Re: [Samba] Problems with W2K8R2 <-> S4 replication&In-Reply-To=<3caanlktini5dnytlniojootiapcd2fpapnsbfo7mfxu...@mail.gmail.com>

[Michael Wood]

On 23 May 2010 19:32, Dmitry A. Khromov  wrote:
>
> Michael Wood  wrote:
>>I am not sure if this is the problem, but make sure the time is
>>correct on both machines. I got what I think were similar errors when
>>my VM decided to get 2 hours out of sync with reality.
>
> Time is synchronized via NTP and kinit works fine, however, I've done
> ntpdate with dc0 for sure:
>
> dc1 samba # ntpdate dc0.klin.kifato-mk.com
> 23 May 20:37:21 ntpdate[28533]: adjust time server 192.168.1.22 offset
> -0.016606 sec
>
> Also I've noticed that after successful initial (first run after net
> vampire) DNS records update I get the following in my samba.log:
> --
> dc1 samba # cat  var/samba.log | grep -A 2 -B 1 TSIG
> [Sun May 23 14:02:18 2010 MSD, 0
> ../../lib/util/util_runcmd.c:288:samba_runcmd_io_handler()]
> /usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify
> failure
> [Sun May 23 14:02:18 2010 MSD, 0
> ../../lib/util/util_runcmd.c:288:samba_runcmd_io_handler()]
> /usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
> --[output truncated]--

These are because your dynamic DNS updates are not correctly
configured.  I am not sure exactly how to configure this correctly.  I
thought I had it working and then found later that it actually wasn't.
 I suspect you will need to read the bind9 documentation and you might
have to turn up named's debug level.

> Also, I've tried to rejoin Samba (by deleting /usr/local/samba entirely,
> invoking "metadata cleanup" in ntdsutil, deleting computer object in AD U&C
> and cleaning up DNS entries), result is slightly different - the log still
> floods with errors (more than 6 hours already). And yes, at least part of
> replication is working - I may modify users/computers objects in AD U&C and
> the changes will be synchronized in tens of seconds. However - I still want
> to try Samba as the only DC in domain (and need to transfer roles before
> demoting dc0).

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.5, logon drive

[Steve Wolfe]

I upgraded from 3.0.25 to 3.5.3, and all has been well, with one exception.
In my smb.conf, I have the line:

[global]
logon drive = P:

Under the old version, that would automatically map their home directory as
their P drive.  However, under 3.5, the P drive is no longer mapped.  Are
there any gotchas that I should be looking for?

steve
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + CUPS

[Nick Couchman]

> The -o job-hold-until=when option tells CUPS to delay printing until the
> "when" time, which can be one of the following:

Well, I found the option in the Printing Preferences under the Windows 
driver, but setting it has no effect - the job prints immediately.  Something 
else I need to do?




This e-mail may contain confidential and privileged material for the sole use 
of the intended recipient.  If this email is not intended for you, or you are 
not responsible for the delivery of this message to the intended recipient, 
please note that this message may contain SEAKR Engineering (SEAKR) 
Privileged/Proprietary Information.  In such a case, you are strictly 
prohibited from downloading, photocopying, distributing or otherwise using this 
message, its contents or attachments in any way.  If you have received this 
message in error, please notify us immediately by replying to this e-mail and 
delete the message from your mailbox.  Information contained in this message 
that does not relate to the business of SEAKR is neither endorsed by nor 
attributable to SEAKR.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 - List of options for smb.conf

[Jeremy Allison]

On Mon, May 24, 2010 at 08:33:30PM +0100, Lukasz Zalewski wrote:
> Hi Andrew,
> This seems to show some of the default parameters, but what about  
> non-default/optional ones (like share permissions) and % variables?
> Seems like %U and %G are not honoured, and have been replaced by longer  
> version, i.e. testparam -v shows two of them
> template homedir = /home/%WORKGROUP%/%ACCOUNTNAME%
>
> Can one assume that %G will be %GROUPNAME%?
> Is there a validation schema/definition file for those parameters?  
> Alternatively which bit of code is responsible for parsing and  
> validating them?

As the merge proceeds we will start merging the parameter
lists so all the old % variables should still be supported.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] multi-homed samba PDC and NetApp filers

[Carl G. Riches]

On Sun, 2010-05-16 at 19:23 -0700, Carl G. Riches wrote:
> On Fri, 14 May 2010, John H Terpstra wrote:
> 
> > On 05/14/2010 07:14 PM, Carl G. Riches wrote:
> >> We are having a problem getting a NetApp filer to re-join a samba
> >> domain after a move to a new network.  The filer worked fine with
> >> samba before the move.  Apologies in advance for the long missive.
> >>
> >> I've tried the following:
> >>
> >>   - re-running the CIFS setup program on the filer
> >>   - removing the problem filer's samba account, replacing it, and
> >> re-running the setup program on the filer
> >>   - creating a new machine account on the samba server and re-
> >> running the setup program on the filer
> >>
> >> None of these worked.  I also looked through a number of mailing
> >> list postings about NetApp filers and samba but didn't find any-
> >> thing to help.
> >>
> >> Has anyone gone through this before and provide insight into
> >> this problem?
> >
> > Do you happen to specify in your /etc/samba/smb.conf file:
> > interfaces = "list of interfaces"
> > bind interfaces only = Yes
> >
> > If so, remove them, then retry the domain join.  After successfully
> > joining you ca re-enable these parameters.
> >
> > Please let me know if that is the solution.
> >
> 
> That's part of the solution.  The NetApp filer now shows up in Windows PC 
> browse lists, but we still can't get a PC (or the samba server itself) to 
> mount a CIFS file share from the filer.  Does anyone have a suggestion for 
> what to try next?  Here's what I've done so far:
> 
> I commented out these lines in /etc/samba/smb.conf:
> 
>;   interfaces = 127.0.0.1 10.142.36.94/27 10.142.36.192/26 
> 10.142.36.125/27
>;   bind interfaces only = yes
> 
> and restarted samba, then restarted CIFS on the NetApp filer.  Tcpdump on 
> the samba server now looks like this:
> 
>18:45:57.189347 IP gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns > 
> mead.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): QUERY; 
> REQUEST; UNICAST
>18:45:57.189425 IP mead.in.gcc.biostat.washington.edu.netbios-ns > 
> gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): QUERY; 
> POSITIVE; RESPONSE; UNICAST
>18:45:59.137275 IP gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns > 
> mead.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): 
> REGISTRATION; REQUEST; UNICAST
>18:45:59.137390 IP mead.in.gcc.biostat.washington.edu.netbios-ns > 
> gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): 
> REGISTRATION; POSITIVE; RESPONSE; UNICAST
> 
> These message are on the filer's console:
> 
>Sun May 16 18:46:29 PDT [auth.dc.DCPasswdChange.failed:error]: AUTH: The
>filer's attempt to change the shared password with filer's domain
>controller failed with status 0xc05e: Scheduled automatic password
>change failed. The filer will retry in 1 hour.
> 
> At this point the filer shows up in a Windows PC's browse list.
> 
> An attempt to mount a share from the filer on the samba server using this 
> command:
> 
>mount -t cifs //10.208.235.134/geneva_fc /mnt -o username=cgr,domain=UWT-15
> 
> fails with this message:
> 
>mount error 5 = Input/output error
>Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> 
> and these lines show up in /var/log/debug:
> 
>May 16 18:49:49 mead kernel: Status code returned 0xc05e 
> NT_STATUS_NO_LOGON_SERVERS
>May 16 18:49:49 mead kernel:  CIFS VFS: Send error in SessSetup = -5
>May 16 18:49:49 mead kernel:  CIFS VFS: cifs_mount failed w/return code = 
> -5
> 
> An attempt to map the above share to a drive (Z:) on a Windows PC fails 
> with the message:
> 
>The mapped network drive could not be created because the following
>error has occurred:
> 
>There are currently no logon servers available to service the logon
>request.
> 
> These messages appeared on the filer's console during the drive mapping 
> request:
> 
>Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: 
> TraceDC- Starting DC address discovery for UWT-15.
>Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: 
> TraceDC- Found no DC addresses using generic DNS query.
>Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: 
> TraceDC- Starting WINS queries.
>Sun May 16 19:01:22 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: 
> TraceDC- Found no BDC addresses through WINS.
>Sun May 16 19:01:25 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: 
> TraceDC- Found no PDC addresses through WINS.
>Sun May 16 19:01:25 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: 
> TraceDC- DC address discovery for UWT-15 complete. 0 unique addresses found.
> 
> The WINS server has been defined:
> 
>options.cifs.wins_servers=10.142.36.94
> 
> which is the samba server.  We have this line in the /etc/samba/smb.conf 
> file:
> 
>wins su

Re: [Samba] Samba + CUPS

[Nick Couchman]

> for printer queue holding managed by cups so can be deployed on any printer.

> have a look at the following cups options

> Holding Jobs for Later Printing

> The -o job-hold-until=when option tells CUPS to delay printing until the
> "when" time, which can be one of the following:

> * -o job-hold-until=indefinite; print only after released by the user or
> an administrator
> * -o job-hold-until=day-time; print from 6am to 6pm local time
> * -o job-hold-until=night; print from 6pm to 6am local time
> * -o job-hold-until=second-shift; print from 4pm to 12am local time
> * -o job-hold-until=third-shift; print from 12am to 8am local time
> * -o job-hold-until=weekend; print on Saturday or Sunday
> * -o job-hold-until=HH:MM; print at the specified UTC time

Okay - I'm definitely open to this possibility.  Do the CUPS Windows drivers 
support the use of these options?  The main place where I need the job hold 
support is for Windows-based clients, so I need to make sure it works okay 
there.

Thanks!
-Nick




This e-mail may contain confidential and privileged material for the sole use 
of the intended recipient.  If this email is not intended for you, or you are 
not responsible for the delivery of this message to the intended recipient, 
please note that this message may contain SEAKR Engineering (SEAKR) 
Privileged/Proprietary Information.  In such a case, you are strictly 
prohibited from downloading, photocopying, distributing or otherwise using this 
message, its contents or attachments in any way.  If you have received this 
message in error, please notify us immediately by replying to this e-mail and 
delete the message from your mailbox.  Information contained in this message 
that does not relate to the business of SEAKR is neither endorsed by nor 
attributable to SEAKR.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + CUPS

[Damien J Dye]

-Original Message-
From: Nick Couchman [mailto:nick.couch...@seakr.com] 
Sent: 24 May 2010 22:58
To: Damien J Dye; 'Ryan Suarez'
Cc: samba@lists.samba.org
Subject: RE: [Samba] Samba + CUPS

> 
>> 
>> the whole point of using CUPS is to get rid of the broken drivers in the
>> first place 
>> 
>> all PPD options are passed though to the windows client 
>> http://svn.easysw.com/public/windows/trunk/x64/
>> http://svn.easysw.com/public/windows/trunk/i386/
>> 
> 

This may just work, except that the PPD file provided by Ricoh does not
contain the option for the Document Server functionality on the copier, so I
can't send jobs to the "Hold Queue" or document "mailboxes" on the copier.
I'm going to hit Ricoh up about that one - seems like something that should
be in the PPD file.

-Nick


Nick 

for printer queue holding managed by cups so can be deployed on any printer.

have a look at the following cups options

Holding Jobs for Later Printing

The -o job-hold-until=when option tells CUPS to delay printing until the
"when" time, which can be one of the following:

* -o job-hold-until=indefinite; print only after released by the user or
an administrator
* -o job-hold-until=day-time; print from 6am to 6pm local time
* -o job-hold-until=night; print from 6pm to 6am local time
* -o job-hold-until=second-shift; print from 4pm to 12am local time
* -o job-hold-until=third-shift; print from 12am to 8am local time
* -o job-hold-until=weekend; print on Saturday or Sunday
* -o job-hold-until=HH:MM; print at the specified UTC time

more options 
http://www.cups.org/documentation.php/options.html

users can then login to cups and release their jobs from a web interface.

unfortunately am not aware of the document "mailboxes" concept so I am not
able to advise on that one.

Regards

---
Damien



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Upgrading Samba

[Steve Wolfe]

  Perfect!  On the test server, I just upgraded, did 'pdbedit -i smbpasswd
-e tdbsam', and everything seems to have worked.  Thank you very much.

steve

On Mon, May 24, 2010 at 3:00 PM, Gaiseric Vandal
wrote:

> On 05/24/2010 04:46 PM, Steve Wolfe wrote:
>
>> I have a fairly old Samba server, 3.0.25, on CentOS 4.8.  I'd like to
>> update
>> it to something more modern, so I grabbed the "Enterprise Samba" 3.5 RPMs
>> for RHEL, and went to work on a test machine.
>>
>> After upgrading via "rpm -U ./*.rpm", starting nmbd and smbd, I can no
>> longer log in to the domain, I get:
>>
>> netlogon_creds_server_check failed. Rejecting auth request from client
>> FREESCALE machine account FREESCALE$
>>
>> While /etc/samba/smbpasswd remains seemingly untouched from the upgrade, I
>> have to delete and recreate each account before it will let me log in to
>> the
>> domain.
>>
>> Since there are about a hundred workstations (and more accounts), I'd like
>> to make this a more seamless transition... any tips for a newb?
>>
>>
>
> I am guessing that smbpasswd is not in the TDB format supported by Samba
> 3.5.I think the older format got dropped along the way.
>
> Are the user accounts OK?  You could prob use "pdbedit -w" (from the old
> version)  to dump the  accounts to a text file.   And then maybe write a
> script (perl has a nice split command) to parse the file into a list of
> machine names.  And then run something like
>for i in `cat thelist.txt` do
>smbpasswd -x $i
>smbpaswd -m -a $i
>done
>
>
>
> The other option may be to use pdbedit  to dump the passwd to a text or TDB
> file, backup /etc/smbpasswd and then use pdbedit (to reimport the accounts.
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + CUPS

[Nick Couchman]

> 
>> 
>> the whole point of using CUPS is to get rid of the broken drivers in the
>> first place 
>> 
>> all PPD options are passed though to the windows client 
>> http://svn.easysw.com/public/windows/trunk/x64/
>> http://svn.easysw.com/public/windows/trunk/i386/
>> 
> 

This may just work, except that the PPD file provided by Ricoh does not contain 
the option for the Document Server functionality on the copier, so I can't send 
jobs to the "Hold Queue" or document "mailboxes" on the copier.  I'm going to 
hit Ricoh up about that one - seems like something that should be in the PPD 
file.

-Nick




This e-mail may contain confidential and privileged material for the sole use 
of the intended recipient.  If this email is not intended for you, or you are 
not responsible for the delivery of this message to the intended recipient, 
please note that this message may contain SEAKR Engineering (SEAKR) 
Privileged/Proprietary Information.  In such a case, you are strictly 
prohibited from downloading, photocopying, distributing or otherwise using this 
message, its contents or attachments in any way.  If you have received this 
message in error, please notify us immediately by replying to this e-mail and 
delete the message from your mailbox.  Information contained in this message 
that does not relate to the business of SEAKR is neither endorsed by nor 
attributable to SEAKR.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Upgrading Samba

[Dale Schroeder]

On 05/24/2010 3:46 PM, Steve Wolfe wrote:

I have a fairly old Samba server, 3.0.25, on CentOS 4.8.  I'd like to update
it to something more modern, so I grabbed the "Enterprise Samba" 3.5 RPMs
for RHEL, and went to work on a test machine.

After upgrading via "rpm -U ./*.rpm", starting nmbd and smbd, I can no
longer log in to the domain, I get:

netlogon_creds_server_check failed. Rejecting auth request from client
FREESCALE machine account FREESCALE$

While /etc/samba/smbpasswd remains seemingly untouched from the upgrade, I
have to delete and recreate each account before it will let me log in to the
domain.
   
If you were using smbpasswd as the passdb backend, note that the default 
changed to tdbsam in version 3.4.0.

http://www.samba.org/samba/history/samba-3.4.0.html
To continue to use smbpasswd, you would have to declare it in smb.conf.
passdb backend = smbpasswd.


Since there are about a hundred workstations (and more accounts), I'd like
to make this a more seamless transition... any tips for a newb?
   

You could also export your existing smbpasswd to tdbsam.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing


   Account Import/Export

The |pdbedit| tool allows import/export of authentication (account) 
databases from one backend to another. For example, to import/export 
accounts from an old |smbpasswd| database to a /|tdbsam|/ backend:


  1.

 |root# |*|pdbedit -i smbpasswd -e tdbsam|*

  2.

 Replace the /|smbpasswd|/ with /|tdbsam|/ in the /|passdb
 backend|/ configuration in |smb.conf|.


Dale
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Upgrading Samba

[Gaiseric Vandal]

On 05/24/2010 04:46 PM, Steve Wolfe wrote:

I have a fairly old Samba server, 3.0.25, on CentOS 4.8.  I'd like to update
it to something more modern, so I grabbed the "Enterprise Samba" 3.5 RPMs
for RHEL, and went to work on a test machine.

After upgrading via "rpm -U ./*.rpm", starting nmbd and smbd, I can no
longer log in to the domain, I get:

netlogon_creds_server_check failed. Rejecting auth request from client
FREESCALE machine account FREESCALE$

While /etc/samba/smbpasswd remains seemingly untouched from the upgrade, I
have to delete and recreate each account before it will let me log in to the
domain.

Since there are about a hundred workstations (and more accounts), I'd like
to make this a more seamless transition... any tips for a newb?
   


I am guessing that smbpasswd is not in the TDB format supported by Samba 
3.5.I think the older format got dropped along the way.


Are the user accounts OK?  You could prob use "pdbedit -w" (from the old 
version)  to dump the  accounts to a text file.   And then maybe write a 
script (perl has a nice split command) to parse the file into a list of 
machine names.  And then run something like

for i in `cat thelist.txt` do
smbpasswd -x $i
smbpaswd -m -a $i
done



The other option may be to use pdbedit  to dump the passwd to a text or 
TDB file, backup /etc/smbpasswd and then use pdbedit (to reimport the 
accounts.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Upgrading Samba

[Steve Wolfe]

I have a fairly old Samba server, 3.0.25, on CentOS 4.8.  I'd like to update
it to something more modern, so I grabbed the "Enterprise Samba" 3.5 RPMs
for RHEL, and went to work on a test machine.

After upgrading via "rpm -U ./*.rpm", starting nmbd and smbd, I can no
longer log in to the domain, I get:

netlogon_creds_server_check failed. Rejecting auth request from client
FREESCALE machine account FREESCALE$

While /etc/samba/smbpasswd remains seemingly untouched from the upgrade, I
have to delete and recreate each account before it will let me log in to the
domain.

Since there are about a hundred workstations (and more accounts), I'd like
to make this a more seamless transition... any tips for a newb?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] unable to join to a Samba4 domain

[Mike Leone]

On 5/24/2010 3:39 PM, Tomasz Chmielewski had this to say:

Am 23.05.2010 13:51, Lukasz Zalewski wrote:

On 21/05/2010 16:56, Tomasz Chmielewski wrote:

Am 21.05.2010 06:25, Andrew Bartlett wrote:


When you provisioned samba4 it generated sample bind and zone config
for
that dc,
have a look at samba_install_dir/private/dns/samba4.my.domain.zone
which includes all of the dns records for that zone and see which ones
you are missing


Indeed, if you used a zone file other than the one we generated, then
you are asking for trouble. Please us the one we generate.


I'm using the zone generated by Samba (and did not modify it).




Tomasz,
How are you performing the join?


The "normal way": my Computer-> Properties -> Domain... (is it possible
to join a Windows PC differently)?


You can join from the command line using the NETDOM utility.

--
Michael J. Leone, 

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: 

USER ERROR: replace user and press any key to continue.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] unable to join to a Samba4 domain

[Tomasz Chmielewski]

Am 23.05.2010 13:51, Lukasz Zalewski wrote:

On 21/05/2010 16:56, Tomasz Chmielewski wrote:

Am 21.05.2010 06:25, Andrew Bartlett wrote:


When you provisioned samba4 it generated sample bind and zone config
for
that dc,
have a look at samba_install_dir/private/dns/samba4.my.domain.zone
which includes all of the dns records for that zone and see which ones
you are missing


Indeed, if you used a zone file other than the one we generated, then
you are asking for trouble. Please us the one we generate.


I'm using the zone generated by Samba (and did not modify it).




Tomasz,
How are you performing the join?


The "normal way": my Computer-> Properties -> Domain... (is it possible 
to join a Windows PC differently)?


If it makes a difference, I'm trying to join a Windows 2008 computer.

--
Tomasz Chmielewski
http://wpkg.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 - List of options for smb.conf

[Lukasz Zalewski]

On 22/04/2010 12:14, Andrew Bartlett wrote:

On Tue, 2010-04-20 at 12:44 -0400, Stuart Wehrly wrote:

Is there a list of options for smb.conf?


Sadly Samba4 does lack documentation.  But testparm -v from Samba4
should get you what you want.

Andrew Bartlett




Hi Andrew,
This seems to show some of the default parameters, but what about 
non-default/optional ones (like share permissions) and % variables?
Seems like %U and %G are not honoured, and have been replaced by longer 
version, i.e. testparam -v shows two of them

template homedir = /home/%WORKGROUP%/%ACCOUNTNAME%

Can one assume that %G will be %GROUPNAME%?
Is there a validation schema/definition file for those parameters? 
Alternatively which bit of code is responsible for parsing and 
validating them?


Many Thanks

Luk
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SOLVED! Samba PDC [3.5.3], Windows 7 Pro 64 bit, Temporary local profile for a specific user

[Tom Reijnders]

I managed to solve this one...

I restarted my internet search, but now NOT assuming it was a Samba 
problem, but a Windows 7 specific problem:


The solution is provided here:

http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/50ccd066-77d6-45a7-97aa-061a9fc1287c

And indeed, my account was a member of the Domain Guests!

Tom

Op 24-5-2010 15:25, Tom Reijnders schreef:

L.S.,

I searched the internet and though there were lots of problems with 
profile, I haven't found a solution to my specific problem.


 - Samba server running on OpenSuse 11.1 with a ldap backend acting as 
PDC.
 - I have a new Windows 7 pro 64 bit client that has been added 
succesfully to the domain (with the required registry patches)


I do not want to use roaming profiles, so logon path is empty in 
smb.conf.


I can login to the win7 machine using an ordinary Domain User account, 
and a Domain Admin account and a local profile is created, like expected.


However if I want to login using MY account, which is a Domain admin 
account, I get a local temporary profile!! I don NOT get an error on 
the Windows 7 machine. (Not on screen, not in the event log).


I went as far as reinstalling the Win7 machine, making sure that no 
reference to the user name of my account is made, so there is NO local 
user with my login name.

Still this happens.

I still am convinced that it has to do something with the settings of 
my ACCOUNT on the server, but I can't find out how or where.


I made sure that the sambaHomePath, sambaHomeDir and sambaProfilePath 
in my LDAP account is empty. I compared my LDAP settings with the 
DomainAdmin account that is working, but to no avail.


Does anyone have any idea how to debug this?

Thanks!

Regards,

Tom



--
--

Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with W2K8R2 <-> S4 replication&In-Reply-To=<3caanlktini5dnytlniojootiapcd2fpapnsbfo7mfxu...@mail.gmail.com>

[Dmitry A. Khromov]

Michael Wood  wrote:
>I am not sure if this is the problem, but make sure the time is
>correct on both machines. I got what I think were similar errors when
>my VM decided to get 2 hours out of sync with reality.

Time is synchronized via NTP and kinit works fine, however, I've done 
ntpdate with dc0 for sure:


dc1 samba # ntpdate dc0.klin.kifato-mk.com
23 May 20:37:21 ntpdate[28533]: adjust time server 192.168.1.22 offset 
-0.016606 sec


Also I've noticed that after successful initial (first run after net 
vampire) DNS records update I get the following in my samba.log:

--
dc1 samba # cat  var/samba.log | grep -A 2 -B 1 TSIG
[Sun May 23 14:02:18 2010 MSD, 0 
../../lib/util/util_runcmd.c:288:samba_runcmd_io_handler()]
/usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: tsig 
verify failure
[Sun May 23 14:02:18 2010 MSD, 0 
../../lib/util/util_runcmd.c:288:samba_runcmd_io_handler()]

/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
--[output truncated]--

Also, I've tried to rejoin Samba (by deleting /usr/local/samba entirely, 
invoking "metadata cleanup" in ntdsutil, deleting computer object in AD 
U&C and cleaning up DNS entries), result is slightly different - the log 
still floods with errors (more than 6 hours already). And yes, at least 
part of replication is working - I may modify users/computers objects in 
AD U&C and the changes will be synchronized in tens of seconds. However 
- I still want to try Samba as the only DC in domain (and need to 
transfer roles before demoting dc0).


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba PDC [3.5.3], Windows 7 Pro 64 bit, Temporary local profile for a specific user

[Tom Reijnders]

L.S.,

I searched the internet and though there were lots of problems with 
profile, I haven't found a solution to my specific problem.


 - Samba server running on OpenSuse 11.1 with a ldap backend acting as PDC.
 - I have a new Windows 7 pro 64 bit client that has been added 
succesfully to the domain (with the required registry patches)


I do not want to use roaming profiles, so logon path is empty in smb.conf.

I can login to the win7 machine using an ordinary Domain User account, 
and a Domain Admin account and a local profile is created, like expected.


However if I want to login using MY account, which is a Domain admin 
account, I get a local temporary profile!! I don NOT get an error on the 
Windows 7 machine. (Not on screen, not in the event log).


I went as far as reinstalling the Win7 machine, making sure that no 
reference to the user name of my account is made, so there is NO local 
user with my login name.

Still this happens.

I still am convinced that it has to do something with the settings of my 
ACCOUNT on the server, but I can't find out how or where.


I made sure that the sambaHomePath, sambaHomeDir and sambaProfilePath in 
my LDAP account is empty. I compared my LDAP settings with the 
DomainAdmin account that is working, but to no avail.


Does anyone have any idea how to debug this?

Thanks!

Regards,

Tom

--
--

Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] 3.4.5->3.5.3 breaks domain logons

[Thomas Burkholder]

At 11:30 AM 5/23/2010, you wrote:

On Sunday 23/05/2010 at 6:44 am, Thomas Burkholder wrote:

I've been trying to upgrade from samba 3.4.5 to 3.5.x (currently 3.5.3) on
a Ubuntu 9.10 system where I compile my own Samba. The server is a PDC for
several win2000 clients and uses an LDAP backend hosted on the same
machine. After the upgrade, clients can connect to shares but can not
perform domain logons.


So, when they log on to windows, they get "The domain does not exist or 
trust account not found" message?


If so, your machine accounts may be broken.  Try rejoining the machine to 
the domain using the Windows network ID wizard.


Sorry, I should have given the text of the windows error: "Controller for 
the domain could not be found." This is at odds with the Samba log that 
shows the client does find the controller, but then stops talking.


Thanks for the suggestion.  Rejoining the domain does not help, and Samba 
still throws the "Scheduled cleanup brl and lock database after unclean 
shutdown" or "Cleaning up brl and lock database after unclean shutdown" 
messages.





3.5.3 does not build a browse list of other domains
on the subnet. Executing "net view /DOMAIN:mydomain" on the client
produces an error 59 or error 64.

Log-3 during the net view is basically the same between 3.4.5 and 3.5.3,
and I can see both successfully connect, negotiate sign/seal, and
authenticate a guest session with LDAP. After that, the working 3.4.5 log
says:


[2010/05/23 08:33:34, 3] smbd/service.c:1047(make_connection_snum)
CLIENT (x.x.x.x) connect to service IPC$ initially as user nobody
(uid=65534, gid=65534) (pid 2454)
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/reply.c:759(reply_tcon_and_X)
tconX service=IPC$
[2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb)
Transaction 4 of length 129 (0 toread)
[2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message)
switch message SMBtrans (pid 2454) conn 0xb9034f58
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/ipc.c:536(handle_trans)
trans <\PIPE\LANMAN> data=0 params=33 setup=0
[2010/05/23 08:33:34, 3] smbd/ipc.c:487(named_pipe)
named pipe command on  name
[2010/05/23 08:33:34, 3] smbd/lanman.c:4694(api_reply)
Got API command 104 of form  
(tdscnt=0,tpscnt=33,mdrcnt=4200,mprcnt=8)
[2010/05/23 08:33:34, 3] smbd/lanman.c:4698(api_reply)
Doing NetServerEnum
[2010/05/23 08:33:34, 3] smbd/lanman.c:1511(api_RNetServerEnum)
NetServerEnum domain = mydomain uLevel=1 counted=1 total=1
[2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb)
Transaction 5 of length 43 (0 toread)
[2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message)
switch message SMBulogoffX (pid 2454) conn 0x0
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/reply.c:1948(reply_ulogoffX)
ulogoffX vuid=100
[2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb)
Transaction 6 of length 39 (0 toread)
[2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message)
switch message SMBtdis (pid 2454) conn 0xb9034f58
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/service.c:1226(close_cnum)
CLIENT (x.x.x.x) closed connection to service IPC$
[2010/05/23 08:33:34, 3] smbd/connection.c:31(yield_connection)
Yielding connection to IPC$
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/connection.c:31(yield_connection)
Yielding connection to
[2010/05/23 08:33:34, 3] smbd/server.c:845(exit_server_common)
Server exit (failed to receive smb request)


where the not-working 3.5.3 says

[2010/05/23 08:25:50.455781, 3] smbd/service.c:1069(make_connection_snum)
CLIENT (x.x.x.x) connect to service IPC$ initially as user nobody
(uid=65534, gid=65534) (pid 2128)
[2010/05/23 08:25:50.455844, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:25:50.455914, 3] smbd/reply.c:846(reply_tcon_and_X)
tconX service=IPC$
[2010/05/23 08:25:50.458037, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:25:50.458221, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:25:50.458326, 3] smbd/service.c:1250(close_cnum)
CLIENT (x.x.x.x) closed connection to service IPC$
[2010/05/23 08:25:50.458394, 3] smbd/connection.c:31(yield_connection)
Yielding connection to IPC$
[2010/05/23 08:25:50.458530, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx =

Re: [Samba] TYPO net.8.xml (Samba 3.5.3)

[Volker Lendecke]

On Mon, May 24, 2010 at 01:40:12AM +0900, ITPFS oota wrote:
> In samba-3.5.3 release documents,I found 1 typo.

Pushed, thanks!

Karolin, you might want to merge this for 3.5.4.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Mapped drive behaviour after Windows reboot

[Graham Keeling]

On Fri, May 21, 2010 at 03:16:00PM +0100, Graham Keeling wrote:
> Hello,
> 
> I was previously using samba-3.3.3 on my linux machine.
> 
> I could 'map a drive' from a Windows XP machine to access files on the linux
> machine.
> 
> If I rebooted the Windows machine, and tried to access the share again by
> clicking on the mapped drive icon, I would be denied, but I would be given a
> prompt in which to type in a username and password.
> 
> The samba log.clients on the linux machine would say this when I tried to
> access the mapped drive:
> smbd/service.c:make_connection_snum(740)
>   create_connection_server_info failed: NT_STATUS_WRONG_PASSWORD
> 
> 
> 
> I've updated to samba-3.4.8. On a reboot now, I am also denied, but I am not
> given username/password prompt.
> Instead I get a box that says this:
> 
> "An error occurred while reconnecting Z: to \\192.168.100.121\admin
> Microsoft Windows Network : More data is available
> The connection has not been restored
> OK"
> 
> The samba log.clients on the linux machine says this for each time I try to
> access the mapped drive:
> smbd/service.c:646(make_connection_snum)
>   create_connection_server_info failed: NT_STATUS_WRONG_PASSWORD
> 
> 
> So, it looks like I am getting blocked for the same reason in both cases, but
> subsequently, the old behaviour of letting me type a username/password in
> made life a lot easier.
> 
> Can anybody advise on how to get the old behaviour back with the new samba,
> or is this a bug for which I need to file a bug report somewhere?


Hmm.
I've just tried samba-3.5.3, and it is has reverted to the 3.3.3 behaviour
of allowing me the chance to type in a username and password.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba