[Samba] Problems with samba 3.4.3 as PDC for Windows 7

[Steven Westbrook]

Hi all, I am testing Windows 7 Ult with Samba 3.4.3 as a PDC for Windows
7.  I am using a simple, smb.conf file, domain name is "mygroup" without
the quotations.  Windows XP clients can join correctly and login as
normal.  However, with Windows 7, I can get the client to joint the
domain, but when I reboot, I get a machine trust error and the user can
not log onto the Windows 7 client.  

Here is the error in /var/log/message:

Nov 10 21:32:54 westserver smbd[8375]: [2009/11/10 21:32:54,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
Nov 10 21:32:54 westserver smbd[8375]:
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client STEVEN-DESKAMD2 machine
account STEVEN-DESKAMD2$
Nov 10 21:32:54 westserver smbd[8375]: [2009/11/10 21:32:54,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
Nov 10 21:32:54 westserver smbd[8375]:
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client STEVEN-DESKAMD2 machine
account STEVEN-DESKAMD2$
Nov 10 21:33:06 westserver smbd[8375]: [2009/11/10 21:33:06,  0]
lib/util_sock.c:539(read_fd_with_timeout)
Nov 10 21:33:06 westserver smbd[8375]: [2009/11/10 21:33:06,  0]
lib/util_sock.c:1491(get_peer_addr_internal)
Nov 10 21:33:06 westserver smbd[8375]:   getpeername failed.
Error was Transport endpoint is not connected
Nov 10 21:33:06 westserver smbd[8375]:   read_fd_with_timeout:
client 0.0.0.0 read error = Connection reset by peer.

Here is the log from log.steven-deskamd2:

[r...@westserver samba]# tail log.steven-deskamd2 

  getpeername failed. Error was Transport endpoint is not
connected
  read_fd_with_timeout: client 0.0.0.0 read error = Connection
reset by peer.
[2009/11/10 21:36:02,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client STEVEN-DESKAMD2 machine
account STEVEN-DESKAMD2$
[2009/11/10 21:36:02,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client STEVEN-DESKAMD2 machine
account STEVEN-DESKAMD2$
[2009/11/10 21:36:12,  0]
lib/util_sock.c:539(read_fd_with_timeout)
[2009/11/10 21:36:12,  0]
lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not
connected
  read_fd_with_timeout: client 0.0.0.0 read error = Connection
reset by peer.



Does anyone have any idea what is causing the problem / how to fix?

thanks,

-steve
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] idmap_rid/idmap_hash collisions?

[Nick]

Is it possible for the uid/gid numbers that are generated by the
idmap_rid and idmap_hash to collide if there are a large number of
users or groups?  I cannot seem to find any documentation on the
limitations of these plugins.  Before using I want to make absolutely
sure that there won't be any collisions.

In doing some research about Likewise Open, I see it's hashing routine
can have this problem:

"If your Active Directory relative identifiers, or RIDs, are a number
greater than 524,287, the Likewise Open algorithm that generates UIDs
and GIDs can result in UID-GID collisions among users and groups. In
such cases, it is recommended that you use Likewise Enterprise or that
you use the Likewise UID-GID management tool."

http://www.likewise.com/resources/documentation_library/manuals/open/likewise-open-guide.html#AboutLikewiseAgent

I was somehow thinking that Likewise is based on Samba, although I
don't remember where I heard that so it could be total BS.

Does anyone know about the limitations of these idmap backends?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba and ads authentication

[Tom Montague]

Solaris 9, samba 3.0.23c, openLDAP 2.3

I managed to run the configure script for samba successfully using the 
following parameters :-

./configure --with-ldap --with-ads --with-pam --with-winbind 
--with-krb5=/usr/local/lib

Now when I am running "make" I am getting the following error... (any ideas)

