Re: [Samba] Client access without asking password
Yassine AYACHI wrote: Hi All, I want to configure my samba [version 3.4.0] to permit access from windows clients without asking password, can any one propose me an example of configuration witch allows this, Thanks in advance, Yassine On one of my work boxes I have one of the following (I can't remember which and I'm not there): map to guest = bad user or map to guest = bad password This will make Samba access things as guest if they are not sending correct username/password. Remember that this will mean all users not already logged in will access shares as guest if guest is allowed in those shares. I specifically deny guest access to most shares on my work server to be sure I am preventing this. The few that need guest access deny write access to guest. TB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
Volker Lendecke put forth on 3/26/2010 7:39 AM: > On Fri, Mar 26, 2010 at 08:38:19AM -0400, simo wrote: There's something I would really like to know! But somehow it seems to be a secret of the gods that us mere mortals are not allowed to penetrate... >>> >>> Please say if there is any size restriction for xattrs in >>> XFS. Hopefully there is none, which would mean that you can >>> fill the whole file system with a single security descriptor >>> if you wish. >> >> If I remember correctly XFS used to have a size limit of 64KiB per >> xattr. > > Shall I call you god now? :-) No me. Err, wikipedia: XFS provides multiple data streams for files through its implementation of extended attributes. These allow the storage of a number of name/value pairs attached to a file. Names are null-terminated printable character strings of up to 256 bytes in length, while their associated values can contain up to 64 KB of binary data. They are further subdivided into two namespaces, root and user. Extended attributes stored in the root namespace can be modified only by the superuser, while attributes in the user namespace can be modified by any user with permission to write to the file. Extended attributes can be attached to any kind of XFS inode, including symbolic links, device nodes, directories, etc. The attr program can be used to manipulate extended attributes from the command line, and the xfsdump and xfsrestore utilities are aware of them and will back up and restore their contents. Most other backup systems are not aware of extended attributes. -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] way to get smbclient to do "dir *\filename"?
On Wed, Mar 24, 2010 at 11:24:49AM +1300, Jason Haar wrote: > Says it all really. I'm hoping there's some escape char trick I could do > to make this work? Recursing through all the directories would obviously > work, but this is for a script that runs over the WAN, so performance is > a major issue - I literally just want to see if a file exists in one of > the next layers down. Just getting the wildcard through (I think CIFS > allows that?) would solve the problem. I could use mount.cifs - but this > scripts runs massively in parallel and I dread mounting and unmounting > on that scale - smbclient is the perfect tool for the job (if only it > worked ;-) > > I've tried this with 3.2.11, I'm assuming it still affects the current > version Actually I don't think this would work even to a Windows server. The wildcard is only allowable in the last component of a path. Otherwise it's incredibly expensive to do this search, and doesn't match a search within an open directory file handle (which is what Windows does internally when doing a FindFirst). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File timestamps off one hour
On 2010/03/26 15:53 (GMT-0700) Loren M. Lang composed: > I'm seeing timestamps off one hour in Windows 200 and XP clients that > were modified earlier this year before the +1 hour daylight savings > time. They show correctly when views from the Ubuntu Linux Server > running Samba 3.2.3-1ubuntu3.8. As a test, I created three files in > Linux at 00:13, 01:13, and 03:13. I could not create a file during 2 am > as that time does not exist in the local timezone. When I viewed though > files on Windows, they showed up as 01:13, 02:13, and 03:13, > respectively. Have those Windows systems been rebooted since the time change? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File timestamps off one hour
I'm seeing timestamps off one hour in Windows 200 and XP clients that were modified earlier this year before the +1 hour daylight savings time. They show correctly when views from the Ubuntu Linux Server running Samba 3.2.3-1ubuntu3.8. As a test, I created three files in Linux at 00:13, 01:13, and 03:13. I could not create a file during 2 am as that time does not exist in the local timezone. When I viewed though files on Windows, they showed up as 01:13, 02:13, and 03:13, respectively. Does the CIFS protocol export times using the local timezone or UTC? Does Windows not support applying DST properly to file timestamps or is it a Samba problem? -- Loren M. Lang Alzatex, Inc. lor...@alzatex.com http://www.alzatex.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can tdbtool be installed on it's own?
On Fri, Mar 26, 2010 at 10:40:33AM +, Tristan Drinkwater wrote: > Hi guys, > > I have a Netgear ReadyNas that has Samba v3.4.5 installed on it. I'm having > trouble accessing some tdb files and I'm wondering whether the app tdbtool > can be installed on its own as it seems that Netgear have pulled it out. > > I have windows domain users who get denied access for no reason and the > events aren't being caught my the standard logs. Plus Netgear force the > smb.conf to auto generate and any changes I make get over written once a day. > > I have asked Netgear about this but their level 2 support haven't got a clue. > > Any help would be greatly appreciated Not sure what you're trying to do here. Netgear ReadyNAS tech support is *extremely* clueful about Samba (I worked with their engineering @ VA Linux). Can you explain what you're trying to do with tdbtool ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba + openldap + phpldapadmin
Hi all, i just installed a new samba server with openldap, my question is, do i need to put the "$" character after de name of the machine under the machines group? -- Alejandro Rodriguez Luna Web: http://www.alexluna.org E-mail: el_alexl...@yahoo.com.mx MSN: el_alexl...@yahoo.com.mx GTalk: alexl...@gmail.com Movil: 044-311-112-86-41 -- ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=e1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMBLDAP tools reports "modifications require authentication at /usr/sbin//smbldap_tools.pm" but manually command works.
Every time I try and join a Vista system to the domain I get this error in the log: [2010/03/26 15:18:58, 0] smbd/service.c:make_connection(1191) april (192.168.1.194) couldn't find service public Error: modifications require authentication at /usr/sbin//smbldap_tools.pm line 1083. [2010/03/26 15:19:16, 0] passdb/pdb_interface.c:pdb_default_create_user(329) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "april$"' gave 1 But when I run the command above manually it works fine: evoserver ~ # /usr/sbin/smbldap-useradd -w "april$" Cannot confirm uidNumber 1014 is free: checking for the next one Cannot confirm uidNumber 1015 is free: checking for the next one Cannot confirm uidNumber 1016 is free: checking for the next one Cannot confirm uidNumber 1017 is free: checking for the next one evoserver ~ # /usr/sbin/smbldap-useradd -w "april$" /usr/sbin/smbldap-useradd: user april$ exists What could be the difference from what Samba does and what I do? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, 2010-03-26 at 10:10 -0700, Jeremy Allison wrote: > On Fri, Mar 26, 2010 at 05:57:27PM +0100, Adrian Berlin wrote: > > Hi! > > Thanks everyone for answer. So acl_tdb has unlimited storage for extended > > acls > > and acl_xattr has 64KB per xattr? > > acl_tdb isn't unlimited, it's ahas a 4GB limit on the size > of the tdb (until we get 64-bit tdb support). > > > I have one more question. How many acl can be stored in 64KB? > > Depends on the size of the ACL, which depends on how many DACL > entries it has. > > Jeremy The actual correct reply to the question is 1. As you can have no more than 1 ACL per file/directory. That said unless you have pathological ACLs with a huge number of ACEs then 64KiB should be large enough to hold any ACL you will use for any specific file or directory. Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, Mar 26, 2010 at 05:57:27PM +0100, Adrian Berlin wrote: > Hi! > Thanks everyone for answer. So acl_tdb has unlimited storage for extended acls > and acl_xattr has 64KB per xattr? acl_tdb isn't unlimited, it's ahas a 4GB limit on the size of the tdb (until we get 64-bit tdb support). > I have one more question. How many acl can be stored in 64KB? Depends on the size of the ACL, which depends on how many DACL entries it has. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failed to join domain: failed to precreate account in ou (null): Out of memory
with samba 3.5.1 if I were to join a server to the domain and specify an OU to create the computer object in, i getFailed to join domain: failed to precreate account in ou (null): Out of memory However, if I run the same command with samba 3.4.5 it works. Did the syntax change? I cannot see anything about it net ads join createcomputer="Linux_Servers" -U % -n core278468 > > here is a -d 3 > Failed to join domain: failed to precreate account in ou (null): Out of > memory > [2010/03/26 13:02:26, 3] param/loadparm.c:9157(lp_load_ex) > lp_load_ex: refreshing parameters > [2010/03/26 13:02:26, 3] param/loadparm.c:4929(init_globals) > Initialising global parameters > [2010/03/26 13:02:26, 2] param/loadparm.c:4788(max_open_files) > rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) > [2010/03/26 13:02:26.904862, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2010/03/26 13:02:26.905734, 2] lib/interface.c:340(add_interface) > added interface eth0 ip=192.168.4.88 bcast=192.168.255.255 > netmask=255.255.0.0 > [2010/03/26 13:02:26.905991, 1] libnet/libnet_join.c:1947(libnet_Join) > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : '' > domain_name : * > domain_name : '' > account_ou : 'Linux_Servers' > admin_account: 'compadd' > admin_password : * > machine_password : NULL > join_flags : 0x0023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config: 0x00 (0) > ads : NULL > debug: 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > [2010/03/26 13:02:26.910353, 3] > libsmb/cliconnect.c:2196(cli_start_connection) > Connecting to host=sso2-iad.wm.mlsrvr.com > [2010/03/26 13:02:26.910642, 3] lib/util_sock.c:974(open_socket_out_send) > Connecting to 192.168.4.35 at port 445 > [2010/03/26 13:02:26.911653, 3] > libsmb/cliconnect.c:991(cli_session_setup_spnego) > Doing spnego session setup (blob length=124) > [2010/03/26 13:02:26.911789, 3] > libsmb/cliconnect.c:1019(cli_session_setup_spnego) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.2.840.113554.1.2.2.3 > got OID=1.3.6.1.4.1.311.2.2.10 > [2010/03/26 13:02:26.912033, 3] > libsmb/cliconnect.c:1029(cli_session_setup_spnego) > got principal=not_defined_in_rfc4...@please_ignore > [2010/03/26 13:02:26.912796, 3] > libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) > Got challenge flags: > [2010/03/26 13:02:26.912888, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x62898215 > [2010/03/26 13:02:26.912973, 3] > libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) > NTLMSSP: Set final flags: > [2010/03/26 13:02:26.913072, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088215 > [2010/03/26 13:02:26.913292, 3] > libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) > NTLMSSP Sign/Seal - Initialising with flags: > [2010/03/26 13:02:26.913399, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088215 > [2010/03/26 13:02:26.918437, 3] libads/ldap.c:634(ads_connect) > Successfully contacted LDAP server 192.168.4.35 > [2010/03/26 13:02:26.922398, 3] libads/ldap.c:688(ads_connect) > Connected to LDAP server sso2-iad.wm.mlsrvr.com > [2010/03/26 13:02:26.923730, 3] libads/sasl.c:781(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 > [2010/03/26 13:02:26.923824, 3] libads/sasl.c:781(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 > [2010/03/26 13:02:26.923907, 3] libads/sasl.c:781(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 > [2010/03/26 13:02:26.924012, 3] libads/sasl.c:
[Samba] Failed to join domain: failed to precreate account in ou (null): Out of memory
with samba 3.5.1 if I were to join a server to the domain and specify an OU to create the computer object in, i get Failed to join domain: failed to precreate account in ou (null): Out of memory However, if I run the same command with samba 3.4.5 it works. Did the syntax change? I cannot see anything about it net ads join createcomputer="Linux_Servers" -U % -n core278468 here is a -d 3 Failed to join domain: failed to precreate account in ou (null): Out of memory [2010/03/26 13:02:26, 3] param/loadparm.c:9157(lp_load_ex) lp_load_ex: refreshing parameters [2010/03/26 13:02:26, 3] param/loadparm.c:4929(init_globals) Initialising global parameters [2010/03/26 13:02:26, 2] param/loadparm.c:4788(max_open_files) rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) [2010/03/26 13:02:26.904862, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2010/03/26 13:02:26.905734, 2] lib/interface.c:340(add_interface) added interface eth0 ip=192.168.4.88 bcast=192.168.255.255 netmask=255.255.0.0 [2010/03/26 13:02:26.905991, 1] libnet/libnet_join.c:1947(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : '' domain_name : * domain_name : '' account_ou : 'Linux_Servers' admin_account: 'compadd' admin_password : * machine_password : NULL join_flags : 0x0023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config: 0x00 (0) ads : NULL debug: 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) [2010/03/26 13:02:26.910353, 3] libsmb/cliconnect.c:2196(cli_start_connection) Connecting to host=sso2-iad.wm.mlsrvr.com [2010/03/26 13:02:26.910642, 3] lib/util_sock.c:974(open_socket_out_send) Connecting to 192.168.4.35 at port 445 [2010/03/26 13:02:26.911653, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego) Doing spnego session setup (blob length=124) [2010/03/26 13:02:26.911789, 3] libsmb/cliconnect.c:1019(cli_session_setup_spnego) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 [2010/03/26 13:02:26.912033, 3] libsmb/cliconnect.c:1029(cli_session_setup_spnego) got principal=not_defined_in_rfc4...@please_ignore [2010/03/26 13:02:26.912796, 3] libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) Got challenge flags: [2010/03/26 13:02:26.912888, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62898215 [2010/03/26 13:02:26.912973, 3] libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2010/03/26 13:02:26.913072, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2010/03/26 13:02:26.913292, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/03/26 13:02:26.913399, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2010/03/26 13:02:26.918437, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 192.168.4.35 [2010/03/26 13:02:26.922398, 3] libads/ldap.c:688(ads_connect) Connected to LDAP server sso2-iad.wm.mlsrvr.com [2010/03/26 13:02:26.923730, 3] libads/sasl.c:781(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2010/03/26 13:02:26.923824, 3] libads/sasl.c:781(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2010/03/26 13:02:26.923907, 3] libads/sasl.c:781(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2010/03/26 13:02:26.924012, 3] libads/sasl.c:781(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2010/03/26 13:02:26.924117, 3] libads/sasl.c:790(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got
Re: [Samba] acl_xattr vs acl_tdb
On Fri, 2010-03-26 at 09:43 -0700, Jeremy Allison wrote: > On Fri, Mar 26, 2010 at 12:40:49PM -0400, simo wrote: > > On Fri, 2010-03-26 at 12:28 -0400, simo wrote: > > > On Fri, 2010-03-26 at 10:53 -0400, simo wrote: > > > > On Fri, 2010-03-26 at 13:06 +, Miguel Medalha wrote: > > > > > > If I remember correctly XFS used to have a size limit of 64KiB per > > > > > > xattr. > > > > > > > > > > > > > > > > What about ext3 & ext4? > > > > > > > > Always IIRC, they should be limited by the inode size, which is 4KiB, > > > > but this information is old, and should be verified for ext4. > > > > > > Ok I just checked. > > > On ext4 the total size of *all* xattrs can't be larger than 4k and some. > > > > > > There is only 1 block you can allocate beyond the file inode. > > > > > > So careful on the amount of data you store in ext4 attrs. If you think > > > you'll have fatty Windows ACLs to store I guess XFS is a better choice > > > right now. > > > > Ah just to add insult to injury, remember that the xattr space is shared > > with selinux labels *and* posix ACLs contents. > > > > So it is a tight spot indeed. > > And don't forget the DOS attributes as well :-). pesky dos attributes :-) and yes if you think it is too tight a space it is time to open RFE bugs in your favorite upstream distribution to ask ext4 developers to please add more space. It is possible, although it may hurt performance on big xattrs I think it is better to loose some in perf. than not being able to save an ACL ... Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, Mar 26, 2010 at 12:40:49PM -0400, simo wrote: > On Fri, 2010-03-26 at 12:28 -0400, simo wrote: > > On Fri, 2010-03-26 at 10:53 -0400, simo wrote: > > > On Fri, 2010-03-26 at 13:06 +, Miguel Medalha wrote: > > > > > If I remember correctly XFS used to have a size limit of 64KiB per > > > > > xattr. > > > > > > > > > > > > > What about ext3 & ext4? > > > > > > Always IIRC, they should be limited by the inode size, which is 4KiB, > > > but this information is old, and should be verified for ext4. > > > > Ok I just checked. > > On ext4 the total size of *all* xattrs can't be larger than 4k and some. > > > > There is only 1 block you can allocate beyond the file inode. > > > > So careful on the amount of data you store in ext4 attrs. If you think > > you'll have fatty Windows ACLs to store I guess XFS is a better choice > > right now. > > Ah just to add insult to injury, remember that the xattr space is shared > with selinux labels *and* posix ACLs contents. > > So it is a tight spot indeed. And don't forget the DOS attributes as well :-). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, 2010-03-26 at 12:28 -0400, simo wrote: > On Fri, 2010-03-26 at 10:53 -0400, simo wrote: > > On Fri, 2010-03-26 at 13:06 +, Miguel Medalha wrote: > > > > If I remember correctly XFS used to have a size limit of 64KiB per > > > > xattr. > > > > > > > > > > What about ext3 & ext4? > > > > Always IIRC, they should be limited by the inode size, which is 4KiB, > > but this information is old, and should be verified for ext4. > > Ok I just checked. > On ext4 the total size of *all* xattrs can't be larger than 4k and some. > > There is only 1 block you can allocate beyond the file inode. > > So careful on the amount of data you store in ext4 attrs. If you think > you'll have fatty Windows ACLs to store I guess XFS is a better choice > right now. Ah just to add insult to injury, remember that the xattr space is shared with selinux labels *and* posix ACLs contents. So it is a tight spot indeed. Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, 2010-03-26 at 10:53 -0400, simo wrote: > On Fri, 2010-03-26 at 13:06 +, Miguel Medalha wrote: > > > If I remember correctly XFS used to have a size limit of 64KiB per > > > xattr. > > > > > > > What about ext3 & ext4? > > Always IIRC, they should be limited by the inode size, which is 4KiB, > but this information is old, and should be verified for ext4. Ok I just checked. On ext4 the total size of *all* xattrs can't be larger than 4k and some. There is only 1 block you can allocate beyond the file inode. So careful on the amount of data you store in ext4 attrs. If you think you'll have fatty Windows ACLs to store I guess XFS is a better choice right now. Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Samba and Windows Terminal Server 2008 (reprise)
Hi, has somebody found a solution for the single smbd process opened on a samba server by TS 2008? Or found the correct syntax for multiuserenable on Windows 2008 server? Thanks, Emanuele -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions on Samba and LDAP failover
Gary Peck wrote: > Hi Michael, > > This option seemed to work: > > passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com" > > > I swear I had tried that before, but I must not have. Thanks for your > help. I am that much closer to having 2000 Faculty/Staff users start using > the system. Ok, good to know things are working again! Please try to keep the list posted. Cheers - Michael > Thanks, > > Gary > > > > > > On 3/26/2010 6:15 AM, Michael Adam wrote: > >Gary Peck wrote: > > > >>I have actually tired that and could not get that to work. At least it > >>does not work on the version of samba that is bundled with Solaris 10 > >>(3.0.37). > >> > >>passdb backend = ldap:"ldap://ldap1.example.com ldap://ldap2.example.com"; > >>--- This causes a core dump > >> > >oh, i mis-spelled ldap: instead of ldapsam: > > > > > >>passdb backend = ldapsam:"ldap://ldap1.example.com > >>ldap://ldap2.example.com"; smbpasswd username fails connecting to primary > >>ldap server and just errors out. > >> > >Hmm, what ldap library are you using? reading from the smb.conf > >manpage: > > > > > >> - ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an > >> optional argument (defaults to > >> ldap://localhost) > >> > >> LDAP connections should be secured where possible. This may be > >> done using either Start-TLS (see > >> ldap ssl) or by specifying ldaps:// in the URL argument. > >> > >> Multiple servers may also be specified in double-quotes. Whether > >> multiple servers are supported > >> or not and the exact syntax depends on the LDAP library you use. > >> > >> Examples of use are: > >> > >> passdb backend = tdbsam:/etc/samba/private/passdb.tdb > >> > >> or multi server LDAP URL with OpenLDAP library: > >> > >> passdb backend = ldapsam:"ldap://ldap-1.example.com > >> ldap://ldap-2.example.com"; > >> > >> or multi server LDAP URL with Netscape based LDAP library: > >> > >> passdb backend = ldapsam:"ldap://ldap-1.example.com > >> ldap-2.example.com" > >> > >So it depends on your LDAP client library and the example I gave you is > >valid > >for openLDAP, possibly not for yours, if it supports multiple servers at > >all. > >You could try the second syntax ldapsam:"ldap://ldap-1.example.com > >ldap-2.example.com". > > > >The bottom line is that the string between the quotes has to be a valid > >string > >accepted by the ldap init routine of your library... > > > >Cheers - Michael > > > > > >>It seems to be the 3.0.22 release that I remember seeing a not that ldap > >>failover was deprecated for some reason. The only way I have been able > >>to get any type of failover is setting up a DNS entry to round robin > >>between two Sun DS7 multimaster directory servers. > >> > >>Thanks, > >> > >>Gary > >> > >>On 3/25/2010 3:16 PM, Michael Adam wrote: > >> > >>>Hi Gary, > >>> > >>>Gary Peck wrote: > >>> > >>> > After trying multiple options in the smb.conf file the only way I could > get fail over to work was having two ldap servers setup in a multimaster > replication and having a DNS entry setup that round robins between the > two. Everything seems to work, I can bring down one ldap server and > samba will still authenticate and let users in. Anybody know of any > issues doing it this way? > > Thanks, > > Gary > > > > >If I have read the documentation correctly, it looks like you can not > >have a fail over LDAP server defined in the smb.conf file for the > >passdb > >backend. It looks like this feature was taken away in an earlier > >release. Is this correct? If not could somebody steer me in the right > >direction. > > > > > >>>Is the question how to specify multiple ldap servers in smb.conf? > >>>If so, here is the answer: > >>> > >>>passdb backend = ldap:"ldap://ldap1.example.com > >>>ldap://ldap2.example.com"; > >>> > >>>I.e. put a spaces separated list of ldap urls into quotes. > >>> > >>>If that was not your question, please clarify. > >>> > >>>Cheers - Michael > >>> > >>> > >> > > > pgpWzjSXPs9ci.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to synch multiple servers?
Forgot to send this to the list: On 26 March 2010 15:44, John Drescher wrote: >>> Is there a way to synch multiple servers at once so when one is changed, >>> samba updates all the other servers at the same time automatically? >>> >> >> Do you mean sync account information (e.g. if you want multiple domain >> controllers) or changes in the files stored on the server?For multiple >> domain controllers LDAP backend is the way to go. If you want to sync files >> you could use rsync and have a cron job - I don't know how you could have a >> trigger though. > > The OP was talking about files. I suggested a network raid 1 type > setup with DRBD but forgot that that would not work unless you > combined that with GFS or OCFS2. I had thought about the rsync (or > even unison) solution but it depends on how much time can elapse > between the file changing on one server and that change appearing on > the others. How about something with rsync and inotify? A program could use inotify to watch for changes, queue up the changed files and call rsync on the files in the queue. If a file is changed more than once before being copied the first time, the other entries in the queue could be skipped. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: how to synch multiple servers?
On 26 March 2010 15:44, John Drescher wrote: >>> Is there a way to synch multiple servers at once so when one is changed, >>> samba updates all the other servers at the same time automatically? >>> >> >> Do you mean sync account information (e.g. if you want multiple domain >> controllers) or changes in the files stored on the server? For multiple >> domain controllers LDAP backend is the way to go. If you want to sync files >> you could use rsync and have a cron job - I don't know how you could have a >> trigger though. > > The OP was talking about files. I suggested a network raid 1 type > setup with DRBD but forgot that that would not work unless you > combined that with GFS or OCFS2. I had thought about the rsync (or > even unison) solution but it depends on how much time can elapse > between the file changing on one server and that change appearing on > the others. How about something with rsync and inotify? A program could use inotify to watch for changes, queue up the changed files and call rsync on the files in the queue. If a file is changed more than once before being copied the first time, the other entries in the queue could be skipped. -- Michael Wood -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, 2010-03-26 at 08:23 -0700, Jeremy Allison wrote: > On Fri, Mar 26, 2010 at 01:39:31PM +0100, Volker Lendecke wrote: > > On Fri, Mar 26, 2010 at 08:38:19AM -0400, simo wrote: > > > > > There's something I would really like to know! But somehow it seems > > > > > to > > > > > be a secret of the gods that us mere mortals are not allowed to > > > > > penetrate... > > > > > > > > Please say if there is any size restriction for xattrs in > > > > XFS. Hopefully there is none, which would mean that you can > > > > fill the whole file system with a single security descriptor > > > > if you wish. > > > > > > If I remember correctly XFS used to have a size limit of 64KiB per > > > xattr. > > > > Shall I call you god now? :-) > > Nah. I knew that too, but Simo is on the East Coast > and so answered first :-). Are you trying to dispute my newly acquired deity status ?! Beware! :-P Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, Mar 26, 2010 at 01:39:31PM +0100, Volker Lendecke wrote: > On Fri, Mar 26, 2010 at 08:38:19AM -0400, simo wrote: > > > > There's something I would really like to know! But somehow it seems to > > > > be a secret of the gods that us mere mortals are not allowed to > > > > penetrate... > > > > > > Please say if there is any size restriction for xattrs in > > > XFS. Hopefully there is none, which would mean that you can > > > fill the whole file system with a single security descriptor > > > if you wish. > > > > If I remember correctly XFS used to have a size limit of 64KiB per > > xattr. > > Shall I call you god now? :-) Nah. I knew that too, but Simo is on the East Coast and so answered first :-). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind eventually locks "forever" if one of ActiveDirectory refuses all connections
I do have winbind running in debug mode 10 and currently I have one of the servers in this state, (so if someone lets me know what will help I can get it to them. On Fri, Mar 26, 2010 at 10:56 AM, Andrew Tranquada < andrew.tranqu...@gmail.com> wrote: > I see this was created as bug 7259 but I did not see anything in the > mailing list about this problem. > Does anyone else have a problem like this? Is there something in my > configuration that is incorrect? > We have two domain controllers, and if we reboot either one of them, > winbind hangs, and we cannot lookup any ids, and since logins are requiring > group lookups, it makes logging in as a local user hang, effectively locking > us out of the box. If we continue to try as a local user we can eventually > get in, but it is less than ideal and scares everyone when you cannot log > in. Not rebooting the AD servers is not an option, we do keep our boxes > patched with updates. > What appears to happen is that rebooting one of the AD servers causes > winbind to get some kind of error, and stop listening on /tmp/.winbind/pipe > when we do an lsof of /tmp/.winbind/pipe > and then strace -p any of the winbind processes,none of them are looking > (in their select) at the file descriptor(s) listed by lsof. So it seems that > when one ad server is restarted, winbind does not like it and errors, and > stops listening on that pipe, and when any communication happens (sid-uid > lookups), since no one is responding on that pipe/socket, it hangs. > This is with samba 3.4.5 > > our samba config: > netbios name = nimdev-afs1 > workgroup = > security = ads > realm = > kerberos method = system keytab > idmap backend = hash > idmap uid = 4000-1 > idmap gid = 4000-1 > winbind enum users = yes > winbind enum groups = yes > auth methods = winbind > template shell = /bin/bash > template homedir = /home/%U > winbind normalize names = yes > winbind use default domain = yes > allow trusted domains = no > winbind cache time = 3600 > > > What more information can I provide that would be helpful? > > Thank you > > > > -- > Andrew Tranquada > -- Andrew Tranquada -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind eventually locks "forever" if one of ActiveDirectory refuses all connections
I see this was created as bug 7259 but I did not see anything in the mailing list about this problem. Does anyone else have a problem like this? Is there something in my configuration that is incorrect? We have two domain controllers, and if we reboot either one of them, winbind hangs, and we cannot lookup any ids, and since logins are requiring group lookups, it makes logging in as a local user hang, effectively locking us out of the box. If we continue to try as a local user we can eventually get in, but it is less than ideal and scares everyone when you cannot log in. Not rebooting the AD servers is not an option, we do keep our boxes patched with updates. What appears to happen is that rebooting one of the AD servers causes winbind to get some kind of error, and stop listening on /tmp/.winbind/pipe when we do an lsof of /tmp/.winbind/pipe and then strace -p any of the winbind processes,none of them are looking (in their select) at the file descriptor(s) listed by lsof. So it seems that when one ad server is restarted, winbind does not like it and errors, and stops listening on that pipe, and when any communication happens (sid-uid lookups), since no one is responding on that pipe/socket, it hangs. This is with samba 3.4.5 our samba config: netbios name = nimdev-afs1 workgroup = security = ads realm = kerberos method = system keytab idmap backend = hash idmap uid = 4000-1 idmap gid = 4000-1 winbind enum users = yes winbind enum groups = yes auth methods = winbind template shell = /bin/bash template homedir = /home/%U winbind normalize names = yes winbind use default domain = yes allow trusted domains = no winbind cache time = 3600 What more information can I provide that would be helpful? Thank you -- Andrew Tranquada -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, 2010-03-26 at 13:06 +, Miguel Medalha wrote: > > If I remember correctly XFS used to have a size limit of 64KiB per > > xattr. > > > > What about ext3 & ext4? Always IIRC, they should be limited by the inode size, which is 4KiB, but this information is old, and should be verified for ext4. Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Paste ldap admin dn or ldap suffix in your smb.conf Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a): > try this: > > ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b > "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it" > > Dne 26.3.2010 15:00, GG napsal(a): >> Hello! >> >> I'm stuck on getdomainsid: Net command is missing even though libs and >> smbclient are installed. >> >> I tried this: >> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b >> "sambaDomainName=WORKGROUP,dc=domain,dc=it" >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base with scope sub >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # search result >> search: 2 >> result: 34 Invalid DN syntax >> text: invalid DN >> >> # numResponses: 1 >> >> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it... >> I used WORKGROUP as it is the domain we use on pcs and the only one >> defined in smb.conf >> >> I also tried using my pdc HOSTNAME >> >> and this was returned >> # LDAPv3 >> # base with scope sub >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # search result >> search: 2 >> result: 34 Invalid DN syntax >> text: invalid DN >> >> # numResponses: 1 >> >> Any way to get through this or how to use net command? Maybe updating >> samba-client? >> >> I tried rpm -i samba-client but it says >> file /usr/share/man/man1/smbclient.1.gz from install of >> samba-client-2.2.12-1.suse82 conflicts with file from package >> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm >> >> I found also the original package but it says it is already installed. >> >> What happens if I remove samba-client and reinstall it soon after on >> the production pdc? >> >> >> Giorgio >> >> On 3/26/10, Vladimir Psenicka wrote: >>> Dne 26.3.2010 13:50, GG napsal(a): Hello! >> Have you samba-client package installed? >> yes I do at least smbclient is there! but no net command :-/ >> pavouk\pseni...@psenicka:~> rpm -qf `which net` >> samba-client-3.5.1-4.1.x86_64 So here are the issues encountered... file /usr/share/man/man1/smbclient.1.gz from install of samba-client-2.2.12-1.suse82 conflicts with file from package samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm I found on net... >> >> or you can dig domainsid from ldap This sounds interesting! How do I do that? >>> >>> modify to your needs (domain): >>> >>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b >>> "sambaDomainName=domain,dc=domain,dc=cz" >>> >>> sambaSID: is your domainsid >>> >>> or you can use phpldapadmin to manage you ldap from browser >>> Thanks very much! Giorgio On 3/26/10, GG wrote: > Hi! > > I'll be at it in a few minutes installing samba client / net command :-) > > I have a question about the samba sernet repos: > Shall I apt-get remove samba and use > http://enterprisesamba.com/index.php?id=148 + > http://enterprisesamba.com/index.php?id=56 > instead from start? > > What is the real advantage of sernet? What about installing official > samba.org packages, are there differences with sernet (stability?) or > is it just a more liberal repository? > > Also I read Ensure that all local user and group accounts that are used by samba have the same uid/gid. > > Shall I copy /etc/shadow and /etc/passwd over? other files for groups > and users? > > I use rsync --verbose --progress --stats --compress --rsh=ssh \ > --recursive --times --perms --links \ > --owner --group --devices --specials \ > --exclude-from '/root/exclude.txt (if any, not in this case as > I'm only syncing data dir)' \ > r...@old_pdc:/DATA /DATA > > This should bring over every attribute set on files... correct? > > [[[did only partially in one case: I set up a twin install (fresh > install then live cd and full rsync and after that I kept mbr, but > changed /boot and the /ect/fstab settings) and the server started > etc.. LDAP did not work though: authentication was not available... > So I must be missing something or this rsync parameter set must be > missing something.. I had disconnected old PDC, set same IP and > hostname to the VM well this worked well for other virtualizations and > in this PDC I need to upgrade to win7 compatible samba version anyway > :-) > This was another story but just to share it as it is an excellent way > of migrating sometimes specially for machines you do not master and > this is my case very often.]]] > > Cheers, > Giorgio > > On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka > wrote: >> Hi >> >> Dne 25.3.2010 17:41, GG napsal(a): >>> Hello Vladimir, John and all the NG :-) >>> Thanks so much for answering. I reall
Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
try this: ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it" Dne 26.3.2010 15:00, GG napsal(a): > Hello! > > I'm stuck on getdomainsid: Net command is missing even though libs and > smbclient are installed. > > I tried this: > # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b > "sambaDomainName=WORKGROUP,dc=domain,dc=it" > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 34 Invalid DN syntax > text: invalid DN > > # numResponses: 1 > > So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it... > I used WORKGROUP as it is the domain we use on pcs and the only one > defined in smb.conf > > I also tried using my pdc HOSTNAME > > and this was returned > # LDAPv3 > # base with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 34 Invalid DN syntax > text: invalid DN > > # numResponses: 1 > > Any way to get through this or how to use net command? Maybe updating > samba-client? > > I tried rpm -i samba-client but it says > file /usr/share/man/man1/smbclient.1.gz from install of > samba-client-2.2.12-1.suse82 conflicts with file from package > samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm > > I found also the original package but it says it is already installed. > > What happens if I remove samba-client and reinstall it soon after on > the production pdc? > > > Giorgio > > On 3/26/10, Vladimir Psenicka wrote: >> Dne 26.3.2010 13:50, GG napsal(a): >>> Hello! >>> > Have you samba-client package installed? > >>> >>> yes I do at least smbclient is there! but no net command :-/ >>> > pavouk\pseni...@psenicka:~> rpm -qf `which net` > samba-client-3.5.1-4.1.x86_64 >>> >>> So here are the issues encountered... >>> file /usr/share/man/man1/smbclient.1.gz from install of >>> samba-client-2.2.12-1.suse82 conflicts with file from package >>> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm >>> I found on net... >>> > > or you can dig domainsid from ldap >>> >>> This sounds interesting! How do I do that? >>> >> >> modify to your needs (domain): >> >> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b >> "sambaDomainName=domain,dc=domain,dc=cz" >> >> sambaSID: is your domainsid >> >> or you can use phpldapadmin to manage you ldap from browser >> >>> Thanks very much! >>> Giorgio >>> >>> On 3/26/10, GG wrote: Hi! I'll be at it in a few minutes installing samba client / net command :-) I have a question about the samba sernet repos: Shall I apt-get remove samba and use http://enterprisesamba.com/index.php?id=148 + http://enterprisesamba.com/index.php?id=56 instead from start? What is the real advantage of sernet? What about installing official samba.org packages, are there differences with sernet (stability?) or is it just a more liberal repository? Also I read >>> Ensure that all local user and group accounts that are used by samba >>> have the same uid/gid. Shall I copy /etc/shadow and /etc/passwd over? other files for groups and users? I use rsync --verbose --progress --stats --compress --rsh=ssh \ --recursive --times --perms --links \ --owner --group --devices --specials \ --exclude-from '/root/exclude.txt (if any, not in this case as I'm only syncing data dir)' \ r...@old_pdc:/DATA /DATA This should bring over every attribute set on files... correct? [[[did only partially in one case: I set up a twin install (fresh install then live cd and full rsync and after that I kept mbr, but changed /boot and the /ect/fstab settings) and the server started etc.. LDAP did not work though: authentication was not available... So I must be missing something or this rsync parameter set must be missing something.. I had disconnected old PDC, set same IP and hostname to the VM well this worked well for other virtualizations and in this PDC I need to upgrade to win7 compatible samba version anyway :-) This was another story but just to share it as it is an excellent way of migrating sometimes specially for machines you do not master and this is my case very often.]]] Cheers, Giorgio On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka wrote: > Hi > > Dne 25.3.2010 17:41, GG napsal(a): >> Hello Vladimir, John and all the NG :-) >> Thanks so much for answering. I really hoped someone would :-) >> >> So I installed Debian latest stable netinst on the future production >> server and here are my issues in the quotes :-( no net command on my >> suse 8.2 >> >> Cheers :-) >> Giorgio >> >
Re: [Samba] Samba 3.5.1 net ads join Centos 3
Hi! Did you copy libnss_winbind.so to /lib directory? Best regards /Adrian Berlin > - Original Message - > From: Mike Rambo > To: Samba List > Subject: [Samba] Samba 3.5.1 net ads join Centos 3 > Date: Thu, 25 Mar 2010 15:06:40 -0400 > > > > I have installed Samba 3.5.1 on Centos 3 which appears to be ok > except I cannot join an AD domain. > > net ads join fails with: > > [2010/03/25 14:42:37.977044, 0] libads/sasl.c:820(ads_sasl_spnego_bind) >kinit succeeded but ads_sasl_spnego_krb5_bind failed: No > credentials found with supported encryption types > Failed to join domain: failed to connect to AD: No credentials > found with supported encryption types > > A little goggling has found that krb5 being older than at least > v1.3.1 may be the cause of the problem. > > (http://lists.samba.org/archive/samba/2005-February/100484.html) > > Centos3 has krb5-1.2.7. > > I have been unable to find newer Centos3/RHEL3 krb5 rpms. I also > have been unable to build newer krb5 rpms from el4 source rpms, or > compile krb5 from source tarballs due to e2fsprogs being too old > (requires v1.33 - have 1.32). > > Tried installing latest e2fsprogs but that just resulted in missing > libuuid.so.1 and I gave up at that point and reverted > e2fsprogs back to where it started. > > Does anyone know how to get Centos3 to the point where net ads join > will succeed? > > Thanks. > > > -- Mike Rambo > > > NOTE: In order to control energy costs the light at the end > of the tunnel has been shut off until further notice... > -- To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Hello! I'm stuck on getdomainsid: Net command is missing even though libs and smbclient are installed. I tried this: # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b "sambaDomainName=WORKGROUP,dc=domain,dc=it" Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope sub # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 34 Invalid DN syntax text: invalid DN # numResponses: 1 So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it... I used WORKGROUP as it is the domain we use on pcs and the only one defined in smb.conf I also tried using my pdc HOSTNAME and this was returned # LDAPv3 # base with scope sub # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 34 Invalid DN syntax text: invalid DN # numResponses: 1 Any way to get through this or how to use net command? Maybe updating samba-client? I tried rpm -i samba-client but it says file /usr/share/man/man1/smbclient.1.gz from install of samba-client-2.2.12-1.suse82 conflicts with file from package samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm I found also the original package but it says it is already installed. What happens if I remove samba-client and reinstall it soon after on the production pdc? Giorgio On 3/26/10, Vladimir Psenicka wrote: > Dne 26.3.2010 13:50, GG napsal(a): > > Hello! > > > >>> Have you samba-client package installed? > >>> > > > > yes I do at least smbclient is there! but no net command :-/ > > > >>> pavouk\pseni...@psenicka:~> rpm -qf `which net` > >>> samba-client-3.5.1-4.1.x86_64 > > > > So here are the issues encountered... > > file /usr/share/man/man1/smbclient.1.gz from install of > > samba-client-2.2.12-1.suse82 conflicts with file from package > > samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm > > I found on net... > > > >>> > >>> or you can dig domainsid from ldap > > > > This sounds interesting! How do I do that? > > > > modify to your needs (domain): > > ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b > "sambaDomainName=domain,dc=domain,dc=cz" > > sambaSID: is your domainsid > > or you can use phpldapadmin to manage you ldap from browser > > > Thanks very much! > > Giorgio > > > > On 3/26/10, GG wrote: > >> Hi! > >> > >> I'll be at it in a few minutes installing samba client / net command :-) > >> > >> I have a question about the samba sernet repos: > >> Shall I apt-get remove samba and use > >> http://enterprisesamba.com/index.php?id=148 + > >> http://enterprisesamba.com/index.php?id=56 > >> instead from start? > >> > >> What is the real advantage of sernet? What about installing official > >> samba.org packages, are there differences with sernet (stability?) or > >> is it just a more liberal repository? > >> > >> Also I read > > Ensure that all local user and group accounts that are used by samba > > have the same uid/gid. > >> > >> Shall I copy /etc/shadow and /etc/passwd over? other files for groups > >> and users? > >> > >> I use rsync --verbose --progress --stats --compress --rsh=ssh \ > >> --recursive --times --perms --links \ > >> --owner --group --devices --specials \ > >> --exclude-from '/root/exclude.txt (if any, not in this case as > >> I'm only syncing data dir)' \ > >> r...@old_pdc:/DATA /DATA > >> > >> This should bring over every attribute set on files... correct? > >> > >> [[[did only partially in one case: I set up a twin install (fresh > >> install then live cd and full rsync and after that I kept mbr, but > >> changed /boot and the /ect/fstab settings) and the server started > >> etc.. LDAP did not work though: authentication was not available... > >> So I must be missing something or this rsync parameter set must be > >> missing something.. I had disconnected old PDC, set same IP and > >> hostname to the VM well this worked well for other virtualizations and > >> in this PDC I need to upgrade to win7 compatible samba version anyway > >> :-) > >> This was another story but just to share it as it is an excellent way > >> of migrating sometimes specially for machines you do not master and > >> this is my case very often.]]] > >> > >> Cheers, > >> Giorgio > >> > >> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka > >> wrote: > >>> Hi > >>> > >>> Dne 25.3.2010 17:41, GG napsal(a): > Hello Vladimir, John and all the NG :-) > Thanks so much for answering. I really hoped someone would :-) > > So I installed Debian latest stable netinst on the future production > server and here are my issues in the quotes :-( no net command on my > suse 8.2 > > Cheers :-) > Giorgio > > > > On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote: > >> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: > >> What about Debian Stable with Sernet samba repo, where you can choose > >> Samba 3.4.x or 3.5.x > >> > >> My hints on migrating to
Re: [Samba] xp logon issue
On 03/26/2010 07:53 AM, Kilaru Sambaiah wrote: Hi, I have setup Samba 3.0 as PDC and all the desktops are able to login and no issues. One laptop user is not able to logon out side the office (PDC is not available). Win 2003, he doesn't have such problem. How to enable cache so that user can logon even if domain is not available? I tried google, but my framing may not be right, so I didn't get any help. Thanks in Advance. Thanks and Regards, Sam THis sounds like an XP problem not a Samba specific problem. Once you have logged onto the network you should then be able to logon "offline." I would check Microsoft's support site, don't include Samba in your search strings. I would also run gpedit.msc on the XP machine and see if there are any security settings that can adjust the caching. I am pretty sure you can disable caching but I don't think it is the default. Gpedit.msc -> Local Computer Policy -> Computer Config -> Windows Settings -> Security Settings -> Security Options -> Interactive Logon: Number of previous logons to cache: By default it is 10. I think that means it let the last 10 users to logon on online also logon off line. I don't think it means that you can only logon offline 10 times.(I have a laptop that I rarely logon to in the office and I have not had problems.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to synch multiple servers?
>> Is there a way to synch multiple servers at once so when one is changed, >> samba updates all the other servers at the same time automatically? >> > > Do you mean sync account information (e.g. if you want multiple domain > controllers) or changes in the files stored on the server? For multiple > domain controllers LDAP backend is the way to go. If you want to sync files > you could use rsync and have a cron job - I don't know how you could have a > trigger though. The OP was talking about files. I suggested a network raid 1 type setup with DRBD but forgot that that would not work unless you combined that with GFS or OCFS2. I had thought about the rsync (or even unison) solution but it depends on how much time can elapse between the file changing on one server and that change appearing on the others. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to synch multiple servers?
On 03/24/2010 03:07 PM, PTaco wrote: Is there a way to synch multiple servers at once so when one is changed, samba updates all the other servers at the same time automatically? Do you mean sync account information (e.g. if you want multiple domain controllers) or changes in the files stored on the server?For multiple domain controllers LDAP backend is the way to go. If you want to sync files you could use rsync and have a cron job - I don't know how you could have a trigger though. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Dne 26.3.2010 13:50, GG napsal(a): > Hello! > >>> Have you samba-client package installed? >>> > > yes I do at least smbclient is there! but no net command :-/ > >>> pavouk\pseni...@psenicka:~> rpm -qf `which net` >>> samba-client-3.5.1-4.1.x86_64 > > So here are the issues encountered... > file /usr/share/man/man1/smbclient.1.gz from install of > samba-client-2.2.12-1.suse82 conflicts with file from package > samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm > I found on net... > >>> >>> or you can dig domainsid from ldap > > This sounds interesting! How do I do that? > modify to your needs (domain): ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b "sambaDomainName=domain,dc=domain,dc=cz" sambaSID: is your domainsid or you can use phpldapadmin to manage you ldap from browser > Thanks very much! > Giorgio > > On 3/26/10, GG wrote: >> Hi! >> >> I'll be at it in a few minutes installing samba client / net command :-) >> >> I have a question about the samba sernet repos: >> Shall I apt-get remove samba and use >> http://enterprisesamba.com/index.php?id=148 + >> http://enterprisesamba.com/index.php?id=56 >> instead from start? >> >> What is the real advantage of sernet? What about installing official >> samba.org packages, are there differences with sernet (stability?) or >> is it just a more liberal repository? >> >> Also I read > Ensure that all local user and group accounts that are used by samba > have the same uid/gid. >> >> Shall I copy /etc/shadow and /etc/passwd over? other files for groups >> and users? >> >> I use rsync --verbose --progress --stats --compress --rsh=ssh \ >> --recursive --times --perms --links \ >> --owner --group --devices --specials \ >> --exclude-from '/root/exclude.txt (if any, not in this case as >> I'm only syncing data dir)' \ >> r...@old_pdc:/DATA /DATA >> >> This should bring over every attribute set on files... correct? >> >> [[[did only partially in one case: I set up a twin install (fresh >> install then live cd and full rsync and after that I kept mbr, but >> changed /boot and the /ect/fstab settings) and the server started >> etc.. LDAP did not work though: authentication was not available... >> So I must be missing something or this rsync parameter set must be >> missing something.. I had disconnected old PDC, set same IP and >> hostname to the VM well this worked well for other virtualizations and >> in this PDC I need to upgrade to win7 compatible samba version anyway >> :-) >> This was another story but just to share it as it is an excellent way >> of migrating sometimes specially for machines you do not master and >> this is my case very often.]]] >> >> Cheers, >> Giorgio >> >> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka >> wrote: >>> Hi >>> >>> Dne 25.3.2010 17:41, GG napsal(a): Hello Vladimir, John and all the NG :-) Thanks so much for answering. I really hoped someone would :-) So I installed Debian latest stable netinst on the future production server and here are my issues in the quotes :-( no net command on my suse 8.2 Cheers :-) Giorgio > On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote: >> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: >> What about Debian Stable with Sernet samba repo, where you can choose >> Samba 3.4.x or 3.5.x >> >> My hints on migrating to new server: >> >> 1. install new server (Samba,ldap etc.) done :-) Debian Stable netinst >> 2. set same hostname on new server My ignorance comes out :-) Must I set it different from the production server as FW points production.domain.com - I have clients using DNS=oldPDC and PDC forwards queries to FW. FW has pdc.domain.com defined to point to lan ip. >>> >>> Ok, can be changed later >>> >> 3. export ldap data from old server and import them to new server slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif OK > Ensure that all local user and group accounts that are used by samba > have the same uid/gid. my ignorance again... another hint? > >> 4. export SID (net getlocalsid) and set it on new server (net >> setlocalsid oldsid) > > Note: > net getdomainsid (on old server) > net setdomainsid (on new server) thanks :-) # net getdomainsid -bash: net: command not found :-( and not found in yast I understand it has to do with extracting the sid from /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast has now net package and googling net is.. well wow! >>> >>> Have you samba-client package installed? >>> >>> pavouk\pseni...@psenicka:~> rpm -qf `which net` >>> samba-client-3.5.1-4.1.x86_64 >>> >>> or you can dig domainsid from ldap >>> >> 5. configure samba on new server as PDC with ldap and shares in smb.conf >> from old samba smb.conf
Re: [Samba] acl_xattr vs acl_tdb
If I remember correctly XFS used to have a size limit of 64KiB per xattr. What about ext3 & ext4? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ?: winbind dont start
25.3.2010 9:15, Pasi Mustalahti kirjoitti: > Date seems to be abt. 28 sec out of sync compared to her twin Tested > with 'date'). The twins seem to use different time servers of our net > (tested with 'ntpq -p'). I Managed to get the times within 1 sec in all the linux servers. Still winbind doesn't start ! Please comments and help ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Hello! > > Have you samba-client package installed? > > yes I do at least smbclient is there! but no net command :-/ > > pavouk\pseni...@psenicka:~> rpm -qf `which net` > > samba-client-3.5.1-4.1.x86_64 So here are the issues encountered... file /usr/share/man/man1/smbclient.1.gz from install of samba-client-2.2.12-1.suse82 conflicts with file from package samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm I found on net... > > > > or you can dig domainsid from ldap This sounds interesting! How do I do that? Thanks very much! Giorgio On 3/26/10, GG wrote: > Hi! > > I'll be at it in a few minutes installing samba client / net command :-) > > I have a question about the samba sernet repos: > Shall I apt-get remove samba and use > http://enterprisesamba.com/index.php?id=148 + > http://enterprisesamba.com/index.php?id=56 > instead from start? > > What is the real advantage of sernet? What about installing official > samba.org packages, are there differences with sernet (stability?) or > is it just a more liberal repository? > > Also I read > >>> Ensure that all local user and group accounts that are used by samba > >>> have the same uid/gid. > > Shall I copy /etc/shadow and /etc/passwd over? other files for groups > and users? > > I use rsync --verbose --progress --stats --compress --rsh=ssh \ > --recursive --times --perms --links \ > --owner --group --devices --specials \ > --exclude-from '/root/exclude.txt (if any, not in this case as > I'm only syncing data dir)' \ > r...@old_pdc:/DATA /DATA > > This should bring over every attribute set on files... correct? > > [[[did only partially in one case: I set up a twin install (fresh > install then live cd and full rsync and after that I kept mbr, but > changed /boot and the /ect/fstab settings) and the server started > etc.. LDAP did not work though: authentication was not available... > So I must be missing something or this rsync parameter set must be > missing something.. I had disconnected old PDC, set same IP and > hostname to the VM well this worked well for other virtualizations and > in this PDC I need to upgrade to win7 compatible samba version anyway > :-) > This was another story but just to share it as it is an excellent way > of migrating sometimes specially for machines you do not master and > this is my case very often.]]] > > Cheers, > Giorgio > > On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka > wrote: > > Hi > > > > Dne 25.3.2010 17:41, GG napsal(a): > >> Hello Vladimir, John and all the NG :-) > >> Thanks so much for answering. I really hoped someone would :-) > >> > >> So I installed Debian latest stable netinst on the future production > >> server and here are my issues in the quotes :-( no net command on my > >> suse 8.2 > >> > >> Cheers :-) > >> Giorgio > >> > >> > >>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote: > On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: > What about Debian Stable with Sernet samba repo, where you can choose > Samba 3.4.x or 3.5.x > > My hints on migrating to new server: > > 1. install new server (Samba,ldap etc.) > >> > >> done :-) Debian Stable netinst > >> > 2. set same hostname on new server > >> My ignorance comes out :-) > >> Must I set it different from the production server as FW points > >> production.domain.com - I have clients using DNS=oldPDC and PDC > >> forwards queries to FW. FW has pdc.domain.com defined to point to lan > >> ip. > >> > > > > Ok, can be changed later > > > 3. export ldap data from old server and import them to new server > >> > >> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif > >> OK > >> > >>> Ensure that all local user and group accounts that are used by samba > >>> have the same uid/gid. > >> my ignorance again... another hint? > >>> > 4. export SID (net getlocalsid) and set it on new server (net > setlocalsid oldsid) > >>> > >>> Note: > >>> net getdomainsid (on old server) > >>> net setdomainsid (on new server) > >> thanks :-) > >> > >> # net getdomainsid > >> -bash: net: command not found :-( and not found in yast > >> > >> I understand it has to do with extracting the sid from > >> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast > >> has now net package and googling net is.. well wow! > >> > > > > Have you samba-client package installed? > > > > pavouk\pseni...@psenicka:~> rpm -qf `which net` > > samba-client-3.5.1-4.1.x86_64 > > > > or you can dig domainsid from ldap > > > 5. configure samba on new server as PDC with ldap and shares in smb.conf > from old samba smb.conf (check with testparm) > >> > >> I see it only contains shares so I bet smb.conf would just keep all > >> the old settings rigth? /DATA will be rsynced > >> > > > > Maybe smb.conf from Samba2 is too different from Samba 3. I will keep > > current smb.conf on new server and add only shares from old smb.conf to > > new smb.conf. > > > 6.
Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Dne 26.3.2010 10:59, GG napsal(a): > Hi! > > I'll be at it in a few minutes installing samba client / net command :-) > > I have a question about the samba sernet repos: > Shall I apt-get remove samba and use > http://enterprisesamba.com/index.php?id=148 + > http://enterprisesamba.com/index.php?id=56 > instead from start? > Yes, you should remove Debian samba packages and install sernet-samba packages. > What is the real advantage of sernet? What about installing official > samba.org packages, are there differences with sernet (stability?) or > is it just a more liberal repository? I don't know how much are samba.org repositories updated, but sernet repos seems to be updated often. Maybe somebody can explain this better. > > Also I read Ensure that all local user and group accounts that are used by samba have the same uid/gid. > > Shall I copy /etc/shadow and /etc/passwd over? other files for groups > and users? > > I use rsync --verbose --progress --stats --compress --rsh=ssh \ > --recursive --times --perms --links \ > --owner --group --devices --specials \ > --exclude-from '/root/exclude.txt (if any, not in this case as > I'm only syncing data dir)' \ > r...@old_pdc:/DATA /DATA > > This should bring over every attribute set on files... correct? Yes > > [[[did only partially in one case: I set up a twin install (fresh > install then live cd and full rsync and after that I kept mbr, but > changed /boot and the /ect/fstab settings) and the server started > etc.. LDAP did not work though: authentication was not available... > So I must be missing something or this rsync parameter set must be > missing something.. I had disconnected old PDC, set same IP and > hostname to the VM well this worked well for other virtualizations and > in this PDC I need to upgrade to win7 compatible samba version anyway > :-) > This was another story but just to share it as it is an excellent way > of migrating sometimes specially for machines you do not master and > this is my case very often.]]] > > Cheers, > Giorgio > > On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka > wrote: >> Hi >> >> Dne 25.3.2010 17:41, GG napsal(a): >>> Hello Vladimir, John and all the NG :-) >>> Thanks so much for answering. I really hoped someone would :-) >>> >>> So I installed Debian latest stable netinst on the future production >>> server and here are my issues in the quotes :-( no net command on my >>> suse 8.2 >>> >>> Cheers :-) >>> Giorgio >>> >>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote: > On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: > What about Debian Stable with Sernet samba repo, where you can choose > Samba 3.4.x or 3.5.x > > My hints on migrating to new server: > > 1. install new server (Samba,ldap etc.) >>> >>> done :-) Debian Stable netinst >>> > 2. set same hostname on new server >>> My ignorance comes out :-) >>> Must I set it different from the production server as FW points >>> production.domain.com - I have clients using DNS=oldPDC and PDC >>> forwards queries to FW. FW has pdc.domain.com defined to point to lan >>> ip. >>> >> >> Ok, can be changed later >> > 3. export ldap data from old server and import them to new server >>> >>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif >>> OK >>> Ensure that all local user and group accounts that are used by samba have the same uid/gid. >>> my ignorance again... another hint? > 4. export SID (net getlocalsid) and set it on new server (net > setlocalsid oldsid) Note: net getdomainsid (on old server) net setdomainsid (on new server) >>> thanks :-) >>> >>> # net getdomainsid >>> -bash: net: command not found :-( and not found in yast >>> >>> I understand it has to do with extracting the sid from >>> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast >>> has now net package and googling net is.. well wow! >>> >> >> Have you samba-client package installed? >> >> pavouk\pseni...@psenicka:~> rpm -qf `which net` >> samba-client-3.5.1-4.1.x86_64 >> >> or you can dig domainsid from ldap >> > 5. configure samba on new server as PDC with ldap and shares in smb.conf > from old samba smb.conf (check with testparm) >>> >>> I see it only contains shares so I bet smb.conf would just keep all >>> the old settings rigth? /DATA will be rsynced >>> >> >> Maybe smb.conf from Samba2 is too different from Samba 3. I will keep >> current smb.conf on new server and add only shares from old smb.conf to >> new smb.conf. >> > 6. stop samba on old server > 7. copy all data (with perms) and netlogon share to new server > 8. stop old server > 9. start samba on new server a check everything is working fine (domain > logon from windows box, shares and perms) > > This can be done best when no users are logged in samba (maybe at > weekend?) > > P.S. We have ubuntu 8.04 as PDC and Wi
Re: [Samba] acl_xattr vs acl_tdb
On Fri, Mar 26, 2010 at 08:38:19AM -0400, simo wrote: > > > There's something I would really like to know! But somehow it seems to > > > be a secret of the gods that us mere mortals are not allowed to > > > penetrate... > > > > Please say if there is any size restriction for xattrs in > > XFS. Hopefully there is none, which would mean that you can > > fill the whole file system with a single security descriptor > > if you wish. > > If I remember correctly XFS used to have a size limit of 64KiB per > xattr. Shall I call you god now? :-) Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, 2010-03-26 at 13:34 +0100, Volker Lendecke wrote: > On Fri, Mar 26, 2010 at 12:25:14PM +, Miguel Medalha wrote: > > > > >Does anyone know how many ACLs can be stored on file system (xfs) using > > >acl_xattr module and in file file_ntacls.tdb? > > > > > > > There's something I would really like to know! But somehow it seems to > > be a secret of the gods that us mere mortals are not allowed to penetrate... > > Please say if there is any size restriction for xattrs in > XFS. Hopefully there is none, which would mean that you can > fill the whole file system with a single security descriptor > if you wish. If I remember correctly XFS used to have a size limit of 64KiB per xattr. Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
On Fri, Mar 26, 2010 at 12:25:14PM +, Miguel Medalha wrote: > > >Does anyone know how many ACLs can be stored on file system (xfs) using > >acl_xattr module and in file file_ntacls.tdb? > > > > There's something I would really like to know! But somehow it seems to > be a secret of the gods that us mere mortals are not allowed to penetrate... Please say if there is any size restriction for xattrs in XFS. Hopefully there is none, which would mean that you can fill the whole file system with a single security descriptor if you wish. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
Does anyone know how many ACLs can be stored on file system (xfs) using acl_xattr module and in file file_ntacls.tdb? There's something I would really like to know! But somehow it seems to be a secret of the gods that us mere mortals are not allowed to penetrate... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions on Samba and LDAP failover
Gary Peck wrote: > I have actually tired that and could not get that to work. At least it > does not work on the version of samba that is bundled with Solaris 10 > (3.0.37). > > passdb backend = ldap:"ldap://ldap1.example.com ldap://ldap2.example.com"; > --- This causes a core dump oh, i mis-spelled ldap: instead of ldapsam: > passdb backend = ldapsam:"ldap://ldap1.example.com > ldap://ldap2.example.com"; smbpasswd username fails connecting to primary > ldap server and just errors out. Hmm, what ldap library are you using? reading from the smb.conf manpage: > - ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an > optional argument (defaults to > ldap://localhost) > > LDAP connections should be secured where possible. This may be done > using either Start-TLS (see > ldap ssl) or by specifying ldaps:// in the URL argument. > > Multiple servers may also be specified in double-quotes. Whether > multiple servers are supported > or not and the exact syntax depends on the LDAP library you use. > > Examples of use are: > > passdb backend = tdbsam:/etc/samba/private/passdb.tdb > > or multi server LDAP URL with OpenLDAP library: > > passdb backend = ldapsam:"ldap://ldap-1.example.com > ldap://ldap-2.example.com"; > > or multi server LDAP URL with Netscape based LDAP library: > > passdb backend = ldapsam:"ldap://ldap-1.example.com > ldap-2.example.com" So it depends on your LDAP client library and the example I gave you is valid for openLDAP, possibly not for yours, if it supports multiple servers at all. You could try the second syntax ldapsam:"ldap://ldap-1.example.com ldap-2.example.com". The bottom line is that the string between the quotes has to be a valid string accepted by the ldap init routine of your library... Cheers - Michael > It seems to be the 3.0.22 release that I remember seeing a not that ldap > failover was deprecated for some reason. The only way I have been able > to get any type of failover is setting up a DNS entry to round robin > between two Sun DS7 multimaster directory servers. > > Thanks, > > Gary > > On 3/25/2010 3:16 PM, Michael Adam wrote: > >Hi Gary, > > > >Gary Peck wrote: > > > >>After trying multiple options in the smb.conf file the only way I could > >>get fail over to work was having two ldap servers setup in a multimaster > >>replication and having a DNS entry setup that round robins between the > >>two. Everything seems to work, I can bring down one ldap server and > >>samba will still authenticate and let users in. Anybody know of any > >>issues doing it this way? > >> > >>Thanks, > >> > >>Gary > >> > >> > >>>If I have read the documentation correctly, it looks like you can not > >>>have a fail over LDAP server defined in the smb.conf file for the passdb > >>>backend. It looks like this feature was taken away in an earlier > >>>release. Is this correct? If not could somebody steer me in the right > >>>direction. > >>> > >Is the question how to specify multiple ldap servers in smb.conf? > >If so, here is the answer: > > > >passdb backend = ldap:"ldap://ldap1.example.com > >ldap://ldap2.example.com"; > > > >I.e. put a spaces separated list of ldap urls into quotes. > > > >If that was not your question, please clarify. > > > >Cheers - Michael > > > pgpDOBA6mxBxI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] xp logon issue
Hi, I have setup Samba 3.0 as PDC and all the desktops are able to login and no issues. One laptop user is not able to logon out side the office (PDC is not available). Win 2003, he doesn't have such problem. How to enable cache so that user can logon even if domain is not available? I tried google, but my framing may not be right, so I didn't get any help. Thanks in Advance. Thanks and Regards, Sam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ADS member server to 2008 R2
Did You try the newest samba 3.5.1 ? I am using it with Windows 2008 Server R2 and it is working :) Best regards /Adrian Berlin > - Original Message - > From: Alex Ferrara > To: samba@lists.samba.org > Subject: [Samba] ADS member server to 2008 R2 > Date: Fri, 26 Mar 2010 10:56:02 +1100 > > > Hi all, > > I have a strange problem, and I can't seem to solve it. > > I have set up a Ubuntu 9.10 server with samba+kerberos to be an ADS > member server. The PDC was a 2003 SBS server, and all was well. > > Recently I added a 2008 R2 server standard to the mix, and promoted > it as a domain controller. Ever since I did this, the samba server > stops working daily. > > I have updated to 3.4.7 out of the lucid tree, but it still has the > same behaviour. After a few days of this happening, I have found > that to get it working again, I have to perform a "net ads join", > and it will magically start working. I don't even need to restart > samba or winbind. > > Does this seems to indicate that the kerberos side is ok? > > Ideas? > > Alex Ferrara > Director > Receptive IT Solutions > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can tdbtool be installed on it's own?
Hi guys, I have a Netgear ReadyNas that has Samba v3.4.5 installed on it. I'm having trouble accessing some tdb files and I'm wondering whether the app tdbtool can be installed on its own as it seems that Netgear have pulled it out. I have windows domain users who get denied access for no reason and the events aren't being caught my the standard logs. Plus Netgear force the smb.conf to auto generate and any changes I make get over written once a day. I have asked Netgear about this but their level 2 support haven't got a clue. Any help would be greatly appreciated Regards, Tristan Drinkwater Micro Peripherals Limited. Registered Office: Shorten Brook Way, Altham Business Park, Altham, Accrington, Lancs. BB5 5YJ. Tel: (01282) 776776 Fax: (01282) 858790 Micro Peripherals Limited. Registered in England No. 1511931. VAT No. GB 864 4387 91 DISCLAIMER: This e-mail and attachments are confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of Micro Peripherals Limited. If you are not the intended recipient, be advised that you have received this Email in error and that any use, dissemination, forwarding, printing, or copying of this Email is strictly prohibited. If this transmission is received in error please notify the sender immediately and delete this message from your E-mail system. All electronic transmissions to and from Micro Peripherals Ltd are recorded and may be monitored. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Hi! I'll be at it in a few minutes installing samba client / net command :-) I have a question about the samba sernet repos: Shall I apt-get remove samba and use http://enterprisesamba.com/index.php?id=148 + http://enterprisesamba.com/index.php?id=56 instead from start? What is the real advantage of sernet? What about installing official samba.org packages, are there differences with sernet (stability?) or is it just a more liberal repository? Also I read >>> Ensure that all local user and group accounts that are used by samba >>> have the same uid/gid. Shall I copy /etc/shadow and /etc/passwd over? other files for groups and users? I use rsync --verbose --progress --stats --compress --rsh=ssh \ --recursive --times --perms --links \ --owner --group --devices --specials \ --exclude-from '/root/exclude.txt (if any, not in this case as I'm only syncing data dir)' \ r...@old_pdc:/DATA /DATA This should bring over every attribute set on files... correct? [[[did only partially in one case: I set up a twin install (fresh install then live cd and full rsync and after that I kept mbr, but changed /boot and the /ect/fstab settings) and the server started etc.. LDAP did not work though: authentication was not available... So I must be missing something or this rsync parameter set must be missing something.. I had disconnected old PDC, set same IP and hostname to the VM well this worked well for other virtualizations and in this PDC I need to upgrade to win7 compatible samba version anyway :-) This was another story but just to share it as it is an excellent way of migrating sometimes specially for machines you do not master and this is my case very often.]]] Cheers, Giorgio On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka wrote: > Hi > > Dne 25.3.2010 17:41, GG napsal(a): >> Hello Vladimir, John and all the NG :-) >> Thanks so much for answering. I really hoped someone would :-) >> >> So I installed Debian latest stable netinst on the future production >> server and here are my issues in the quotes :-( no net command on my >> suse 8.2 >> >> Cheers :-) >> Giorgio >> >> >>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote: On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: What about Debian Stable with Sernet samba repo, where you can choose Samba 3.4.x or 3.5.x My hints on migrating to new server: 1. install new server (Samba,ldap etc.) >> >> done :-) Debian Stable netinst >> 2. set same hostname on new server >> My ignorance comes out :-) >> Must I set it different from the production server as FW points >> production.domain.com - I have clients using DNS=oldPDC and PDC >> forwards queries to FW. FW has pdc.domain.com defined to point to lan >> ip. >> > > Ok, can be changed later > 3. export ldap data from old server and import them to new server >> >> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif >> OK >> >>> Ensure that all local user and group accounts that are used by samba >>> have the same uid/gid. >> my ignorance again... another hint? >>> 4. export SID (net getlocalsid) and set it on new server (net setlocalsid oldsid) >>> >>> Note: >>> net getdomainsid (on old server) >>> net setdomainsid (on new server) >> thanks :-) >> >> # net getdomainsid >> -bash: net: command not found :-( and not found in yast >> >> I understand it has to do with extracting the sid from >> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast >> has now net package and googling net is.. well wow! >> > > Have you samba-client package installed? > > pavouk\pseni...@psenicka:~> rpm -qf `which net` > samba-client-3.5.1-4.1.x86_64 > > or you can dig domainsid from ldap > 5. configure samba on new server as PDC with ldap and shares in smb.conf from old samba smb.conf (check with testparm) >> >> I see it only contains shares so I bet smb.conf would just keep all >> the old settings rigth? /DATA will be rsynced >> > > Maybe smb.conf from Samba2 is too different from Samba 3. I will keep > current smb.conf on new server and add only shares from old smb.conf to > new smb.conf. > 6. stop samba on old server 7. copy all data (with perms) and netlogon share to new server 8. stop old server 9. start samba on new server a check everything is working fine (domain logon from windows box, shares and perms) This can be done best when no users are logged in samba (maybe at weekend?) P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain >> >> thanks I move to Debian with ease :-) ubuntu is a great deb derived right? >> > Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu 10.04 LTS > comes out this will be no longer truth. > >>> Check http://wiki.samba.org for info regarding Windows 7. >>> >>> Cheers, >>> John T. >>> Dne 25.3.2010 01:05, GG napsal(a): > Hello Vladimir and hi all, > > Thanks very much for replying! > > Any
[Samba] acl_xattr vs acl_tdb
Hi! Does anyone know how many ACLs can be stored on file system (xfs) using acl_xattr module and in file file_ntacls.tdb? Best regards /Adrian Berlin -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Hi Dne 25.3.2010 17:41, GG napsal(a): > Hello Vladimir, John and all the NG :-) > Thanks so much for answering. I really hoped someone would :-) > > So I installed Debian latest stable netinst on the future production > server and here are my issues in the quotes :-( no net command on my > suse 8.2 > > Cheers :-) > Giorgio > > >> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote: >>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: >>> What about Debian Stable with Sernet samba repo, where you can choose >>> Samba 3.4.x or 3.5.x >>> >>> My hints on migrating to new server: >>> >>> 1. install new server (Samba,ldap etc.) > > done :-) Debian Stable netinst > >>> 2. set same hostname on new server > My ignorance comes out :-) > Must I set it different from the production server as FW points > production.domain.com - I have clients using DNS=oldPDC and PDC > forwards queries to FW. FW has pdc.domain.com defined to point to lan > ip. > Ok, can be changed later >>> 3. export ldap data from old server and import them to new server > > slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif > OK > >> Ensure that all local user and group accounts that are used by samba >> have the same uid/gid. > my ignorance again... another hint? >> >>> 4. export SID (net getlocalsid) and set it on new server (net >>> setlocalsid oldsid) >> >> Note: >> net getdomainsid (on old server) >> net setdomainsid (on new server) > thanks :-) > > # net getdomainsid > -bash: net: command not found :-( and not found in yast > > I understand it has to do with extracting the sid from > /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast > has now net package and googling net is.. well wow! > Have you samba-client package installed? pavouk\pseni...@psenicka:~> rpm -qf `which net` samba-client-3.5.1-4.1.x86_64 or you can dig domainsid from ldap >>> 5. configure samba on new server as PDC with ldap and shares in smb.conf >>> from old samba smb.conf (check with testparm) > > I see it only contains shares so I bet smb.conf would just keep all > the old settings rigth? /DATA will be rsynced > Maybe smb.conf from Samba2 is too different from Samba 3. I will keep current smb.conf on new server and add only shares from old smb.conf to new smb.conf. >>> 6. stop samba on old server >>> 7. copy all data (with perms) and netlogon share to new server >>> 8. stop old server >>> 9. start samba on new server a check everything is working fine (domain >>> logon from windows box, shares and perms) >>> >>> This can be done best when no users are logged in samba (maybe at weekend?) >>> >>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain > > thanks I move to Debian with ease :-) ubuntu is a great deb derived right? > Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu 10.04 LTS comes out this will be no longer truth. >> Check http://wiki.samba.org for info regarding Windows 7. >> >> Cheers, >> John T. >> >>> Dne 25.3.2010 01:05, GG napsal(a): Hello Vladimir and hi all, Thanks very much for replying! Any suggested os? I'd go for debian or what advised, I just happen to know ubuntu more... Any strategy or hint on migrating from ancient ldap + samba to a new server? Already tried rsyncing (using all options to keep perms and attributes grp own mod etc) on a twin v-machine but server starts and the ldap auth fails to work :-( I'm a bit stuck at the moment :-( and I have posponed the problem for too long grrr Giorgio On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka wrote: > Dne 23.3.2010 15:48, Giorgio napsal(a): >> Hello, >> Hopefully I'm in the right place asking for help :-) >> >> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to >> latest samba versions, I would like to use an ubuntu 8.04 virtual >> machine. >> >> The domain is in production on the physical server, to be dismissed after >> migration. It is also the file server!!! so /DATA/ has all shared and >> permission driven file access.. >> >> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html >> but >> I realize I am in a different scenario... >> >> Production so no errors are admitted :-(, migration to new os and >> versions.. >> all at once? >> >> I have a dump of the physical server (dd sda mbr and single partitions :) >> plus an rsync with all permissions daily backup, just to be safe ;) >> >> >> What would you guru's suggest as a strategy? >> >> Can I create a new server and add it as secondary domain controller and >> then >> once the replica is up? I'd feel quite comfortable with this method. >> >> BTW I need a new version of samba as they have already bought Windows 7 >> boxes (without asking if they were supported arrgh). >> >>
Re: [Samba] how to synch multiple servers?
Hello, try DRBD with OCFS2. I have tried this, but when the traffic was to high and DRBD has two Masters(Both can write), than one Server will crash - from my experience. Maybe a FUSE Cluster Filesystem can help you? I have written one, but never finished it, or tested it in a Productiv Environment. There are some others Cluster Filesystems in High Level Programming Languages, but i don't know how fast this would be. Kind Regards Richi Am Thursday 25 March 2010 16:48:35 schrieb PTaco: > I mean, if a file is updated, added, or changed on 1 server, it will > perform the same changes to the others automatically. > > John M. Drescher wrote: > > On Thu, Mar 25, 2010 at 10:49 AM, John Drescher > > > > wrote: > >>> Is there a way to synch multiple servers at once so when one is > >>> changed, samba updates all the other servers at the same time > >>> automatically? > >> > >> What are you talking about? Permissions or files or both? > >> > >> If just permissions use ldap. > > > > By permissions I mean user and machine accounts and the like not ACLs > > > > John > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > View this message in context: > http://old.nabble.com/how-to-synch-multiple-servers--tp28019825p28030799.ht >ml Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] call trace when using acl_tdb module
Hi! Thanks for your reply! Patch seems to be working but there are still problem with some acls. I will be testing it and I will send feedback. Best regards /Adrian Berlin > - Original Message - > From: Jeremy Allison > To: Jeremy Allison > Cc: Adrian Berlin , samba@lists.samba.org > Subject: Re: [Samba] call trace when using acl_tdb module > Date: Wed, 24 Mar 2010 09:53:31 -0700 > > > On Wed, Mar 24, 2010 at 09:46:55AM -0700, Jeremy Allison wrote: > > On Wed, Mar 24, 2010 at 01:58:45PM +0100, Adrian Berlin wrote: > > > Hello, > > > > When I am using module acl_tdb and I am trying to get access > > to directory I am getting call trace in log.ip > > > > Known bug : > > > > https://bugzilla.samba.org/show_bug.cgi?id=7283 > > > > I'm testing my patch for this as we email > > Works. Here is the fix: > > Jeremy. > -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba