Re: [Samba] Samba permission changes are not applied to active connections
On Thu, Aug 26, 2010 at 04:57:19PM -0700, George Rhoten wrote: > I'm using Samba 3.4.2 with CTDB. If I remove a user from the valid users > list with "net conf setparm Share 'valid users' ..." on the server, and I > connect a new Windows client to the Samba server on Linux, I get a > permission denied for that user, which is correct behavior. > > However, there is a problem for active connections. If I revoke access for a > user with a live connection to a share, the user can continue to modify > files. Between a Windows server and client this type of change is > instantaneous. So I'm seeing different behavior between what Samba/Windows > and Windows/Windows configurations. > > The only alternative I've found is to kill the smbd process of any user > currently logged on, but I'm not sure which share they're connected to. So > maybe I shouldn't be doing that. > > Is there a reliable way to get Samba to pay attention to any permission > changes on live connections? Not at this moment, sorry. There have been attempts by Bo Yang in the past to implement this, but they have dried out. The problem is that we have not figured out the correct semantics yet: What exactly happens with files that are currently open in RW mode? Will writing immediately stop? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 on startup always loads temporary profiles samba 3.4.8
After I stopped the roaming profiles in the registry.
I found out that the only way to copy the Profile folder inside to the
server
from a batch or kixtart-file is:
xcopy %USERPROFILE%\* /Y/H/R/C/E S:\mydomainfolder
IF I used xcopy C:\Users\myname just nothing happened, but file could not be
found
Strange in Windows 7!!??
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Abe Lau
Gesendet: Freitag, 27. August 2010 03:07
An: German Molano
Cc: samba@lists.samba.org
Betreff: Re: [Samba] Windows 7 on startup always loads temporary profiles
samba 3.4.8
On Thu, Aug 26, 2010 at 12:15 AM, German Molano wrote:
> Disable completly the roaming profile behavior Win 7 Workstations, this
> could be done by registry.
>
> HKLM\Software\Policies\Microsoft\Windows\System LocalProfile 1 REG_DWORD
> HKLM\Software\Policies\Microsoft\Windows\System ReadOnlyProfile 1
REG_DWORD
> Remenber that this could takes effect only after a Windows restart ...
>
> Second, disable logon path directive unless you need it
>
> ;logon path = \\%L\homes\%U\profile
> logon path =
>
> If you need it copy a Default profile generated by Windows 7 to this
> folder, you could found it on c:\users folder on any Windows 7
Workstation.
>
> Third there is a registry value on Windows 7, called ProfileList
> HKEY_LOCAL_MACHINE \ SOFTWARE\ Microsoft\ Windows NT \ CurrentVersion \
> ProfileList
>
> Sometimes when you test or login for first time Windows 7 Workstation, it
> will write this registry with the user profile path, I don't know how the
> heck it mixed Temporary profiles with local profiles definition, the
result
> every time you log in with a user it recreates the profile on
c:\users\TEMP
> but the system initially do not recognize the profile as a temporary but
as
> Local or Mobile, depending on your definition. At the logout of the user
> session it treats the profile as a temporary one deleting the TEMP folder
> and all changes you done on it --Nasty thing --.
> So my advice delete those entries where the domain users gets
c:\users\TEMP
> as the default profile path.
>
> Then log in the user to create a truly own Local profile.
>
> I use kixtart tools to do most of this work, i disable the folder
> redirection for those users that use local profiles, to them they use the
> default folders locations. I believe that there is something related with
> the folder redirection setting and this annoying behavior --deleting the
> whole profile--.
>
> I found out a Registry value that affects Windows Vista and 7 Workstations
> MachineProfilePath
> HKLM\Software\Policies\Microsoft\Windows\System
> Is for roaming profiles, but maybe could be tricked to be mobile or
"local"
> if you set local or mobile the path as you need it.
>
>
Hi,
I am getting into this local profile problem with Windows 7 (x64).
Following the thread, and German's previous suggestion of KiXtart, I came up
with using the following KiXtart script to set the registry key with logon
script.
; Disable Roaming Profiles
; Key doesn't seems to exist, create if necessary
IF NOT
KeyExist("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System")
AddKey("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System")
ENDIF
WriteValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System",
"LocalProfile", "1", "REG_DWORD")
WriteValue("HKLM\Software\Policies\Microsoft\Windows\System",
"ReadOnlyProfile", "1", "REG_DWORD")
However, I cannot find the key being created under HKLM\Software, nor
HKLM\Software\Wow6432Node
I am not sure if it is related to 64-bit Windows 7, or if it is a registry
write permission issue, or a KiXtart issue. Any idea how I may target it?
Abe
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 on startup always loads temporary profiles samba 3.4.8
On Thu, Aug 26, 2010 at 12:15 AM, German Molano wrote:
> Disable completly the roaming profile behavior Win 7 Workstations, this
> could be done by registry.
>
> HKLM\Software\Policies\Microsoft\Windows\System LocalProfile 1 REG_DWORD
> HKLM\Software\Policies\Microsoft\Windows\System ReadOnlyProfile 1 REG_DWORD
> Remenber that this could takes effect only after a Windows restart ...
>
> Second, disable logon path directive unless you need it
>
> ;logon path = \\%L\homes\%U\profile
> logon path =
>
> If you need it copy a Default profile generated by Windows 7 to this
> folder, you could found it on c:\users folder on any Windows 7 Workstation.
>
> Third there is a registry value on Windows 7, called ProfileList
> HKEY_LOCAL_MACHINE \ SOFTWARE\ Microsoft\ Windows NT \ CurrentVersion \
> ProfileList
>
> Sometimes when you test or login for first time Windows 7 Workstation, it
> will write this registry with the user profile path, I don't know how the
> heck it mixed Temporary profiles with local profiles definition, the result
> every time you log in with a user it recreates the profile on c:\users\TEMP
> but the system initially do not recognize the profile as a temporary but as
> Local or Mobile, depending on your definition. At the logout of the user
> session it treats the profile as a temporary one deleting the TEMP folder
> and all changes you done on it --Nasty thing --.
> So my advice delete those entries where the domain users gets c:\users\TEMP
> as the default profile path.
>
> Then log in the user to create a truly own Local profile.
>
> I use kixtart tools to do most of this work, i disable the folder
> redirection for those users that use local profiles, to them they use the
> default folders locations. I believe that there is something related with
> the folder redirection setting and this annoying behavior --deleting the
> whole profile--.
>
> I found out a Registry value that affects Windows Vista and 7 Workstations
> MachineProfilePath
> HKLM\Software\Policies\Microsoft\Windows\System
> Is for roaming profiles, but maybe could be tricked to be mobile or "local"
> if you set local or mobile the path as you need it.
>
>
Hi,
I am getting into this local profile problem with Windows 7 (x64).
Following the thread, and German's previous suggestion of KiXtart, I came up
with using the following KiXtart script to set the registry key with logon
script.
; Disable Roaming Profiles
; Key doesn't seems to exist, create if necessary
IF NOT
KeyExist("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System")
AddKey("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System")
ENDIF
WriteValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System",
"LocalProfile", "1", "REG_DWORD")
WriteValue("HKLM\Software\Policies\Microsoft\Windows\System",
"ReadOnlyProfile", "1", "REG_DWORD")
However, I cannot find the key being created under HKLM\Software, nor
HKLM\Software\Wow6432Node
I am not sure if it is related to 64-bit Windows 7, or if it is a registry
write permission issue, or a KiXtart issue. Any idea how I may target it?
Abe
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba permission changes are not applied to active connections
Hello, I'm using Samba 3.4.2 with CTDB. If I remove a user from the valid users list with "net conf setparm Share 'valid users' ..." on the server, and I connect a new Windows client to the Samba server on Linux, I get a permission denied for that user, which is correct behavior. However, there is a problem for active connections. If I revoke access for a user with a live connection to a share, the user can continue to modify files. Between a Windows server and client this type of change is instantaneous. So I'm seeing different behavior between what Samba/Windows and Windows/Windows configurations. The only alternative I've found is to kill the smbd process of any user currently logged on, but I'm not sure which share they're connected to. So maybe I shouldn't be doing that. Is there a reliable way to get Samba to pay attention to any permission changes on live connections? Sincerely. George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AD caching with Samba?
No, this is not possible. Samba3 cannot act domain controller for AD domains, nor can it act as a BDC for NT domains. Samba4, which is currently in alpha, will have the ability to serve as an AD domain controller as well as a read-only domain controller along side Windows servers. Some people are using Samba4 in production today, but I'm not aware of anyone using Samba4 as a domain controller (read-only or otherwise) with Windows domain controllers in production. In short, its still alpha. On Wed, Aug 25, 2010 at 1:18 PM, Ryan Whelan wrote: > I'm not sure this is possible, I'm sort of leaning to the negative, but I > thought i would ask anyway. (I am not a windows or domain networking guy) > > We have a large (and growing) number of windows servers. Many of them are > DCs. While I read Samba can't serve as a BDC to a Windows PDC, can it just > forward requests to the windows DC and just cache the results for future > look ups? (with an adjustable cache time out of course) > > We have a bunch of remote locations that don't need to be able to make > changes to the domain and just replacing their DCs with something that will > cache queries to the main DC would be ideal. > > Like I said, not my area of expertise. > > Thanks! > > Ryan > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating samba domain to new computer.
Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join a new xp workstation to the domain. Also noticed that the server is not a member of the domain. net rpc testjoin [2010/08/26 14:20:26, 0] rpc_client/cli_pipe.c:get_schannel_session_key_common(2449) get_schannel_session_key: could not fetch trust account password for domain 'ADVOCAP' [2010/08/26 14:20:26, 0] utils/net_rpc_join.c:net_rpc_join_ok(87) net_rpc_join_ok: failed to get schannel session key from server FONDY for domain ADVOCAP. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'ADVOCAP' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Can not join domain: net join -U administrator Enter administrator's password: [2010/08/26 14:25:48, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(349) error setting trust account password: NT_STATUS_ACCESS_DENIED tdbdump secrets.tdb does not show any entry for the server Looked at one of the old servers secrets.tdb and it did not have and entry for that server either. Any suggestions on the best way to fix this? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 in Ubuntu 10.04 and WinBindd
Greetings Dale- Dale Schroeder wrote: As I recall, winbind has only 2 uses. 1. Quick and easy way to authenticate as a member server in a Windows or Samba domain.. 2. On a Samba pdc when creating an interdomain trust. If neither of these apply, you can test your theory with "apt-get remove winbind". Or use the package manager in Ubuntu to remove it. All right, feeling daring... $ sudo dpkg -P winbind IPL Logs in BEAUTIFULLY at the console / ssh / Samba right after the server boots up. Bravo! Must be that the 9.10 to 10.04 upgrade added that package or something?! (shrug) Thanks very much! Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 in Ubuntu 10.04 and WinBindd
Perhaps I did not ask my question in the correct syntax... let's try again. Now I am suspecting that WinBindd that is a part of the Samba 3.4.7 packages / Ubuntu 10.04 is causing a couple of minutes of login delays after the server boots up. Since I do not remember ever running WinBindd before, and since it seems to be causing troubles, what is the correct way to disable WinBindd until such a time I need to use it? <><><> About the login troubles, in case it is NOT WinBindd related: I am able to start login in via console / ssh, enter my ID/pw, and then the session HANGS. I configured a script to dump a "ps aux" output to a date-time stamped log file. The server fully booted - snapshot - the login completed - another snapshot. In the first snapshot, I do not see winbindd process in the list, in the second snapshot I do. Also no Samba shares may be successfully accessed while the "login hang" persists. After the server allows logins via console / ssh, Samba shares are accessible. Suggestion? Thanks! -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 with smb2 can not connect as guest ?
On Thu, Aug 26, 2010 at 11:05:08AM +0200, Francois Lepretre wrote: > Le 25/08/2010 19:39, Jeremy Allison a écrit : > >On Wed, Aug 25, 2010 at 12:09:12PM +0200, Francois Lepretre wrote: > >>Hello, > >> > >>on our servers we have shares with no authentication required (no > >>DC, security = share, guest ok = yes). > >> > >>Worked fine for years, but now with Samba 3.5.4, when I enable smb2, > >>Windows 7 clients can not connect anymore to these shares. > > > >I'd recommend not enabling SMB2 on 3.5.x, it's not ready for > >production use. SMB2 will be production ready in 3.6.0. > > > > OK. I have also tried 3.6-pre1 and git version. Same result : Win7 > clients can not connect to a guest ok share. > Should I file a bug on this ? Yes please, and attach a debug level 10 log. Are you testing v3-6-test git tree ? I fixed a bug in that area post 3.6-pre1 related to guest access. > The reason I am trying SMB2 is that I also have a Windows 2008 > Server (running on the same type of hardware as the Samba servers) > and its performance are a lot better when talking to Windows 7 > clients. > Typically : > - reading from samba servers reaches 70 MB/s > - reading (same files on same client) from windows server gives over > 100 MB/s > > Apart from the use of SMB2 protocol, I can't see why Windows Server > 2008 would be so faster than Samba. SMB2 does more concurrency. I have some changes due in this area (not Samba related but that's another story). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 questions (status, roaming profiles, etc)
So I tried a new user, and it didn't work, so I debugged a little and discovered that I was missing a \ when I changed from setting the profile path per-user to setting it via group policy. After fixing that, my profile folders were automatically recreated on the server, and windows attempted to copy my local profile over. It copied a bunch of stuff, but started failing with a bunch of "The specified network name is no longer available" errors. When I logged back in I got the message telling me it was using my local copy, which is fine since the server copy is incomplete, but in the event viewer I saw this: > Windows cannot locate the server copy of your roaming profile and is > attempting to log you on with your local profile. Changes to the > profile will not be copied to the server when you log off. This error > may be caused by network problems or insufficient security rights. > > DETAIL - The program issued a command but the command length is > incorrect. I have seen that command length error fairly often recently. I have no idea what causes it, and the web isn't being very helpful. I got the same error when opening the group policy management app just now. Anyone know how to debug this? -Aaron On 8/25/2010 2:57 AM, Daniel_Müller wrote: > First of all try with a new user to be shure your setup of profiles > is working. If it does: You can remove the profile of the user which > does not working profiles on your machine. > > 1.Press on Start > Run >Regedit 2.Navigate to the following registry > key :“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows > NT\CurrentVersion\ProfileList” 3.Under ProfileList navigate to > binary key’s like this :S-1-5-21-3656904587-1668747452-4095529-500 > 4.On the right side under ProfileImagePath you’’ll see the username > and profile path. 5.Chose the one with the desired user and delete > the long reg key like > :“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows > NT\CurrentVersion\ProfileList” > > If you deleted the profile of the user on linux Login as > administrator do again: > > On your windows client start Active Directory Users and Comupters. > Right >> click,properties, then profil tab: Profile path: Yourpathtothe >> profiles along with %Username% EX: \\mydomain\profiles\%USERNAME% > Then logon as this user to your machine. > > --- EDV Daniel Müller > > Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. > 24 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 eMail: > muel...@tropenklinik.de Internet: www.tropenklinik.de > --- -Ursprüngliche > Nachricht- Von: Aaron Solochek [mailto:aarons-sa...@aberrant.org] > Gesendet: Dienstag, 24. August 2010 16:40 An: > muel...@tropenklinik.de Betreff: Re: AW: [Samba] samba 4 questions > (status, roaming profiles, etc) > > Yeah, that is all setup properly. My issue is that the profile was > there, but somehow corrupted, so I moved it out of the way. Now > windows is not recreating it, but just complaining that it can't find > it. I need a way to make the samba or windows (which ever is the > problem) think the roaming profile should be created from scratch. > > -Aaron > > On 8/24/2010 10:33 AM, Daniel_Müller wrote: >> Make profiles ready in windows7: >> >> In your smb.conf: >> >> [profiles] path= /yourprofilepath/profiles read only= no >> >> mkdir /yourprofilepath/profiles >> >> On your windows client start Active Directory Users and Comupters. >> Right click,properties, then profil tab: Profile path: >> Yourpathtothe profiles along with %Username% EX: >> \\mydomain\profiles\%USERNAME% >> >> --- EDV Daniel Müller >> >> Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. >> 24 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 eMail: >> muel...@tropenklinik.de Internet: www.tropenklinik.de >> --- >> >> -Ursprüngliche Nachricht- Von: >> samba-boun...@lists.samba.org >> [mailto:samba-boun...@lists.samba.org] > Im >> Auftrag von Aaron Solochek Gesendet: Dienstag, 24. August 2010 >> 15:58 An: samba@lists.samba.org Betreff: [Samba] samba 4 questions >> (status, roaming profiles, etc) >> >> I'm testing samba 4 (pulling from git) on my ubuntu 10.4 box and >> have a bunch of questions I can't seem to find answers for on the >> web. >> >> 1) There is some problem with my roaming profile such that windows >> complains and logs me in using my most recently saved profile. >> I've tried moving my profile on the server out of the way, but >> windows doesn't seem to recreate it. How do I make it recreate a >> roaming profile? The client is windows 7. >> >> 2) My AD domain is FOO.COM, but the actual domain internally is >> bar.foo.com. I ran into some issues with this, this biggest of >> which was that clients would try to pull their group policy from >> //FOO.COM/
Re: [Samba] Samba 4 and password policy pwsetting error
Luk, Thanks that is what I needed. I did internet search on the proper syntax for the command and just could not figure out how run the command. -Glenn - Original Message - From: "Lukasz Zalewski" To: "Glenn T. Arnold" Cc: "samba" Sent: Thursday, August 26, 2010 1:06:13 PM Subject: Re: [Samba] Samba 4 and password policy pwsetting error On 08/26/2010 05:51 PM, Glenn T. Arnold wrote: > Hello, > > When I tried to change the password policy on a samba 4 domain controller I > get the following error. > > r...@server01:/usr/local/samba/lib/python2.6/site-packages/samba/netcmd# > ./pwsettings.py --complexity=off > Traceback (most recent call last): > File "./pwsettings.py", line 25, in > import samba.getopt as options > ImportError: No module named samba.getopt > r...@lcsdc01:/usr/local/samba/lib/python2.6/site-packages/samba/netcmd# > > What am I doing wrong when running this command? > > Thanks > -Glenn Glenn, run it as follows: /usr/local/samba/bin/net pwsettings HTH Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and password policy pwsetting error
On 08/26/2010 05:51 PM, Glenn T. Arnold wrote: Hello, When I tried to change the password policy on a samba 4 domain controller I get the following error. r...@server01:/usr/local/samba/lib/python2.6/site-packages/samba/netcmd# ./pwsettings.py --complexity=off Traceback (most recent call last): File "./pwsettings.py", line 25, in import samba.getopt as options ImportError: No module named samba.getopt r...@lcsdc01:/usr/local/samba/lib/python2.6/site-packages/samba/netcmd# What am I doing wrong when running this command? Thanks -Glenn Glenn, run it as follows: /usr/local/samba/bin/net pwsettings HTH Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 and password policy pwsetting error
Hello, When I tried to change the password policy on a samba 4 domain controller I get the following error. r...@server01:/usr/local/samba/lib/python2.6/site-packages/samba/netcmd# ./pwsettings.py --complexity=off Traceback (most recent call last): File "./pwsettings.py", line 25, in import samba.getopt as options ImportError: No module named samba.getopt r...@lcsdc01:/usr/local/samba/lib/python2.6/site-packages/samba/netcmd# What am I doing wrong when running this command? Thanks -Glenn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Change of kerberos encryption from DES to AES
Hello all, as our Windows DCs will switch off DES encryption in the near future I have to change our Samba-Server to AES encryption. If I understand it correctly I have to change kerberos-configuration to new encryption type (aes256-cts-hmac-sha1-96) and then re-join my Samba-Server to the domain. Is this correct? Any other things to consider? Thanks a lot, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] impossible to attach a computer to the domain
Hello Due to the migration from my old server Linux Debian Woody / Samba 3.4 (PDC, wins server, without windbind without ldap, with smbpasswd passwd backend) (hardware obsolete) to a new server with Debian Lenny Linux / Samba 3.4.8 (backport) and the same configuration (PDC WINS server without windbind without ldap, with smbpasswd passwd backend) I am unable to join new windows computer to domain and if I disconnect a computer already connected, I am unable to reconnect. I have the following error message in log.nmbd: wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.9.104 (ip PDC) message on the computer Win XP at the junction to the domain: "A domain controller for domain could not be contacted" the computer account has been created on the samba PDC. the WINS is configured on the new and old computer. no firewall enabled on the server or on computers. ping to the server is OK If I connect locally on the computer as an administrator, I can access the samba server and its shares through Network Neighborhood. (User administrator exist in the samba server and is the domain administrator). no error in the samba log for that computer except a trace of access made from the Network Neighborhood computers that were already connected to domain before migration have no problem. smb.conf : # Global parameters [global] unix charset = ISO8859-1 display charset = ISO8859-1 workgroup = MAIRIE server string = Serveur %h (Samba %v) security = user log level = 4 log file = /var/log/samba/log.%m time server = Yes printing = cups printcap name = cups show add printer wizard = No logon script = %U.bat logon path = logon home = logon drive = domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins support = Yes dns proxy = No name resolve order = wins host bcast lmhosts passdb backend = smbpasswd ldap ssl = no admin users = x,,administrateur nt acl support = No hide special files = Yes guest account = nobody [homes] comment = Repertoires personnels des utilisateurs path = /home/samba/utilisateurs/%U username = %S valid users = %S read only = No browseable = No [netlogon] comment = Chemin de demarrage des scripts de connexion path = /home/scripts browseable = No guest ok = Yes read only = Yes Have you any ideas to solve this problem? Thank you Sincerely, -- View this message in context: http://old.nabble.com/impossible-to-attach-a-computer-to-the-domain-tp29543967p29543967.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Tracking down random server drops...
I'm turning my logging up to lvl 3, it looks like I'm seeing the symptom, not the cause the more I look at this. Based on last night's failures I have the following pattern: At 9:24pm ntbackup on ravenclaw begins writing to the existing file RAVECLAW.bkf, so far nothing logged at lvl 2 yet... at 7:04am log.ravenclaw shows: [2010/08/26 07:04:35.538218, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/08/26 07:04:35.576723, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/08/26 07:04:35.697538, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [backup] -> [backup] -> [backup] succeeded [2010/08/26 07:04:35.700101, 1] smbd/service.c:1070(make_connection_snum) ravenclaw (192.168.1.8) connect to service backups initially as user backup (uid=34, gid=34) (pid 30350) [2010/08/26 07:04:35.701039, 2] smbd/open.c:631(open_file) backup opened file A7B4G5J1.BJ3 read=Yes write=Yes (numopen=1) [2010/08/26 07:04:35.702556, 2] smbd/close.c:656(close_normal_file) backup closed file A7B4G5J1.BJ3 (numopen=0) NT_STATUS_OK The open and closed chatter for that file repeats until 7:06:47am... [2010/08/26 07:06:36.254759, 2] smbd/close.c:656(close_normal_file) backup closed file A7B4G5J1.BJ3 (numopen=0) NT_STATUS_OK [2010/08/26 07:06:47.640491, 1] smbd/service.c:1251(close_cnum) ravenclaw (192.168.1.8) closed connection to service backups [2010/08/26 07:08:12.795026, 0] lib/util_sock.c:675(write_data) [2010/08/26 07:08:12.795070, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2010/08/26 07:08:12.814075, 0] smbd/process.c:79(srv_send_smb) Error writing 51 bytes to client. -1. (Transport endpoint is not connected) [2010/08/26 07:08:12.816315, 0] lib/util_sock.c:675(write_data) [2010/08/26 07:08:12.816325, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2010/08/26 07:08:12.816333, 0] smbd/process.c:79(srv_send_smb) Error writing 55 bytes to client. -1. (Transport endpoint is not connected) [2010/08/26 07:08:12.817211, 0] lib/util_sock.c:675(write_data) [2010/08/26 07:08:12.817219, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2010/08/26 07:08:12.817226, 2] smbd/process.c:2202(keepalive_fn) Keepalive failed - exiting. [2010/08/26 07:08:12.817339, 0] lib/util_sock.c:675(write_data) [2010/08/26 07:08:12.817348, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2010/08/26 07:08:12.817355, 0] smbd/process.c:79(srv_send_smb) Error writing 51 bytes to client. -1. (Transport endpoint is not connected) [2010/08/26 07:08:12.941965, 2] lib/messages_local.c:289(message_notify) message to process 30350 failed - No such process [2010/08/26 07:08:12.941991, 2] lib/messages_local.c:379(messaging_tdb_send) pid 30350 doesn't exist - deleting messages record [2010/08/26 07:08:12.942010, 2] lib/messages_local.c:289(message_notify) message to process 30350 failed - No such process [2010/08/26 07:08:12.942020, 2] lib/messages_local.c:379(messaging_tdb_send) pid 30350 doesn't exist - deleting messages record [2010/08/26 07:08:12.942037, 2] lib/messages_local.c:289(message_notify) message to process 30350 failed - No such process [2010/08/26 07:08:12.942046, 2] lib/messages_local.c:379(messaging_tdb_send) pid 30350 doesn't exist - deleting messages record [2010/08/26 07:08:12.942065, 2] lib/messages_local.c:289(message_notify) message to process 30350 failed - No such process [2010/08/26 07:08:12.942075, 2] lib/messages_local.c:379(messaging_tdb_send) pid 30350 doesn't exist - deleting messages record [2010/08/26 07:08:12.942136, 2] smbd/close.c:656(close_normal_file) backup closed file Windows Servers/Ravenclaw/RAVENCLAW.bkf (numopen=0) NT_STATUS_OK [2010/08/26 07:08:12.942159, 1] smbd/service.c:1251(close_cnum) ravenclaw (192.168.1.8) closed connection to service backups This is followed by the cleanup messages in log.smbd: [2010/08/26 07:08:13.139151, 1] smbd/server.c:267(remove_child_pid) Scheduled cleanup of brl and lock database after unclean shutdown [2010/08/26 07:08:33.152490, 1] smbd/server.c:240(cleanup_timeout_fn) Cleaning up brl and lock database after unclean shutdown Ravenclaw reports the backup failed at 7:06am, error writing. So something happened between
Re: [Samba] Windows 7 with smb2 can not connect as guest ?
Le 25/08/2010 19:39, Jeremy Allison a écrit : On Wed, Aug 25, 2010 at 12:09:12PM +0200, Francois Lepretre wrote: Hello, on our servers we have shares with no authentication required (no DC, security = share, guest ok = yes). Worked fine for years, but now with Samba 3.5.4, when I enable smb2, Windows 7 clients can not connect anymore to these shares. I'd recommend not enabling SMB2 on 3.5.x, it's not ready for production use. SMB2 will be production ready in 3.6.0. OK. I have also tried 3.6-pre1 and git version. Same result : Win7 clients can not connect to a guest ok share. Should I file a bug on this ? The reason I am trying SMB2 is that I also have a Windows 2008 Server (running on the same type of hardware as the Samba servers) and its performance are a lot better when talking to Windows 7 clients. Typically : - reading from samba servers reaches 70 MB/s - reading (same files on same client) from windows server gives over 100 MB/s Apart from the use of SMB2 protocol, I can't see why Windows Server 2008 would be so faster than Samba. Thanks, Francois -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 on startup always loads temporary profiles samba 3.4.8
Thank you.This did end the temporary profile thing: HKLM\Software\Policies\Microsoft\Windows\System LocalProfile 1 REG_DWORD HKLM\Software\Policies\Microsoft\Windows\System ReadOnlyProfile 1 REG_DWORD Remenber that this could takes effect only after a Windows restart ... But after all is a great guessing where windows 7 takes the settings, pointing every domain user to C:\Users\temp.. HKEY_LOCAL_MACHINE \ SOFTWARE\ Microsoft\ Windows NT \ CurrentVersion \ ProfileList-->ProfileImagePath= C:\Users\temp I first tried to set ProfileImagePath to \\sambaserver\profiles\ After restart there was ProfileImagePath=C:\Users\mydomain.temp !? Is there anybody out there getting roaming profiles on a samba 3.4.8 /windows 7 running? Or redirection of Shell Folder Personal? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von German Molano Gesendet: Mittwoch, 25. August 2010 16:16 Cc: samba@lists.samba.org Betreff: Re: [Samba] Windows 7 on startup always loads temporary profiles samba 3.4.8 On 25/08/2010 08:27 a.m., Daniel Müller wrote: > Dear all, > > I think this is discussed here several times but this problem driving me > mad. Believe me, this was not discussed as many times as you think. > I can join the win7 pc to the samba domain on the fly, but after logoff and > then logon it always complain about > The temporary profile thing (on Win xp it is working!): > In my global section: > logon script=login.bat > logon path=\\%L\homes\%U\profile > > then: > > > [profiles] > comment = Benutzer Profil %U > path = /home/samba/share/home/%U/profile > guest ok = no > browseable = no > create mask = 0600 > directory mask = 0700 >profile acls = yes > hide files=/Desktop.ini/Thumbs.db/lost+found > force user = %U > valid users = %U "Domain Admins" > csc policy = disable > read only = no > > Any ideas?? Disable completly the roaming profile behavior Win 7 Workstations, this could be done by registry. HKLM\Software\Policies\Microsoft\Windows\System LocalProfile 1 REG_DWORD HKLM\Software\Policies\Microsoft\Windows\System ReadOnlyProfile 1 REG_DWORD Remenber that this could takes effect only after a Windows restart ... Second, disable logon path directive unless you need it ;logon path = \\%L\homes\%U\profile logon path = If you need it copy a Default profile generated by Windows 7 to this folder, you could found it on c:\users folder on any Windows 7 Workstation. Third there is a registry value on Windows 7, called ProfileList HKEY_LOCAL_MACHINE \ SOFTWARE\ Microsoft\ Windows NT \ CurrentVersion \ ProfileList Sometimes when you test or login for first time Windows 7 Workstation, it will write this registry with the user profile path, I don't know how the heck it mixed Temporary profiles with local profiles definition, the result every time you log in with a user it recreates the profile on c:\users\TEMP but the system initially do not recognize the profile as a temporary but as Local or Mobile, depending on your definition. At the logout of the user session it treats the profile as a temporary one deleting the TEMP folder and all changes you done on it --Nasty thing --. So my advice delete those entries where the domain users gets c:\users\TEMP as the default profile path. Then log in the user to create a truly own Local profile. I use kixtart tools to do most of this work, i disable the folder redirection for those users that use local profiles, to them they use the default folders locations. I believe that there is something related with the folder redirection setting and this annoying behavior --deleting the whole profile--. I found out a Registry value that affects Windows Vista and 7 Workstations MachineProfilePath HKLM\Software\Policies\Microsoft\Windows\System Is for roaming profiles, but maybe could be tricked to be mobile or "local" if you set local or mobile the path as you need it. > Daniel > > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbd PANIC starting PAM
On Wed, Aug 25, 2010 at 10:03:05PM -0400, Robert W. Smith wrote: > Happened to be tail'ing .log during a login session from XP > client and notice the PANIC in the output. Login proceeded as usual(?) > so the following snippet of the log is just informational to the > developers. Let me know if you need additional info. Is this repeatable? Can you send me your smb.conf and your relevant pam.conf, together with the exact Samba and pam module versions you're using? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
