[Samba] smbldap-tools vrs. Ldapsam:Editposix
Hi, recently I got my ldap server up an running and now I'd like to start to use it with our 600-user-300-windows-pc samba server. (Centos 5.4, samba-3.0.33-3.28, openldap-2.3.43, smbldap-tools-0.9.5-) So I started to read the samba how to, some books, a lot of postings and finaly tried first the smbldap-tools from idealx. After that I tried the Ldapsam:Editposix as this is the build in and may be "simpler" way to set up/manage the samba server. But as a novice in samba+ldap I'm faced with some questions and did not find any answers yet, because most docs start with a fresh set up and don't do a migration. After importing my posix accounts into ldap and populating the basic tree for samba I was able to migrate the sambapasswd too and finaly my windows users can log in. (This was the smbldap-tools-way) Doing this the Ldapsam:Editposix-way, something with the users main group mapping(?) fails. (1) May be somewone can poit me to a good "migrating to Ldapsam:Editposix how tos"? Or can help my in an other way? I can provide my config in detail and describe the steps I did. One importend question for me too is, should I go the Ldapsam:Editposix way or smbldap-tool-way? Any suggestions? Thanks a lot and best regards, Götz (1) [2010/04/26 15:38:30, 3] passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2719) primary group of [greinick] not found [2010/04/26 15:38:30, 10] auth/auth_util.c:make_server_info_sam(639) pdb_enum_group_memberships failed: NT_STATUS_UNSUCCESSFUL [2010/04/26 15:38:30, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/26 15:38:30, 0] auth/auth_sam.c:check_sam_security(353) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' [2010/04/26 15:38:30, 5] auth/auth.c:check_ntlm_password(273) check_ntlm_password: sam authentication for user [greinick] FAILED with error NT_STATUS_UNSUCCESSFUL [2010/04/26 15:38:30, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [DALICLONE] was for this SAM. [2010/04/26 15:38:30, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: winbind had nothing to say [2010/04/26 15:38:30, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [greinick] -> [greinick] FAILED with error NT_STATUS_UNSUCCESSFUL [2010/04/26 15:38:30, 5] auth/auth_util.c:free_user_info(2108) attempting to free (and zero) a user_info structure -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 for new authentication domain?
On Mon, Apr 26, 2010 at 09:59:02PM -0700, Kevin Keane wrote: > Exactly WHY do you need AD instead of NT domains? Without > understanding that, I don't think your question can be answered. In > some cases, you can use a stand-alone Kerberos and/or LDAP > server. Or conversely, some application you use may require a > Microsoft AD server, sometimes even a specific version. I have some COTS Windows web apps that want to authenticate either using local accounts or against AD. They've been doing local accounts, but account and password management is increasingly problematic, so it would really help to have central password mangement. The apps doesn't support NT domain auth. It might be possible to do this with OpenLDAP+kerberos, but that sounds like a whole lot of manual work, so I'd rather get something more integrated (AD or samba4). I like *nix servers better than Windows, so I'd rather do samba4, but don't have a good feel for samba4's stability as an authentication server. Hence the earlier question. > Basically, your tradeoff is between cost and risk. Windows 2008 R2 > is all but guaranteed to work no matter what AD issue you throw at > it, but it can get expensive, especially if you have many users. > On the other hand, Samba is free, but Samba 4 is pretty unproven at > this point. Software cost will probably not be a factor. Functionality is. Sounds like I/we need AD. :( - Morty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 for new authentication domain?
Exactly WHY do you need AD instead of NT domains? Without understanding that, I don't think your question can be answered. In some cases, you can use a stand-alone Kerberos and/or LDAP server. Or conversely, some application you use may require a Microsoft AD server, sometimes even a specific version. Basically, your tradeoff is between cost and risk. Windows 2008 R2 is all but guaranteed to work no matter what AD issue you throw at it, but it can get expensive, especially if you have many users. On the other hand, Samba is free, but Samba 4 is pretty unproven at this point. > -Original Message- > From: samba-boun...@lists.samba.org [mailto:samba- > boun...@lists.samba.org] On Behalf Of Morty > Sent: Monday, April 26, 2010 9:19 PM > To: samba@lists.samba.org > Subject: [Samba] samba 4 for new authentication domain? > > The various pages about samba 4 warn about rough edges, upgrade, file > services, and print services. I have some domains that have never had > a Windows domain that now need Windows AD authentication. I don't > need file services and print services, and upgrade is not a problem. > Is samba 4 ready for this use case, or should we still go with > Microsoft's AD? > > Thanks! > > - Morty > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 for new authentication domain?
The various pages about samba 4 warn about rough edges, upgrade, file services, and print services. I have some domains that have never had a Windows domain that now need Windows AD authentication. I don't need file services and print services, and upgrade is not a problem. Is samba 4 ready for this use case, or should we still go with Microsoft's AD? Thanks! - Morty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.2 on Redhat 4
On Mon, Apr 26, 2010 at 5:30 PM, Linux Addict wrote: > Greetings, Did anyone able create rpms using makerpms.sh script. I tried > with many spec files, but I cant fix net error. Anyone who had success, > please reply. > > Thank you. > > > thanks > LA Take a look at http://ftp.sernet.de/pub/samba/3.5/rhel/4/. The SRPM is at http://ftp.sernet.de/pub/samba/3.5/src/rpm/. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.2 on Redhat 4
Greetings, Did anyone able create rpms using makerpms.sh script. I tried with many spec files, but I cant fix net error. Anyone who had success, please reply. Thank you. thanks LA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from Vista to 7 + samba = error [SOLVED]
Sorry from my lack of reading. The problem got solved by ensuring that the "requirestrongkey" was set to '1'. Tks Leonardo Carneiro - Veltrac wrote: Hello everyone, I'm using Ldap + Samba PDC 3.4.7 in a Debian Lenny machine (backported). I've been able add successfully 3 hosts with windows 7 on my domain. Now i upgraded a notebook from windows vista to windows 7. I could not log on the domain (the trust relationship was broken), So i tried to remove and re-add (after applying the registry patch file) the machine in the domain (several times), but i still cannot log in the domain. Here's the some log: [2010/04/26 17:12:03, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: tecnologia001$ [2010/04/26 17:12:03, 2] passdb/pdb_ldap.c:2434(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2010/04/26 17:12:03, 2] libsmb/credentials.c:223(netlogon_creds_server_check) netlogon_creds_server_check: credentials check failed. [2010/04/26 17:12:03, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client TECNOLOGIA001 machine account TECNOLOGIA001$ What can i do to solve this? Tks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade from Vista to 7 + samba = error
Hello everyone, I'm using Ldap + Samba PDC 3.4.7 in a Debian Lenny machine (backported). I've been able add successfully 3 hosts with windows 7 on my domain. Now i upgraded a notebook from windows vista to windows 7. I could not log on the domain (the trust relationship was broken), So i tried to remove and re-add (after applying the registry patch file) the machine in the domain (several times), but i still cannot log in the domain. Here's the some log: [2010/04/26 17:12:03, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: tecnologia001$ [2010/04/26 17:12:03, 2] passdb/pdb_ldap.c:2434(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2010/04/26 17:12:03, 2] libsmb/credentials.c:223(netlogon_creds_server_check) netlogon_creds_server_check: credentials check failed. [2010/04/26 17:12:03, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client TECNOLOGIA001 machine account TECNOLOGIA001$ What can i do to solve this? Tks in advance. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net ads testjoin
I hope bumping is not frowned upon in this list :) cheers, Khaled 2010/4/24 Khaled Blah : > Hello all, > > I am new to this list and hopefully I am at the right place. Firstly, > thanks to everyone involved in this project. You do a great job! > > Now, I use "net" to join Windows AD domains and was wondering where I > can find out more information on what happens during a "net ads > testjoin". The information I found on the documentation pages of net > or smb.conf on the website did not say much about it. I have noticed > that a "testjoin" will ask for a password when the domain membership > is not valid and it'll ignore kerberos tickets. Is there something I > am missing here? > > I am grateful to any insight you guys could give me! > > Regards, > Khaled > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over VPN
Actually, strangely, what fixed this issue was adding this to the samba config: interfaces = 10.1.1.0/24 10.10.12.0/24 10.0.0.0/24 I just basically duplicated this line: hosts allow = 10.1.1.0/24 127.0.0.0/8 10.10.12.0/24 10.0.0.0/24 And took out the localhost. Now everything works as expected. Lennart Sorensen wrote: > On Mon, Apr 26, 2010 at 02:21:47PM -0400, Mike A. Leonetti wrote: > >> The VPN is a site-to-site VPN. It's a Linux<->Sonicwall VPN. Other >> users can join other Windows domains no problem. I created an lmhosts >> file on the Windows 2003 server with this: >> >> 10.1.1.1 fortissimo #PRE #DOM:crcomputer >> 10.1.1.1 "CRCOMPUTER \0x1b" >> 10.1.1.1 "CRCOMPUTER \0x1c" >> >> However, when I go to create a share and assign domain users to it, it >> cannot find the domain. >> > > I didn't think you were supposed to have multiple lines with the same ip. > Multiple names on one line is fine of course. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over VPN
On Mon, Apr 26, 2010 at 02:21:47PM -0400, Mike A. Leonetti wrote: > The VPN is a site-to-site VPN. It's a Linux<->Sonicwall VPN. Other > users can join other Windows domains no problem. I created an lmhosts > file on the Windows 2003 server with this: > > 10.1.1.1 fortissimo #PRE #DOM:crcomputer > 10.1.1.1 "CRCOMPUTER \0x1b" > 10.1.1.1 "CRCOMPUTER \0x1c" > > However, when I go to create a share and assign domain users to it, it > cannot find the domain. I didn't think you were supposed to have multiple lines with the same ip. Multiple names on one line is fine of course. -- Len Sorensen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] user's profiles relating to each version of Windows
On Monday 26 April 2010 18:33:57 you wrote: > Example given here: > http://lists.samba.org/archive/samba-technical/2007-April/053054.html > > Dale > > On 04/26/2010 11:45 AM, Wojciech Giel wrote: > > Hi > > > > I have samba 3.4.3 PDC/LDAP server with roaming profiles. Unfortunatelly > > I have to add to domain windows 7 and vista so I thought that it would be > > good if I separate profiles based on Windows version. So i Have added > > this to my smb.conf: > > > > logon script = scripts\logon.bat > > logon home = \\THOR\%U\windows > > logon path = \\THOR\%U\windows\.profiles\%a > > logon drive = H: > > > > I'm adding users with smbldap-tools. I have changed also smbldap.conf to > > this: > > > > userProfile="\\THOR\%U\windows\.profiles\%a" > > > > pdbedit -L -v > > > > > > Home Directory: \\THOR\user\windows > > HomeDir Drive: H: > > Logon Script: scripts\logon.bat > > Profile Path: \\THOR\user\windows\.profiles\%a > > > > > > > > but when i logout instead of creating WinXP or win2k3 etc. samba creates > > '%a' directory. > > > > what is wrong with this configuration I can't find any usefull > > information to fix it? > > > > thanks > > Wojciech Thanks. the only wrinkle is that home directories and user profiles are stored on external storage (member server ). and I don't have [profile] share on PDC as I understood from smb.conf manpage that setting in [profile] like path etc. concerns local os path not on external server - storage. So will this settings work on member server ? Wojciech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over VPN
The VPN is a site-to-site VPN. It's a Linux<->Sonicwall VPN. Other users can join other Windows domains no problem. I created an lmhosts file on the Windows 2003 server with this: 10.1.1.1 fortissimo #PRE #DOM:crcomputer 10.1.1.1 "CRCOMPUTER \0x1b" 10.1.1.1 "CRCOMPUTER \0x1c" However, when I go to create a share and assign domain users to it, it cannot find the domain. Mike A. Leonetti As warm as green tea Evolution CE 3468C Lawson Boulevard Oceanside, NY 11572 www.evolutionce.com 516-536-5006 ext 105 516-208-4679 (Direct) Gaiseric Vandal wrote: > I had misread- I thought the DC was the one "remote."I think > -but am not sure- that WINS should have handled any "netbios" stuff > including locating the DC. I could be wrong tho. Can you try editing > the lmhosts file on the Win 2003 machine to provide the DC info? > > Is the sonicwall configured for a site-to-site VPN (i.e. the IP > addresses at both ends are explicitly configured) or is the Win 2003 > machine configured as a regular single user remote PC (what sonicwall > calls a GroupVPN account.) > > > Sonicwall may have some options to redirect netbios but I am pretty > sure you should not need this. > > > On 04/22/2010 04:26 PM, Mike A. Leonetti wrote: >> The W2K3 server is not the VPN client, the VPN client is a Sonicwall >> device. However, the side that has the DC (samba), the DC server also >> initiates the VPN (openswan). IPSec starts before samba. >> >> >> Leonardo Carneiro - Veltrac wrote: >> >>> The W2K3 server is the VPN client or is a host behind a vpn client >>> that have a route to the remote network? Is the server IS the vpn >>> client, does the connection is being made by a service (prior to the >>> user login) or you just connect to the VPN after login? >>> >>> >>> Gaiseric Vandal wrote: >>> How do the clients get IP addresses? You could try adding the WINS server value to the client ip address (either statically or via DHCP.) Then they should be able to get the necessary netbios name info even tho they are on a separate subnet. Why do you have the DC "distant" from the clients that it supports? On 04/22/2010 09:41 AM, Mike A. Leonetti wrote: > Yeah. I don't think it's the VPN blocking traffic. I think my WINS > server is not functioning properly. I'll keep working at it. > > Daniel Müller wrote: > > >> Are you sure, >> >> I thought with ipsec there could be netbios bypassing the tunnel. >> Shares and dns are always working. >> >> >> >> --- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: muel...@tropenklinik.de >> Internet: www.tropenklinik.de >> --- >> >> -Ursprüngliche Nachricht- >> Von: Mike A. Leonetti [mailto:mleone...@evolutionce.com] >> Gesendet: Mittwoch, 14. April 2010 16:47 >> An: muel...@tropenklinik.de >> Cc: samba Mailing >> Betreff: Re: AW: [Samba] Samba over VPN >> >> Daniel, >> >> I'm using ipsec for a VPN. Since all shares are working and name >> resolution all netbios packets seem to be traversing the VPN no >> problem. >> >> Thanks. >> >> Daniel Müller wrote: >> >> >> >>> Hello, >>> >>> as far I know you need a vpn with netbios enabled. This can be >>> done witch >>> openvpn in briding mode. Or with a router having this option. >>> >>> Greetings >>> Daniel >>> >>> --- >>> EDV Daniel Müller >>> >>> Leitung EDV >>> Tropenklinik Paul-Lechler-Krankenhaus >>> Paul-Lechler-Str. 24 >>> 72076 Tübingen >>> >>> Tel.: 07071/206-463, Fax: 07071/206-499 >>> eMail: muel...@tropenklinik.de >>> Internet: www.tropenklinik.de >>> --- >>> >>> -Ursprüngliche Nachricht- >>> Von: samba-boun...@lists.samba.org >>> [mailto:samba-boun...@lists.samba.org] >>> >>> >>> >> Im >> >> >> >>> Auftrag von Mike A. Leonetti >>> Gesendet: Dienstag, 13. April 2010 22:27 >>> An: Samba Mailing >>> Betreff: [Samba] Samba over VPN >>> >>> Have a 2003 server located outside of the Domain network over a >>> VPN. >>> The server originally existed inside the network (10.1.1.0/24) but >>> now >>> exists on 10.10.12.0/24. I can access shares over the VPN to the >>> domain >>> controller, but when I try to log in as a domain user it says the >>> domain >>> is unavailable. >>> >>> I added the doma
Re: [Samba] user's profiles relating to each version of Windows
Example given here: http://lists.samba.org/archive/samba-technical/2007-April/053054.html Dale On 04/26/2010 11:45 AM, Wojciech Giel wrote: Hi I have samba 3.4.3 PDC/LDAP server with roaming profiles. Unfortunatelly I have to add to domain windows 7 and vista so I thought that it would be good if I separate profiles based on Windows version. So i Have added this to my smb.conf: logon script = scripts\logon.bat logon home = \\THOR\%U\windows logon path = \\THOR\%U\windows\.profiles\%a logon drive = H: I'm adding users with smbldap-tools. I have changed also smbldap.conf to this: userProfile="\\THOR\%U\windows\.profiles\%a" pdbedit -L -v Home Directory: \\THOR\user\windows HomeDir Drive: H: Logon Script: scripts\logon.bat Profile Path: \\THOR\user\windows\.profiles\%a but when i logout instead of creating WinXP or win2k3 etc. samba creates '%a' directory. what is wrong with this configuration I can't find any usefull information to fix it? thanks Wojciech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] home directory share definition for AD integration
I've currently got an installation of Samba 3.4.0 with AD integration in place, its all working correctly except for 1 case, the [homes] share. currently the share is defined as [homes] comment = Home Directories valid users = %S @CATS+Domain\ Admins @CATS+hazelmereusers read only = No browseable = Yes The share shows up in the network browser fine when navigating to \\ >From a windows PC on the domain, accessing all static defined shares works without a hitch, however when attempting to access the homes share, I get given a login prompt which rejects users from the 2 groups with permissions for access. Is it possible to share the home directories in this way with AD domain users, and if so what's the correct syntax for configuring it? Thanks in advance for any assistance Cheers Tim Allingham -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] user's profiles relating to each version of Windows
Hi I have samba 3.4.3 PDC/LDAP server with roaming profiles. Unfortunatelly I have to add to domain windows 7 and vista so I thought that it would be good if I separate profiles based on Windows version. So i Have added this to my smb.conf: logon script = scripts\logon.bat logon home = \\THOR\%U\windows logon path = \\THOR\%U\windows\.profiles\%a logon drive = H: I'm adding users with smbldap-tools. I have changed also smbldap.conf to this: userProfile="\\THOR\%U\windows\.profiles\%a" pdbedit -L -v Home Directory: \\THOR\user\windows HomeDir Drive: H: Logon Script: scripts\logon.bat Profile Path: \\THOR\user\windows\.profiles\%a but when i logout instead of creating WinXP or win2k3 etc. samba creates '%a' directory. what is wrong with this configuration I can't find any usefull information to fix it? thanks Wojciech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Printing to a Windows 7 x64 workstation
The version of samba you're running would help. And perhaps turn up the loglevel on your samba client and see if any errors are logged. DrewTech wrote: I am printing from a older samba build to a Windows 7 x64 PC and the print job would start printing then recycle and start over again. There is no set page where it would stop, sometimes it will stop at page 5, 7, 25. TY Please advice -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Network so slow
Hi. The services nfslock is run. /etc/init.d/nfslock start 2010/4/26 Mario Salcedo : > Hi. The services nfslock is run. > > /etc/init.d/nfslock start > > 2010/4/26 Michael Post : >> Again. Here my smb.conf. >> >> >> >> >> # smb.conf is the main Samba configuration file. You find a full commented >> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the >> # samba-doc package is installed. >> # Date: 2009-10-27 >> [global] >>workgroup = netz >>passdb backend = tdbsam >>printing = cups >>printcap name = cups >>printcap cache time = 750 >>cups options = raw >>map to guest = Bad User >>logon path = \\%L\profiles\.msprofile >>logon home = \\%L\%U\.9xprofile >>logon drive = P: >>usershare allow guests = Yes >>add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody >> -s /bin/false %m$ >>domain logons = No >>domain master = No >>security = user >>wins support = Yes >>netbios name = server >>max protocol = NT1 >> >> ## Share disabled by YaST >> # [homes] >> # comment = Home Directories >> # valid users = %S, %D%w%S >> # browseable = No >> # read only = No >> # inherit acls = Yes >> >> ## Share disabled by YaST >> # [profiles] >> # comment = Network Profiles Service >> # path = %H >> # read only = No >> # store dos attributes = Yes >> # create mask = 0600 >> # directory mask = 0700 >> >> ## Share disabled by YaST >> # [users] >> # comment = All users >> # path = /home >> # read only = No >> # inherit acls = Yes >> # veto files = /aquota.user/groups/shares/ >> >> ## Share disabled by YaST >> # [groups] >> # comment = All groups >> # path = /home/groups >> # read only = No >> # inherit acls = Yes >> >> ## Share disabled by YaST >> # [printers] >> # comment = All Printers >> # path = /var/tmp >> # printable = Yes >> # create mask = 0600 >> # browseable = No >> >> ## Share disabled by YaST >> # [print$] >> # comment = Printer Drivers >> # path = /var/lib/samba/drivers >> # write list = @ntadmin root >> # force group = ntadmin >> # create mask = 0664 >> # directory mask = 0775 >> >> [arbeitsprogramme] >>comment = Alle Arbeitsprogramme >>inherit acls = Yes >>path = /home/Arbeitsprogramme >>read only = No >>guest ok = Yes >> >> [dokumente & bilder] >>comment = Alle Dokumente & Bilder >>inherit acls = Yes >>path = /home/Documents >>read only = No >>guest ok = Yes >> >> ## Share disabled by YaST >> # [netlogon] >> >> >> >> >> >> Am 26.04.2010 um 14:00 schrieb Michael Post: >> >>> Hello Grant, >>> >>> thanks for your reply. >>> >>> Sorry for my fault. >>> >>> It's a samba which comes default with opensuse 11.2. >>> >>> $: smbd -V >>> Version 3.4.2-1.1.3.1-2229 SUSE-SL11.2 >>> >>> Attached the smb.conf. >>> >>> If you need more information please let me know. >>> >>> >>> Thanks for your support, >>> >>> Michael >>> >>> >>> >>> >>> >>> Michael Post >>> >>> Am 22.04.2010 um 08:08 schrieb grant little: >>> On Wed, Apr 21, 2010 at 12:08 PM, Michael Post wrote: Hello, i replaced a windows-file-server with a linux-server and samba. All clients run under Windows xp in an 100 mbit network. With the windows solution i got no problems with the speed. With my linux-samba-solution we detect a very slow network. Per example i open a windows.xls or windows.doc file and this runs 30 seconds and more. Othertime i can open the documents in 5-10 seconds. Has anybody any ideas? Parallel to this mail i check my network connection and parameters of the network interface (dma, mtu, etc). Thanks a lot, Michael -- Michael, you may get more response if you tell the list what distro and version of linux and what version of samba you are using and also your smb.conf file. Right now there's not enough info for anyone to even hazard a guess. >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Network so slow
Hi. The services nfslock is run. /etc/init.d/nfslock start 2010/4/26 Michael Post : > Again. Here my smb.conf. > > > > > # smb.conf is the main Samba configuration file. You find a full commented > # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the > # samba-doc package is installed. > # Date: 2009-10-27 > [global] >workgroup = netz >passdb backend = tdbsam >printing = cups >printcap name = cups >printcap cache time = 750 >cups options = raw >map to guest = Bad User >logon path = \\%L\profiles\.msprofile >logon home = \\%L\%U\.9xprofile >logon drive = P: >usershare allow guests = Yes >add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody > -s /bin/false %m$ >domain logons = No >domain master = No >security = user >wins support = Yes >netbios name = server >max protocol = NT1 > > ## Share disabled by YaST > # [homes] > # comment = Home Directories > # valid users = %S, %D%w%S > # browseable = No > # read only = No > # inherit acls = Yes > > ## Share disabled by YaST > # [profiles] > # comment = Network Profiles Service > # path = %H > # read only = No > # store dos attributes = Yes > # create mask = 0600 > # directory mask = 0700 > > ## Share disabled by YaST > # [users] > # comment = All users > # path = /home > # read only = No > # inherit acls = Yes > # veto files = /aquota.user/groups/shares/ > > ## Share disabled by YaST > # [groups] > # comment = All groups > # path = /home/groups > # read only = No > # inherit acls = Yes > > ## Share disabled by YaST > # [printers] > # comment = All Printers > # path = /var/tmp > # printable = Yes > # create mask = 0600 > # browseable = No > > ## Share disabled by YaST > # [print$] > # comment = Printer Drivers > # path = /var/lib/samba/drivers > # write list = @ntadmin root > # force group = ntadmin > # create mask = 0664 > # directory mask = 0775 > > [arbeitsprogramme] >comment = Alle Arbeitsprogramme >inherit acls = Yes >path = /home/Arbeitsprogramme >read only = No >guest ok = Yes > > [dokumente & bilder] >comment = Alle Dokumente & Bilder >inherit acls = Yes >path = /home/Documents >read only = No >guest ok = Yes > > ## Share disabled by YaST > # [netlogon] > > > > > > Am 26.04.2010 um 14:00 schrieb Michael Post: > >> Hello Grant, >> >> thanks for your reply. >> >> Sorry for my fault. >> >> It's a samba which comes default with opensuse 11.2. >> >> $: smbd -V >> Version 3.4.2-1.1.3.1-2229 SUSE-SL11.2 >> >> Attached the smb.conf. >> >> If you need more information please let me know. >> >> >> Thanks for your support, >> >> Michael >> >> >> >> >> >> Michael Post >> >> Am 22.04.2010 um 08:08 schrieb grant little: >> >>> >>> >>> On Wed, Apr 21, 2010 at 12:08 PM, Michael Post wrote: >>> Hello, >>> >>> i replaced a windows-file-server with a linux-server and samba. >>> All clients run under Windows xp in an 100 mbit network. >>> With the windows solution i got no problems with the speed. >>> >>> With my linux-samba-solution we detect a very slow network. >>> Per example i open a windows.xls or windows.doc file and this runs 30 >>> seconds and more. Othertime i can open the documents in 5-10 seconds. >>> >>> Has anybody any ideas? >>> >>> Parallel to this mail i check my network connection and parameters of the >>> network interface (dma, mtu, etc). >>> >>> Thanks a lot, >>> >>> Michael >>> -- >>> >>> Michael, >>> >>> you may get more response if you tell the list what distro and version of >>> linux and what version of samba you are using and also your smb.conf file. >>> Right now there's not enough info for anyone to even hazard a guess. >>> >>> >>> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Network so slow
Again. Here my smb.conf. # smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the # samba-doc package is installed. # Date: 2009-10-27 [global] workgroup = netz passdb backend = tdbsam printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = Yes add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain logons = No domain master = No security = user wins support = Yes netbios name = server max protocol = NT1 ## Share disabled by YaST # [homes] # comment = Home Directories # valid users = %S, %D%w%S # browseable = No # read only = No # inherit acls = Yes ## Share disabled by YaST # [profiles] # comment = Network Profiles Service # path = %H # read only = No # store dos attributes = Yes # create mask = 0600 # directory mask = 0700 ## Share disabled by YaST # [users] # comment = All users # path = /home # read only = No # inherit acls = Yes # veto files = /aquota.user/groups/shares/ ## Share disabled by YaST # [groups] # comment = All groups # path = /home/groups # read only = No # inherit acls = Yes ## Share disabled by YaST # [printers] # comment = All Printers # path = /var/tmp # printable = Yes # create mask = 0600 # browseable = No ## Share disabled by YaST # [print$] # comment = Printer Drivers # path = /var/lib/samba/drivers # write list = @ntadmin root # force group = ntadmin # create mask = 0664 # directory mask = 0775 [arbeitsprogramme] comment = Alle Arbeitsprogramme inherit acls = Yes path = /home/Arbeitsprogramme read only = No guest ok = Yes [dokumente & bilder] comment = Alle Dokumente & Bilder inherit acls = Yes path = /home/Documents read only = No guest ok = Yes ## Share disabled by YaST # [netlogon] Am 26.04.2010 um 14:00 schrieb Michael Post: > Hello Grant, > > thanks for your reply. > > Sorry for my fault. > > It's a samba which comes default with opensuse 11.2. > > $: smbd -V > Version 3.4.2-1.1.3.1-2229 SUSE-SL11.2 > > Attached the smb.conf. > > If you need more information please let me know. > > > Thanks for your support, > > Michael > > > > > > Michael Post > > Am 22.04.2010 um 08:08 schrieb grant little: > >> >> >> On Wed, Apr 21, 2010 at 12:08 PM, Michael Post wrote: >> Hello, >> >> i replaced a windows-file-server with a linux-server and samba. >> All clients run under Windows xp in an 100 mbit network. >> With the windows solution i got no problems with the speed. >> >> With my linux-samba-solution we detect a very slow network. >> Per example i open a windows.xls or windows.doc file and this runs 30 >> seconds and more. Othertime i can open the documents in 5-10 seconds. >> >> Has anybody any ideas? >> >> Parallel to this mail i check my network connection and parameters of the >> network interface (dma, mtu, etc). >> >> Thanks a lot, >> >> Michael >> -- >> >> Michael, >> >> you may get more response if you tell the list what distro and version of >> linux and what version of samba you are using and also your smb.conf file. >> Right now there's not enough info for anyone to even hazard a guess. >> >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Network so slow
Hello Grant, thanks for your reply. Sorry for my fault. It's a samba which comes default with opensuse 11.2. $: smbd -V Version 3.4.2-1.1.3.1-2229 SUSE-SL11.2 Attached the smb.conf. If you need more information please let me know. Thanks for your support, Michael Michael Post Am 22.04.2010 um 08:08 schrieb grant little: > > > On Wed, Apr 21, 2010 at 12:08 PM, Michael Post wrote: > Hello, > > i replaced a windows-file-server with a linux-server and samba. > All clients run under Windows xp in an 100 mbit network. > With the windows solution i got no problems with the speed. > > With my linux-samba-solution we detect a very slow network. > Per example i open a windows.xls or windows.doc file and this runs 30 seconds > and more. Othertime i can open the documents in 5-10 seconds. > > Has anybody any ideas? > > Parallel to this mail i check my network connection and parameters of the > network interface (dma, mtu, etc). > > Thanks a lot, > > Michael > -- > > Michael, > > you may get more response if you tell the list what distro and version of > linux and what version of samba you are using and also your smb.conf file. > Right now there's not enough info for anyone to even hazard a guess. > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind 3.5.2 caching issues under SLES11???
Ok, there is no bug. I looked through the smb.conf and added the following parameters: idmap cache time = 1 idmap negative cache time = 1 winbind cache time = 1 Now SLES11 acts as expected. Also I noticed that running a su - "username" is not the same as wbinfo -a. :) Thanks and Regards, Oliver -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Undocumented TDB files
Chris Smith wrote: >> /var/lib/samba/locking.tdb >> /var/lib/samba/wins.tdb >> /var/lib/samba/mutex.tdb >> >> which are not documented in > >Try: >http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html > >mutex.tdb is still missing but the two areas should be complete and >consistent in information Thanks, I hadn't spotted that page. Although: - group_mapping.tdb should be group_mapping.ldb - "printing directory: preserve Y" conflicts with "printing/*.tdb: backup no" from the Official HOWTO Moray. "To err is human. To purr, feline" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind 3.5.2 caching issues under SLES11???
On 2010/04/23 10:58 PM, Chris Smith wrote: Don't know if it's related but on 2 systems with 3.5.2 I could not get the new idmap backend (moved from tdb to rid) to work without deleting the gencache* tdb's in addition to the winbind ones. I had the same problem on 3.4.7 moving from tdb to ldap. I also had get rid of nscd which for some reason Debian always installs with Samba. I was confused because everything would come right after a reboot. I thought that Samba is emulating Windows a little TOO closely! I wrote this little script while I was messing with different idmap options: #!/bin/sh # # stop samba, reset cache and restart /etc/init.d/winbind stop /etc/init.d/samba stop rm -f /var/run/samba/gencache.tdb rm -f /var/cache/samba/*.tdb /etc/init.d/samba start /etc/init.d/winbind start /etc/init.d/nslcd restart -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind 3.5.2 caching issues under SLES11???
On Mon, Apr 26, 2010 at 10:48:19AM +0200, Oliver Weinmann wrote: > Ok, I have now deleted the netsamlogon_cache.tdb, restarted the samba > service and logged in as the user. The groups are now no longer shown. I > tried the same steps again with a different user and the problem is the > same again. This time it was sufficient to restart the samba service. I > wonder why on the SLES9 system the change is immediately effective but > on the SLES11 box I need to restart the winbind service? The configs are > exactly the same on both machines. If you can reproduce that after wbinfo -a (or a similar operation) you get wrong nss information (group memberships etc), then we have a severe bug that needs fixing. Please provide us detailed information how to reproduce this problem. Ah, please also make sure that you reproduce this without nscd, that one could also cache things. Thanks, Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind 3.5.2 caching issues under SLES11???
netsamlogon_cache.tdb is probably the culprit. Once you log in using pam or for example wbinfo -a the problem should be gone. Volker Ok, I have now deleted the netsamlogon_cache.tdb, restarted the samba service and logged in as the user. The groups are now no longer shown. I tried the same steps again with a different user and the problem is the same again. This time it was sufficient to restart the samba service. I wonder why on the SLES9 system the change is immediately effective but on the SLES11 box I need to restart the winbind service? The configs are exactly the same on both machines. Anyway thanks for pointing this out Volker. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind 3.5.2 caching issues under SLES11???
On Mon, Apr 26, 2010 at 09:51:47AM +0200, Oliver Weinmann wrote: > > Deleting the tdb files didn't solve the problem. It's really weird. For > example I have a AD user that is member of three groups: > > Domain users (primary) > > And two other project groups. > > I removed him from the two project groups, the change is immediately > effective under SLES9 3.5.2 Winbind but on the SLES11 system, even after > a reboot the change is still not effective. I wonder where the hell this > is beeing cached? Because if the winbind daemon would query active > directory it should no longer list this user as a member of the two > project groups. > > The Behaviour is the same throughout all of our SLES11 machines. netsamlogon_cache.tdb is probably the culprit. Once you log in using pam or for example wbinfo -a the problem should be gone. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind 3.5.2 caching issues under SLES11???
Deleting the tdb files didn't solve the problem. It's really weird. For example I have a AD user that is member of three groups: Domain users (primary) And two other project groups. I removed him from the two project groups, the change is immediately effective under SLES9 3.5.2 Winbind but on the SLES11 system, even after a reboot the change is still not effective. I wonder where the hell this is beeing cached? Because if the winbind daemon would query active directory it should no longer list this user as a member of the two project groups. The Behaviour is the same throughout all of our SLES11 machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba