[Samba] samba-3.3 cross compiling error on mips64-octeon-linux

[John]

Hi 

I need to build samba-3.3.3 on a board with mips processor.
so I executed configures with theses options
../configure --target=mips64-octeon-linux-gnu --host=mips64-octeon-linux-gnu 
--prefix=/usr/local/etc/smb
 
Search from config.log error on line 76308. Why it care host header files (see 
red line), instead of the cross header files?
 
configure:76308: mips64-octeon-linux-gnu-gcc -c - -O -O -D_SAMBA_BUILD_=3 
-Iinclude -I/home/he/src/samba/source/include  -I. -I/home/he/src/samba/source 
-I/home/he/src/samba/source/lib/replace -I/home/he/src/samba/source/lib/talloc 
-I/home/he/src/samba/source/lib/tdb/include 
-I/home/he/src/samba/source/libaddns -I/home/he/src/samba/source/librpc 
-I/home/he/src/samba/source/popt -I/usr/local/include -DLDAP_DEPRECATED 
conftest.c >&5
 
John
 


  ___ 
  好玩贺卡等你发，邮箱贺卡全新上线！ 
http://card.mail.cn.yahoo.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] VFS full_audit problem

[Lennart Sorensen]

On Wed, Dec 09, 2009 at 06:13:35PM -0500, Lennart Sorensen wrote:
> On Wed, Dec 09, 2009 at 11:33:46PM +0100, Volker Lendecke wrote:
> > On Wed, Dec 09, 2009 at 12:29:21PM -0500, Lennart Sorensen wrote:
> > > On Wed, Dec 09, 2009 at 05:47:18PM +0100, Tomasz Przewlucki wrote:
> > > > I had implemented on one of my shares vfs full_audit module. It was  
> > > > working with Samba 3.0.x without any problems.
> > > >
> > > > After migration to Samba 3.4.3 this function doesn't work anymore - 
> > > > when  
> > > > it's enabled then share isn't accessible from users (it's visible but  
> > > > getting error when trying to connect to it).
> > > > Audit and extd_audit vfs's are working fine, but they doesn't meet my  
> > > > requirements.
> > > >
> > > > I've tried full_audit on shares with and without extended attributes  
> > > > (ext3 with xattr), getting same results.
> > > 
> > > Well it broke everything for me too when I enabled it.  I did not try
> > > it before though so I have no idea that it used to work.  I had to turn
> > > it off right away.  It sure seems like tha full_audit is totally broken
> > > at this time (well it logs lots of stuff, it just prevents users from
> > > doing anything too).
> > 
> > With a freshly compiled v3-4-test (not very far away from
> > 3.4.3, I'm not aware of significant VFS changes), I set up a
> > share tmp:
> > 
> > [tmp]   
> > path = /tmp
> > read only = No
> > available = yes
> > vfs objects = full_audit
> > full_audit:prefix = %u|%I
> > full_audit:success = mkdir rename rmdir write open
> > full_audit:failure = none
> > 
> > I could connect just fine and do things. What is your exact
> > problem? Do you have logfiles, or an a bit more exact
> > description how to reproduce your failure?
> 
> I use posix acl's on ext3 filesystem.  I get failures in the log about
> getxattr calls.  The user can't read any files, but they can browse
> directories just fine.  The unix permissions alone prevent access,
> while the posix acl's are giving access to the users in this case.
> 
> The only thing needed to break it is adding 'vfs objects = full_audit'.
> Without that, it works fine.  It seems at least in my case that the
> full_audit breaks posix acl support at least.
> 
> What kind of logs would be useful?

The error I see in the audit log is:

Dec  3 16:41:50 rceng01 smbd_audit: ||getxattr|fail 
(Operation not 
supported)|https://lists.samba.org/mailman/options/samba

Re: [Samba] VFS full_audit problem

[Lennart Sorensen]

On Wed, Dec 09, 2009 at 11:33:46PM +0100, Volker Lendecke wrote:
> On Wed, Dec 09, 2009 at 12:29:21PM -0500, Lennart Sorensen wrote:
> > On Wed, Dec 09, 2009 at 05:47:18PM +0100, Tomasz Przewlucki wrote:
> > > I had implemented on one of my shares vfs full_audit module. It was  
> > > working with Samba 3.0.x without any problems.
> > >
> > > After migration to Samba 3.4.3 this function doesn't work anymore - when  
> > > it's enabled then share isn't accessible from users (it's visible but  
> > > getting error when trying to connect to it).
> > > Audit and extd_audit vfs's are working fine, but they doesn't meet my  
> > > requirements.
> > >
> > > I've tried full_audit on shares with and without extended attributes  
> > > (ext3 with xattr), getting same results.
> > 
> > Well it broke everything for me too when I enabled it.  I did not try
> > it before though so I have no idea that it used to work.  I had to turn
> > it off right away.  It sure seems like tha full_audit is totally broken
> > at this time (well it logs lots of stuff, it just prevents users from
> > doing anything too).
> 
> With a freshly compiled v3-4-test (not very far away from
> 3.4.3, I'm not aware of significant VFS changes), I set up a
> share tmp:
> 
> [tmp]   
> path = /tmp
> read only = No
> available = yes
> vfs objects = full_audit
> full_audit:prefix = %u|%I
> full_audit:success = mkdir rename rmdir write open
> full_audit:failure = none
> 
> I could connect just fine and do things. What is your exact
> problem? Do you have logfiles, or an a bit more exact
> description how to reproduce your failure?

I use posix acl's on ext3 filesystem.  I get failures in the log about
getxattr calls.  The user can't read any files, but they can browse
directories just fine.  The unix permissions alone prevent access,
while the posix acl's are giving access to the users in this case.

The only thing needed to break it is adding 'vfs objects = full_audit'.
Without that, it works fine.  It seems at least in my case that the
full_audit breaks posix acl support at least.

What kind of logs would be useful?

-- 
Len Sorensen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Winbind + SSH + AIX - Connection to aixserver01 closed by remote host

[RobertoBouza]

Thanks for the answer Gaiseric,

To make SSH work we had to enable the UseLogin to Yes on the sshd_config 
file.

Thank you.




Gaiseric Vandal  
Sent by: samba-boun...@lists.samba.org
12/08/2009 06:02 PM
Please respond to
gaiseric.van...@gmail.com


To
samba@lists.samba.org
cc

Subject
Re: [Samba] Winbind + SSH + AIX - Connection to aixserver01 closed by 
remote host






Does AIX use pam?

If so, check to see if there are any differences on entries relating to 
sshd, telnet or other.




On 12/08/09 13:12, robertobo...@bayviewassetmanagement.com wrote:
> Hello everyone, I'm posting this one again I hope to get some kind of
> help. Doing further test telnet works fine authenticating users but not
> SSH.
>
> I was able to get an AIX box configured with winbind, and it looks like
> everything is working as expected but ssh to the machine and I hope you
> can help me with this.
>
> On the AIX server I'm able to issue wbinfo -u and -g with the right
> information and also I'm able to do a "su -" without any
> problem. But when doing a remote SSH I just get this:
>
> Client:
>
> debug2: channel 0: send open
> debug1: Requesting no-more-sessi...@openssh.com
> debug1: Entering interactive session.
> debug1: channel 0: free: client-session, nchannels 1
> debug3: channel 0: status: The following connections are open:
>#0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cfd -1)
>
> debug3: channel 0: close_fds r 4 w 5 e 6 c -1
> Connection to aixserver01 closed by remote host.
> Connection to aixserver01 closed.
> Transferred: sent 1648, received 1544 bytes, in 0.0 seconds
> Bytes per second: sent 105932.7, received 99247.6
> debug1: Exit status -1
>
> On the server aixserver01:
>
> Dec  3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1:
> temporarily_use_uid: 150302/100513 (e=0/0)
> Dec  3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1: trying
> public key file /home/users/robertobouza/.ssh/authorized_keys
> Dec  3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1:
> restore_uid: 0/0
> Dec  3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1:
> temporarily_use_uid: 150302/100513 (e=0/0)
> Dec  3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1: trying
> public key file /home/users/robertobouza/.ssh/authorized_keys2
> Dec  3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1:
> restore_uid: 0/0
> Dec  3 11:23:15 aixserver01 authpriv:info sshd[467118]: Failed publickey
> for robertobouza from 10.10.20.202 port 55612 ssh2
> Dec  3 11:23:17 aixserver01 authpriv:info sshd[467118]: Accepted 
password
> for robertobouza from 10.10.20.202 port 55612 ssh2
> Dec  3 11:23:17 aixserver01 authpriv:debug sshd[467118]: debug1:
> monitor_child_preauth: robertobouza has been authenticated by privileged
> process
> Dec  3 11:23:17 aixserver01 authpriv:debug sshd[467118]: debug1:
> do_cleanup
>
> So, it looks like everything is working but why do I get a connection
> closed?
>
> Thank you.
>
> Roberto Bouza.
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] VFS full_audit problem

[Volker Lendecke]

On Wed, Dec 09, 2009 at 12:29:21PM -0500, Lennart Sorensen wrote:
> On Wed, Dec 09, 2009 at 05:47:18PM +0100, Tomasz Przewlucki wrote:
> > I had implemented on one of my shares vfs full_audit module. It was  
> > working with Samba 3.0.x without any problems.
> >
> > After migration to Samba 3.4.3 this function doesn't work anymore - when  
> > it's enabled then share isn't accessible from users (it's visible but  
> > getting error when trying to connect to it).
> > Audit and extd_audit vfs's are working fine, but they doesn't meet my  
> > requirements.
> >
> > I've tried full_audit on shares with and without extended attributes  
> > (ext3 with xattr), getting same results.
> 
> Well it broke everything for me too when I enabled it.  I did not try
> it before though so I have no idea that it used to work.  I had to turn
> it off right away.  It sure seems like tha full_audit is totally broken
> at this time (well it logs lots of stuff, it just prevents users from
> doing anything too).

With a freshly compiled v3-4-test (not very far away from
3.4.3, I'm not aware of significant VFS changes), I set up a
share tmp:

[tmp]   
path = /tmp
read only = No
available = yes
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:success = mkdir rename rmdir write open
full_audit:failure = none

I could connect just fine and do things. What is your exact
problem? Do you have logfiles, or an a bit more exact
description how to reproduce your failure?

Thanks,

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Cloning the samba+openldap pdc server for use in another network

[Али Рустамов]

Hi!
In the office we have an ubuntu 9.04 server which serves as pdc with
samba+openldap+Mandriva Diectory Server web interface, as a file server and
as a router with squid squidguard and free-sa.The server was set up by the
person who is unreacheable at the moment.
Now we have a task to clone this server for use in another office with the
new domain name. At the time there are two questions we want to ask and
would be very thankfull if somebody could help us.

1. Is it possible just to change the domain name of new cloned pdc? If so
what is the most convinient way to do this? As I guess a lot of
configuration files should be changed for the domain name parameters, but I
do not know what files actually should be changed, I edited all the files
that contain olddomain name in /etc directory and changed olddomain name to
newdomain by using grep and sed. But it did not work. I'm very new to
openldap and to ldap itself so I don't know whether I'm on a right way or
not. Seached on the internet but could not fond anything usefull. May be I'm
using wrong terms.
2.If it's possibleto successfully change the domain name what should be done
to preserve all the users and groups and shares that were set up on the old
pdc?

Thanks in advance!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] VFS full_audit problem

[Lennart Sorensen]

On Wed, Dec 09, 2009 at 05:47:18PM +0100, Tomasz Przewlucki wrote:
> I had implemented on one of my shares vfs full_audit module. It was  
> working with Samba 3.0.x without any problems.
>
> After migration to Samba 3.4.3 this function doesn't work anymore - when  
> it's enabled then share isn't accessible from users (it's visible but  
> getting error when trying to connect to it).
> Audit and extd_audit vfs's are working fine, but they doesn't meet my  
> requirements.
>
> I've tried full_audit on shares with and without extended attributes  
> (ext3 with xattr), getting same results.

Well it broke everything for me too when I enabled it.  I did not try
it before though so I have no idea that it used to work.  I had to turn
it off right away.  It sure seems like tha full_audit is totally broken
at this time (well it logs lots of stuff, it just prevents users from
doing anything too).

> In samba debug:10 log i couldn't see anything strange, so i want first  
> to ask if there is anybody with working vfs full_audit on samba 3.4.3  ?
>
> My smb.conf:
>
> # Global parameters
> [global]
> workgroup = OBRAM
> netbios name = PASSAT
> server string = OBRAM_PDC
> security = user
> interfaces = 192.168.0.13 10.0.0.113
> smb ports = 139 445
> time server = Yes
> #
> encrypt passwords = yes
> enable privileges = yes
> obey pam restrictions = No
> username map = /etc/samba/smbusers
> #
> msdfs root = yes
> #
> log level = 1 vfs:1
> #log level = 10
> syslog = 3
> log file = /var/log/samba/log.%m
> max log size = 1
> #
> mangling method = hash2
> dos charset = 852
> Unix charset = UTF-8
> display charset = UTF-8
> #
> logon script = "%G.bat"
> logon drive = H:
> logon home =
> logon path =
> lanman auth = no
> ntlm auth = no
> client ntlmv2 auth = yes
> #
> nt acl support = yes
> #
> map hidden = no
> map system = no
> map archive = no
> ea support = yes
> map acl inherit = yes
> store dos attributes = yes
> #
> domain logons = Yes
> oslevel = 65
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> local master = yes
> #
> passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.0.40";
> #
> ldapsam:trusted = yes
> ldapsam:editposix = yes
> #
> ldap admin dn = cn=samba,ou=DSA,dc=obram
> ldap suffix = dc=obram
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
> #ldap ssl = start tls
> ldap ssl = no
> ldap delete dn = Yes
> ldap passwd sync = Yes
> #
> idmap uid = 111000-12
> idmap gid = 111000-12
> idmap backend = ldap:"ldap://127.0.0.1 ldap://192.168.0.40";
> idmap alloc backend = ldap
> idmap alloc config:ldap_base_dn = ou=Idmap,dc=obram
> idmap alloc config:ldap_user_dn = cn=samba,ou=DSA,dc=obram
> idmap alloc config:ldap_url = ldap://localhost
> idmap alloc config:range = 111000-12
> #
> template homedir = /home/samba/users/%U
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> #
> create mask = 0640
> directory mask = 0750
> deadtime = 10
> guest account = nobody
> map to guest = Bad User
> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
> #
> preserve case = yes
> short preserve case = yes
> case sensitive = auto
> load printers = Yes
> printing = cups
> printcap name = cups
> show add printer wizard = yes
> #
> kernel oplocks = no
> #
> veto oplock files = /*.mdb/*.MDB/*.pst/*.PST/
> #
> # NEW Samba 3.4
> max open files = 1
> max stat cache size = 1024
> registry shares = no
>
> #and this unworking with full_audit share:
> [temp]
> comment = katalog kasowany co noc
> path = /home/samba/temp/
> browseable = Yes
> guest ok = Yes
> read only = No
> directory mask = 0755
> create mask = 0644
> vfs objects = full_audit
> full_audit:prefix = %u|%I
> full_audit:success = mkdir rename rmdir write open
> full_audit:failure = none
> csc policy = disable
> hide files = /desktop.ini/recycled/RECYCLER/autorun.inf/explorer.exe/
>
> Best regards,
> Tomasz Przewlucki

-- 
Len Sorensen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] VFS full_audit problem

[Tomasz Przewlucki]

Hi all,

I had implemented on one of my shares vfs full_audit module. It was 
working with Samba 3.0.x without any problems.


After migration to Samba 3.4.3 this function doesn't work anymore - when 
it's enabled then share isn't accessible from users (it's visible but 
getting error when trying to connect to it).
Audit and extd_audit vfs's are working fine, but they doesn't meet my 
requirements.


I've tried full_audit on shares with and without extended attributes 
(ext3 with xattr), getting same results.


In samba debug:10 log i couldn't see anything strange, so i want first 
to ask if there is anybody with working vfs full_audit on samba 3.4.3  ?


My smb.conf:

# Global parameters
[global]
workgroup = OBRAM
netbios name = PASSAT
server string = OBRAM_PDC
security = user
interfaces = 192.168.0.13 10.0.0.113
smb ports = 139 445
time server = Yes
#
encrypt passwords = yes
enable privileges = yes
obey pam restrictions = No
username map = /etc/samba/smbusers
#
msdfs root = yes
#
log level = 1 vfs:1
#log level = 10
syslog = 3
log file = /var/log/samba/log.%m
max log size = 1
#
mangling method = hash2
dos charset = 852
Unix charset = UTF-8
display charset = UTF-8
#
logon script = "%G.bat"
logon drive = H:
logon home =
logon path =
lanman auth = no
ntlm auth = no
client ntlmv2 auth = yes
#
nt acl support = yes
#
map hidden = no
map system = no
map archive = no
ea support = yes
map acl inherit = yes
store dos attributes = yes
#
domain logons = Yes
oslevel = 65
preferred master = Yes
domain master = Yes
wins support = Yes
local master = yes
#
passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.0.40";
#
ldapsam:trusted = yes
ldapsam:editposix = yes
#
ldap admin dn = cn=samba,ou=DSA,dc=obram
ldap suffix = dc=obram
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
#ldap ssl = start tls
ldap ssl = no
ldap delete dn = Yes
ldap passwd sync = Yes
#
idmap uid = 111000-12
idmap gid = 111000-12
idmap backend = ldap:"ldap://127.0.0.1 ldap://192.168.0.40";
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=Idmap,dc=obram
idmap alloc config:ldap_user_dn = cn=samba,ou=DSA,dc=obram
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:range = 111000-12
#
template homedir = /home/samba/users/%U
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
#
create mask = 0640
directory mask = 0750
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
#
preserve case = yes
short preserve case = yes
case sensitive = auto
load printers = Yes
printing = cups
printcap name = cups
show add printer wizard = yes
#
kernel oplocks = no
#
veto oplock files = /*.mdb/*.MDB/*.pst/*.PST/
#
# NEW Samba 3.4
max open files = 1
max stat cache size = 1024
registry shares = no

#and this unworking with full_audit share:
[temp]
comment = katalog kasowany co noc
path = /home/samba/temp/
browseable = Yes
guest ok = Yes
read only = No
directory mask = 0755
create mask = 0644
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:success = mkdir rename rmdir write open
full_audit:failure = none
csc policy = disable
hide files = /desktop.ini/recycled/RECYCLER/autorun.inf/explorer.exe/

Best regards,
Tomasz Przewlucki

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] user cannot logon to domain although log says "auth succeeded" (fwd)

[extmaillist]

Hi,

i made some tests because this problem, but without satisfactory result. 
And this problem i have on more my servers. I described all my 
knowledge abou this problem in newly created bug #6977


thanks you very much for help

L.

--


-- Forwarded message --
Date: Tue, 20 Oct 2009 17:30:05 +0200 (CEST)
From: extmaill...@linuxbox.cz
To: Volker Lendecke 
Cc: samba@lists.samba.org
X-Spam-Score: -1.0 (), 4 required
Subject: Re: [Samba] user cannot logon to domain although log says
"auth succeeded" (fwd)


During login to domain i got on my workstation error message "user cannot 
login. check username/password/domain and be aware that username/password are 
case sensitive". Loging to domain failed



I have this problem after upgrade to Samba 3.4x and only with new created 
users. Existing users works fine.


i dont know where is the problem...

thanks, Lukas


On Tue, 20 Oct 2009, Volker Lendecke wrote:


On Tue, Oct 20, 2009 at 08:23:02AM +0200, extmaill...@linuxbox.cz wrote:

please can you see yet on this trace?

http://servis.lbox.cz/samba.pcap


Looks fine.


if you need also log from same time, so you find here
http://servis.lbox.cz/pc-test2.log


This only has a tiny fraction of the stuff happening in
samba.pcap. But again: The samba.pcap is just a perfectly
happy domain logon.

What is your problem here???

Volker



--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Mangled Names, Directory Listing and Access Failure, Unix-to-Unix

[John Anthony Kazos Jr.]

I am using a recent version of Samba mounted through GVFS. If I
configure with the option "mangled names" unspecified, I am able to
access everything fine, but files with ':' or '?' get mangled to the
point of unusability. If I specify "mangled names = no", I see
everything fine with the reserved characters displayed properly, but I
am unable to list or access the contents of directories with such names,
and even most top-level files with such names resist most kinds of
manipulation.

I am not interested in making my file names usable on Windows. NFS is
too clunky and difficult to secure. FTP-based solutions do not allow the
quick random-access I require. Samba seems to be the only networking
system available that does what I need.

How do I alter Samba's configuration to allow it to manipulate files
with the normal Unix naming rules?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Windows Server 2008 R2 backup with windows server backup

[helac]

Hi,

I would like to ask if someone has been able to do a backup from Windows
Server 2008 [R2] to a Samba share? If I try to do a backup I receive this
error:

The backup of volume DATA2(E:) could not be completed. Error: The version
does not support this version of the file format.

==
My config is:
[global]
security = ads
password server = servername.domainname.cz
encrypt passwords = true
workgroup = DOMAINNAME
realm = DOMAINNAME.TLD
netbios name = backup
#idmap backend = ad
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
log level = 2
profile acls = yes
nt acl support = yes


[mesicek]
path = /mnt/backup/server/current/writable
browseable = yes
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
admin users = DOMAINNAME\backupad, DOMAINNAME\administrator

-- 
View this message in context: 
http://old.nabble.com/Windows-Server-2008-R2-backup-with-windows-server-backup-tp26709809p26709809.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 + openldap: provisioning isnt working

[Collen Blijenberg]

try a 'ps -A | grep slap' to see if your ldap server is up and running...

rektide wrote:

Wiki seems to be out of date here.  The wiki reference's [1] [2] a 
"setup/provision-backend"
script, as well as a "setup/provision" script, yet current git only has a 
setup/provision
executable.  Some #samba and #openldap IRC advice was that provision-backend 
wasnt needed
anymore, but based off the errors i'm seeing, there's definitely _something_ 
missing, I just
dont know if that something ( /usr/local/samba4/private/ldap/slapd.d/ files ) 
ought to be
provided by the missing setup/provision-backend.

[1] http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP
[2] http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04


Following IRC advice, I attempted to just use the setup/provision script.  It 
didnt work.  I
added a "[running]" print to provisionbackend.py, to see what it was running, 
so I could
attempt to run slapd as it was running it, with debugging enabled.  Heres the 
result:

rekt...@deneb:~/archives/samba/source4$ setup/provision --realm=ELDERGODS.COM
--ldap-backend-type=openldap --server-role=dc --domain=ELDERGODS
--slapd-path='/usr/sbin/slapd'
[running] '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h'
'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi'
Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR
Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi'
Traceback (most recent call last):
  File "setup/provision", line 213, in 
nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode)
  File "bin/python/samba/provision.py", line 1257, in provision
provision_backend.start()
  File "bin/python/samba/provisionbackend.py", line 252, in start
raise ProvisioningError("slapd died before we could make a connection to 
it")
  

-- snip

connections_destroy: nothing to destroy.


The /usr/local/samba4/private/ldap/slapd.d/ directory is completely empty.  I'm 
not sure
what is supposed to populate this, but as can be seen from the above debug 
logs, the slapd
kicked off by setup/provision is definitely expecting there to be contents.  
This could very
well be a result of the missing-in-action setup/provision-backend script.

I'll be happy to do some wiki updating if I can get this issue resolved: the 
OpenLDAP wiki
entry's last major work was the Ides of June 2008.

Regards,
rektide
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] winbind and samba 3.3.9

[Wasim Bashir]

Hi,

We have a small cluster of 4 webservers running iis 7 (windows 2008 64 bit)
with an AD domain controller and  a samba server.
Recently we have had issues where a webserver will randomly lose the network
share, the only way to fix this is to restart  winbind or samba,

When we  restart winbind this fixs the problem with the server in question
however each of the other web servers servers lose their connectivity in 5
minute intervals, so in actual fact we have to restart winbind 4 times for
all servers to be fully functioning again.

When the connectivity is lost (and before i restart winbind/samba) , i can
still run wbinfo -u on the samba server and it will authenticate fine
however the user won't have access to their home directories due to
insufficient permissions error, when i check the permissions they have
reverted back to the unix uid, if i do a chown with the correct sid the
directory is available again...

Does anyone have any ideas why this is occuring and whether anything is
wrong with my samba.conf ?


[global]
security = ads
 syslog = 0

max mux = 16384
log file  = /home/sites/samba-log/log.%m
max open files = 10
realm = WEBHOSTING.INTOFFICE.COM 
password server = 10.0.9.1
workgroup = WEBHOSTING
idmap backend = tdb
idmap uid = 500-200
idmap gid = 500-200
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/sites/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
winbind nss info = template rfc2307
restrict anonymous = 2
idmap config WEBHOSTING : schema_mode = rfc2307
idmap config WEBHOSTING : backend  = ad
idmap config WEBHOSTING : range= 500 - 3

#to fix smbd moaning about hom not being available...
[hom]
hide dot files = no
path = /home/sites
read only = no
dos filetime resolution = yes

[home]
hide dot files = no
path = /home/sites
read only = no
dos filetime resolution = yes


Any help greatly appreciated.

Thanks,

Wasim
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] wbinfo / Could not convert sid to gid / uid

[Georg Roelli]

> Date: Tue, 8 Dec 2009 08:55:05 -0700
> Subject: Re: [Samba] wbinfo / Could not convert sid to gid / uid
> From: rob...@leblancnet.us
> To: roel...@hotmail.com
> CC: samba@lists.samba.org
>
> On Tue, Dec 8, 2009 at 7:55 AM, Georg Roelli> wrote:
>
>
>
> Hello
>
>
>
> My is environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a
>
>
>
> For Squid I need the query of a global group from Active Directory 2003.
>
> This works beautifully, but unfortunately not always. There are global groups 
> which works to transform and others where it does not work.
>
>
>
> Here are my entries for test:
>
>
>
> # wbinfo -n nobadurl
>
> S-1-5-21-986273330-1409306274-1541874228-9965 Domain Group (2)
>
>
>
> # wbinfo -Y S-1-5-21-986273330-1409306274-1541874228-9965
>
> Could not convert sid S-1-5-21-986273330-1409306274-1541874228-9965 to gid
>
>
>
> # wbinfo -n www-Access
>
> S-1-5-21-986273330-1409306274-1541874228-2514 Domain Group (2)
>
>
>
> # wbinfo -Y S-1-5-21-986273330-1409306274-1541874228-2514
>
> 10011
>
>
>
> I am a little confused. Why the conversion goes for one group but for the 
> other one not?
>
> I've tried a lot, unfortunately without success.
>
>
>
> Is there a log I can turn on what can help me?
>
> What is the value wbinfo take out of the AD to convert the SID to UID or GID?
>
> Is there another way I can figure out why the conversion does not work?
>
>
>
> Thanks for your help.
>
>
>
> Kind regards, G.
>
>
>
> I would check /var/log/samba/log.winbindd or /var/log/samba/log.wb.. I would 
> suspect that you may have run out of gids allocated to groups (your rang is 
> not big enough). The logs should help you pinpoint the problem though.
>
>
> Robert LeBlanc
> Life Sciences & Undergraduate Education Computer Support
> Brigham Young University
>
>
 
Thanks for the note.
 
I get following results in the logs for those SID which couldn't convert.
 
log.winbindd:
 
[2009/12/09 10:57:14, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [15791]: request interface version
[2009/12/09 10:57:14, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [15791]: request location of privileged pipe
[2009/12/09 10:57:14, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308)
  [15791]: sid to gid S-1-5-21-986273330-1409306274-1541874228-9965
 
log.wb-MYDOM:

[2009/12/09 10:57:14, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754)
  [21931]: lookupsid S-1-5-21-986273330-1409306274-1541874228-9965
[2009/12/09 10:57:14, 3] nsswitch/winbindd_ads.c:sequence_number(1010)
  ads: fetch sequence_number for MYDOM
[2009/12/09 10:57:14, 3] nsswitch/winbindd_rpc.c:msrpc_sid_to_name(304)
  sid_to_name [rpc] S-1-5-21-986273330-1409306274-1541874228-9965 for domain 
MYDOM
 
How can this help us now?
 
Regards, G.

 
 
 
 

  
_
Samichlaus und Weihnachts Fotos: direkt im Messenger mit Freunden austauschen
http://www.microsoft.com/switzerland/windows/de/windowslive/products/messenger.aspx?tab=2
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba