompt mount the shared folder successfully. But then non-root user can't write on there. If I try to mount it as a non-admin user it failed with the following error as `` mount serverdisk/ Password: mount error 1 = Operation not permitted Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) Here I did the same at password prompt i.e. simply pressing *enter* which worked as root ; but this time not !!! Have I missed anything or any special arrangement to follow as non-admin ? Need some enlightenment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Reliability issues when using Windows 7
On Thu, Oct 22, 2009 at 01:51:22PM +0200, Gernot Gebhard wrote: > Currently, we are trying to only compile on a single machine. If this > triggers the error, we can then try to produce a packet trace. > > > However, is there any other possibility? Well, you could try with a debug level 10 log of smbd, catching it at the moment when the build fails. But this does not give the information we need: Apparently Windows is unhappy with one of our network packets. We need to see the packet which Windows 7 does not like, and the natural source for that information is a packet trace. Are you aware that tshark is able to split packet traces in chunks while taking them? So you could run it arbitrarily long without filling your disk if you delete old ones? Sorry, Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Reliability issues when using Windows 7
Hello, Volker Lendecke wrote: > On Thu, Oct 22, 2009 at 01:28:29PM +0200, Gernot Gebhard wrote: >> at our company we are using Samba 4.3.2 in conjunction with Windows 7. >> We use the Windows 7 machines for our nightly compiles. However, >> occasionally the schedules compiles stop with a Windows network error >> message, such as: >> >> . >> . >> . >> [ 16%] Generating ui/moc_versiondialog.cxx >> [ 16%] NMAKE : fatal error U1077: >> 'R:\usr\20091022\121890\release\win\bin\cmake.exe' : return code >> '0xc0c3' >> Stop. > > Can you do a network trace of such a failure? Information on > how to create useful network traces can be found under > > http://wiki.samba.org/index.php/Capture_Packets unfortunately this appears to be infeasible in our environment. We also tried to search the samba log files (log level 3) for any clues, yet without luck. To give you some insight in our setting: We have 9 Windows 7 clients, each with 4 compile slots, accessing our file server via Samba. Additionally, the file server exports the Samba share via NFS to our Linux compile cluster. The described error occurs rather rarely in comparison with the number of compiles we schedule. If all 9 machines are compiling some package in parallel then maybe on of them fails. But not all the time. Additionally, it is really hard to predict which machine will fail. Thus capturing such a trace will produce a lot of data, such that I really doubt we will be able to find the reason. Currently, we are trying to only compile on a single machine. If this triggers the error, we can then try to produce a packet trace. However, is there any other possibility? Kind regards, Gernot -- Dipl.-Inform. Gernot Gebhard AbsInt Angewandte Informatik GmbH Science Park 1 66123 Saarbrücken GERMANY Mail: gernot.gebh...@absint.com Tel: +49-681-3836036 Fax: +49-681-3836020 WWW: http://absint.com -- Geschäftsführung: Dr.-Ing. Christian Ferdinand Eingetragen im Handelsregister des Amtsgerichts Saarbrücken, HRB 11234 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] anonymous only share asking LANMAN password
J. Bakshi schrieb: > J. Bakshi wrote: >> Hello list, >> >> I am trying to make a very simple samba share with out any >> authentication which will work inside the lan only and accessible from >> winxp too. >> This is debian lenny box and samba is 2:3.2.5-4lenny7 >> >> To achieve this I have written smb.conf ( collected from testparm as ) >> >> ``` >> Load smb config files from /etc/samba/smb.conf >> Processing section "[shared]" >> Global parameter deadtime found in service section! >> Loaded services file OK. >> Server role: ROLE_STANDALONE >> Press enter to see a dump of your service definitions >> >> [global] >> workgroup = OFFICE_DEBIAN_SERVER >> server string = %h server >> interfaces = lo, eth0, eth1 >> bind interfaces only = Yes >> security = SHARE >> log file = /var/log/samba/log.%m >> max log size = 1000 >> panic action = /usr/share/samba/panic-action %d >> >> [shared] >> comment = Public Shared Folder >> path = /home/shared >> force user = nouser >> force group = nobody >> read only = No >> force create mode = 0777 >> force directory mode = 0777 >> guest only = Yes >> guest ok = Yes >> `` >> >> After restarting the samba I tried to mount the shared from a win box >> and it still asking for authentication. then I tried from a linux box >> and get as below >> >> ``` >> smbclient //192.168.1.1/shared web >> Domain=[OFFICE_DEBIAN_SERVER] OS=[Unix] Server=[Samba 3.2.5] >> Server not using user level security and no password supplied. >> Server requested LANMAN password (share-level security) but 'client >> lanman auth' is disabled >> tree connect failed: SUCCESS - 0 >> ` >> >> could any one please tell me what prevents my samba to work properly ? >> Thanks >> > > > I have also added > > ``` > guest account = nobody > ` > > in [global] section and restarted samba but no luck :-( > Hi, the only difference to your smb.conf (from my for same settings) is a share modes = yes in [global] and your force user and force group entries, seems to me they aren't needed and if, they aren't properly, as your guest user is nobody and not nouser... cu jth cu jth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Reliability issues when using Windows 7
On Thu, Oct 22, 2009 at 01:28:29PM +0200, Gernot Gebhard wrote: > at our company we are using Samba 4.3.2 in conjunction with Windows 7. > We use the Windows 7 machines for our nightly compiles. However, > occasionally the schedules compiles stop with a Windows network error > message, such as: > > . > . > . > [ 16%] Generating ui/moc_versiondialog.cxx > [ 16%] NMAKE : fatal error U1077: > 'R:\usr\20091022\121890\release\win\bin\cmake.exe' : return code > '0xc0c3' > Stop. Can you do a network trace of such a failure? Information on how to create useful network traces can be found under http://wiki.samba.org/index.php/Capture_Packets Thanks, Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Reliability issues when using Windows 7
Hello, at our company we are using Samba 4.3.2 in conjunction with Windows 7. We use the Windows 7 machines for our nightly compiles. However, occasionally the schedules compiles stop with a Windows network error message, such as: . . . [ 16%] Generating ui/moc_versiondialog.cxx [ 16%] NMAKE : fatal error U1077: 'R:\usr\20091022\121890\release\win\bin\cmake.exe' : return code '0xc0c3' Stop. This error code (STATUS_INVALID_NETWORK_RESPONSE) tells me that something appears to be wrong with the communication of the Windows 7 machine from/to the Samba server. Interestingly, this error only occurs if multiple compile jobs are being executed on a single machine. If only one compile job is allowed, everything works just fine. However, using Quad-Cores for a single compile job is not what we really want. Our compile jobs have the following structure: 1. Mount the samba share via net use : \\server\share 2. Execute compile 3. Unmount the sma share via net use : /DELETE (Note that removing 3. does not resolve this issue). Before migrating to Windows 7 we have been using Windows XP in our compile farm, not having these problems. Unfortunately, the migration to Win 7 was necessary to have 64bit compiles. Does anyone know what to do here? How to find the real issue for this problem? Many thanks in advance. Kind regards, Gernot Gebhard -- Dipl.-Inform. Gernot Gebhard AbsInt Angewandte Informatik GmbH Science Park 1 66123 Saarbrücken GERMANY Mail: gernot.gebh...@absint.com Tel: +49-681-3836036 Fax: +49-681-3836020 WWW: http://absint.com -- Geschäftsführung: Dr.-Ing. Christian Ferdinand Eingetragen im Handelsregister des Amtsgerichts Saarbrücken, HRB 11234 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
Johan Hendriks schreef: A long shot, interfaces = 192.168.0.0/20, lo bind interfaces only = Yes try to set interfaces to just the interface name and the ipadres. Maybe it is a network problem. Hi, Thanks for your suggestions, but it didn't help. I'm setting up another samba-server to test. In the mean time I tried the application on a linux-box with dosemu (it is a DOS application). The linux-box is connected to the samba-server with samba client-software. Guess what : it's running like it should : very responsive. What's this telling me ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] failed to setup guest info
Dear friends Today i am trying to setup samba+ldap on one of my server, and facing following problem Oct 22 15:43:23 abpdel1 smbd[3664]: [2009/10/22 15:43:23, 0] services/services_db.c:svcctl_init_keys(420) Oct 22 15:43:23 abpdel1 smbd[3664]: svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED) Oct 22 15:43:23 abpdel1 smbd[3664]: [2009/10/22 15:43:23, 0] smbd/server.c:main Oct 22 15:43:23 abpdel1 smbd[3664]: ERROR: failed to setup guest info. -- ldap is working perfectly i tested ldap functionality separately. What may be the issue thanks My smb.conf is with attachment thnks http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] anonymous only share asking LANMAN password
J. Bakshi wrote: > Hello list, > > I am trying to make a very simple samba share with out any > authentication which will work inside the lan only and accessible from > winxp too. > This is debian lenny box and samba is 2:3.2.5-4lenny7 > > To achieve this I have written smb.conf ( collected from testparm as ) > > ``` > Load smb config files from /etc/samba/smb.conf > Processing section "[shared]" > Global parameter deadtime found in service section! > Loaded services file OK. > Server role: ROLE_STANDALONE > Press enter to see a dump of your service definitions > > [global] > workgroup = OFFICE_DEBIAN_SERVER > server string = %h server > interfaces = lo, eth0, eth1 > bind interfaces only = Yes > security = SHARE > log file = /var/log/samba/log.%m > max log size = 1000 > panic action = /usr/share/samba/panic-action %d > > [shared] > comment = Public Shared Folder > path = /home/shared > force user = nouser > force group = nobody > read only = No > force create mode = 0777 > force directory mode = 0777 > guest only = Yes > guest ok = Yes > `` > > After restarting the samba I tried to mount the shared from a win box > and it still asking for authentication. then I tried from a linux box > and get as below > > ``` > smbclient //192.168.1.1/shared web > Domain=[OFFICE_DEBIAN_SERVER] OS=[Unix] Server=[Samba 3.2.5] > Server not using user level security and no password supplied. > Server requested LANMAN password (share-level security) but 'client > lanman auth' is disabled > tree connect failed: SUCCESS - 0 > ` > > could any one please tell me what prevents my samba to work properly ? > Thanks > I have also added ``` guest account = nobody ` in [global] section and restarted samba but no luck :-( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] map acl inherit stopped working
On 2009-10-22 01:36, Jeremy Allison wrote: I'm guessing this is the version 1 to version 2 upgrade. (From posix_acls.c) Thank you for your reply. The posix_acls.c code says that version 2 SAMBA_PAI is always written now. But apparently it is not interpreted correctly as opposed to existing version 1 entries. As far as I can tell, it is not the mix of v1 and v2 that causes the problems. It also happens on a fresh empty share with no v1. So what can I do about it (if I can) ? Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Files copying - date and owner... problems
Hi everyone, Thank you for reading my post. I have some data on a "Windows Server 2003" machine I put there temporarily (quite a big amount of data: 44.8 GB). I have copied them back on my Samba server (Debian Lenny hosts the server). I have had two different types of problems: 1) Date problem: some very "old" files which I hadn't touched for an eternity (or so :)) have had their date changed to say 2009/10/07 (7th of October 2009, the day I copied the data from the Windows to the Lenny server) which is not normal and which is very problematic. For example: - on the Windows server, there is a file which date is 2007/06/04 - on the Samba server, after copying it, its date is 2009/10/07. (I am talking about the "Date Modified" as it is named on Windows machines). 2) Owner and owner group problem: -- I was logged as on the Windows 2003 server. is a Samba user (declared on the Samba server, member of the "/etc/samba/smbpasswd" file). So, if I understood well the meaning of the Samba config. file: normally when a file is copied on the server, its owner is and its owner group is "domadm". Some files have had their owner and owner group set to "root" preventing as a result to write them. Here is my "/etc/samba/smb.conf" config. file to check what I said before: [global] workgroup = server string = %h Samba server log level = 1 log file = /var/log/samba/log.%m max log size = 1000 socket options = TCP_NODELAY IPTOS_LOWDELAY logon path = logon home = domain logons = Yes os level = 128 preferred master = Yes domain master = Yes remote browse sync = yes [] comment = path = // force group = domadm read only = No create mask = 0664 directory mask = 0775 guest ok = Yes Can you tell me if I misconfigured something? If I should add someting to my config. file to avoid such problems? Do you think what happened was a Samba server malfunctioning? Thank you for your help and all the best, -- Lmhelp -- View this message in context: http://www.nabble.com/Files-copying---date-and-owner...-problems-tp26005868p26005868.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Hi Jason, Yup you got the same problem - just going about it a sorta different way - ouch that must really suck having winbind\ADdomain own the account you are logged in as. bummer! My problem is slightly less serious as I am trying to use my local accounts (such as root) and I just use samba as a domain member to host files with AD ACLs in the filesystem permissions... but we see the same bug. because winbind (even caching) kills access to my local accounts. I hope this is fixed in 3.4 (I just installed it yesterday) I haven't had a chance to run the same test on 3.4 possibilities: winbind is not caching right to allow smooth operation when the DC is offline and the system is virtually locked up winbind doesnt know the moment it cant connect to the DC that it should really use cache or just buzz off and die somehow winbind may or may not connect back up to the DC immediately I need to play with parameters and see what the new winbind options in 3.4 do. I have been on 3.2 until yesterday. Thanks for the info on the bug report.. Cheers, -Clayton Jason Haar wrote: Just a FYI, but this looks an awful lot like the bug I reported months ago https://bugzilla.samba.org/show_bug.cgi?id=6103 Basically I'm running Fedora11 with no local accounts (beyond root) - relying on winbind. On occasion winbind appears to "hang" - and no local access works - including root - which shouldn't need winbind to succeed! Normally I have to reboot to fix, however if I was lucky enough for it to happen before my screensaver kicked in, then simply restarting winbind fixes the problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