/home1/admin/Projects/HDR1390/samba-3.0.23c/source# make
Using FLAGS =  -I/usr/local/lib/include -O -D_SAMBA_BUILD_  
-I/home1/admin/Projects/HDR1390/samba-3.0.23c/source/iniparser/src -Iinclude 
-I/home1/admin/Projects/HDR1390/samba-3.0.23c/source/include 
-I/home1/admin/Projects/HDR1390/samba-3.0.23c/source/tdb  -I. -DHAVE_CONFIG_H  
-I/usr/local/lib/include -D_LARGEFILE_SOURCE -D_REENTRANT 
-D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED -DSUNOS5 
-I/home1/admin/Projects/HDR1390/samba-3.0.23c/source -D_SAMBA_BUILD_
  LIBS = -lsendfile -lresolv -lnsl -lsocket -ldl
  LDSHFLAGS = -G  -L/usr/local/lib/lib -lthread
  LDFLAGS = -L/usr/local/lib/lib -lthread
  PIE_CFLAGS =
  PIE_LDFLAGS =
Compiling dynconfig.c
Compiling smbd/vfs.c
Compiling passdb/pdb_interface.c
Compiling passdb/pdb_ldap.c
passdb/pdb_ldap.c: In function `ldapsam_get_new_rid':
passdb/pdb_ldap.c:4410: error: incompatible types in assignment
passdb/pdb_ldap.c: In function `pdb_init_ldapsam':
passdb/pdb_ldap.c:5573: error: incompatible types in assignment
make: *** [passdb/pdb_ldap.o] Error 1  



-Original Message-
From: Michael Wood [mailto:esiot...@gmail.com] 
Sent: Monday, 9 November 2009 7:43 PM
To: Tom Montague
Cc: sebastian.ra...@wipro.com; samba@lists.samba.org
Subject: Re: [Samba] samba and ads authentication

2009/11/9 Tom Montague :
> Thanks Seban,
>
> I tried running the configure script with the following options...
>
>  ./configure --with-ldap --with-ads --with-krb5 --with-winbind
>
> I am getting the following error:-
>
[...]
> configure: error: Active Directory cannot be supported without krb5.h
>
>
> I do have Kerberos installed and the kinit @ works for me.
>
> My Kerberos krb5.conf file is located in the /etc/krb5/ directory,
> should I be running the configure script and telling it this location?

No.

> Should I have a krb5.h file???

Yes.

You probably do not have the Kerberos development package installed.
This would include the krb5.h file amongst other things.  I did not
see any mention of what operating system you're running, but e.g.
Debian and Ubuntu have a package called libkrb5-dev.  On an RPM-based
distribution it is probably something like krb5-devel.

-- 
Michael Wood 



The information in this email, including any attachments, is confidential and 
may be subject to legal or other professional privilege.  It is intended solely 
for the addressee and access to this email by anyone else is unauthorised.  If 
you have received this email in error, please immediately advise the sender by 
return email, then delete the message from your system and destroy any copies. 
If you are not the intended recipient, any use, interference with, 
distribution, disclosure or copying of this material, or any action taken or 
omitted to be taken in reliance on it, is unauthorised and prohibited.

The Griffin Group scans all outgoing emails for viruses, however The Griffin 
Group cannot guarantee that email communications are secure or error-free, as 
information could be intercepted, corrupted, amended, lost, destroyed, arrive 
late or incomplete.





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd refuses to add a user if the UID exists somewhere in LDAP

[John Du]

All the experts.

We have been running samba 3.0.xx (currently at 3.0.28a) on RHEL 4 with 
LDAP back end for a few years now.  It has been working well for us.


Now we are having a little problem. I am not sure if the behavior we see 
is by design or a bug.


In smb.conf

We have:
ldap suffix = o=COMPANY,c=US
ldap user suffix = ou=People

The LDAP database also has an ou=Terms tree for people who have 
terminated employment with the company.  The entries on the ou=Terms 
tree has a uid attribute.


When we rehire people, we would like to give them the same UID as 
before.  We can add the new user with recycled uid to the ou=People 
tree.  But when we run smbpasswd -a uid to make the user also a Samba 
user, smbpasswd returns an error saying the UID is already used.


The entries in Terms are not of posixAccount class and they do not have 
the "ldap user suffix" specified in smb.conf.  Is smbpasswd supposed to 
refuse to make the user a Samba user?


It is not a big deal for us. We can just give the rehires a new UID.  
But it would be nice to know this is a bug or not.


Thanks,

John

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] bus error

[Paras pradhan]

It seems like compiling with -g option takes gigabytes of space in
source directory which I can not afford at this time.

I managed to install gdb and here is what gdb has to say:

--
r...@web # gdb ./net core
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.9"...

warning: Can't read pathname for load map: I/O error.
Reading symbols from /usr/lib/libthread.so.1...done.
Loaded symbols for /lib/libthread.so.1
Reading symbols from /usr/lib/libsendfile.so.1...done.
Loaded symbols for /lib/libsendfile.so.1
Reading symbols from /usr/lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /lib/libdl.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /lib/libsocket.so.1
Reading symbols from /opt/local/lib/libiconv.so.2...done.
Loaded symbols for /opt/local/lib/libiconv.so.2
Reading symbols from /opt/local/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /opt/local/lib/libgssapi_krb5.so.2
Reading symbols from /opt/local/lib/libkrb5.so.3...done.
Loaded symbols for /opt/local/lib/libkrb5.so.3
Reading symbols from /opt/local/lib/libk5crypto.so.3...done.
Loaded symbols for /opt/local/lib/libk5crypto.so.3
Reading symbols from /opt/local/lib/libcom_err.so.3...done.
Loaded symbols for /opt/local/lib/libcom_err.so.3
Reading symbols from /opt/local/lib/libldap-2.4.so.2...done.
Loaded symbols for /opt/local/lib/libldap-2.4.so.2
Reading symbols from /opt/local/lib/liblber-2.4.so.2...done.
Loaded symbols for /opt/local/lib/liblber-2.4.so.2
Reading symbols from /opt/local/samba/lib/libtalloc.so...done.
Loaded symbols for /opt/local/samba/lib/libtalloc.so
Reading symbols from /opt/local/samba/lib/libtdb.so...done.
Loaded symbols for /opt/local/samba/lib/libtdb.so
Reading symbols from /opt/local/samba/lib/libwbclient.so...done.
Loaded symbols for /opt/local/samba/lib/libwbclient.so
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /lib/libc.so.1
Reading symbols from /usr/lib/libaio.so.1...done.
Loaded symbols for /lib/libaio.so.1
Reading symbols from /usr/lib/libmd5.so.1...done.
Loaded symbols for /lib/libmd5.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /lib/libmp.so.2
Reading symbols from /usr/local/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/libgcc_s.so.1
Reading symbols from /opt/local/lib/libkrb5support.so.0...done.
Loaded symbols for /opt/local/lib/libkrb5support.so.0
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /lib/libgen.so.1
Reading symbols from /usr/platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1

warning: Can't read pathname for load map: I/O error.

warning: Can't read pathname for load map: I/O error.
Core was generated by `./net ads user'.
Program terminated with signal 10, Bus error.
[New process 80487]
#0  0xfed47cac in _free_unlocked () from /lib/libc.so.1
(gdb)
--

Actual command was:

./net ads join -U samba


Thanks!
Paras.




On Mon, Nov 9, 2009 at 3:33 PM, Volker Lendecke
 wrote:
> On Mon, Nov 09, 2009 at 03:26:12PM -0600, Paras pradhan wrote:
>> ./configure.developer stucks at building iconv.
>>
>> here is the o/p:
>> lib/iconv.c: In function `iconv_swab':
>> lib/iconv.c:498: implicit declaration of function `swab'
>> The following command failed:
>> gcc -I/opt/local/include -O2 -g -g -Wall -Wshadow -Wpointer-arith
>> -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER
>> -Werror-implicit-function-declaration -I.
>> -I/usr/local/samba-3.4.3/source3
>> -I/usr/local/samba-3.4.3/source3/iniparser/src -Iinclude -I./include
>> -I. -I. -I./../lib/replace -I./../lib/talloc -I./../lib/tevent
>> -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. -DHAVE_CONFIG_H
>> -I/opt/local/include -I/opt/local/include -D_LARGEFILE_SOURCE
>> -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED -DSUNOS5
>> -I/usr/local/samba-3.4.3/source3/lib -I.. -I../source4
>> -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -c lib/iconv.c -o
>> lib/iconv.o
>> make: *** [lib/iconv.o] Error 1
>> --
>>
>> But if i use ./configure it is working.
>
> Then try "CFLAGS=-g ./configure"
>
> Volker
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba credentials file - hit and miss?

[Aldo Foot]

On Mon, Nov 9, 2009 at 4:48 PM, Aldo Foot  wrote:
> Greetings,
>
> I'm using a CentOS 5.4 Virtual Machine and Samba 3.0.33-3.15.el5_4 to access a
> file share from a Windows XP host. I also tried the same using a
> Fedora 10 VM with
> the same negative results. Please read on.
>
> I've browsed the web and read the mount.cifs man page. And the conclusion
> is the same: you connect to a share using a username and password and you're
> good to to. Or, create a credentials file with a username and password
> and you're good to go. Very straightforward. But the credentials file
> does not work for me... but others claim it works for them.
> For me, using the username and password at the CLI works fine though.
>
> I used these threads as examples and I have done pretty much the same.
>   http://lists.samba.org/archive/samba/2004-October/094265.html
>   http://www.troubleshooters.com/linux/samba.htm
>
> My credentials file /etc/samba/smbpassword is very simple.
>
> $ cat smbpassword
> user=jdoe
> password=X
>
> Some say to use spaces like "user = jdoe", but makes no difference.
>
> Is this a samba bug? I can share more details of what I've done if requested.
> ~af
>

For future reference to anyone seeing this problem. This is a samba bug.

The fix is here on comment #22:
https://bugzilla.redhat.com/show_bug.cgi?id=532153

Make sure to use "username=".

~af
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.4.2: Acces problem with EA attributes

[Jeremy Allison]

On Tue, Nov 10, 2009 at 11:32:42AM +0100, Arendt, Volker wrote:
> Hello all,
> 
> some additional information: a new directoriy cannot be renamed. It remains 
> at "Neuer Ordner". A new file can be created inside the new folder.
> 
> Neither directories nor files can be renamed, moved or deleted.

Bug that was fixed with 3.4.3.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem printing from Linux to WinXP printer: "getpeername failed"

[Yanko Sheiretov]

Hi,
A little more information that might help. I should have 
mentioned that the printer works fine when printing from 
another WinXP system. Also, it appears that the "getpeername 
failed" errors are not necessarily directly related. I was 
able to get rid of them with "smb ports = 139" in smb.conf. 
Now the only error I get in the log file is


"Nov 10 10:44:22 Officejet: prnt/hpijs/hpcups.cpp 681: 
hpcups: returning status 0 from main"


Still, the only time I get the "getpeername failed" errors 
is when I try to print to this printer.


ian

iancs...@comcast.net wrote:
Hi, 
I am unable to print from my Linix (Fedora 11) system, running Samba 3.4.2 , via cups 1.4.1. 
What is confusing is that from the same cups/samba installation I have no trouble at all printing to 
other WinXP printers on the network. All XP systems are running home edition. The system hosting the troubled 
printer is a laptop, this seems to be the only difference. I have ruled out network problems, because 
there is no trouble accessing files between Samba and the WinXP in question, in either direction. 

I get the following error messages in the log: 

Nov 10 00:17:28 Officejet: prnt/hpijs/hpcups.cpp 681: hpcups: returning status 0 from main 
Nov 10 00:18:37 smbd[26123]: [2009/11/10 00:18:37, 0] lib/util_sock.c:738(write_data) 
Nov 10 00:18:38 smbd[26123]: [2009/11/10 00:18:38, 0] lib/util_sock.c:1491(get_peer_addr_internal) 
Nov 10 00:18:38 smbd[26123]: getpeername failed. Error was Transport endpoint is not connected 
Nov 10 00:18:38 smbd[26123]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer 
Nov 10 00:18:38 smbd[26123]: [2009/11/10 00:18:38, 0] smbd/process.c:62(srv_send_smb) 
Nov 10 00:18:38 smbd[26123]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) 

Also, I know that Samba is able to communicate with the XP system, because during the printer installation, using 
system-install-printer, it finds the print share with no trouble and verifies access to it. 

Any suggestions for what to try next? 

Ian 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Vfs full audit trouble

[Ivan Anisimov]

Hello,

Version 3.0.9-1.3E.3
vfs objects = full_audit
full_audit:prefix = %u|%I|%m
full_audit:success = open ftruncate mkdir write rename rmdir unlink
full_audit:failure = unlink open

Just after start audit logs requests as mentioned in config file, but
after some time I begin to see "stat fail" and other types of messages I
did not ask for in log file. Is there a reason for this, and how can I
work it out?

Thank you in advance,
Regards,
Ivan

-- 
Ivan Anisimov 
Project Manager
Promsvyazbank 

Tel. +7 (495) 777 1020 x 77-5212
GSM. +7 (916) 134 7233 
Mail anisimo...@psbank.ru 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Pdbedit <-> /etc/passwd sync?

[extmaillist]

Hi,

i have a question about syncing without pdbedit (exactly iformations 
stored in passdb.tdb) and /etc/passwd.


I creating user with some comment, for example

adduser test -c "my comment" -d /home/users/test -g 600 -s /bin/false

and then i will add this user to samba

pdbedit -a -s /etc/samba/smb.conf -u test

Now i have stored in samba also comment "my comment", but why? Pdbedit can 
load this comment from /etc/passwd and save to passdb.tdb? Can I 
change this behaviour? I dont want storing this infomations duplicated 
(in /etc/passwd and also in /passdb.tdb).


If i modifying existing user and i changed comment in /etc/passwd, then 
comment in passdb.tdb remain a same. It's possible load comment from 
/etc/passwd to passdb.tdb "on the fly", it means without permanent storing 
in passdb.tdb


I have in smb.conf this setting:

unix password sync = yes

but i think that this parameter dont have effect for this behavior.



thanks, Lukas



--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Problem printing from Linux to WinXP printer: "getpeername failed"

[iancshay]

Hi, 
I am unable to print from my Linix (Fedora 11) system, running Samba 3.4.2 , 
via cups 1.4.1. 
What is confusing is that from the same cups/samba installation I have no 
trouble at all printing to 
other WinXP printers on the network. All XP systems are running home edition. 
The system hosting the troubled 
printer is a laptop, this seems to be the only difference. I have ruled out 
network problems, because 
there is no trouble accessing files between Samba and the WinXP in question, in 
either direction. 

I get the following error messages in the log: 

Nov 10 00:17:28 Officejet: prnt/hpijs/hpcups.cpp 681: hpcups: returning status 
0 from main 
Nov 10 00:18:37 smbd[26123]: [2009/11/10 00:18:37, 0] 
lib/util_sock.c:738(write_data) 
Nov 10 00:18:38 smbd[26123]: [2009/11/10 00:18:38, 0] 
lib/util_sock.c:1491(get_peer_addr_internal) 
Nov 10 00:18:38 smbd[26123]: getpeername failed. Error was Transport endpoint 
is not connected 
Nov 10 00:18:38 smbd[26123]: write_data: write failure in writing to client 
0.0.0.0. Error Connection reset by peer 
Nov 10 00:18:38 smbd[26123]: [2009/11/10 00:18:38, 0] 
smbd/process.c:62(srv_send_smb) 
Nov 10 00:18:38 smbd[26123]: Error writing 4 bytes to client. -1. (Transport 
endpoint is not connected) 

Also, I know that Samba is able to communicate with the XP system, because 
during the printer installation, using 
system-install-printer, it finds the print share with no trouble and verifies 
access to it. 

Any suggestions for what to try next? 

Ian 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Lots of smbd processes and connections?

[Brian]

>> My situation was related to resident software on the client called:
>> 
>> CyberLink Media Libray
>> HP TouchSmart
>> HP MediaSmart
>> 
>> Matt, I would check you clients for similar software.

>I don't have any of these installed.


Well, possibly try killing processes one at a time until the spamming stops.

There maybe other packages that are out there doing a similar thing.

Did you ever get anywhere with MS support?




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Lots of smbd processes and connections?

[Matthew Dickinson]

On 11/9/09 9:26 PM, "Brian"  wrote:
> 
> 
> Problem solved / culprit found!
> 
> Behavior in question:
> 
> The last character of the service name is truncated and couldn't find
> service
> 
> First off, this behavior is pretty well documentedit even appears noted
> as an odd behavior in a MS White Paper.  Normally not a big deal as MS
> clients
> would provide a few requests with the truncated service name the correct
> itself.

Could you provide a link to the whitepaper please?

> My situation was related to resident software on the client called:
> 
> CyberLink Media Libray
> HP TouchSmart
> HP MediaSmart
> 
> Matt, I would check you clients for similar software.

I don't have any of these installed.

If I access the same files from a Windows server, then the performance is as
expected, when accessed using my samba server, it's causing problems and is
really slow.

Matthew


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] talpy-deny error when combining samba and sophos

[Marcus]

Am Montag, den 09.11.2009, 23:39 +0100 schrieb Marcus:
> Hi,
> 
> I'm getting the following error when trying to save a file in a share
> with activated on-access-scanning using sophos:
> 
> Nov  9 17:10:41 server kernel: talpa-deny: Error occured while
> opening /vol/group/test.ppt on behalf of
> process smbd[23713/23713] owned by 6688(6688)/0(7003) <512>
> 
> I know that this is not a samba problem, but may be someone had this
> problem too and solved it. Basically this error comes up when saving MS
> word oder powerpoint files which try to create temporary ~$ files.
> 
> my system: debian Etch with samba 3.0.24-6etch10
> Sophos version: 6.7.0

This is a known sophus Bug. A workaround is to disable the
"interruptible sleep" option. See

 http://downloads.sophos.com/readmes/readsavl_6_eng.txt

* Option to make on-access scanner less POSIX compliant

(DEF 41422) Some applications behave in a non-POSIX compliant manner
with
respect to open() calls being interrupted by signals. This causes
"System
Call Interrupt" errors to be reported when on-access scanning is
enabled. An
option has been added to make the on-access scanner behave in a less
POSIX
compliant manner, so that these errors are not reported. To enable this
option, type:

/opt/sophos-av/bin/savconfig set TalpaSleepInterruptible false

Ciao,
Marcus

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Roaming Profiles and Samba 3.4.x

[Alexander Födisch]

Hi,

since we did an upgrade from samba 3.0.28 to samba 3.4.x we have trouble with roaming profiles. Currently we are running 
samba 3.4.3.


When logging on, the profile folder on fileserver is created, but the user gets 
an error message:

Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will 
not be copied to the server. Possible causes of this error include network problems or insufficient security rights. If 
this problem persists, contact your network administrator.

DETAIL - Access is denied.



Sambalog:


[2009/11/10 11:27:59,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]...@[] with the new 
password interface

[2009/11/10 11:27:59,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: 
[]\[]...@[]
[2009/11/10 11:27:59,  5] auth/auth_util.c:1517(fill_sam_account)
  fill_sam_account: located username was [\]
[2009/11/10 11:27:59,  3] auth/auth.c:271(check_ntlm_password)
  check_ntlm_password: winbind authentication for user [] succeeded
[...]
[2009/11/10 11:27:59,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user 
[]...@[] with the new password interface
[2009/11/10 11:27:59,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: []...@[]






snippet of the smb.conf file:


map untrusted to domain = yes
[...]


[profiles]
comment  =
path = ""
browseable   = no
force create mode= 0660
force directory mode = 0770
force group  = 
force user   = %U
guest ok = yes
nt acl support   = yes
inherit permissions  = yes
writeable= yes




The working solution at the moment: 0777 for all userprofiles. But that's not 
very nice...



Any ideas? Are there any changes of samba > 3.0.x, which I didn't pay attention 
to?



Thanks,
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.4.2: Acces problem with EA attributes

[Arendt, Volker]

Hello all,

some additional information: a new directoriy cannot be renamed. It remains at 
"Neuer Ordner". A new file can be created inside the new folder.

Neither directories nor files can be renamed, moved or deleted.

Regards

Volker

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im 
Auftrag von Arendt, Volker
Gesendet: Dienstag, 10. November 2009 11:25
An: samba@lists.samba.org
Betreff: [Samba] Samba 3.4.2: Acces problem with EA attributes

Hello all,

we have a problem with our samba 3.4.2. We get the following messages in out 
logs for some user, but not all. Users can access their personal share, can 
create a directory or a file, but cannot change the directory or the file. The 
permissions are full access on the top level folder and permissions are 
inherited correctly.

Hints and tips are welcome


Regards

Dr. Volker Arendt
--
Dr. Volker Arendt  mailto:are...@wiwi.uni-wuppertal.de
Gaußstr. 20  Tel : +49(202)4392449
42097 Wuppertal, Deutschland Fax:  +49(202)4393959
University of Wuppertal   Business Economics (FBB)
--




[2009/11/10 09:01:52,  1] smbd/service.c:1047(make_connection_snum)
  132.195.121.160 (132.195.121.160) connect to service ls-thiele$ initially as 
user FB6+steinbach (uid=16292, gid=13254) (pid 684068)
[2009/11/10 09:31:19,  1] smbd/dosmode.c:213(get_ea_dos_attribute)
  get_ea_dos_attributes: Cannot get attribute from EA on file .: Error = 
Function not implemented
[2009/11/10 09:51:42,  1] smbd/service.c:1047(make_connection_snum)
  132.195.121.160 (132.195.121.160) connect to service steinbach$ initially as 
user steinbach (uid=16292, gid=10513) (pid 684068)
[2009/11/10 09:51:42,  1] smbd/dosmode.c:213(get_ea_dos_attribute)
  get_ea_dos_attributes: Cannot get attribute from EA on file .: Error = 
Function not implemented

Our smb.conf follows:
[global]

# 
# setting base configuration parameters
#
# 
workgroup = FB6
netbios name = FRIGG
server string = AFS
security = ADS
realm = FB6.UNI-WUPPERTAL.DE
auth methods = winbind
# password server = AD logon server
password server = 132.195.120.9 132.195.120.12
wins server = 132.195.120.12
client use spnego = yes
client signing = yes
# added wg. ticket #5344
#client lanman auth = no
#client ntlmv2 auth = yes
encrypt passwords = yes
host msdfs = no
#domain logons = yes

# fuer Samba 3.3.0
# damit keine verschluesselte Verbindung zum Domain Controller
# aufgebaut wird
ldap ssl = no
obey pam restrictions = no

# -
# printer settings
# ??? better disable these settings ???
# -
# printcap name = cups
# disable spoolss = Yes
# show add printer wizard = No

# -
# ID mapping parameters
# mapping windows users to unix users
# this is performed on the basis of sid on windows and
# unix with uid for users and gid for groups
# the backend parameter rid allows to get the same mapping
# form sid to uid because it is determined algorithmically
# that way we get the same mapping even if we use samba on
# several disparate systems
# CHANGE NOTIFICATIO: with v3.3.0 there are changes
# to idmap; idmap domains is no longer supported
# -
#idmap domains = FB6
#idmap backend = rid
#idmap backend = tdb
idmap config FB6:backend   = rid
#idmap config FB6:base_rid  = 0
idmap config FB6:range = 1 - 49
idmap uid = 1-49
idmap gid = 1-49
winbind separator =+
winbind use default domain = Yes
winbind enum users = no
winbind enum groups = no
winbind cache time = 60
winbind gid = 1-49
winbind uid = 1-49

#template homedir = /gpfs/fbb/user/%U
#template shell = /opt/pware/bin/bash
#use sendfile = Yes
#printing = cups

#---
# Logging options
#
#---
#
# higher log levels have a negative impact on performance
log level = 1
log file = /opt/pware/var/log/ max log size = 50
debug timestamp = yes
#utmp = yes

#---
# ACL Support
#
#---
map acl inherit = yes
nt acl support = yes
inherit acls = yes
inherit permissions = yes
inherit owner = yes
admin users = @"DOMAIN+domain admins"

#---
# problem with DOS attributes and UNIX permissions
# 20091105, VA
#---
ea support = yes
store dos att

[Samba] Samba 3.4.2: Acces problem with EA attributes

[Arendt, Volker]

Hello all,

we have a problem with our samba 3.4.2. We get the following messages in out 
logs for some user, but not all. Users can access their personal share, can 
create a directory or a file, but cannot change the directory or the file. The 
permissions are full access on the top level folder and permissions are 
inherited correctly.

Hints and tips are welcome


Regards

Dr. Volker Arendt
--
Dr. Volker Arendt  mailto:are...@wiwi.uni-wuppertal.de
Gaußstr. 20  Tel : +49(202)4392449
42097 Wuppertal, Deutschland Fax:  +49(202)4393959
University of Wuppertal   Business Economics (FBB)
--




[2009/11/10 09:01:52,  1] smbd/service.c:1047(make_connection_snum)
  132.195.121.160 (132.195.121.160) connect to service ls-thiele$ initially as 
user FB6+steinbach (uid=16292, gid=13254) (pid 684068)
[2009/11/10 09:31:19,  1] smbd/dosmode.c:213(get_ea_dos_attribute)
  get_ea_dos_attributes: Cannot get attribute from EA on file .: Error = 
Function not implemented
[2009/11/10 09:51:42,  1] smbd/service.c:1047(make_connection_snum)
  132.195.121.160 (132.195.121.160) connect to service steinbach$ initially as 
user steinbach (uid=16292, gid=10513) (pid 684068)
[2009/11/10 09:51:42,  1] smbd/dosmode.c:213(get_ea_dos_attribute)
  get_ea_dos_attributes: Cannot get attribute from EA on file .: Error = 
Function not implemented

Our smb.conf follows:
[global]

# 
# setting base configuration parameters
#
# 
workgroup = FB6
netbios name = FRIGG
server string = AFS
security = ADS
realm = FB6.UNI-WUPPERTAL.DE
auth methods = winbind
# password server = AD logon server
password server = 132.195.120.9 132.195.120.12
wins server = 132.195.120.12
client use spnego = yes
client signing = yes
# added wg. ticket #5344
#client lanman auth = no
#client ntlmv2 auth = yes
encrypt passwords = yes
host msdfs = no
#domain logons = yes

# fuer Samba 3.3.0
# damit keine verschluesselte Verbindung zum Domain Controller
# aufgebaut wird
ldap ssl = no
obey pam restrictions = no

# -
# printer settings
# ??? better disable these settings ???
# -
# printcap name = cups
# disable spoolss = Yes
# show add printer wizard = No

# -
# ID mapping parameters
# mapping windows users to unix users
# this is performed on the basis of sid on windows and
# unix with uid for users and gid for groups
# the backend parameter rid allows to get the same mapping
# form sid to uid because it is determined algorithmically
# that way we get the same mapping even if we use samba on
# several disparate systems
# CHANGE NOTIFICATIO: with v3.3.0 there are changes
# to idmap; idmap domains is no longer supported
# -
#idmap domains = FB6
#idmap backend = rid
#idmap backend = tdb
idmap config FB6:backend   = rid
#idmap config FB6:base_rid  = 0
idmap config FB6:range = 1 - 49
idmap uid = 1-49
idmap gid = 1-49
winbind separator =+
winbind use default domain = Yes
winbind enum users = no
winbind enum groups = no
winbind cache time = 60
winbind gid = 1-49
winbind uid = 1-49

#template homedir = /gpfs/fbb/user/%U
#template shell = /opt/pware/bin/bash
#use sendfile = Yes
#printing = cups

#---
# Logging options
#
#---
#
# higher log levels have a negative impact on performance
log level = 1
log file = /opt/pware/var/log/ max log size = 50
debug timestamp = yes
#utmp = yes

#---
# ACL Support
#
#---
map acl inherit = yes
nt acl support = yes
inherit acls = yes
inherit permissions = yes
inherit owner = yes
admin users = @"DOMAIN+domain admins"

#---
# problem with DOS attributes and UNIX permissions
# 20091105, VA
#---
ea support = yes
store dos attributes = Yes
map archive = No
map hidden = No
map system = No
map readonly = No

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.4.2 Winbind problem IDMAP GID range full

[Arendt, Volker]

Hello all,

after migration from 3.0.26a to 3.4.2 we get lots of the following messages in 
our winbind-idmap logfile. Has anybody seen this before?

[2009/11/10 10:51:14,  0] winbindd/idmap.c:201(smb_register_idmap_alloc)
  idmap_alloc module ldap already registered!
[2009/11/10 10:51:14,  0] winbindd/idmap.c:201(smb_register_idmap_alloc)
  idmap_alloc module tdb already registered!
[2009/11/10 10:51:14,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module passdb already registered!
[2009/11/10 10:51:14,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module nss already registered!
[2009/11/10 10:51:14,  1] winbindd/idmap_tdb.c:445(idmap_tdb_allocate_id)
  Fatal Error: GID range full!! (max: 49)
[2009/11/10 10:52:06,  0] winbindd/idmap.c:201(smb_register_idmap_alloc)
  idmap_alloc module ldap already registered!
[2009/11/10 10:52:06,  0] winbindd/idmap.c:201(smb_register_idmap_alloc)
  idmap_alloc module tdb already registered!
[2009/11/10 10:52:06,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module passdb already registered!
[2009/11/10 10:52:06,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module nss already registered!
[2009/11/10 10:52:06,  1] winbindd/idmap_tdb.c:445(idmap_tdb_allocate_id)
  Fatal Error: GID range full!! (max: 49)
[2009/11/10 10:52:06,  0] winbindd/idmap.c:201(smb_register_idmap_alloc)
  idmap_alloc module ldap already registered!
[2009/11/10 10:52:06,  0] winbindd/idmap.c:201(smb_register_idmap_alloc)
  idmap_alloc module tdb already registered!
[2009/11/10 10:52:06,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module passdb already registered!
[2009/11/10 10:52:06,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module nss already registered!
[2009/11/10 10:52:06,  1] winbindd/idmap_tdb.c:445(idmap_tdb_allocate_id)
  Fatal Error: GID range full!! (max: 49)

Regards

Dr. Volker Arendt
--
Dr. Volker Arendt  mailto:are...@wiwi.uni-wuppertal.de
Gaußstr. 20  Tel : +49(202)4392449
42097 Wuppertal, Deutschland Fax:  +49(202)4393959
University of Wuppertal   Business Economics (FBB)
--


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba