[Samba] Samba 4 upgrade_from_s3 problem

[Taylor, Jonn]

Unable to upgrade from samba 3 to samba 4 using upgrade_from_s3.

CentOS 5.4 x86_64
samba Version 4.0.0alpha12-GIT-ef83c97
samba3-3.4.4-41.el5 from sernet

[r...@bdc source4]# ./setup/upgrade_from_s3 --targetdir=/etc/samba4 
/etc/samba /etc/samba/smb.conf

Reading Samba3 databases and smb.conf
Provisioning
Traceback (most recent call last):
  File "./setup/upgrade_from_s3", line 84, in ?
targetdir=opts.targetdir)
  File "bin/python/samba/upgrade.py", line 415, in upgrade_provision
serverrole=serverrole)
  File "bin/python/samba/provision.py", line 1112, in provision
domainsid = security.dom_sid(domainsid)
TypeError: argument 1 must be string without null bytes, not str

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Net Command Error

[Linux Addict]

I think I hit https://bugzilla.samba.org/show_bug.cgi?id=7209

On Thu, Apr 1, 2010 at 6:00 PM, Linux Addict  wrote:

> I just built the samba 3.5.1 rpm for Redhat 4 U6. When I try to run the
> command "net", it is erroring out. Other command seems to be running fine.
>
> Any help is greatly appreciated. thank you.
>
>
> *#net*
> *net: symbol lookup error: /usr/lib64/libreadline.so.4: undefined symbol:
> BC*
>
> *#ldd `which net`*
> libcap.so.1 => /lib64/libcap.so.1 (0x002a9566c000)
> libresolv.so.2 => /lib64/libresolv.so.2 (0x002a9577)
> libnsl.so.1 => /lib64/libnsl.so.1 (0x002a95886000)
> libdl.so.2 => /lib64/libdl.so.2 (0x002a9599e000)
> libpopt.so.0 => /usr/lib64/libpopt.so.0 (0x002a95aa1000)
> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
> (0x002a95baa000)
> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x002a95cc)
> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
> (0x002a95e31000)
> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x002a95f55000)
> libuuid.so.1 => /lib64/libuuid.so.1 (0x002a96057000)
> libldap-2.2.so.7 => /usr/lib64/libldap-2.2.so.7
> (0x002a9615a000)
> liblber-2.2.so.7 => /usr/lib64/liblber-2.2.so.7
> (0x002a96291000)
> libreadline.so.4 => /usr/lib64/libreadline.so.4
> (0x002a9639f000)
> libwbclient.so.0 => /usr/lib64/libwbclient.so.0
> (0x002a964d8000)
> libc.so.6 => /lib64/tls/libc.so.6 (0x002a965f8000)
> /lib64/ld-linux-x86-64.so.2 (0x002a95556000)
> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x002a9682d000)
> libssl.so.4 => /lib64/libssl.so.4 (0x002a96945000)
> libcrypto.so.4 => /lib64/libcrypto.so.4 (0x002a96a81000)
> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x002a96cb2000)
> libz.so.1 => /usr/lib64/libz.so.1 (0x002a96de6000)
>
>
> *#ldd -d -r /usr/lib64/libreadline.so.4 | grep undef*
> undefined symbol: BC(/usr/lib64/libreadline.so.4)
> undefined symbol: PC(/usr/lib64/libreadline.so.4)
> undefined symbol: UP(/usr/lib64/libreadline.so.4)
> undefined symbol: tgetnum   (/usr/lib64/libreadline.so.4)
> undefined symbol: tgoto (/usr/lib64/libreadline.so.4)
> undefined symbol: tgetflag  (/usr/lib64/libreadline.so.4)
> undefined symbol: tputs (/usr/lib64/libreadline.so.4)
> undefined symbol: tgetent   (/usr/lib64/libreadline.so.4)
> undefined symbol: tgetstr   (/usr/lib64/libreadline.so.4)
>
>
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Net Command Error

[Linux Addict]

I just built the samba 3.5.1 rpm for Redhat 4 U6. When I try to run the
command "net", it is erroring out. Other command seems to be running fine.

Any help is greatly appreciated. thank you.


*#net*
*net: symbol lookup error: /usr/lib64/libreadline.so.4: undefined symbol: BC
*

*#ldd `which net`*
libcap.so.1 => /lib64/libcap.so.1 (0x002a9566c000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x002a9577)
libnsl.so.1 => /lib64/libnsl.so.1 (0x002a95886000)
libdl.so.2 => /lib64/libdl.so.2 (0x002a9599e000)
libpopt.so.0 => /usr/lib64/libpopt.so.0 (0x002a95aa1000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
(0x002a95baa000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x002a95cc)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x002a95e31000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x002a95f55000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x002a96057000)
libldap-2.2.so.7 => /usr/lib64/libldap-2.2.so.7 (0x002a9615a000)
liblber-2.2.so.7 => /usr/lib64/liblber-2.2.so.7 (0x002a96291000)
libreadline.so.4 => /usr/lib64/libreadline.so.4 (0x002a9639f000)
libwbclient.so.0 => /usr/lib64/libwbclient.so.0 (0x002a964d8000)
libc.so.6 => /lib64/tls/libc.so.6 (0x002a965f8000)
/lib64/ld-linux-x86-64.so.2 (0x002a95556000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x002a9682d000)
libssl.so.4 => /lib64/libssl.so.4 (0x002a96945000)
libcrypto.so.4 => /lib64/libcrypto.so.4 (0x002a96a81000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x002a96cb2000)
libz.so.1 => /usr/lib64/libz.so.1 (0x002a96de6000)


*#ldd -d -r /usr/lib64/libreadline.so.4 | grep undef*
undefined symbol: BC(/usr/lib64/libreadline.so.4)
undefined symbol: PC(/usr/lib64/libreadline.so.4)
undefined symbol: UP(/usr/lib64/libreadline.so.4)
undefined symbol: tgetnum   (/usr/lib64/libreadline.so.4)
undefined symbol: tgoto (/usr/lib64/libreadline.so.4)
undefined symbol: tgetflag  (/usr/lib64/libreadline.so.4)
undefined symbol: tputs (/usr/lib64/libreadline.so.4)
undefined symbol: tgetent   (/usr/lib64/libreadline.so.4)
undefined symbol: tgetstr   (/usr/lib64/libreadline.so.4)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Printer Admin Difficulties

[Jeff Hardy]

I have been trying to setup a new print server on Fedora 12 based around 
samba-3.4.7-58.fc12.x86_64 and cups-1.4.2-28.fc12.x86_64.  All looks 
good except for the ability for printer administrators to manage 
printers.  Whether I specify users in a system group using the 
deprecated printer admin option, or specifically using net rpc rights 
and the SePrinterOperatorPrivilege, it does not matter.  This is against 
an NT4 domain on samba-3.4.2.


Interestingly, I have one user who can manage printers, whether or not 
he is in the group or has the privilege.  Also, the printer admin pieces 
work correctly on an existing samba-3.0.28a print server against that 
same domain controller.


I have been looking at level 10 logs to compare two users, the mystery 
adminuser, and the feckless denieduser, when running the following 
command (again, both are members of the printer admin group):


rpcclient -c 'setdriver ZZZ "HP LaserJet 4000 Series PS"' -U  
localhost


Following are log snippets, both beginning with SPOOLSS_OPENPRINTEREX 
and ending when printer access is either granted as 
PRINTER_ACCESS_ADMINISTER or denied outright.  Whether or not in the 
proper printer admin group or given the privilege, the outcome does not 
change for either user.


First the user for whom administrative access is granted:


[2010/03/31 13:43:35,  4] rpc_server/srv_pipe.c:2297(api_rpcTNP)
  api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: 
SPOOLSS_OPENPRINTEREX

[2010/03/31 13:43:35,  6] rpc_server/srv_pipe.c:2327(api_rpcTNP)
  api_rpc_cmds[69].fn == 0x7f0e2d66c890
[2010/03/31 13:43:35,  1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
   spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx
  in: struct spoolss_OpenPrinterEx
  printername  : *
  printername  : '\\LOCALHOST\ZZZ'
  datatype : NULL
  devmode_ctr: struct spoolss_DevmodeContainer
  _ndr_size: 0x (0)
  devmode  : NULL
  access_mask  : 0x000f000c (983052)
 0: SERVER_ACCESS_ADMINISTER
 0: SERVER_ACCESS_ENUMERATE
 1: PRINTER_ACCESS_ADMINISTER
 1: PRINTER_ACCESS_USE
 0: JOB_ACCESS_ADMINISTER
 0: JOB_ACCESS_READ
  level: 0x0001 (1)
  userlevel: union spoolss_UserLevel(case 1)
  level1   : *
  level1: struct spoolss_UserLevel1
  size : 0x001c (28)
  client   : *
  client   : '\\TKNEW'
  user : *
  user : 'adminuser'
  build: 0x0565 (1381)
  major: UNKNOWN_ENUM_VALUE (2)
  minor: 
SPOOLSS_MINOR_VERSION_0 (0)
  processor: 
PROCESSOR_ARCHITECTURE_INTEL (0)

  checking name: \\LOCALHOST\ZZZ
[2010/03/31 13:43:35, 10] rpc_server/srv_spoolss_nt.c:560(open_printer_hnd)
  open_printer_hnd: name [\\LOCALHOST\ZZZ]
[2010/03/31 13:43:35,  4] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd)
  Opened policy hnd[1] [] 00 00 00 00 02 00 00 00   00 00 00 00 B3 
4B C7 89    .K..

  [0010] F9 54 00 00   .T..
[2010/03/31 13:43:35,  3] 
rpc_server/srv_spoolss_nt.c:394(set_printer_hnd_printertype)

  Setting printer type=\\LOCALHOST\ZZZ
  Printer is a printer
[2010/03/31 13:43:35,  4] 
rpc_server/srv_spoolss_nt.c:434(set_printer_hnd_name)

  Setting printer name=\\LOCALHOST\ZZZ (len=15)
[2010/03/31 13:43:35,  8] lib/util.c:1879(is_myname)
  is_myname("LOCALHOST") returns 0
  searching for [ZZZ]
[2010/03/31 13:43:35, 10] 
printing/nt_printing.c:4630(get_a_printer_internal)

  get_a_printer: [printers] level 2
[2010/03/31 13:43:35, 10] 
printing/nt_printing.c:3917(get_a_printer_2_default)

  get_a_printer_2_default: driver name set to []
  printername: printers
[2010/03/31 13:43:35, 10] 
printing/nt_printing.c:3917(get_a_printer_2_default)

  get_a_printer_2_default: driver name set to []
  printername: CRBSTD-P
  set_printer_hnd_name: Printer found: ZZZ -> ZZZ
[2010/03/31 13:43:35,  5] rpc_server/srv_spoolss_nt.c:590(open_printer_hnd)
  1 printer handles active
[2010/03/31 13:43:35,  4] 
rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal)
  Found policy hnd[0] [] 00 00 00 00 02 00 00 00   00 00 00 00 B3 
4B C7 89    .K..

  [0010] F9 54 00 00   .T..
[2010/03/31 13:43:35,  4] 
rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal)
  Found policy hnd[0] [000

Re: [Samba] Failed to join domain: failed to precreate account in ou (null): Out of memory

[Andrew Tranquada]

ah excellent I did not see the other bug that was filed, probably need to
look closer next time.
I am building 3.5.test and will see how that goes .Thanks!

On Thu, Apr 1, 2010 at 5:45 AM, Karolin Seeger  wrote:

> Hi Andrew,
>
> On Wed, Mar 31, 2010 at 09:14:10AM -0400, Andrew Tranquada wrote:
> > Anyone else have this problem? We are kind of stuck as 3.4.x seems to
> hang
> > when any of our multiple AD servers are rebooted, and 3.5 seems to not
> have
> > that problem. Right now we are installing 3.4.5 then upgrading to 3.5.1,
> we
> > would much rather install just 3.5.1
> >
> > On Fri, Mar 26, 2010 at 1:09 PM, Andrew Tranquada <
> > andrew.tranqu...@gmail.com> wrote:
> >
> > >
> > >
> > > with samba 3.5.1 if I were to join a server to the domain and specify
> an OU
> > > to create the computer object in, i getFailed to join domain: failed to
> > > precreate account in ou (null): Out of memory
> > >
> > >
> > > However, if I run the same command with samba 3.4.5 it works.
> > >  Did the syntax change? I cannot see anything about it
> > >
> > > net ads join createcomputer="Linux_Servers" -U % -n
> core278468
>
> I think you hit bug https://bugzilla.samba.org/show_bug.cgi?id=7204.
> The patch will be included in Samba 3.5.2 (scheduled for April 7).
> Maybe you would like to test the patch...
>
> Cheers,
> Karolin
>
> --
> Samba   http://www.samba.org
> SerNet  http://www.sernet.de
> sambaXP http://www.sambaxp.org
>
>


-- 
Andrew Tranquada
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] manage permissions from windows security tab

[Mike Rambo]

We have been changing stand alone servers at remote buildings from being 
PDCs in their own domain to being members of an AD domain.


After some initial hiccups I think we are most of the way there. The 
boxes are joining the domain and users are mostly able to access their 
files. The last remaining issue (so far) is that we find we are unable 
to manage permissions via the windows security tab. All attempts to do 
so are met with "unable to save permissions" along with either "access 
denied" or "the parameter is incorrect". The latter only occurs on the 
public share. I have read that new users and groups cannot be added via 
that interface but that permission changes themselves should work.


acls are activated and look like they are working on the shared areas 
(at least getfacl/setfacl appear to work ok).


[r...@franks-dc1 opt]# ll
drwxrws---+ 3 LPSD+cisitadmin LPSD+enterprise admins  4096 Nov 28  2006 
appinstalls
drwxrws---+ 2 LPSD+cisitadmin LPSD+franks-staff   4096 Aug  3  2004 
bldgshrs
drwxrwsrwx+ 8 LPSD+cisitadmin LPSD+domain users   4096 May 18  2009 
public


[r...@franks-dc1 opt]# getfacl public
# file: public
# owner: LPSD+cisitadmin
# group: LPSD+domain\040users
user::rwx
group::rwx
other::rwx
default:user::rwx
default:user:LPSD+cisitadmin:rwx
default:group::rwx
default:group:LPSD+domain\040users:rwx
default:mask::rwx
default:other::---

I did level 10 logs but my untrained eyes found only the following and 
have been unable to figure out why. The test involved setting the level 
10 logging and then connecting via Computer Management from a 2003 
server on the AD domain to the already joined Linux/Samba box. Then I 
tried to set permissions first on the Bldgshare share and followed by 
the Public share. Following are the only errors/failures I saw.


log.evrt-dc1:  acl_set_file failed: Operation not permitted
log.evrt-dc1:  set_canon_ace_list: sys_acl_set_file type file failed for 
file . (Operation not permitted).
log.evrt-dc1:  set_nt_acl: failed to set file acl on file . (Operation 
not permitted).

log.evrt-dc1:  acl_set_file failed: Operation not permitted
log.evrt-dc1:  set_canon_ace_list: sys_acl_set_file type file failed for 
file . (Operation not permitted).
log.evrt-dc1:  set_nt_acl: failed to set file acl on file . (Operation 
not permitted).


Full logs are at http://hgrepo.lansingschools.net as they are large.

Samba version is 3.5.1 on CentOS 4.8.

Samba configuration:

[global]
   workgroup = LPSD
   netbios name = FRANKS-DC1
   realm = LPSD.LOCAL
   server string = Samba PDC %v
   printcap name = CUPS
   load printers = yes
   printing = cups
   printcap = cups
   log file = /var/log/samba/log.%m
   log level = 10
;   max log size = 100
   security = ADS
   syslog = 0
   ldap ssl = no
   template shell = /bin/bash
   winbind separator = +
   enable privileges = yes
   allow trusted domains = No
   idmap backend = idmap_rid:LPSD=500-1
   idmap uid = 500-1
   idmap gid = 500-1
   winbind use default domain = Yes
   winbind enum users = No
   winbind enum groups = No
   winbind nested groups = Yes
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   passdb backend = tdbsam
   username map = /etc/samba/smbusers
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
   os level = 63
   preferred master = yes
   logon home =
   logon path =
   wins support = yes
   dns proxy = no

[Public]
   comment = Public Stuff
   path = /opt/public
   public = yes
   guest ok = yes
   writable = yes
   create mask = 0777
   directory mask = 0777
   force security mode = 0
   directory security mask = 0777
   force directory security mode = 0
   browseable = yes
   printable = no
   nt acl support = yes
   write list = @"LPSD+Enterprise Admins", @LPSD+technicians, root
   admin users = @"LPSD+Enterprise Admins"

[Bldgshare]
   path = /opt/bldgshrs
   comment = Building share
   create mask = 0777
   directory mask = 0777
   force security mode = 0
   directory security mask = 0777
   force directory security mode = 0
   read only = yes
   printable = no
   nt acl support = yes
   valid users = @LPSD+franks-teachers, @LPSD+franks-staff, 
@"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs
   write list = @LPSD+franks-teachers, @LPSD+franks-staff, 
@"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs



Any and all advice would be greatly appreciated. I'm beginning to feel 
like I've read half the web over the last two days and am no closer to a 
solution.


Regards,


--
Mike Rambo


NOTE: In order to control energy costs the light at the end
of the tunnel has been shut off until further notice...
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Passthrough Authentication, DC Authentication and Signing

[Johnny Kimble]

Hello all,

How does a CIFS server sign messages in a situation where the CIFS server does
 not know the password of the user? For example, in a situation where the CIFS 
server has to communicate with a domain controller.

I've looked into this and I've a feeling the answer might lie in the GSS API. 
But I'm not sure exactly how the CIFS server uses it to sign a message.

Can a CIFS server ask a domain controller for a Message Authentication Code (or 
ntlmv2 repsonse or whatever is required) for a particular client, and then use 
that sign all subsequent communication with that client?

Thanks,
JK

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 2008 pdc troubles

[Richard Smits]

He Markus,

We have this problem on multiple environments.

One of my servers is a Redhat v5 , samba version samba-3.0.28-1.el5_2.1.

But our clients are openSuSe 10.3 and SuSE Enterprise Desktop 11.

Their samba versions are :

Version 3.0.26a-3.7-1787-SUSE-SL10.3

Version 3.2.7-11.9.1-2306-SUSE-CODE11

The 11 clients are also having some issues, but works better then 10.3.

We are hoping a Microsoft patch wil solve some stuff next week that 
enables DES encryption.


See : http://support.microsoft.com/?kbid=978055

But i was hoping also for another way to solve this if the hotfix 
doesn't work correctly.


Greetings .. Richard

Preller, Markus wrote:

Hi Richard,

sounds familiar to me - we had the same trouble when changing our AD backend
from w2k3 to w2k8R2 servers. 


I fixed the whole thing by using Samba 3.4.7, Kerberos 1.7.1 and OpenLDAP 2.4.21
completely build from the scratch on Solaris 10 (Sparc and x64). Kerberos 1.6.3
has some issues with upper/lowercase SPNs so I used 1.7.1. 


Which platform do you have ?

best regards
Markus  


-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im 
Auftrag von Richard Smits
Gesendet: Donnerstag, 1. April 2010 15:25
An: samba@lists.samba.org
Betreff: [Samba] Windows 2008 pdc troubles

We are in the process of upgading our windows 2003 pdc's to windows 
2008Rr2. No problem there, but our samba/winbind clients are beginning 
to show some strange behaviour.


In the beginning we saw a lot of messages appear in the logfiles.

Example :
--
pr  1 14:07:36 srvxxx winbindd[5148]:   rpc_api_pipe: Remote machine 
pdc.company.net pipe \NETLOGON fnum 0x4003returned critical error. Error 
was NT_STATUS_PIPE_DISCONNECTED

--

The clients who were connected to our 2003 pdc did not have this problem.
Now we are getting reports that some mounts are failing, and joining a 
machine to the domain is also failing with a kerberos error. (ticket not 
valid ?)


Some more messages :


winbindd.log :
[2010/04/01 14:54:10, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
Could not receive trustdoms


[2010/03/31 10:02:25, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4007 to 
machine pdc.company.net.  Error was SUCCESS - 0


We are using samba version samba-3.0.28-1.el5_2.1 on rhel5.

What can we do to troubleshoot or solve this problem ?

Greetings ... Richard

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 2008 pdc troubles

[Preller, Markus]

Hi Richard,

sounds familiar to me - we had the same trouble when changing our AD backend
from w2k3 to w2k8R2 servers. 

I fixed the whole thing by using Samba 3.4.7, Kerberos 1.7.1 and OpenLDAP 2.4.21
completely build from the scratch on Solaris 10 (Sparc and x64). Kerberos 1.6.3
has some issues with upper/lowercase SPNs so I used 1.7.1. 

Which platform do you have ?

best regards
Markus  

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im 
Auftrag von Richard Smits
Gesendet: Donnerstag, 1. April 2010 15:25
An: samba@lists.samba.org
Betreff: [Samba] Windows 2008 pdc troubles

We are in the process of upgading our windows 2003 pdc's to windows 
2008Rr2. No problem there, but our samba/winbind clients are beginning 
to show some strange behaviour.

In the beginning we saw a lot of messages appear in the logfiles.

Example :
--
pr  1 14:07:36 srvxxx winbindd[5148]:   rpc_api_pipe: Remote machine 
pdc.company.net pipe \NETLOGON fnum 0x4003returned critical error. Error 
was NT_STATUS_PIPE_DISCONNECTED
--

The clients who were connected to our 2003 pdc did not have this problem.
Now we are getting reports that some mounts are failing, and joining a 
machine to the domain is also failing with a kerberos error. (ticket not 
valid ?)

Some more messages :


winbindd.log :
[2010/04/01 14:54:10, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
Could not receive trustdoms


[2010/03/31 10:02:25, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4007 to 
machine pdc.company.net.  Error was SUCCESS - 0

We are using samba version samba-3.0.28-1.el5_2.1 on rhel5.

What can we do to troubleshoot or solve this problem ?

Greetings ... Richard
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] AD Auth Trusted Domain issues

[Paul Lauss]

We have corrected the issues of "KID" not being native but this does not
seem to have helped.  We did however see this error in the Windows Event
Viewer at the point that I am trying to make the connection.  I am not
certain what it means that there are no logon servers available... 
Thoughts?

Event Type:Warning
Event Source:LSASRV
Event Category:SPNEGO (Negotiator)
Event ID:  40960
Date: 3/31/2010
Time: 3:19:00 AM
User: N/A
Computer:  CHLDDC01
Description:
The Security System detected an authentication error for the server
ldap/chlddc01.kid.rdomain.prv.  The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
 (0xc05e)".
 
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
: 5e 00 00 c0   ^..À   


On 3/30/2010 6:20 PM, de...@thom.fr.eu.org wrote:
> So, as I already told you, I'm not familiar with that kind of setup.
>
> From what I could see, the fact that domain KID is not in ADS native may be 
> the problem as you've got security = ADS and that expects native mode.
>
> You should try to go back to the list to confirm that. Your setup does not 
> seem to be that odd, I could read lots of people trying (successfully for 
> most of them if I remember correctly) to accomplish that kind of things.
>
> Sorry to not be able to help you more.
>
> François
>
> -Message d'origine-
> De : Paul Lauss [mailto:pla...@protocolgs.com] 
> Envoyé : mardi 30 mars 2010 23:26
> À : de...@thom.fr.eu.org
> Objet : Fwd: Re: [Samba] AD Auth Trusted Domain issues
>
> This didn't seem to go through the listserv...
>
>
> I am so sorry, I was trying to stay fairly concise... Here is the whole log 
> file I extracted.
>
> On 3/30/2010 1:56 PM, de...@thom.fr.eu.org wrote:
>   
>> Could you provide the part that you removed, I can see that winbind is 
>> trying to connect to chlddc01.kid.rdomain.prv for domain kid, but then you 
>> removed that part of the transaction, and we end up with some info returned 
>> from main domain dc.
>>
>> François
>>
>> -Message d'origine-
>> De : samba-boun...@lists.samba.org 
>> [mailto:samba-boun...@lists.samba.org] De la part de Paul Lauss Envoyé 
>> : mardi 30 mars 2010 20:23 À : samba@lists.samba.org Objet : Re: 
>> [Samba] AD Auth Trusted Domain issues
>>
>> The trust check succeeded... I have attached the pertinent logs... it looks 
>> like it is timing out... I am not sure why though.  The link should be a 
>> little slower but it shouldn't be terrible, it is a 2Mb pipe.
>>
>> mailtestbed:~# wbinfo -t
>> checking the trust secret via RPC calls succeeded
>>
>> On 3/30/2010 9:47 AM, François Legal wrote:
>>   
>> 
>>> I'm not sure to 100% understand what you mean (it's been a long time 
>>> since I last used an AD server with SFU).
>>> However, next step now will be to increase winbindd debug level while 
>>> issuing the wbinfo -i command, and see what fails there.
>>>
>>> Try first an wbinfo -t, then if it succeeds, increase winbindd verbosity.
>>>
>>> François
>>>
>>> On Tue, 30 Mar 2010 09:09:09 -0500, Paul Lauss 
>>> 
>>> wrote:
>>>   
>>> 
>>>   
 Hello,
 Thank you so much for your reply!  We are using AD 2003 R2 on both 
 the domain and the child domain.  I am using 1-2 for IDs on 
 the main domain (RDOMAIN) and 3-10 on the child domain (KID).
 Interestingly, in the Unix tab (in AD Users and Computers for any
 object) under "NIS Domain" on any of the RDOMAIN servers we get the 
 pulldown option "RDOMAIN" but on the Trusted domains server the only 
 option is "KID".  I'm not sure if that is expected or would affect 
 this but I can't seem to get the RDOMAIN option in the KID Trusted domain.

 Thanks,
 -Paul

 On 3/30/2010 2:27 AM, François Legal wrote:
 
   
 
> Hello,
>
> I'm not familiar with this kind of setup, but I wonder whether or 
> not
>   
> 
>   
>>> the
>>>   
>>> 
>>>   
> KID domain has the SFU schema extensions setup for idmapping (see 
> idmap backend = ad) and if porperly setup, check that the defined 
> uid/gid for that domain fall in the idmap uid range
>
> François
>
> On Mon, 29 Mar 2010 17:54:37 -0500, Paul Lauss 
> 
> wrote:
>   
>   
> 
>   
>> I have been killing myself on this issue over the last 2 weeks.  I
>> 
>>   
>> 
>>> have
>>>   
>>> 
>>>   
>> setup pam AD authentication using winbind on our companies email 
>> servers.  That part is currently working.  I have been trying to 
>> add
>> 
>>   
>> 
>>> an
>>>   
>>> 
>>>   
>> existing "

[Samba] Windows 2008 pdc troubles

[Richard Smits]

We are in the process of upgading our windows 2003 pdc's to windows 
2008Rr2. No problem there, but our samba/winbind clients are beginning 
to show some strange behaviour.


In the beginning we saw a lot of messages appear in the logfiles.

Example :
--
pr  1 14:07:36 srvxxx winbindd[5148]:   rpc_api_pipe: Remote machine 
pdc.company.net pipe \NETLOGON fnum 0x4003returned critical error. Error 
was NT_STATUS_PIPE_DISCONNECTED

--

The clients who were connected to our 2003 pdc did not have this problem.
Now we are getting reports that some mounts are failing, and joining a 
machine to the domain is also failing with a kerberos error. (ticket not 
valid ?)


Some more messages :


winbindd.log :
[2010/04/01 14:54:10, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
Could not receive trustdoms


[2010/03/31 10:02:25, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4007 to 
machine pdc.company.net.  Error was SUCCESS - 0


We are using samba version samba-3.0.28-1.el5_2.1 on rhel5.

What can we do to troubleshoot or solve this problem ?

Greetings ... Richard
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Printing Slow-down with Samba 3.5.1

[John Welch]

- "Karolin Seeger"  wrote:

> Hu John,
> 
> On Wed, Mar 31, 2010 at 02:27:54PM -0400, John Welch wrote:
> > We have a Windows 2003 Active Directory environment with a mixture
> of Windows 2000/2003 and Linux (CentOS 4/5) / Samba servers.  The
> Samba versions on some of the Linux machines are getting a little old
> (3.0 and 3.2) and we are starting to introduce Windows 7 in our
> environment, so I thought now might be a good time to upgrade.  On a
> fully patched CentOS 5 test machine I upgraded to Samba 3.5.1 using
> the packages from the sernet repos.  For the most part things seem OK,
> except that I've noticed a great deal of latency when trying to print
> (CUPS) to a printer shared on the test Samba 3.5.1 machine.  Any type
> of task involving this printer (viewing properties, selecting the
> printer, actually printing a document) takes at least a few seconds
> longer than it used to.  
> > 
> > In investigating this problem I didn't really see anything relevant
> in the Samba logs, but for each printing task I do I see messages like
> the following repeated several times in the CUPS logs:
> > 
> > I [31/Mar/2010:12:38:12 -0400] cupsdCloseClient: SSL shutdown
> successful!
> > 
> > I'm guessing this might have something to do with the new Samba
> "cups encrypt" parameter.  However, the default is supposed to be
> "no", so I'm not sure why I'm seeing these "SSL" messages.  I even
> tried explicitly setting the parameter to "no" in my smb.conf file,
> but this had no effect.  All the printing tasks do eventually work (or
> at least from what I've found so far), but the extra time involved to
> complete the tasks is an annoyance.
> > 
> > Backing off to 3.4 series (3.4.7) fixes the problem, so it
> definitely seems to be a 3.5 thing.  I have no problem upgrading to
> 3.4.x instead of the 3.5 series, at least for now.  But just wondering
> if I've maybe missed a configuration change that needs to be made
> either to Samba or CUPS to fix this issue.
> > 
> > Any help would be appreciated.
> 
> this might be related to bug
> https://bugzilla.samba.org/show_bug.cgi?id=6727
> (will be fixed in Samba 3.5.2.).
> 
> Cheers,
> Karolin
> 

Hi Karolin,

Thanks for pointing me to the direction of this bug.  However, unless I'm 
reading things wrong I'm not sure this bug applies to my situation.  It seems 
to indicate that this bug exists in the 3.4.x series, and at least in my test 
environment 3.4.7 seems fine.  It is only 3.5.1 where I am seeing the problem.  
Also, this bug talks mostly about issues going into the Properties for a 
printer, while my slow down happens whenever I do anything with the printer 
(properties page, select printer from drop-down, actually printing a document, 
etc.).

Thanks again,
John

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] How to stop mount.cifs remembering password

[Andy Gibbs]

Dear all,

I'm fairly new to Samba and CIFS and, for that matter, Linux in general.
I'm having a problem with "mount.cifs" as provided with Debian 5.  I'm
afraid I cannot say what version of mount.cifs I have since doing
"mount.cifs -V" does not (contrary to the message it shows when I do this)
actually show the version, but rather how to use the program.

The problem I have is that having successfully logged into a Windows shared
folder, I can subsequently log in *without* the correct password.

So...

mount.cifs \\192.168.1.0\folder /mnt -o user=joebloggs,pass=correct
umount /mnt
mount.cifs \\192.168.1.0\folder /mnt -o user=joebloggs,pass=incorrect

At this point it has remounted and given me full access, even though I've
got my password wrong the second time (and each subsequent time).  I can
even do "-o user=user,guest".  If I change user, then I must get the
password right at least once, but then once I have got it right, I then no
longer need to get it right.  The problem is that anyone using the computer
after someone has accessed the Windows share, can also then access it
without knowing the password.

As far as I can see, and I'm no expert, this is not a Windows problem since
in Windows, connecting to the folder requires the correct password every
time.

Is there any way I can force mount.cifs to forget the correct password so
that it requires it to be correct each time?

I'm sorry if I have not provided the correct information: I will happily do
so if told what to provide!  I have tried the Samba website and Google for
answers, but haven't found the right search phrase.  If I've missed
something, I'll happily just receive a link to the right page.

Thanks for any help!

Andy





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[Volker Lendecke]

On Thu, Apr 01, 2010 at 02:00:51PM +0200, christoph.be...@desy.de wrote:
> the symptoms went away using the older version of 3.0.x with the same  
> tdbs, anyway thanks for the hint and maybe Alan has a complete different  
> problem...

This needs fixing. Using samba-ancient is no solution :-)

Can you send a debug level 10 smbd log and the truss output
of a smbd?

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[christoph . beyer]

hmm,

the symptoms went away using the older version of 3.0.x with the same 
tdbs, anyway thanks for the hint and maybe Alan has a complete different 
problem...


cheers
christoph


On Thu, 1 Apr 2010, Volker Lendecke wrote:


On Thu, Apr 01, 2010 at 01:49:56PM +0200, christoph.be...@desy.de wrote:

Hi,

I bet they are but I see thousands of them per second for every client
that is 'just connected' and not doing anything, (on solaris) it slows
down a t5120 machine with five connections to become unusable... I see
the problem with:

samba-3.0.20
samba-3.2.14
samba-3.3.10
samba-3.4.1 samba-3.4.5

stopped trying more versions than as there was no single response on this
list and changed my service to a linux box where all of these versions
run just fine :)


That might be a symptom of a corrupt tdb file somewhere.
lsof might show you which of the tdbs is being beaten.

Volker



best regards
~christoph


--
/*   Christoph Beyer |   Office: Building 2b / 23 *\
 *   DESY|Phone: 040-8998-2317*
 *   - IT -  |  Fax: 040-8998-4060*
\*   22603 Hamburg   | http://www.desy.de */


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ?: winbind dont start

[Mistofeles]

26.3.2010 14:56, Mistofeles kirjoitti:
Still the same problem. WINBINDD does not start.
Even winbindd -d10 doesn't stops.
After I have stopped it with Ctrl-C, I can see in /var/log/samba the 
same message repeated tens of times in one second:


/log.winbind the last line is [2010/04/01 14:28:44,  5] 
lib/charcnv.c:82(charset_name)

  Substituting charset 'UTF-8' for LOCALE

nothing after that in the log.winbindd

Is there some way to see, what is causing the problem. I have tried to 
google with every possible keyword and found nothing.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[Volker Lendecke]

On Thu, Apr 01, 2010 at 01:49:56PM +0200, christoph.be...@desy.de wrote:
> Hi,
>
> I bet they are but I see thousands of them per second for every client  
> that is 'just connected' and not doing anything, (on solaris) it slows  
> down a t5120 machine with five connections to become unusable... I see 
> the problem with:
>
> samba-3.0.20
> samba-3.2.14
> samba-3.3.10
> samba-3.4.1 samba-3.4.5
>
> stopped trying more versions than as there was no single response on this 
> list and changed my service to a linux box where all of these versions 
> run just fine :)

That might be a symptom of a corrupt tdb file somewhere.
lsof might show you which of the tdbs is being beaten.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[christoph . beyer]

Hi,

I bet they are but I see thousands of them per second for every client 
that is 'just connected' and not doing anything, (on solaris) it slows 
down a t5120 machine with five connections to become unusable... I see the 
problem with:


samba-3.0.20
samba-3.2.14
samba-3.3.10
samba-3.4.1 
samba-3.4.5


stopped trying more versions than as there was no single response on this 
list and changed my service to a linux box where all of these versions run 
just fine :)


cheers
christoph


On Thu, 1 Apr 2010, Volker Lendecke wrote:


On Thu, Apr 01, 2010 at 01:32:02PM +0200, Christoph Beyer wrote:

if you do 'truss -f -p ' do you see a lot of:

19702:  fcntl(17, F_SETLKW64, 0xFFBFE640)   = 0

?

If yes this is a problem that is present in most of the recent samba
versions (tried 5 or 6 versions off the different branches) it's a
solaris related bug but that's all I can say. It might be fixed in 3.5.1
...


Those many fcntl calls are just normal Samba operation. They
should be *very* fast. There might be a problem with the
messages.tdb, notify.tdb and notify_onelevel.tdb in current
Samba version, where there is one fcntl read lock being held
per smbd on each of these databases. This might be a
performance problem if you have thousands of connected
clients. But normally, fcntl calls should be very fast.

Volker



best regards
~christoph


--
/*   Christoph Beyer |   Office: Building 2b / 23 *\
 *   DESY|Phone: 040-8998-2317*
 *   - IT -  |  Fax: 040-8998-4060*
\*   22603 Hamburg   | http://www.desy.de */


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[Volker Lendecke]

On Thu, Apr 01, 2010 at 01:32:02PM +0200, Christoph Beyer wrote:
> if you do 'truss -f -p ' do you see a lot of:
>
> 19702:  fcntl(17, F_SETLKW64, 0xFFBFE640)   = 0
>
> ?
>
> If yes this is a problem that is present in most of the recent samba 
> versions (tried 5 or 6 versions off the different branches) it's a 
> solaris related bug but that's all I can say. It might be fixed in 3.5.1 
> ...

Those many fcntl calls are just normal Samba operation. They
should be *very* fast. There might be a problem with the
messages.tdb, notify.tdb and notify_onelevel.tdb in current
Samba version, where there is one fcntl read lock being held
per smbd on each of these databases. This might be a
performance problem if you have thousands of connected
clients. But normally, fcntl calls should be very fast.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[Christoph Beyer]

Hi,

if you do 'truss -f -p ' do you see a lot of:

19702:  fcntl(17, F_SETLKW64, 0xFFBFE640)   = 0

?

If yes this is a problem that is present in most of the recent samba versions 
(tried 5 or 6 versions off the different branches) it's a solaris related bug 
but that's all I can say. It might be fixed in 3.5.1 ...


cheers
christoph


On Thu, 1 Apr 2010, Volker Lendecke wrote:


 On Thu, Apr 01, 2010 at 06:22:34PM +0800, Alan Pek wrote:
>  a) Though the CPU utilisation is not high but there memory used and
>  swapped are very high. This will slow it down further.
> 
>  b) Think every samba connection will consume a considerable amout of

>  memory as well.

 The rough estimate here is that Samba should have 2-3MB real
 RAM per client. If your smbds use a lot more, you might be
 hitting a memleak that might be fixed in later versions.
 3.0.22 is very old, I would really recommend looking at
 3.4.7 or 3.5.2 (next week).

>  c) We did a test, by saving a huge number of files onto local drive (on
>  enduser PC) and the copy into the mapped drives This is much faster,
>  probably by factor 6 or more, then using Excel marco
>  and writing directly into the samba share over NFS.

 Do you have oplocks disabled? This would severely impact
 performance. If you don't have concurrent NFS clients
 accessing the same data, you might also want to try

 posix locking = no

>  d) Looking at the system, and samba processes,  how should I do a truss
>  with high-resolution timestamps on the smbd processes ? Every smbd process
>  ?
>  Just do :
> 
>  truss -p 20995 without any option ?


 Not sure how truss really works, in Linux you would do a

 strace -ttT -p 20995 -o smbd.out

 You pick a single smbd with "smbstatus" and run your test.
 The truss output will need some interpretation though.

>  e)  Network tracing , meaning application profiling by putting a sniffer,
>  or/and snoop on both samba and nfs side ?

 Yes. Best done on the samba server box itself.

 BTW, before you send stuff to the list -- both the truss and
 the network sniffer output will probably contain sensitive
 data.

 Volker



best regards
~ christoph


--
/*   Christoph Beyer |   Office: Building 2b / 23 *\
  *   DESY|Phone: 040-8998-2317*
  *   - IT -  |  Fax: 040-8998-4060*
\*   22603 Hamburg   | http://www.desy.de */


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[Volker Lendecke]

On Thu, Apr 01, 2010 at 06:22:34PM +0800, Alan Pek wrote:
> a) Though the CPU utilisation is not high but there memory used and 
> swapped are very high. This will slow it down further.
> 
> b) Think every samba connection will consume a considerable amout of 
> memory as well. 

The rough estimate here is that Samba should have 2-3MB real
RAM per client. If your smbds use a lot more, you might be
hitting a memleak that might be fixed in later versions.
3.0.22 is very old, I would really recommend looking at
3.4.7 or 3.5.2 (next week).

> c) We did a test, by saving a huge number of files onto local drive (on 
> enduser PC) and the copy into the mapped drives This is much faster, 
> probably by factor 6 or more, then using Excel marco
> and writing directly into the samba share over NFS. 

Do you have oplocks disabled? This would severely impact
performance. If you don't have concurrent NFS clients
accessing the same data, you might also want to try 

posix locking = no

> d) Looking at the system, and samba processes,  how should I do a truss 
> with high-resolution timestamps on the smbd processes ? Every smbd process 
> ?
> Just do :
> 
> truss -p 20995 without any option ?

Not sure how truss really works, in Linux you would do a

strace -ttT -p 20995 -o smbd.out

You pick a single smbd with "smbstatus" and run your test.
The truss output will need some interpretation though.

> e)  Network tracing , meaning application profiling by putting a sniffer, 
> or/and snoop on both samba and nfs side ?

Yes. Best done on the samba server box itself.

BTW, before you send stuff to the list -- both the truss and
the network sniffer output will probably contain sensitive
data.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[Alan Pek]

Hi Volker,

Thanks for the useful feedback.

a) Though the CPU utilisation is not high but there memory used and 
swapped are very high. This will slow it down further.

b) Think every samba connection will consume a considerable amout of 
memory as well. 

c) We did a test, by saving a huge number of files onto local drive (on 
enduser PC) and the copy into the mapped drives This is much faster, 
probably by factor 6 or more, then using Excel marco
and writing directly into the samba share over NFS. 

d) Looking at the system, and samba processes,  how should I do a truss 
with high-resolution timestamps on the smbd processes ? Every smbd process 
?
Just do :

truss -p 20995 without any option ?

  apps 28824 14805   1 13:50:58 ?  34:40 /opt/DBsamba/sbin/smbd -D
root 14808 14807   0   Mar 27 ?   0:00 
/opt/DBsamba/sbin/winbindd
root 23698 23434   0 18:13:59 pts/3   0:00 grep -i mb
root 21729 14805   0 18:01:18 ?   0:01 /opt/DBsamba/sbin/smbd 
-D
root 29259 14805   0 11:32:38 ?   2:07 /opt/DBsamba/sbin/smbd 
-D
root 14809 14805   0   Mar 27 ?   0:00 /opt/DBsamba/sbin/smbd 
-D
root 20629 14807   0   Mar 29 ?   0:00 
/opt/DBsamba/sbin/winbindd
root 14807 21996   0   Mar 27 ?   0:01 
/opt/DBsamba/sbin/winbindd
  apps 27073 14805   0 17:18:58 ?   0:04 /opt/DBsamba/sbin/smbd -D
root 11568 14805   0   Mar 29 ?  76:51 /opt/DBsamba/sbin/smbd 
-D
root 14801 21996   0   Mar 27 ?   0:06 /opt/DBsamba/sbin/nmbd 
-D
root 22898 14805   0 18:09:42 ?   0:00 /opt/DBsamba/sbin/smbd 
-D
root 14805 21996   0   Mar 27 ?   0:02 /opt/DBsamba/sbin/smbd 
-D
root 11509 14805   0   Mar 29 ?  77:25 /opt/DBsamba/sbin/smbd 
-D
root 29253 14805   0 11:32:25 ?   1:37 /opt/DBsamba/sbin/smbd 
-D
root 23144 14805   0 18:10:55 ?   0:00 /opt/DBsamba/sbin/smbd 
-D
  apps 20995 14805   0 17:56:25 ?   0:04 /opt/DBsamba/sbin/smbd -D
  apps  3805 14805   0 14:26:03 ?   0:15 /opt/DBsamba/sbin/smbd -D

e)  Network tracing , meaning application profiling by putting a sniffer, 
or/and snoop on both samba and nfs side ?

Thanks again.

Regards
Alan




volker.lende...@sernet.de 
04/01/2010 05:48 PM
Please respond to
volker.lende...@sernet.de


To
Alan Pek/db/db...@dbapac
cc
samba@lists.samba.org
Subject
Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help






On Thu, Apr 01, 2010 at 05:24:26PM +0800, Alan Pek wrote:
> Have been struggling with this for the past 10 days, we are running 
Samba 
> 3.0.22 on VCS zone, we have end users saving files
> onto Samba mapped drive, and complained that it 5mins to save 300 files, 

> now it takes 30 mins.  There is recently a change in the
> topology.
> 
> Before
> 
> Enduser --- samba mapped -- server (local 
> attached storage)
>   physical
>   Solaris 8
> Now
> 
> Enduser-samba mapped   server 
> -- SFCFS/HA
>  virtual VCS NFS 
> cluster
>  Solaris 10 
> 
> 
> We have reverted the NFS from version 4 to 3
> 
> Fine tune Samba, wb and rb are at 64k
> 
> Is there in samba log somewhere to tell me why is the bottleneck 
?
> 
> If I move the Samba server which is less loaded in Memory 
> consumption , will it help.
> Is the above degrading expected ?

Some slow-down is expected if you re-export NFS because the
data will travel over the network twice instead of once. A
factor of 6 is a bit more than is expected though. To see
where the bottleneck is, it might be interesting to look at
simultaneous network traces for the SMB and NFS side of your
Samba server to see what NFS requests are triggered by what
SMB requests. Doing a truss with high-resolution timestamps
on the smbd processes might also give hints. Next would be
to look at "top" (pstat?) if there is a local CPU bottleneck
on the Samba server. There's just many things that can go
slow, and in a moderatly complex environment (HA clusters
fall into this category), this can be an interesting hunt
:-)

Volker
[attachment "signature.asc" deleted by Alan Pek/db/dbcom] 


---

This e-mail may contain confidential and/or privileged information. If you 
are not the intended recipient (or have received this e-mail in error) 
please notify the sender immediately and destroy this e-mail. Any 
unauthorized copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Printing Slow-down with Samba 3.5.1

[Karolin Seeger]

Hu John,

On Wed, Mar 31, 2010 at 02:27:54PM -0400, John Welch wrote:
> We have a Windows 2003 Active Directory environment with a mixture of Windows 
> 2000/2003 and Linux (CentOS 4/5) / Samba servers.  The Samba versions on some 
> of the Linux machines are getting a little old (3.0 and 3.2) and we are 
> starting to introduce Windows 7 in our environment, so I thought now might be 
> a good time to upgrade.  On a fully patched CentOS 5 test machine I upgraded 
> to Samba 3.5.1 using the packages from the sernet repos.  For the most part 
> things seem OK, except that I've noticed a great deal of latency when trying 
> to print (CUPS) to a printer shared on the test Samba 3.5.1 machine.  Any 
> type of task involving this printer (viewing properties, selecting the 
> printer, actually printing a document) takes at least a few seconds longer 
> than it used to.  
> 
> In investigating this problem I didn't really see anything relevant in the 
> Samba logs, but for each printing task I do I see messages like the following 
> repeated several times in the CUPS logs:
> 
> I [31/Mar/2010:12:38:12 -0400] cupsdCloseClient: SSL shutdown successful!
> 
> I'm guessing this might have something to do with the new Samba "cups 
> encrypt" parameter.  However, the default is supposed to be "no", so I'm not 
> sure why I'm seeing these "SSL" messages.  I even tried explicitly setting 
> the parameter to "no" in my smb.conf file, but this had no effect.  All the 
> printing tasks do eventually work (or at least from what I've found so far), 
> but the extra time involved to complete the tasks is an annoyance.
> 
> Backing off to 3.4 series (3.4.7) fixes the problem, so it definitely seems 
> to be a 3.5 thing.  I have no problem upgrading to 3.4.x instead of the 3.5 
> series, at least for now.  But just wondering if I've maybe missed a 
> configuration change that needs to be made either to Samba or CUPS to fix 
> this issue.
> 
> Any help would be appreciated.

this might be related to bug https://bugzilla.samba.org/show_bug.cgi?id=6727
(will be fixed in Samba 3.5.2.).

Cheers,
Karolin

-- 
Samba   http://www.samba.org
SerNet  http://www.sernet.de
sambaXP http://www.sambaxp.org



pgpGSnYG8r1rH.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.22 - slow performance - Really urgent help

[Volker Lendecke]

On Thu, Apr 01, 2010 at 05:24:26PM +0800, Alan Pek wrote:
> Have been struggling with this for the past 10 days, we are running Samba 
> 3.0.22 on VCS zone, we have end users saving files
> onto Samba mapped drive, and complained that it 5mins to save 300 files, 
> now it takes 30 mins.  There is recently a change in the
> topology.
> 
> Before
> 
> Enduser --- samba mapped -- server (local 
> attached storage)
>   physical
>   Solaris 8
> Now
>  
> Enduser-samba mapped   server 
> -- SFCFS/HA
>  virtual VCS NFS 
> cluster
>  Solaris 10 
>  
> 
> We have reverted the NFS from version 4 to 3
> 
> Fine tune Samba, wb and rb are at 64k
> 
> Is there in samba log somewhere to tell me why is the bottleneck ?
>  
> If I move the Samba server which is less loaded in Memory 
> consumption , will it help.
> Is the above degrading expected ?

Some slow-down is expected if you re-export NFS because the
data will travel over the network twice instead of once. A
factor of 6 is a bit more than is expected though. To see
where the bottleneck is, it might be interesting to look at
simultaneous network traces for the SMB and NFS side of your
Samba server to see what NFS requests are triggered by what
SMB requests. Doing a truss with high-resolution timestamps
on the smbd processes might also give hints. Next would be
to look at "top" (pstat?) if there is a local CPU bottleneck
on the Samba server. There's just many things that can go
slow, and in a moderatly complex environment (HA clusters
fall into this category), this can be an interesting hunt
:-)

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Failed to join domain: failed to precreate account in ou (null): Out of memory

[Karolin Seeger]

Hi Andrew,

On Wed, Mar 31, 2010 at 09:14:10AM -0400, Andrew Tranquada wrote:
> Anyone else have this problem? We are kind of stuck as 3.4.x seems to hang
> when any of our multiple AD servers are rebooted, and 3.5 seems to not have
> that problem. Right now we are installing 3.4.5 then upgrading to 3.5.1, we
> would much rather install just 3.5.1
> 
> On Fri, Mar 26, 2010 at 1:09 PM, Andrew Tranquada <
> andrew.tranqu...@gmail.com> wrote:
> 
> >
> >
> > with samba 3.5.1 if I were to join a server to the domain and specify an OU
> > to create the computer object in, i getFailed to join domain: failed to
> > precreate account in ou (null): Out of memory
> >
> >
> > However, if I run the same command with samba 3.4.5 it works.
> >  Did the syntax change? I cannot see anything about it
> >
> > net ads join createcomputer="Linux_Servers" -U % -n core278468

I think you hit bug https://bugzilla.samba.org/show_bug.cgi?id=7204.
The patch will be included in Samba 3.5.2 (scheduled for April 7).
Maybe you would like to test the patch...

Cheers,
Karolin

-- 
Samba   http://www.samba.org
SerNet  http://www.sernet.de
sambaXP http://www.sambaxp.org



pgpSUD8AisulQ.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help installing samba 3.0.37 on solairs 9 server

[Michael Wood]

On 30 March 2010 23:24,   wrote:
> I am getting these errors running:
> sh makepkg.sh
>
> can anyone help?
>
> ===
> root#  sh makepkg.sh
> Distribution base:  /var/tmp/samba-3.0.37
> Temp install dir:   /tmp/samba-3.0.37-build
> Install directory:  /opt/samba
> mkdir: Failed to make directory "/tmp/samba-3.0.37-build"; File exists

Try: mv /tmp/samba-3.0.37-build{,.old}

before running sh makepkg.sh again.

Not sure if that will fix the other issues, but the first thing it's
complaining about is that it can't create the directory because
there's already a file/directory called that.

> make: Fatal error: Don't know how to make target `install'
> makepkg.sh: bin/smbd: not found
> .
> .
> . (truncated for easy reading)
> cp: cannot access nsswitch/libnss_wins.so
> cp: cannot access nsswitch/libnss_winbind.so
> makepkg.sh: /tmp/samba-3.0.37-build//smbd: not found
> makepkg.sh: man: does not exist
> ## Building pkgmap from package prototype file.
> ERROR in prototype:
>    no object for  found in root directory
>    no object for  found in root directory
> .
> .
> . (truncated)
> .
> .
> WARNING: parametric paths may ignore BASEDIR
> pkgmk: ERROR: unable to build pkgmap from prototype file
> ## Packaging was not successful.
> The samba package is in /tmp

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.0.22 - slow performance - Really urgent help

[Alan Pek]

Hi Samba world,

Have been struggling with this for the past 10 days, we are running Samba 
3.0.22 on VCS zone, we have end users saving files
onto Samba mapped drive, and complained that it 5mins to save 300 files, 
now it takes 30 mins.  There is recently a change in the
topology.

Before

Enduser --- samba mapped -- server (local 
attached storage)
  physical
  Solaris 8
Now
 
Enduser-samba mapped   server 
-- SFCFS/HA
 virtual VCS NFS 
cluster
 Solaris 10 
 

We have reverted the NFS from version 4 to 3

Fine tune Samba, wb and rb are at 64k

Is there in samba log somewhere to tell me why is the bottleneck ?
 
If I move the Samba server which is less loaded in Memory 
consumption , will it help.
Is the above degrading expected ?
Regards
Alan

---

This e-mail may contain confidential and/or privileged information. If you 
are not the intended recipient (or have received this e-mail in error) 
please notify the sender immediately and destroy this e-mail. Any 
unauthorized copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] What are the main differences of the Samba releases?

[Michael Wood]

2010/3/31 John Drescher :
>> today I noticed that red hat el 5.5 includes samba 3.3.x while the
>> former updates of RH EL are based on samba 3.0.x.
>>
>> So my question is, is there some overview of the main differences? I
>> found the Samba Histories at http://samba.org/samba/history, but there
>> may be some chunky list? :-)
>
> You need 3.3.X or greater to work with windows7, windows2008 and
> possibly vista when samba is a pdc.
>
> If you want more information, check the release notes at the main
> samba page. There is a lot of info there.

There was also a similar question on this list a week or two ago, so
checking the archives might help too.

I believe Karolin answered.

Found it:
http://lists.samba.org/archive/samba/2010-March/154416.html

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Failure to transfer files to Win2008 Server Clusters

[Volker Lendecke]

On Thu, Apr 01, 2010 at 04:17:42PM +0800, Xu, Qiang (FXSGSC) wrote:
> Our printers are using samba-3.0.37, and we hit a problem
> recently when doing file transfer to Windows 2008 Server
> Clusters.
> 
> The error occurs when the printer attempts to locate the
> file path and uses the server IP address rather than the
> hostname:
> ==
> 1821.335677   13.121.8.16213.121.8.3  SMB Session Setup 
> AndX Request, NTLMSSP_NEGOTIATE
> 1921.337175   13.121.8.3  13.121.8.162SMB Session Setup 
> AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
> 2021.349010   13.121.8.16213.121.8.3  SMB Session Setup 
> AndX Request, NTLMSSP_AUTH, User: rasta-man\earl
> 2121.354123   13.121.8.3  13.121.8.162SMB Session Setup 
> AndX Response
> 2221.360548   13.121.8.16213.121.8.3  SMB Tree Connect 
> AndX Request, Path: \\13.121.8.3\SCANFOLDER
> 2321.361288   13.121.8.3  13.121.8.162SMB Tree Connect 
> AndX Response, Error: STATUS_BAD_NETWORK_NAME
> ==

Probably there's not much you can do about this. You
probably have to use the file server name in the
//server/share piece of the smbclient (are you using that?)
command line. What you can do if you have problems with your
name resolution is to use the -I switch to smbclient to give
it the server's ip address.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Failure to transfer files to Win2008 Server Clusters

[Xu, Qiang (FXSGSC)]

Hi, list: 

Our printers are using samba-3.0.37, and we hit a problem recently when doing 
file transfer to Windows 2008 Server Clusters.

The error occurs when the printer attempts to locate the file path and uses the 
server IP address rather than the hostname:
==
18  21.335677   13.121.8.16213.121.8.3  SMB Session Setup 
AndX Request, NTLMSSP_NEGOTIATE
19  21.337175   13.121.8.3  13.121.8.162SMB Session Setup 
AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
20  21.349010   13.121.8.16213.121.8.3  SMB Session Setup 
AndX Request, NTLMSSP_AUTH, User: rasta-man\earl
21  21.354123   13.121.8.3  13.121.8.162SMB Session Setup 
AndX Response
22  21.360548   13.121.8.16213.121.8.3  SMB Tree Connect 
AndX Request, Path: \\13.121.8.3\SCANFOLDER
23  21.361288   13.121.8.3  13.121.8.162SMB Tree Connect 
AndX Response, Error: STATUS_BAD_NETWORK_NAME
==
I believe the problem is related to how Microsoft scopes the file shares when 
using a cluster configuration. The transfer is smooth when the destination is a 
stand-alone Win2008 server. 

Still, from the client side, is there any way to walk around the problem? I 
mean, since the problem doesn't occure when the hostname is used to locate the 
file path, where in the code can I disable the resolving of the server's 
hostname to ip address in samba client?

Looking forward to help,
Xu Qiang
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Performance issues: have eliminated disk and network as cause

[James Cort]

Just been told the config file didn't appear in the email as it went out
(even though it certainly appears in the copy I've got), so I'm attaching
inline this time.

Oh, BTW:  it's version 3.4.7 on Debian Lenny, installed from backports.

[global]
workgroup = U4EATECH
netbios name = tiamat
enable privileges = yes
server string = Primary Domain Controller %v
security = user
local master = no
os level = 33
domain master = no
preferred master = no
encrypt passwords = true
null passwords = no
hide unreadable = yes
hide dot files = yes
obey pam restrictions = Yes
unix password sync = Yes
remote browse sync = 172.30.20.109 172.30.20.130 172.27.0.6
enhanced browsing = yes
passwd program = /usr/sbin/smbldap-passwd %u
 passwd chat = "Changing UNIX and samba passwords for*\nNew password*" %n\n
"*Retype new password*" %n\n"
ldap passwd sync = Yes
log level = 0
syslog = 1
log file = /var/log/samba/log.%m
max log size = 1000
read raw = yes
write raw = yes
kernel oplocks = yes
max xmit = 65535
dead time = 15
use sendfile = yes
socket options =  TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY
getwd cache = yes
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

logon script = logon.bat
logon path =
logon home = \\atlas\%U
logon drive = H:
domain logons = Yes
wins server = 172.30.20.109
#name resolve order = hosts bcast
name resolve order = wins lmhosts hosts bcast
dns proxy = yes
time server = yes
passdb backend = ldapsam:"ldap://ldap.u4eatech.com/ ldap://
ldap-slave.u4eatech.com"
ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com
ldap suffix = dc=u4eatech,dc=com
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Hosts
ldap idmap suffix = ou=People
ldap ssl = no
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
load printers = no
create mask = 0640
directory mask = 0750
nt acl support = Yes
guest account = nobody
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
#show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile
folders:
preserve case = yes
short preserve case = yes
case sensitive = no

[netlogon]

path = /home/samba/netlogon
guest ok = yes
browseable = No
read only = no

[wpkg]
path = /home/samba/wpkg
read only = yes
guest ok = yes
browseable = no
[homes]
comment = Home Directories
browseable = yes
writable = yes
oplocks = yes

GOS Networks Limited, 1 Friary, Temple Quay, Bristol, BS1 6EA, UK.

Registered company number: 6917663
 

The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. When addressed to our clients any
opinions or advice contained in this email are subject to the terms and
conditions expressed in the governing GOS Networks agreement.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba