[Samba] smb_panic sys_setgroups failed

[walter.van.der.heijden]

Hi,

We have Samba version 3.5.4 and we are using winbind (Active Directory) for 
authorisation.

The issue  is that for most of the members of a Samba share it is not possible 
to connect this Samba share. This because of the error below. It seems to be 
that the number of Active Directory groups where this Samba member belongs to 
is too high.

UNIX token of user 588109
  Primary group is 10049 and contains 188 supplementary groups

[2010/10/04 14:12:22.682600,  0] lib/util.c:1465(smb_panic)
  PANIC (pid 14999610): sys_setgroups failed

[2010/10/04 14:12:22.682922,  0] lib/util.c:1619(log_stack_trace)
  unable to produce a stack trace on this platform

[2010/10/04 14:12:22.683121,  0] lib/fault.c:326(dump_core)
  dumping core in /opt/pware64/var/cores/smbd

[2010/10/04 14:12:22.740533,  3] smbd/server.c:259(remove_child_pid)
  smbd/server.c:259 Unclean shutdown of pid 14999610

[2010/10/04 14:12:22.740965,  1] smbd/server.c:267(remove_child_pid)
  Scheduled cleanup of brl and lock database after unclean shutdown


Can you tell me the cause of this issue?




Met vriendelijke groet, Kind regards,


Walter van der Heijden | AIX/RedHat System Specialist
ABN AMRO | I&O /Expertise /Midrange /Unix
Polanerbaan 11 | 3447 GN  Woerden | Netherlands | W04.00.40
Tel.: +31 (0) 30 2260597

Denk aan het milieu voordat u deze e-mail print




* DISCLAIMER *

This message (including any attachments) is confidential and may be privileged. 
If you have received it by mistake please notify the sender by return e-mail 
and delete this
message from your system. 
Any unauthorised use or dissemination of this message in whole or in part is 
strictly prohibited. 
Please note that e-mails are susceptible to change. 
ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is 
registered in
the Commercial Register under number 34334259, including its group companies, 
shall not be liable for the improper or incomplete transmission of the 
information contained 
in this communication nor for any delay in its receipt or damage to your 
system. 
ABN AMRO Bank N.V. (or its group companies) does not guarantee that the 
integrity of this 
communication has been maintained nor that this communication is free of 
viruses, 
interceptions or interference. 
- 
Dit bericht (inclusief de eventuele bijlagen) is vertrouwelijk. 
Wanneer u dit bericht ten onrechte heeft ontvangen, dient u de afzender hiervan 
onmiddellijk
per kerende e-mail op de hoogte te brengen en dit bericht te verwijderen uit uw 
systeem.
Elk onbevoegd gebruik en/of onbevoegde verspreiding van dit bericht is niet 
toegestaan. 
U wordt erop gewezen dat e-mail berichten aan wijziging onderhevig kunnen zijn.
 ABN AMRO Bank N.V., statutair gevestigd te Amsterdam en ingeschreven in het 
handelsregister
van de Kamer van Koophandel onder nummer 34334259, en haar groepsmaatschappijen,
is niet aansprakelijk voor de onjuiste en onvolledige overdracht van de 
informatie in dit bericht 
noch voor mogelijke vertraging in de ontvangst van dit bericht of schade aan uw 
systeem als
gevolg van dit bericht. ABN AMRO Bank N.V. (en haar groepsmaatschappijen) staat 
er niet
voor in dat de integriteit van dit bericht behouden is gebleven noch dat dit 
bericht vrij is 
van virussen, niet is onderschept of vatbaar is geweest voor tussenkomst (door 
derden).
*
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] store samba account in ldap

[vishesh kumar]

First try to setup openldap by including samba schema (conf file
slapd.conf) . Then change passdb backend to ldap in smb.conf. As
muller googling is best way.

On 10/4/10, Udo Müller  wrote:
> Am 25.09.10 20:43, schrieb hesam mohamadian:
>> hi want to setup samba file sharing that identify their samba users from
>> ldap and windows & linux client can access their own files but without
>> joining to any domain
>> can you introduce me some resource and how to
>
> Use google and search for "samba ldap".
>
> Regards Udo
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
http://linuxinterviews.blogspot.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] limit the samba access to 1 concurrent session per user? limit a samba user only to access from 1 IP?

[vishesh kumar]

share modes = yes
strict locking = yes
 I think that it can limit concurrent  file access .

On 10/5/10, Andrew Schneider  wrote:
> Hello All,
>
>
> Is there a way to limit the samba access to 1 concurrent session per user?
> or limit a samba user only to access from 1 IP? Ive been searching arround
> but have not had luck.
>
> Thanks
>
> -Andrew
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
http://linuxinterviews.blogspot.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer

[Gary Dale]

OK. Perhaps you can be more specific about what you are trying to 
accomplish. I don't recall adding printers to a server as being 
something that happens frequently. yet I get the impression that your 
concern is that you have to wait before the added printer becomes 
available. That doesn't seem like much of a problem.


How long do you have to wait?

Basically, all the smbaddprinter.pl script does is call lpadmin. At 
least on my system, that seems to be a CUPS specific version. I think 
that's probably usual for any system running CUPS. Perhaps you should be 
asking the maintainer(s) for lpadmin?




On 04/10/10 06:30 PM, Jack Downes wrote:
?  I didn't hijack a thread...  this is a mailing list.  All I did was 
hit reply list to a random email, cleaned out the messages & subject 
and started a new thread.  How is that wrong..?


I did try your suggestion, and it doesn't do anything but interrupt 
the operation... and I get an "Operation could not be completed 
error."  Which makes sense...



On 10/ 4/10 04:21 PM, Gary Dale wrote:

Please don't hijack threads.

You could try something like /etc/init.d/samba restart (or your local 
equivalent) to the end of perl script.



--

hello

I have cups printing with cups 1.4.4.   I'm using the included 
smbaddprinter.pl command to add printers to my server.


Now, my error is that when I add the printer, I get ACCESS DENIED in 
the windows client, but if  I check cups, there the printer is.  And 
if I wait a bit with the windows client or reload samba, there the 
printer is within the share as well.


Now, from the man page on smb.conf

"Once the /|addprinter command|/ has been executed, |smbd| will 
reparse the | smb.conf| to determine if the share defined by the APW 
exists. If the sharename is still invalid, then |smbd | will return 
an ACCESS_DENIED error to the client."



So... is there a way for me to ask Samba to wait a few seconds before 
reparsing the smb.conf to check for the new printer?  I tried adding 
a sleep() to the perl script, but that seems to make the issue worse, 
so that's not the choice it seems.


thanks!




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Working from RHEL 5 SRPM's to build samba-3.6.0pre1 chokes on 'make pch'

[Nico Kadel-Garcia]

I'm trying to get a clean RPM built for samba-3.6.0pre1, to tets out
CIFS 2. The old RHEL SRPM's do a 'make pch' command that barfs hard on
samba-3.6.0pre1. Is this a command that is no longer appropriate or
necessary on this version of Samba? Does it have any genuine use?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer

[Guy Rouillier]

On 10/4/2010 6:30 PM, Jack Downes wrote:

?  I didn't hijack a thread...  this is a mailing list.  All I did was
hit reply list to a random email, cleaned out the messages & subject and
started a new thread. How is that wrong..?


That is exactly hijacking a thread.  Because you clicked "reply list", 
your email program returns an identifier in a message header that 
connects your email with all others stemming from the original email 
with the original subject.  The fact that you changed the subject is 
irrelevant.  To start a new topic, do *not* click "reply list", but 
instead just start a new email; for example, if you are using 
Thunderbird, you would click the Write icon in the top icon bar instead 
of the "reply list" button in the message bar.


We all understand the convenience of clicking "reply list", as it 
automatically fills in the proper destination email address.  But now 
you understand the undesirable side effect.


--
Guy Rouillier
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] limit the samba access to 1 concurrent session per user? limit a samba user only to access from 1 IP?

[Andrew Schneider]

Hello All,


Is there a way to limit the samba access to 1 concurrent session per user?
or limit a samba user only to access from 1 IP? Ive been searching arround
but have not had luck.

Thanks

-Andrew
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.3 - poor performance (compared to NFS)

[Jeremy Allison]

On Mon, Oct 04, 2010 at 02:55:28PM -0700, scott_st...@trendmicro.com wrote:
> OK, I can do that.  In production this box will not be CIFS-mounted by Linux 
> machines, but I wanted to do the iozone benchmarks so I could compare 
> apples-to-apples vs. NFS.  I will go hunt down and repackage a newer CIFS 
> client for centos 5.5.  

Ah, I see. But you're not really testing the server, you're testing the cifsfs 
client
(well you're testing both, but you're mainly being limited by the cifsfs 
redirector
I believe).

> Any other hints on server-side tuning that I should be aware of for this case?

Remove the "socket options" stuff. No modern kernel needs that anymore.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer

[Jack Downes]

?  I didn't hijack a thread...  this is a mailing list.  All I did was 
hit reply list to a random email, cleaned out the messages & subject and 
started a new thread.  How is that wrong..?


I did try your suggestion, and it doesn't do anything but interrupt the 
operation... and I get an "Operation could not be completed error."  
Which makes sense...



On 10/ 4/10 04:21 PM, Gary Dale wrote:

Please don't hijack threads.

You could try something like /etc/init.d/samba restart (or your local 
equivalent) to the end of perl script.



--

hello

I have cups printing with cups 1.4.4.   I'm using the included 
smbaddprinter.pl command to add printers to my server.


Now, my error is that when I add the printer, I get ACCESS DENIED in 
the windows client, but if  I check cups, there the printer is.  And 
if I wait a bit with the windows client or reload samba, there the 
printer is within the share as well.


Now, from the man page on smb.conf

"Once the /|addprinter command|/ has been executed, |smbd| will 
reparse the | smb.conf| to determine if the share defined by the APW 
exists. If the sharename is still invalid, then |smbd | will return an 
ACCESS_DENIED error to the client."



So... is there a way for me to ask Samba to wait a few seconds before 
reparsing the smb.conf to check for the new printer?  I tried adding a 
sleep() to the perl script, but that seems to make the issue worse, so 
that's not the choice it seems.


thanks!


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer

[Gary Dale]

Please don't hijack threads.

You could try something like /etc/init.d/samba restart (or your local 
equivalent) to the end of perl script.



--

hello

I have cups printing with cups 1.4.4.   I'm using the included 
smbaddprinter.pl command to add printers to my server.


Now, my error is that when I add the printer, I get ACCESS DENIED in the 
windows client, but if  I check cups, there the printer is.  And if I 
wait a bit with the windows client or reload samba, there the printer is 
within the share as well.


Now, from the man page on smb.conf

"Once the /|addprinter command|/ has been executed, |smbd| will reparse 
the | smb.conf| to determine if the share defined by the APW exists. If 
the sharename is still invalid, then |smbd | will return an 
ACCESS_DENIED error to the client."



So... is there a way for me to ask Samba to wait a few seconds before 
reparsing the smb.conf to check for the new printer?  I tried adding a 
sleep() to the perl script, but that seems to make the issue worse, so 
that's not the choice it seems.


thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.3 - poor performance (compared to NFS)

[Gary Dale]

On 04/10/10 05:55 PM, scott_st...@trendmicro.com wrote:

OK, I can do that.  In production this box will not be CIFS-mounted by Linux 
machines, but I wanted to do the iozone benchmarks so I could compare 
apples-to-apples vs. NFS.  I will go hunt down and repackage a newer CIFS 
client for centos 5.5.

Any other hints on server-side tuning that I should be aware of for this case?


Scott Stone
Lead Developer, DCS-RD
Trend Micro, Inc. http://www.trendmicro.com

-Original Message-
From: Jeremy Allison [mailto:j...@samba.org]
Sent: Monday, October 04, 2010 2:54 PM
To: Scott Stone (DCS-RD-US)
Cc: samba@lists.samba.org
Subject: Re: [Samba] samba 3.3 - poor performance (compared to NFS)

On Mon, Oct 04, 2010 at 02:51:17PM -0700, scott_st...@trendmicro.com wrote:
   

I have a system that I'm vetting as a NAS server.  It has a 2.0TB XFS filesystem mounted 
on /storage and I'm doing benchmarks using nfs3, nfs4, and samba.  I'm testing via iozone 
by mounting the filesystem from my "nas client" box and then running iozone on 
the mounted filesystem.  NFS seems pretty fast - ie, several orders of magnitude faster 
than samba, and I'm wondering why, so I'm beseeching the help of the List. :)



server: sama 3.3.8

client: Linux CentOS 5.5 cifs mount, "mount -t cifs -o rsize=32768,wsize=32768 
//server/storage /storage"

Client is on the same LAN as the server, albeit different VLANs.  Traffic is 
routed through intel gigabit NICs and Cisco Nexus 5000/7000 series switches.  
NAS server has a 4x 1gbe 802.3ad port channel set up with the Cisco 7000 
switch, although I've run these tests both with and without the port channel 
with very similar results (as I'd expect, since the client is only a single 
1gbe interface to begin with).



(the 32768 numbers are the same as used in the NFS3/NFS4 tests).

Again, the problem is *markedly* slower performance on CIFS than with NFS, and 
I cannot discern why, so I'm assuming it's some kind of samba tuning issue.  I 
do plan to re-test with samba4, but any recommendations as to a specific 
version of samba that I could use which would provide maximum 
performance/stability would also be much appreciated.
 

You might want to try a more recent cifsfs build than the one on CentOS 5.5.

It's almost certainly a client issue here, I know Steve and Jeff have been
putting work into improving the CIFSFS client performance (Steve and Jeff
please comment :-).

Jeremy.

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and 
may be subject to copyright or other intellectual property protection. If you 
are not the intended recipient, you are not authorized to use or disclose this 
information, and we request that you notify us by reply mail or telephone and 
delete the original message from your mail system.
   


I'm not sure why you need to test. If you're using Windows clients or 
using Samba Domains for single-signon, Samba is almost always the best 
choice. If you're using anything else, then go with NFS.


For example, I have a mixed-client network so I need Samba for the 
Windows users. This also means my best bet for Unix-like clients is to 
use Samba for authentication as well.


However, if I was running a pure Unix/Linux environment then NFS would 
be an easy choice.


On the principle of keeping it simple, I would need some really 
extraordinary reasons to run both.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] 3.4.9 printing addprinter command reparse doesn't see new printer

[Jack Downes]

hello

I have cups printing with cups 1.4.4.   I'm using the included 
smbaddprinter.pl command to add printers to my server.


Now, my error is that when I add the printer, I get ACCESS DENIED in the 
windows client, but if  I check cups, there the printer is.  And if I 
wait a bit with the windows client or reload samba, there the printer is 
within the share as well.


Now, from the man page on smb.conf

"Once the /|addprinter command|/ has been executed, |smbd| will reparse 
the | smb.conf| to determine if the share defined by the APW exists. If 
the sharename is still invalid, then |smbd | will return an 
ACCESS_DENIED error to the client."



So... is there a way for me to ask Samba to wait a few seconds before 
reparsing the smb.conf to check for the new printer?  I tried adding a 
sleep() to the perl script, but that seems to make the issue worse, so 
that's not the choice it seems.


thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Need help compiling Samba on Solaris

[Gaiseric Vandal]

Sort of compiled?  Does that mean some options didn't compile?

I was able to compile samba 3.4.x. (as you point out, it requires 
tinkering with the CPPFLAGS etc.)The latest OpenLDAP from 
sunfreeware should be fine (plus its dependencies, which are listed.)   
Presumably you are using GCC from Sunfreeware?  The Solaris kerberos 
should be fine.


nsswitch source is in a separate directory

.../samba-3.4.8/nsswitch not .../samba-3.4.8/source3

you may need to compile separately.

I see your other post.   3.0.37 generally worked for me except for 
interdomain trusts.  I know it wouldn't work with Windows 7 but that 
wasn't an issue for me at the time.


(Again, I repeat complain about Sun abandoning samba and not moving 
before 3.0.x-  which is will be useless one you need to support Windows 7.)





On 10/04/2010 04:59 PM, Stroh, George wrote:

I had limited success compiling 3.4.8 and 3.5.4 on Solaris 10 8/07 x86.
I downloaded the source code from Samba.org and the dependencies from
sunfreeware.com. After some googling and trial and error with the
LDDFLAGS, CPPFLAGS and such, it sort of compiled. I need to know how to
properly set things up. How can I find out what version of dependencies
you need for a particular samba version?


   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.3 - poor performance (compared to NFS)

[scott_stone]

OK, I can do that.  In production this box will not be CIFS-mounted by Linux 
machines, but I wanted to do the iozone benchmarks so I could compare 
apples-to-apples vs. NFS.  I will go hunt down and repackage a newer CIFS 
client for centos 5.5.  

Any other hints on server-side tuning that I should be aware of for this case?


Scott Stone 
Lead Developer, DCS-RD
Trend Micro, Inc. http://www.trendmicro.com

-Original Message-
From: Jeremy Allison [mailto:j...@samba.org] 
Sent: Monday, October 04, 2010 2:54 PM
To: Scott Stone (DCS-RD-US)
Cc: samba@lists.samba.org
Subject: Re: [Samba] samba 3.3 - poor performance (compared to NFS)

On Mon, Oct 04, 2010 at 02:51:17PM -0700, scott_st...@trendmicro.com wrote:
> I have a system that I'm vetting as a NAS server.  It has a 2.0TB XFS 
> filesystem mounted on /storage and I'm doing benchmarks using nfs3, nfs4, and 
> samba.  I'm testing via iozone by mounting the filesystem from my "nas 
> client" box and then running iozone on the mounted filesystem.  NFS seems 
> pretty fast - ie, several orders of magnitude faster than samba, and I'm 
> wondering why, so I'm beseeching the help of the List. :)
> 
>  
> 
> server: sama 3.3.8
> 
> client: Linux CentOS 5.5 cifs mount, "mount -t cifs -o 
> rsize=32768,wsize=32768 //server/storage /storage"
> 
> Client is on the same LAN as the server, albeit different VLANs.  Traffic is 
> routed through intel gigabit NICs and Cisco Nexus 5000/7000 series switches.  
> NAS server has a 4x 1gbe 802.3ad port channel set up with the Cisco 7000 
> switch, although I've run these tests both with and without the port channel 
> with very similar results (as I'd expect, since the client is only a single 
> 1gbe interface to begin with).
> 
>  
> 
> (the 32768 numbers are the same as used in the NFS3/NFS4 tests).
> 
> Again, the problem is *markedly* slower performance on CIFS than with NFS, 
> and I cannot discern why, so I'm assuming it's some kind of samba tuning 
> issue.  I do plan to re-test with samba4, but any recommendations as to a 
> specific version of samba that I could use which would provide maximum 
> performance/stability would also be much appreciated.

You might want to try a more recent cifsfs build than the one on CentOS 5.5.

It's almost certainly a client issue here, I know Steve and Jeff have been
putting work into improving the CIFSFS client performance (Steve and Jeff
please comment :-).

Jeremy.

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and 
may be subject to copyright or other intellectual property protection. If you 
are not the intended recipient, you are not authorized to use or disclose this 
information, and we request that you notify us by reply mail or telephone and 
delete the original message from your mail system.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.3 - poor performance (compared to NFS)

[Jeremy Allison]

On Mon, Oct 04, 2010 at 02:51:17PM -0700, scott_st...@trendmicro.com wrote:
> I have a system that I'm vetting as a NAS server.  It has a 2.0TB XFS 
> filesystem mounted on /storage and I'm doing benchmarks using nfs3, nfs4, and 
> samba.  I'm testing via iozone by mounting the filesystem from my "nas 
> client" box and then running iozone on the mounted filesystem.  NFS seems 
> pretty fast - ie, several orders of magnitude faster than samba, and I'm 
> wondering why, so I'm beseeching the help of the List. :)
> 
>  
> 
> server: sama 3.3.8
> 
> client: Linux CentOS 5.5 cifs mount, "mount -t cifs -o 
> rsize=32768,wsize=32768 //server/storage /storage"
> 
> Client is on the same LAN as the server, albeit different VLANs.  Traffic is 
> routed through intel gigabit NICs and Cisco Nexus 5000/7000 series switches.  
> NAS server has a 4x 1gbe 802.3ad port channel set up with the Cisco 7000 
> switch, although I've run these tests both with and without the port channel 
> with very similar results (as I'd expect, since the client is only a single 
> 1gbe interface to begin with).
> 
>  
> 
> (the 32768 numbers are the same as used in the NFS3/NFS4 tests).
> 
> Again, the problem is *markedly* slower performance on CIFS than with NFS, 
> and I cannot discern why, so I'm assuming it's some kind of samba tuning 
> issue.  I do plan to re-test with samba4, but any recommendations as to a 
> specific version of samba that I could use which would provide maximum 
> performance/stability would also be much appreciated.

You might want to try a more recent cifsfs build than the one on CentOS 5.5.

It's almost certainly a client issue here, I know Steve and Jeff have been
putting work into improving the CIFSFS client performance (Steve and Jeff
please comment :-).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba 3.3 - poor performance (compared to NFS)

[scott_stone]

I have a system that I'm vetting as a NAS server.  It has a 2.0TB XFS 
filesystem mounted on /storage and I'm doing benchmarks using nfs3, nfs4, and 
samba.  I'm testing via iozone by mounting the filesystem from my "nas client" 
box and then running iozone on the mounted filesystem.  NFS seems pretty fast - 
ie, several orders of magnitude faster than samba, and I'm wondering why, so 
I'm beseeching the help of the List. :)

 

server: sama 3.3.8

client: Linux CentOS 5.5 cifs mount, "mount -t cifs -o rsize=32768,wsize=32768 
//server/storage /storage"

Client is on the same LAN as the server, albeit different VLANs.  Traffic is 
routed through intel gigabit NICs and Cisco Nexus 5000/7000 series switches.  
NAS server has a 4x 1gbe 802.3ad port channel set up with the Cisco 7000 
switch, although I've run these tests both with and without the port channel 
with very similar results (as I'd expect, since the client is only a single 
1gbe interface to begin with).

 

(the 32768 numbers are the same as used in the NFS3/NFS4 tests).

Again, the problem is *markedly* slower performance on CIFS than with NFS, and 
I cannot discern why, so I'm assuming it's some kind of samba tuning issue.  I 
do plan to re-test with samba4, but any recommendations as to a specific 
version of samba that I could use which would provide maximum 
performance/stability would also be much appreciated.

 

/etc/smb/smb.conf on the server is below:

 

[global]

   workgroup = myworkgroup

   server string = Samba %v

   netbios name = myhostname.mydomain

   hosts allow = 10.

   log file = /var/log/samba/%m.log

   max log size = 50

   security = user

   passdb backend = tdbsam

   os level = 33

   wins support = yes

   wins proxy = yes

   dns proxy = yes

   load printers = no

   map archive = no

   map hidden = no

   map read only = no

   map system = no

   store dos attributes = yes

   socket options = IPTOS_LOWDELAY TCP_NODELAY

   pam password change = yes

 

[storage]

comment = storage volume

browseable = yes

writable = yes

path = /storage

 



Scott Stone 

Lead Developer, DCS-RD

Trend Micro, Inc. http://www.trendmicro.com

 


TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and 
may be subject to copyright or other intellectual property protection. If you 
are not the intended recipient, you are not authorized to use or disclose this 
information, and we request that you notify us by reply mail or telephone and 
delete the original message from your mail system.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Solaris 10, zfs and windows

[Stroh, George]

This seems to work.
The Samba (3.0.37) server is running Solaris 10 8/07 with the share on
zfs and joined to a windows 2003 active directory domain. Files created
in Solaris can be edited from windows without the permission being
changed. Files created from windows have the correct Solaris
permissions, owner and group and can be edited without permissions being
changed. We use the chmod command to set windows group permissions and
Solaris permissions. The zfs aclmode and aclinherit are set to
passthrough.

[SambaServer]
path = /sambashare
read only = no
create mask = 0660
force create mode = 0660
directory mask = 0770
force directory mode = 0770
inherit permissions= yes
inherit acls = yes
inherit owner = yes
ea support = yes
map archive = no
map read only = permissions
store dos attributes = yes
vfs objects = zfsacl
nfs4: acedup = merge
nfs4: mode = special
zfsacl: acesort = dontcare
nt acl support = no




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Need help compiling Samba on Solaris

[Stroh, George]

I had limited success compiling 3.4.8 and 3.5.4 on Solaris 10 8/07 x86.
I downloaded the source code from Samba.org and the dependencies from
sunfreeware.com. After some googling and trial and error with the
LDDFLAGS, CPPFLAGS and such, it sort of compiled. I need to know how to
properly set things up. How can I find out what version of dependencies
you need for a particular samba version?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Enforcing filesystem permissions

[Dennis Jacobfeuerborn]

That's a possible way but this would be more of a workaround rather than a 
solution. I'd still like to know why the permissions end up all wrong.
Also this only deals with the permissions during the creation of the 
directory. If the reason for the messed up permissions is indeed that the 
client changes them afterwards then this will probably still happen even 
with this option set.


Regards,
  Dennis

On 10/04/2010 08:54 PM, Dale Schroeder wrote:

  Dennis,

Maybe this instead:


  inherit permissions (S)

The permissions on new files and directories are normally governed by
create mask
,
directory mask
,
force create mode

and force directory mode

but the boolean inherit permissions parameter overrides this.

New directories inherit the mode of the parent directory, including
bits such as setgid.

New files inherit their read/write bits from the parent directory.
Their execute bits continue to be determined by map archive
, map
hidden 
and map system
 as usual.

Note that the setuid bit is /never/ set via inheritance (the code
explicitly prohibits this).

This can be particularly useful on large systems with many users,
perhaps several thousand, to allow a single [homes] share to be used
flexibly by each user.

Default: //|inherit permissions|/ = |no| /


Dale


On 10/04/2010 11:00 AM, Dennis Jacobfeuerborn wrote:

Hi,
I'm trying to get samba to force a certain set of permissions for files
and directories but so far I don't have much success. This is what I'm
trying to enforce:

create mask = 0770
security mask = 0770
directory mask = 0770
directory security mask = 0770
force create mode = 0660
force security mode = 0660
force directory mode = 0770
force directory security mode = 0770
force group = publisher

Yet when a client creates a directory it ends up with the permissions set
to 755 instead. My guess is that the client changes the permissions after
the directory is created so I'm wondering how I can prevent that from
happening.
What I'm trying to accomplish is to make it possible for members of the
group "publisher" to always read/write each others files and enter
directories.

Regards,
Dennis


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.4.7 as NT4 domain member and win9x

[Chris Weiss]

On Mon, Oct 4, 2010 at 1:32 PM, Dale Schroeder
 wrote:
>  Chris,
>
> Since Win 95/98 cannot be true domain member

well not directly, but setting user-level access control and providing
the domain does allow it to provide the domain with the username when
accessing other systems.
win98 is providing the the domain and username, as I see it my logs:
check_ntlm_password:  Checking password for unmapped user
[wilson]\[lath...@[lathe1] with the new password interface

>, perhaps try adding to [global]
>    map untrusted to domain = Yes

sounds desirable, and will probably fix a separate issue where I just
had to fully qualify domain\user in a script, so i added and restarted
all services, however for this win98 issue I don't see any difference,
and still have these 2 in the logs
check_samstrict_security: WILSON is not one of my local names
(ROLE_DOMAIN_MEMBER)
check_ntlm_password: winbind authentication for user [LATHE1] FAILED
with error NT_STATUS_LOGON_FAILURE
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Enforcing filesystem permissions

[Dale Schroeder]

 Dennis,

Maybe this instead:


 inherit permissions (S)

   The permissions on new files and directories are normally governed
   by create mask
   ,
   directory mask
   , force
   create mode
   
   and force directory mode
   
   but the boolean inherit permissions parameter overrides this.

   New directories inherit the mode of the parent directory, including
   bits such as setgid.

   New files inherit their read/write bits from the parent directory.
   Their execute bits continue to be determined by map archive
   ,
   map hidden
    and
   map system
    as
   usual.

   Note that the setuid bit is /never/ set via inheritance (the code
   explicitly prohibits this).

   This can be particularly useful on large systems with many users,
   perhaps several thousand, to allow a single [homes] share to be used
   flexibly by each user.

   Default: //|inherit permissions|/ = |no| /


Dale


On 10/04/2010 11:00 AM, Dennis Jacobfeuerborn wrote:

Hi,
I'm trying to get samba to force a certain set of permissions for 
files and directories but so far I don't have much success. This is 
what I'm trying to enforce:


create mask = 0770
security mask = 0770
directory mask = 0770
directory security mask = 0770
force create mode = 0660
force security mode = 0660
force directory mode = 0770
force directory security mode = 0770
force group = publisher

Yet when a client creates a directory it ends up with the permissions 
set to 755 instead. My guess is that the client changes the 
permissions after the directory is created so I'm wondering how I can 
prevent that from happening.
What I'm trying to accomplish is to make it possible for members of 
the group "publisher" to always read/write each others files and enter 
directories.


Regards,
  Dennis

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] More strangeness with ZFS and Samba

[Daniel Müller]

On Mon, 04 Oct 2010 12:07:49 -0600, CJ Keist 
wrote:
> A new problem now.  Running Samba 3.5.4, on Solaris 10 with zfs.
> 
> Issue with Microsoft Office 2007:
> User opens up a .xlsx, then closes the file (Not Excel).
> Then user reopens the .xlsx file and now Excel says the file is 
> read-only.  But permissions on the file have not changed!
> Only fix is to exit out of Excel and restart, then user can open that 
> file just fine.
> 
> The issue also looks to be tied to how big the file is.  Small .xlsx 
> files do not exhibit this behavior. But files over 500K does it all the 
> time. Time doesn't matter either, user can close the file and then come 
> back to open it an hour later and it will still say read-only.
> 
> Here is my conf file. issue is with all shares, I'm including just one 
> atmos share below:
> 
> [global]
>  workgroup = ENGR_DOM
>  server string = Samba Server
>  interfaces = e1000g0, lo0
>  bind interfaces only = Yes
>  security = DOMAIN
>  passdb backend = smbpasswd
>  client NTLMv2 auth = Yes
>  map untrusted to domain = Yes
>  log level = 1
>  log file = /var/log/samba/logs/log.%m
>  name resolve order = host bcast
>  unix extensions = No
>  max open files = 1
>  load printers = No
>  domain master = No
>  dns proxy = No
>  lock spin time = 3
>  veto oplock files = 
>
/*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/
>  strict locking = No
> 
>   [atmos]
>  comment = ATMOS
>  path = /XKA2/academic/Atmos
>  valid users = +Atmosfac
>  force group = Atmosfac
>  read only = No
>  create mask = 0770
>  force create mode = 0770
I tried in my shares setup:
inherit permissions = NO
inherit acls = NO

force create mode = 0660
force directory mode = 0770

and did set the sticky bit for the group directory.
This worked for me with office 2007 files

Daniel






>  security mask = 0770
>  directory mask = 02770
>  inherit permissions = Yes
>  inherit acls = Yes
>  nt acl support = No
>  map archive = No
>  map readonly = permissions
>  store dos attributes = Yes
>  vfs objects = zfsacl
>  nfs4:mode = special
>  nfs4:acedup = merge
> 
> -- 
> C. J. Keist Email: cj.ke...@colostate.edu
> Systems Group Manager   Phone: 970-491-0630
> Engineering Network ServicesFax:   970-491-5569
> College of Engineering, CSU
> Ft. Collins, CO 80523-1301
> 
> All I want is a chance to prove 'Money can't buy happiness'
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.4.7 as NT4 domain member and win9x

[Dale Schroeder]

 Chris,

Since Win 95/98 cannot be true domain member, perhaps try adding to [global]
map untrusted to domain = Yes

Dale

On 10/04/2010 10:52 AM, Chris Weiss wrote:

I'm certain i'm just missing something and haven't hit the right
search terms yet, however, the terms I've been trying all lead to
others with the same problems and no solutions at all.

My network is quite legacy, but has been working:
nt4 PDC and BDC
several samba file servers, various revisions
DOS, Win95, Win98, NT4, 2k, xp clients

I have an ubuntu 9.04 32bit samba 3.3.2 server that works fine but i
wanted to have more ram
installed to newer hardware, ubuntu 10.04 x64 samba 3.4.7, copied my
smb.conf, sync'd data, shut off old server, renamed new to the name of
the old, rebooted, stopped smbd and winbind, deleted secrets.tdb,
joined domain, started samba and winbind, restarted nmbd.  Same as
I've done a couple times before when migrating to bigger storage and
hardware.

Everything seemed to work, XP client, nt4 clients, all the wbinfo
command (user lookup, etc).  All Win98 clients prompt for IPC$ passwd,
no matter what user.  Same users on any other OS works.  I do have
"lanman auth = yes", as it was required on samba 3.3 as well.

log.lathe1 shows
check_ntlm_password: winbind authentication for user [LATHE1] FAILED
with error NT_STATUS_LOGON_FAILURE

and a bit before that:

[2010/10/04 10:20:53,  6] auth/auth_sam.c:416(check_samstrict_security)
   check_samstrict_security: WILSON is not one of my local names
(ROLE_DOMAIN_MEMBER)

this last one seems to be key to me, I don't think i should get this
message, and I didn't used to.
I only get the message when connecting from win9x clients.

If I could upgrade the OS's I would.  Needs to be win9x for the
software for the old CNC stuff.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] More strangeness with ZFS and Samba

[CJ Keist]

 A new problem now.  Running Samba 3.5.4, on Solaris 10 with zfs.

Issue with Microsoft Office 2007:
User opens up a .xlsx, then closes the file (Not Excel).
Then user reopens the .xlsx file and now Excel says the file is 
read-only.  But permissions on the file have not changed!
Only fix is to exit out of Excel and restart, then user can open that 
file just fine.


The issue also looks to be tied to how big the file is.  Small .xlsx 
files do not exhibit this behavior. But files over 500K does it all the 
time. Time doesn't matter either, user can close the file and then come 
back to open it an hour later and it will still say read-only.


Here is my conf file. issue is with all shares, I'm including just one 
atmos share below:


[global]
workgroup = ENGR_DOM
server string = Samba Server
interfaces = e1000g0, lo0
bind interfaces only = Yes
security = DOMAIN
passdb backend = smbpasswd
client NTLMv2 auth = Yes
map untrusted to domain = Yes
log level = 1
log file = /var/log/samba/logs/log.%m
name resolve order = host bcast
unix extensions = No
max open files = 1
load printers = No
domain master = No
dns proxy = No
lock spin time = 3
veto oplock files = 
/*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/

strict locking = No

 [atmos]
comment = ATMOS
path = /XKA2/academic/Atmos
valid users = +Atmosfac
force group = Atmosfac
read only = No
create mask = 0770
force create mode = 0770
security mask = 0770
directory mask = 02770
inherit permissions = Yes
inherit acls = Yes
nt acl support = No
map archive = No
map readonly = permissions
store dos attributes = Yes
vfs objects = zfsacl
nfs4:mode = special
nfs4:acedup = merge

--
C. J. Keist Email: cj.ke...@colostate.edu
Systems Group Manager   Phone: 970-491-0630
Engineering Network ServicesFax:   970-491-5569
College of Engineering, CSU
Ft. Collins, CO 80523-1301

All I want is a chance to prove 'Money can't buy happiness'

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] store samba account in ldap

[Udo Müller]

Am 25.09.10 20:43, schrieb hesam mohamadian:
> hi want to setup samba file sharing that identify their samba users from
> ldap and windows & linux client can access their own files but without
> joining to any domain
> can you introduce me some resource and how to

Use google and search for "samba ldap".

Regards Udo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Gaiseric Vandal]

Presumably Ben is able to ssh / telnet in for NON-Samba accounts


FYI-  I did need to update my /etc/pam.conf on Solaris 10 clients when I 
moved to LDAP backend for unix accounts.  I had to add an entry to allow 
ldap authentication.(I don't think I had to do this for Solaris 9.)  
I don't use samba for ssh login authentication.  But it make sense-  
since "root" can access "shadow" info in /etc files (or NIS) but not in 
LDAP.



At some point I had tried out allowing ssh logins using samba 
credentials-  but I think this was on Solaris 9.   At least with ldap 
logins, Solaris 10 requires more configuration that Solaris 9.




My  /etc/pam.conf includes the following 

# login service (explicit because of pam_dial_auth)

#

login   auth requisitepam_authtok_get.so.1
login   auth required pam_dhkeys.so.1
login   auth required pam_unix_cred.so.1
login   auth required pam_dial_auth.so.1
login   auth binding  pam_unix_auth.so.1 server_policy
login   auth required pam_ldap.so.1



...
passwd  auth binding  pam_passwd_auth.so.1 server_policy
passwd  auth required pam_ldap.so.1




I would guess a similar entry with pam_smb (?) might do the trick.


I think that even if pam.conf is not configure correctly you can still 
try the following -

ssh in as a local user (e.g. ben)
su to the samba user (e.g. "su - benvin" or "su benvin") - it 
should prompt you for a password but ssh and telnet are not involved.  
If this works then you know that the problem is probably a pam+ssh or 
pam+telnet issue.





PS-  You shouldn't use telnet anyway.  It sends passwords in the clear.



...





On 10/04/2010 12:35 PM, Max León wrote:
You need to ensure that pam is allowing ssh or telnet access, not sure 
in Solaris but in RedHat based sistems is inside /etc/pam.d


You will have to allow access through pam only enabled accounts since 
usually the access is restricted to shadow by default.


On 10/4/10 7:11 AM, Gaiseric Vandal wrote:

According to your page

"getent passwd" is showing the domain users.


If you try to ssh into your linux machine as "ben", with the way 
nsswitch.conf is configured, it will try to authenticated you as the 
"ben" in /etc/passwd not the one in the AD domain.


I suggest you try the following
comment out "ben" from /etc/passwd and /etc/shadow.

Make sure that the /export/Home/ben directory is owned by the SRE+ben 
user.   See if you can ssh into linux as "ben."  (I think you can 
specify "ben" and not "SRE+ben" for the ssh user.)  Keep an eye on 
the log files e.g in /var/samba/log or /var/log/samba.


You have still not clarified why nsswitch.conf has entries for ldap.




On 10/04/2010 05:17 AM, Ben George wrote:


please check this link

http://bentgeorge.com/samba/
all are mentioned here


Thanks
Ben.T.George



On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal 
mailto:gaiseric.van...@gmail.com>> wrote:


Hi

Please clarify the following
 -  Did you run "truss getent passwd" command and look for lines
with nss_winbind-  just in case it is looking for a file with a
different version.
 - Why does nsswitch.conf have ldap references-  are you using 
ldap?



You should also look through the samba logs-  it may provide some
information.



On 09/30/2010 12:14 PM, Ben George wrote:




yes client has Solaris and a windows xp machine under the AD 
domain


yes i exported the paths to the newly installed 
/usr/local/samba/lib


me using the new packahes and disabled the default packages


On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal
mailto:gaiseric.van...@gmail.com>> wrote:

So to clarify the customer has a Sun Solaris 10 UNIX machine
and a Linux workstation?

FOR SOLARIS

I had problems with getting nsswitch+winbind working with the
samba from sunfreeware-  I had to recompile from scratch
(major headache.)   In hindsight this may not have been
necessary for winbind-  although I had to recompile anyway
for ZFS support.

On solaris, you should have a file called
/usr/lib/nss_winbind.so.1 -  which is the nsswitcher winbind
library provided by the samba that sun bundles with solaris
10 (but this is samba 3.0.x and too old to be much use.)

In /usr/local/samba/lib -  do you see an nss_winbind.so.1
file?How is your PATH and LD_LIBRARY_PATH set-  you want
to make sure you are using the /usr/local/samba/bin and
/usr/local/samba/lib first.

If you run "truss getent passwd | tee log1.txt"  you should
see it looking for nss_winbind.so.1 -  ideally it will look
in /usr/local/samba/lib before 

Re: [Samba] Windows 7 machine trust accounts expiring

[John Drescher]

On Mon, Oct 4, 2010 at 12:58 PM, Martin Hochreiter  wrote:
>  Am 04.10.2010 16:23 schrieb John Drescher:
>>
>> On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss  wrote:
>>>
>>> There was an earlier thread about failing trust relationships between
>>> Windows 7 and Samba. Since we occasionally experience the same problem
>>> with
>>> Win 7 clients against a Samba 3.5.4 server, I investigated this a bit
>>> further.
>>>
>>> I think it happens when
>>> - the time to change the machine password has arrived
>>> - the Win 7 machine is up, but no one is logged on (login box is shown on
>>> the screen).
>>>
>>> To reproduce this, I reduced the machine password change interval to one
>>> day
>>> on a test computer, then let the login prompt sit there for a day or so -
>>> and indeed I could not log in anymore because of a trust relationship
>>> failure. I will try this a couple more times.
>>>
>>> I hope this helps to find a remedy.
>>>
>> Did you ever solve this issue? How did you change the "machine
>> password change interval"?
>>
>> I just had a single windows 7 box fail trust relationship and I saw
>> that the last modify time in ldap for that account was August 30,
>> 2010.
>>
>> John
>
> Hi John!
>
> Just for information -
> We too do use the DisableMachinePasswordChange option of the registry
> because
> the "Refuse Machine Password Change" option on the samba server is not
> working with win 7, and
> we do not have any problems with the expiring issue.
>
> As I wrote some threads before - I think the thrustship problem is related
> to the "Reject machine account"
> logs we see if a user logs on on a samba server ... the samba server refuses
> it and according to that is not
> doing the password change too. But thats just theory.
>

Thanks both of you. I will do this for all windows 7 boxes to avoid
the issue for now.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 machine trust accounts expiring

[Martin Hochreiter]

 Am 04.10.2010 16:23 schrieb John Drescher:

On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss  wrote:

There was an earlier thread about failing trust relationships between
Windows 7 and Samba. Since we occasionally experience the same problem with
Win 7 clients against a Samba 3.5.4 server, I investigated this a bit
further.

I think it happens when
- the time to change the machine password has arrived
- the Win 7 machine is up, but no one is logged on (login box is shown on
the screen).

To reproduce this, I reduced the machine password change interval to one day
on a test computer, then let the login prompt sit there for a day or so -
and indeed I could not log in anymore because of a trust relationship
failure. I will try this a couple more times.

I hope this helps to find a remedy.


Did you ever solve this issue? How did you change the "machine
password change interval"?

I just had a single windows 7 box fail trust relationship and I saw
that the last modify time in ldap for that account was August 30,
2010.

John

Hi John!

Just for information -
We too do use the DisableMachinePasswordChange option of the registry 
because
the "Refuse Machine Password Change" option on the samba server is not 
working with win 7, and

we do not have any problems with the expiring issue.

As I wrote some threads before - I think the thrustship problem is 
related to the "Reject machine account"
logs we see if a user logs on on a samba server ... the samba server 
refuses it and according to that is not

doing the password change too. But thats just theory.

regards
Martin




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Max León]

You need to ensure that pam is allowing ssh or telnet access, not sure 
in Solaris but in RedHat based sistems is inside /etc/pam.d


You will have to allow access through pam only enabled accounts since 
usually the access is restricted to shadow by default.


On 10/4/10 7:11 AM, Gaiseric Vandal wrote:

According to your page

"getent passwd" is showing the domain users.


If you try to ssh into your linux machine as "ben", with the way 
nsswitch.conf is configured, it will try to authenticated you as the 
"ben" in /etc/passwd not the one in the AD domain.


I suggest you try the following
comment out "ben" from /etc/passwd and /etc/shadow.

Make sure that the /export/Home/ben directory is owned by the SRE+ben 
user.   See if you can ssh into linux as "ben."  (I think you can 
specify "ben" and not "SRE+ben" for the ssh user.)  Keep an eye on the 
log files e.g in /var/samba/log or /var/log/samba.


You have still not clarified why nsswitch.conf has entries for ldap.




On 10/04/2010 05:17 AM, Ben George wrote:


please check this link

http://bentgeorge.com/samba/
all are mentioned here


Thanks
Ben.T.George



On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal 
mailto:gaiseric.van...@gmail.com>> wrote:


Hi

Please clarify the following
 -  Did you run "truss getent passwd" command and look for lines
with nss_winbind-  just in case it is looking for a file with a
different version.
 - Why does nsswitch.conf have ldap references-  are you using ldap?


You should also look through the samba logs-  it may provide some
information.



On 09/30/2010 12:14 PM, Ben George wrote:




yes client has Solaris and a windows xp machine under the AD domain

yes i exported the paths to the newly installed 
/usr/local/samba/lib


me using the new packahes and disabled the default packages


On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal
mailto:gaiseric.van...@gmail.com>> wrote:

So to clarify the customer has a Sun Solaris 10 UNIX machine
and a Linux workstation?

FOR SOLARIS

I had problems with getting nsswitch+winbind working with the
samba from sunfreeware-  I had to recompile from scratch
(major headache.)   In hindsight this may not have been
necessary for winbind-  although I had to recompile anyway
for ZFS support.

On solaris, you should have a file called
/usr/lib/nss_winbind.so.1 -  which is the nsswitcher winbind
library provided by the samba that sun bundles with solaris
10 (but this is samba 3.0.x and too old to be much use.)

In /usr/local/samba/lib -  do you see an nss_winbind.so.1
file?How is your PATH and LD_LIBRARY_PATH set-  you want
to make sure you are using the /usr/local/samba/bin and
/usr/local/samba/lib first.

If you run "truss getent passwd | tee log1.txt"  you should
see it looking for nss_winbind.so.1 -  ideally it will look
in /usr/local/samba/lib before /usr/lib.  If it uses
/usr/lib/nss_winbind.so.1 that will probably NOT work.  You
may want to rename that file just to make sure.






On 09/30/2010 10:57 AM, Ben George wrote:


Sun Solaris 10 (under SPARC)

local users in /etc/passwd

samba 3.4.2 from sunfreeware.com 


getent passwd

*/ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh

/*like this*/

/*/
/Thanks
Ben.T.George*/
/*




On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal
mailto:gaiseric.van...@gmail.com>> wrote:

Then it sounds like you need the AD integration.  If the
user's also login to the linux workstation directly  (or
via ssh) then you will need to configure winbind and
nsswitch to support unix logins.

Why does nsswitch.conf include ldap?  Is this the only
linux/unix machine?  Are local users in ldap or
/etc/passwd?

What version of samba?   What version of linux?

Ideally "getent passwd" woudl show something like



ben:*:10001:10001:Ben 
George:/export/Home/SRE/ben/:bin/tcsh


or

SRE+ben:*:10001:10001:Ben
George:/export/Home/SRE/ben:/bin/bash



I don't think you need a huge amount of AD experience to
make this work but I think you have to have general
understanding of what WIndows domains are about.

You should also review the smb.conf man page for the
section on idmap_ad.





On 09/30/2010 09:24 AM, Ben George wrote:



Thanks for your replay..

yes my client told me like this that's Y..and the
manager gave that work to newl

[Samba] Enforcing filesystem permissions

[Dennis Jacobfeuerborn]

Hi,
I'm trying to get samba to force a certain set of permissions for files and 
directories but so far I don't have much success. This is what I'm trying 
to enforce:


create mask = 0770
security mask = 0770
directory mask = 0770
directory security mask = 0770
force create mode = 0660
force security mode = 0660
force directory mode = 0770
force directory security mode = 0770
force group = publisher

Yet when a client creates a directory it ends up with the permissions set 
to 755 instead. My guess is that the client changes the permissions after 
the directory is created so I'm wondering how I can prevent that from 
happening.
What I'm trying to accomplish is to make it possible for members of the 
group "publisher" to always read/write each others files and enter directories.


Regards,
  Dennis
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Strange message

[David Noriega]

I'm seeing the following message:
[2010/10/04 11:09:40, 0] lib/sysquotas.c:sys_get_quota(421)
  sys_path_to_bdev() failed for path [.]!
[2010/10/04 11:09:40, 0] lib/sysquotas.c:sys_get_quota(421)
  sys_path_to_bdev() failed for path [.]!
[2010/10/04 11:09:45, 0] lib/sysquotas.c:sys_get_quota(421)
  sys_path_to_bdev() failed for path [.]!
[2010/10/04 11:09:45, 0] lib/sysquotas.c:sys_get_quota(421)
  sys_path_to_bdev() failed for path [.]!

Any ideas as to what this means?


-- 
Personally, I liked the university. They gave us money and facilities,
we didn't have to produce anything! You've never been out of college!
You don't know what it's like out there! I've worked in the private
sector. They expect results. -Ray Ghostbusters
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba 3.4.7 as NT4 domain member and win9x

[Chris Weiss]

I'm certain i'm just missing something and haven't hit the right
search terms yet, however, the terms I've been trying all lead to
others with the same problems and no solutions at all.

My network is quite legacy, but has been working:
nt4 PDC and BDC
several samba file servers, various revisions
DOS, Win95, Win98, NT4, 2k, xp clients

I have an ubuntu 9.04 32bit samba 3.3.2 server that works fine but i
wanted to have more ram
installed to newer hardware, ubuntu 10.04 x64 samba 3.4.7, copied my
smb.conf, sync'd data, shut off old server, renamed new to the name of
the old, rebooted, stopped smbd and winbind, deleted secrets.tdb,
joined domain, started samba and winbind, restarted nmbd.  Same as
I've done a couple times before when migrating to bigger storage and
hardware.

Everything seemed to work, XP client, nt4 clients, all the wbinfo
command (user lookup, etc).  All Win98 clients prompt for IPC passwd,
no matter what user.  Same users on any other OS works.  I do have
"lanman auth = yes", as it was required on samba 3.3 as well.

log.lathe1 shows
check_ntlm_password: winbind authentication for user [LATHE1] FAILED
with error NT_STATUS_LOGON_FAILURE

and a bit before that:

[2010/10/04 10:20:53,  6] auth/auth_sam.c:416(check_samstrict_security)
 check_samstrict_security: WILSON is not one of my local names
(ROLE_DOMAIN_MEMBER)

this last one seems to be key to me, I don't think i should get this
message, and I didn't used to.
I only get the message when connecting from win9x clients.

If I could upgrade the OS's I would.  Needs to be win9x for the
software for the old CNC stuff.


P.S. the listserv's spamassain is giving 4.1 points to words that end
a dollar sign, so IPC(dollar sign) is rejecting the email,  i suspect
other admin shares would too.  Can i suggest to tweak that to give 3.7
instead of 4.1, since takes 3.8 to flag as spam?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.5.5. id-map issues with Active Directory

[Haven]

 Its taken a lot of fairly random experimentation but I've finally 
got configs that work under samba 3.5.5 on both Gentoo and Debian 
with 2008 server. The sections in my old config that seemed to be 
causing the problems and their replacements are shown below:


Old broken:

idmap backend = ad
winbind nss info = rfc2307

New working:

idmap uid = 1-2
idmap gid = 1-2

No changes were needed to my kerberos setup.

I've included a copy of my current smb.conf that is working for me 
after upgrading from 3.4.8 to 3.5.5:



[global]

workgroup = DOMAIN
security = ADS
kerberos method = system keytab
winbind use default domain = true
realm = DOMAIN.NET

disable netbios = yes
name resolve order = host lmhosts
hosts allow = 127.0.0.1 192.168.1.0/24 93.97.246.119
hosts deny = 0.0.0.0/0

password server = 192.168.1.2, 192.168.1.3, *

idmap config DOMAIN : default = yes
idmap config DOMAIN : schema_mode = rfc2307
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 1-2

idmap uid = 1-2
idmap gid = 1-2

winbind offline logon = yes
winbind nested groups = yes
winbind separator = +

template homedir = /home/%U
template shell = /bin/bash
client ntlmv2 auth = yes
encrypt passwords = yes

local master = no
domain master = no
preferred master = no
dns proxy = no

server string = Samba Server Version %v

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE 
SO_RCVBUF=8192 SO_SNDBUF=8192


# Fix character set issues:
# 
http://www.unixresources.net/linux/lf/59/archive/00/00/13/18/131896.html

dos charset = 850
unix charset = UTF-8


There is still a slight discrepancy with debian returning more 
groups for users when you type "id " than gentoo, but it 
appears to be a gentoo error i.e. "10005(denied rodc password 
replication group)". Something to look at another day as auth works 
for now which is the main thing.


Regards

Simon
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba 3.4.7 as NT4 domain member and win9x

[Chris Weiss]

I'm certain i'm just missing something and haven't hit the right
search terms yet, however, the terms I've been trying all lead to
others with the same problems and no solutions at all.

My network is quite legacy, but has been working:
nt4 PDC and BDC
several samba file servers, various revisions
DOS, Win95, Win98, NT4, 2k, xp clients

I have an ubuntu 9.04 32bit samba 3.3.2 server that works fine but i
wanted to have more ram
installed to newer hardware, ubuntu 10.04 x64 samba 3.4.7, copied my
smb.conf, sync'd data, shut off old server, renamed new to the name of
the old, rebooted, stopped smbd and winbind, deleted secrets.tdb,
joined domain, started samba and winbind, restarted nmbd.  Same as
I've done a couple times before when migrating to bigger storage and
hardware.

Everything seemed to work, XP client, nt4 clients, all the wbinfo
command (user lookup, etc).  All Win98 clients prompt for IPC$ passwd,
no matter what user.  Same users on any other OS works.  I do have
"lanman auth = yes", as it was required on samba 3.3 as well.

log.lathe1 shows
check_ntlm_password: winbind authentication for user [LATHE1] FAILED
with error NT_STATUS_LOGON_FAILURE

and a bit before that:

[2010/10/04 10:20:53,  6] auth/auth_sam.c:416(check_samstrict_security)
  check_samstrict_security: WILSON is not one of my local names
(ROLE_DOMAIN_MEMBER)

this last one seems to be key to me, I don't think i should get this
message, and I didn't used to.
I only get the message when connecting from win9x clients.

If I could upgrade the OS's I would.  Needs to be win9x for the
software for the old CNC stuff.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 machine trust accounts expiring

[Peter Rindfuss]

On 2010-10-04 16:23, John Drescher wrote:

On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss  wrote:

There was an earlier thread about failing trust relationships between
Windows 7 and Samba. Since we occasionally experience the same problem with
Win 7 clients against a Samba 3.5.4 server, I investigated this a bit
further.

I think it happens when
- the time to change the machine password has arrived
- the Win 7 machine is up, but no one is logged on (login box is shown on
the screen).

To reproduce this, I reduced the machine password change interval to one day
on a test computer, then let the login prompt sit there for a day or so -
and indeed I could not log in anymore because of a trust relationship
failure. I will try this a couple more times.

I hope this helps to find a remedy.



Did you ever solve this issue? How did you change the "machine
password change interval"?

I just had a single windows 7 box fail trust relationship and I saw
that the last modify time in ldap for that account was August 30,
2010.

John


Our solution: We disabled the machine password change on all win7 
clients by setting

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 DisablePasswordChange = dword:1
We never had a single issue after that.


The "machine password change interval" can be set in the client's 
registry with

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 MaximumPasswordAge = dword:n, n being a number of days.
Default is 30.


Instead "DisablePasswordChange = 1" we might have tried
"MaximumPasswordAge = 100", a million days.

Finally, we might have tried against an MS server
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 RefusePasswordChange = dword:1
Note that this is a server setting, not a client setting.
In Samba, it should translate to "sambaRefuseMachinePwdChange = 1" in LDAP.

Peter
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] help with AD integration

[Ben George]

HI

Friends please check my problem

http://bentgeorge.com/samba/

Thanks
Ben.T.George
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba with AD help.

[Ben George]

Hi

please check with this link

http://bentgeorge.com/samba/




>
>
>
> On Fri, Oct 1, 2010 at 5:09 PM, Gaiseric Vandal  > wrote:
>
>>  But your output shows
>>
>>
>> params.c:pm_process() - Processing configuration file
>> "/etc/sfw/smb.conf"
>>
>>
>>
>>
>>
>> On 10/01/2010 07:26 AM, Ben George wrote:
>>
>>
>> yes sunfreeware samba installed under
>>
>> /usr/local/samba
>>
>> configuration file
>>
>> /usr/local/samba/lib  i exported this lib PATH
>>
>> also the testparm is under /usr/local/samba/bin/
>>
>> i exicuted this testparm..that shows the sunfreeware samba's smb.conf
>> settings.
>>
>>
>>
>>
>> On Fri, Oct 1, 2010 at 2:22 PM, Gaiseric Vandal <
>> gaiseric.van...@gmail.com> wrote:
>>
>>> This reminded me of something:
>>>
>>> Solaris is bundled with Kerberos.   However, with sunfreeware samba you
>>> may
>>> have also installed Kerberos packages from sun freeware.  Assuming the
>>> PATH
>>> is let for /usr/local/bin:/usr/local/sbin:$PATH and LD_LIBRARY_PATH is
>>> set
>>> /usr/local/lib:  you should be using the sunfreeware versions of
>>> software rather than the sun versions.
>>>
>>> I don't know if sunfreeware Kerberos uses the same config files as sun
>>> Kerberos-  which means you may be have not configured the correct files.
>>>
>>> On a related note,
>>>
>>> Sunfreeware samba uses /usr/local/etc/smb.conf  (or something close to
>>> that)
>>> by default.
>>> The solaris bundled samba uses /etc/sfw/smb.conf
>>>
>>> If you type "which testparm" are you running the correct testparm?
>>> When you run "testparm -v" is it finding the correct smb.conf?
>>>
>>>
>>> Or maybe you already sym linked your smb.conf file.
>>>
>>>
>>>
>>> -Original Message-
>>> From: samba-boun...@lists.samba.org [mailto:
>>> samba-boun...@lists.samba.org]
>>> On Behalf Of Max León
>>> Sent: Wednesday, September 29, 2010 8:22 PM
>>> To: samba@lists.samba.org
>>> Subject: Re: [Samba] samba with AD help.
>>>
>>> Can you post the global part of your smb.conf, your nsswitch and your
>>> kerberos.conf?
>>>
>>> On 9/29/10 5:33 AM, Ben George wrote:
>>> > when i try to join the domain in UNIX (Sun Solaris 10 SPARC),i got
>>> error
>>> > message like this
>>> >
>>> >
>>> >
>>> > bash-3.00# ./net ads -d3 join -U administra...@sre.com
>>> >
>>> > [2010/09/29 14:26:02, 3] param/loadparm.c:(5055)
>>> >   lp_load: refreshing parameters
>>> > [2010/09/29 14:26:02, 3] param/loadparm.c:(1440)
>>> >   Initialising global parameters
>>> > [2010/09/29 14:26:02, 3] param/params.c:(572)
>>> >params.c:pm_process() - Processing configuration file
>>> "/etc/sfw/smb.conf"
>>> > [2010/09/29 14:26:02, 3] param/loadparm.c:(3794)
>>> >   Processing section "[global]"
>>> > [2010/09/29 14:26:02, 2] lib/interface.c:(81)
>>> >added interface ip=192.168.1.11 bcast=192.168.1.255
>>> nmask=255.255.255.0
>>> > Host is not configured as a member server.
>>> > Invalid configuration.  Exiting
>>> > Failed to join domain: Invalid domain role
>>> > [2010/09/29 14:26:02, 2] utils/net.c:(1075)
>>> > return code = -1
>>> >
>>> >
>>> > please help me solve this
>>> >
>>> > thanks
>>> >
>>>
>>> --
>>>
>>> Max León
>>> Systems Director
>>> Wire Watchers : enterprise : technology : genius
>>>
>>> 
>>> --
>>> Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica
>>> cel: +(506) 8364-6261 | fax: +(506) 2258-3695
>>> email: ml...@wirewatchers.com  |
>>> www.wirewatchers.com 
>>>
>>> 
>>> --
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] rpcclient and NTLMV2 authentication

[keith Fayne]

> rpcclient will honour the same setting in the smb.conf as smbclient -
> 'client ntlmv2 auth = yes' should do it.
>
> Thanks for the prompt reply; this has resolved my issue.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 machine trust accounts expiring

[John Drescher]

On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss  wrote:
> There was an earlier thread about failing trust relationships between
> Windows 7 and Samba. Since we occasionally experience the same problem with
> Win 7 clients against a Samba 3.5.4 server, I investigated this a bit
> further.
>
> I think it happens when
> - the time to change the machine password has arrived
> - the Win 7 machine is up, but no one is logged on (login box is shown on
> the screen).
>
> To reproduce this, I reduced the machine password change interval to one day
> on a test computer, then let the login prompt sit there for a day or so -
> and indeed I could not log in anymore because of a trust relationship
> failure. I will try this a couple more times.
>
> I hope this helps to find a remedy.
>

Did you ever solve this issue? How did you change the "machine
password change interval"?

I just had a single windows 7 box fail trust relationship and I saw
that the last modify time in ldap for that account was August 30,
2010.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] rpcclient errors

[Jeffrey Bernhard]

I'm resending this yet again.

PLEASE: Someone respond if only to let me know that this really is going to
the list -- I would be grateful for just that much!

I'm running Ubuntu 10.04 LTS and loaded (via apt-get) Samba version 2:3.4.7
as part of the effort to bring up Sambafax. A dpkg-query gives the
following:

# dpkg-query -l  | fgrep samba
ii  libcrypt-smbhash-perl
  0.12-3generate LM/NT hash of a password
for samba
ii  samba   2:3.4.7~dfsg-1ubuntu3.1
SMB/CIFS file, print, and login server for U
ii  samba-common2:3.4.7~dfsg-1ubuntu3.1
common files used by both the Samba server a
ii  samba-common-bin2:3.4.7~dfsg-1ubuntu3.1
common files used by both the Samba server a
ii  samba-doc   2:3.4.7~dfsg-1ubuntu3.1
Samba documentation

The Windows drivers I've chosen are those used in a previous implementation
of Sambafax (now years old) running on an old Redhat kernel; I'm to 'update'
this but decided to use the Windows drivers of the old implementation with
the notion, "if it ain't broke"...

Populating /etc/samba/drivers with W32X86/2 and  WIN40/0 drivers, I see:

# ls -R /etc/samba/drivers
/etc/samba/drivers:
W32X86  WIN40

/etc/samba/drivers/W32X86:
2

/etc/samba/drivers/W32X86/2:
cups5.hlp  cupsdrv5.dll  cupsui5.dll  sambafax.ppd

/etc/samba/drivers/WIN40:
0

/etc/samba/drivers/WIN40/0:
ADFONTS.MFM   ADOBEPS4.HLP  ICONLIB.DLL  sambafax.ppd
ADOBEPS4.DRV  DEFPRTR2.PPD  PSMON.DLL

I've tried to run rpcclient with the "adddriver" subcommand which fails with
an different error for these 2 cases, and nothing specific in the error
messages to indicate what really is the problem:

# rpcclient -U 'Name%passwd' -c 'adddriver "Windows NT x86"
"sambafax:cupsdrv5.dll:sambafax.ppd:cupsui5.dll:cups5.hlp:NULL:RAW:NULL"'
localhost
result was WERR_BADFILE

and

# rpcclient -U 'Name%passwd' -c 'adddriver "Windows 4.0"
"sambafax:ADOBEPS4.DRV:sambafax.ppd:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADOBEPS4.DRV,sambafax.ppd,ADOBEPS4.HLP,PSMON.DLL,ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"'
localhost
result was WERR_UNKNOWN_PRINTER_DRIVER

I've tried putting the driver files directly in /etc/samba/drivers prior to
executing the above rpcclient commands, as some comments on the net suggest
the 'adddriver' command expects them there and moves them to the appropriate
subdirectories but similar errors ensue.

The errors are on the server side. My thought is to have the source for
samba and instrument it to determine just what is being attempted at the
time an error is raised. This is more than a small science project -- if
anyone's expertise could help here, I'd sincerely appreciate it. I've been
stuck on this a few days...

Any suggestions?

Sorry for the volume here, but I didn't want to leave out some useful detail
or other.

Jeff Bernhard
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File permissions getting destroyed with M$ software on ZFS

[Gaiseric Vandal]

I had a lot of problems with this as well.I found it hard to find 
much documentation on the zfs module in samba from either samba or sun.


(PS-  A big thumbs down to Sun and the OpenSolaris crowd for apparently 
abandoning samba.)


I am running Samba 3.0.x from Sun on two servers and samba 3.4.x 
compiled from source on the third.  I eventually opened a support case 
with Sun which did help (somewhat.)



Did you check the permissions of the parent directory?  There may be an 
inheritance issue.   Usually the following worked for me:



chmod -R A- thedirectory
chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory
chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory



My share defintions looks like the following (the nfs4 and zfsacl 
options were recommended by sun tech support.)


   vfs objects = zfsacl
inherit permissions = Yes
inherit acls = Yes
nfs4:acedup = merge
nfs4:chown = yes
nfs4: mode = special
mapread only = no
ea support = yes
store dos attributes = yes
create mask = 0770
force create mode = 0600
directory mask = 0775
force directory mode = 0600
zfsacl: acesort = dontcare





PS.  Are your samba shares on top of autofs shares?   If so, you may 
also need to do the following.


# chmod A+user:nobody:aRc:allow  thedirectory

So far it seems to work OK.


On 10/04/2010 06:06 AM, RegioGis wrote:

Hi,

I see you use samba with zfs. But how on earth do you prevent the 'deny'
aces from being the first in the ACL, and thus denying all access to the
resource ?

I'm able to add permissions via the MS UI  ( I added an AD group
'regio-users' )
When I then create a file or folder via Samba, I get this on the Solaris box
:

root # ll -V db1.mdb
-rw-rw+  1 ackerra  gis98304 Oct  4 11:49 db1.mdb
 group:regio-users:--x---:--:deny
 group:regio-users:r-x---a-Rs:--:allow
 owner@:--x---:--:deny
 owner@:rw-p---A-W-Co-:--:allow
 group@:--x---:--:deny
 group@:rw-p--:--:allow
  everyone@:rwxp---A-W-Co-:--:deny
  everyone@:--a-R-c--s:--:allow

Thus denying all access to 'regio-users' 
How do you solve this ?( I defined the share exactly as you specified )

Rgrds,

   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File permissions getting destroyed with M$ software on ZFS

[RegioGis]

Hi,

I see you use samba with zfs. But how on earth do you prevent the 'deny'
aces from being the first in the ACL, and thus denying all access to the
resource ?

I'm able to add permissions via the MS UI  ( I added an AD group
'regio-users' )
When I then create a file or folder via Samba, I get this on the Solaris box
:

root # ll -V db1.mdb
-rw-rw+  1 ackerra  gis98304 Oct  4 11:49 db1.mdb
group:regio-users:--x---:--:deny
group:regio-users:r-x---a-Rs:--:allow
owner@:--x---:--:deny
owner@:rw-p---A-W-Co-:--:allow
group@:--x---:--:deny
group@:rw-p--:--:allow
 everyone@:rwxp---A-W-Co-:--:deny
 everyone@:--a-R-c--s:--:allow

Thus denying all access to 'regio-users' 
How do you solve this ?( I defined the share exactly as you specified )

Rgrds,

-- 
View this message in context: 
http://samba.2283325.n4.nabble.com/File-permissions-getting-destroyed-with-M-software-on-ZFS-tp2915766p2954071.html
Sent from the Samba - General mailing list archive at Nabble.com.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Ben George]

i tried to telnet to sun1(unix) machine..but login failed.

i tried benvin user on AD..not ben

/var/samba/log


[2010/10/04 15:24:06, 6] nsswitch/winbindd.c:(641)
  accepted socket 23
[2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326)
  process_request: request fn INTERFACE_VERSION
[2010/10/04 15:24:06, 3] nsswitch/winbindd_misc.c:(491)
  [ 5806]: request interface version
[2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2010/10/04 15:24:06, 3] nsswitch/winbindd_misc.c:(524)
  [ 5806]: request location of privileged pipe
[2010/10/04 15:24:06, 6] nsswitch/winbindd.c:(641)
  accepted socket 31
[2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326)
  process_request: request fn GETGROUPS
[2010/10/04 15:24:06, 3] nsswitch/winbindd_group.c:(1273)
  [ 5806]: getgroups root
[2010/10/04 15:24:06, 5] nsswitch/winbindd_group.c:(1292)
  Could not parse domain user: root
[2010/10/04 15:24:06, 10] lib/events.c:(131)
  Added timed event "async_request_timeout": 2f11e0
[2010/10/04 15:24:06, 10] lib/events.c:(299)
  timed_events_timeout: 299/06
[2010/10/04 15:24:06, 10] lib/events.c:(66)
  Destroying timed event 2f11e0 "async_request_timeout"
[2010/10/04 15:24:06, 10] nsswitch/winbindd_cache.c:(2307)
  Retrieving response for pid 4252
[2010/10/04 15:24:06, 5] nsswitch/winbindd_async.c:(1303)
  Could not find domain from SID S-1-22-1-0
--
[2010/10/04 15:24:37, 6] nsswitch/winbindd.c:(641)
  accepted socket 23
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn INTERFACE_VERSION
[2010/10/04 15:24:37, 3] nsswitch/winbindd_misc.c:(491)
  [ 5809]: request interface version
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2010/10/04 15:24:37, 3] nsswitch/winbindd_misc.c:(524)
  [ 5809]: request location of privileged pipe
[2010/10/04 15:24:37, 6] nsswitch/winbindd.c:(641)
  accepted socket 31
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn GETPWNAM
[2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346)
  [ 5809]: getpwnam benvin
[2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353)
  Could not parse domain user: benvin
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn GETPWNAM
[2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346)
  [ 5809]: getpwnam benvin
[2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353)
  Could not parse domain user: benvin
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn GETPWNAM
[2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346)
  [ 5809]: getpwnam benvin
[2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353)
  Could not parse domain user: benvin



i didn't understand anything from this log



On Mon, Oct 4, 2010 at 4:11 PM, Gaiseric Vandal
wrote:

> According to your page
>
>"getent passwd" is showing the domain users.
>
>
> If you try to ssh into your linux machine as "ben", with the way
> nsswitch.conf is configured, it will try to authenticated you as the "ben"
> in /etc/passwd not the one in the AD domain.
>
> I suggest you try the following
>comment out "ben" from /etc/passwd and /etc/shadow.
>
> Make sure that the /export/Home/ben directory is owned by the SRE+ben user.
>   See if you can ssh into linux as "ben."  (I think you can specify "ben"
> and not "SRE+ben" for the ssh user.)  Keep an eye on the log files e.g in
> /var/samba/log or /var/log/samba.
>
> You have still not clarified why nsswitch.conf has entries for ldap.
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with samba AD integration

[Ben George]

Support contract..? how much for that

the thing i am doing this is to fix my job..because this this my 1st
project.

i didn't get salery to..anyway can u please give your rate for this..

:(



On Mon, Oct 4, 2010 at 1:08 PM,  wrote:

> On Mon, Oct 04, 2010 at 12:24:50PM +0300, Ben George wrote:
>
> > Content preview:  Hi please check tis link..
> http://bentgeorge.com/samba/ [...]
>
> Yes, I have read this page and understand what you wish to achieve.
> There are several ways to do it depending on the requirements of your
> network. Home directories can be autogenerated under different
> circumstances, from user creation to first connection.
>
> Can you please be clear: do you wish to purchase a support contract?
>
> If not, I recommend you continue asking on the public Samba forums,
> where a lot of people do get help.
>
> Regards,
>
> --
> Dan Shearer
> d...@penguinfactory.co.uk
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Can samba3 support more than one wins server

[Daniel Müller]

Dear all,

is it possible to have two entries in “wins server= wins1 wins2”. 
I run the samba4WINS besides samba3

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File permissions getting destroyed with M$ software on ZFS

[RegioGis]

Please ignore previous message. I messed up some testing results 
I'm trying to clear out things straight first.


-- 
View this message in context: 
http://samba.2283325.n4.nabble.com/File-permissions-getting-destroyed-with-M-software-on-ZFS-tp2915766p2954213.html
Sent from the Samba - General mailing list archive at Nabble.com.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Pb with net command

[Hervé Hénoch]

Hello

When I want to add a user  with the following command (Version 
3.5.5-SerNet-Debian on lenny) :


net rpc user add 

I have the message :  Failed to add user  with error: No such User.

But in my LDAP database, the user is added only in Posix sense 
(objectClass=PosixGroup without objectClass=sambaSamAccount).


The underlying user for this command is root (which is in "Domain 
Admins" and gidNUmber=512).


The same command with a user which have the domain's include rights run 
well :


net rpc user add  -Uadmin : ok

Regards

--
Hervé Hénoch
Responsable informatique
Institut Sainte Catherine
1750, chemin du Lavarin, 84000 Avignon
Téléphone : 04.90.27.57.44
Messagerie : h.hen...@isc84.org


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Diagnosing Performance Issues

[Volker Lendecke]

On Mon, Oct 04, 2010 at 01:21:39PM +0800, Shane Arnold wrote:
> First off my apologies if this is the wrong place to be asking.
> 
> I seem to have a problem where the smbd process is using a massive
> amount of CPU for network transfers. It averages about 70-90% usage
> on both cores of a dual-core machine when transferring between disks
> (or over the network) using samba/cifs shares.
> 
> Along with this I also notice the transfers going from a steady
> 30-40mb/sec to anywhere from 1-4MB/sec. It seems to resolve itself
> then re-occur multiple times during a transfer. I have tried
> tweaking buffer settings and the like with no success.
> 
> iostat shows corresponding transfer rates that match what Windows is
> reporting for transfer speeds.
> 
> Any ideas where I can start looking? I've done a fair bit of
> looking, but I'm not quite ready to say it's a hardware problem just
> yet.

strace'ing the smbd might be a start...

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Diagnosing Performance Issues

[Shane Arnold]

 Unfortunately an strace of the smbd process provides me with nothing 
useful as I am not a samba developer. However I'll happily provide the 
strace output for anyone interested :)


On 04/10/2010 2:05 PM, Volker Lendecke wrote:

On Mon, Oct 04, 2010 at 01:21:39PM +0800, Shane Arnold wrote:

First off my apologies if this is the wrong place to be asking.

I seem to have a problem where the smbd process is using a massive
amount of CPU for network transfers. It averages about 70-90% usage
on both cores of a dual-core machine when transferring between disks
(or over the network) using samba/cifs shares.

Along with this I also notice the transfers going from a steady
30-40mb/sec to anywhere from 1-4MB/sec. It seems to resolve itself
then re-occur multiple times during a transfer. I have tried
tweaking buffer settings and the like with no success.

iostat shows corresponding transfer rates that match what Windows is
reporting for transfer speeds.

Any ideas where I can start looking? I've done a fair bit of
looking, but I'm not quite ready to say it's a hardware problem just
yet.

strace'ing the smbd might be a start...

Volker

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] WG: install samba 4 alpha13 on centos 5.5 make error

[Daniel Müller]

Hi,

A new try: What I did.
Took the old source directory I made for samba4 12:
Cd /samba4
Rsync the new samba4 13 in it by:

rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ .

cd samba4/source
made: make clean
then ./autogen.sh
then ./configure.developer
then make idl_full
The same error nothing: data.mk:1389: *** Befehle beginnen vor dem ersten Ziel. 
 Schluss.
The file data.mk is the newest from oct. 4th, today.
It drives me crazy.
Does anyone succeed with updating?

Greetings
Daniel

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: Daniel Müller [mailto:muel...@tropenklinik.de] 
Gesendet: Donnerstag, 30. September 2010 20:01
An: Jelmer Vernooij
Cc: samba@lists.samba.org; samba-techni...@lists.samba.org
Betreff: Re: install samba 4 alpha13 on centos 5.5 make error


I used the tarball!?
I downloaded the sources into a fresh new directory and did compile it
from there.
Do I need to delete the old compiling directory containing samba4 alpha12
sources!?




On Thu, 30 Sep 2010 18:03:27 +0200, Jelmer Vernooij 
wrote:
> On Thu, 2010-09-30 at 16:15 +0200, Daniel Müller wrote:
>> downloaded  alpha13, did:
>> ./autogen.sh
>> This result in:
>> [r...@node1 source4]# ./autogen.sh
>> Setting up for waf build
>> done. Now run ./configure or ./configure.developer then make.
>> 
>> ./configure.devloper ←ok
>> Then:
>> Make
>> Error: data.mk:1881: *** Befehle beginnen vor dem ersten Ziel. 
Schluss.
>> Make does nothing?!
>> Any idea1?
> This doesn't seem right. You must still have some old makefile around,
> we don't use data.mk anymore. Did you do a clean checkout, or use the
> tarball?
> 
> Cheers,
> 
> jelmer

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Gaiseric Vandal]

According to your page

"getent passwd" is showing the domain users.


If you try to ssh into your linux machine as "ben", with the way 
nsswitch.conf is configured, it will try to authenticated you as the 
"ben" in /etc/passwd not the one in the AD domain.


I suggest you try the following
comment out "ben" from /etc/passwd and /etc/shadow.

Make sure that the /export/Home/ben directory is owned by the SRE+ben 
user.   See if you can ssh into linux as "ben."  (I think you can 
specify "ben" and not "SRE+ben" for the ssh user.)  Keep an eye on the 
log files e.g in /var/samba/log or /var/log/samba.


You have still not clarified why nsswitch.conf has entries for ldap.




On 10/04/2010 05:17 AM, Ben George wrote:


please check this link

http://bentgeorge.com/samba/
all are mentioned here


Thanks
Ben.T.George



On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal 
mailto:gaiseric.van...@gmail.com>> wrote:


Hi

Please clarify the following
 -  Did you run "truss getent passwd" command and look for lines
with nss_winbind-  just in case it is looking for a file with a
different version.
 - Why does nsswitch.conf have ldap references-  are you using ldap?


You should also look through the samba logs-  it may provide some
information.



On 09/30/2010 12:14 PM, Ben George wrote:




yes client has Solaris and a windows xp machine under the AD domain

yes i exported the paths to the newly installed /usr/local/samba/lib

me using the new packahes and disabled the default packages


On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal
mailto:gaiseric.van...@gmail.com>> wrote:

So to clarify the customer has a Sun Solaris 10 UNIX machine
and a Linux workstation?

FOR SOLARIS

I had problems with getting nsswitch+winbind working with the
samba from sunfreeware-  I had to recompile from scratch
(major headache.)   In hindsight this may not have been
necessary for winbind-  although I had to recompile anyway
for ZFS support.

On solaris, you should have a file called
/usr/lib/nss_winbind.so.1 -  which is the nsswitcher winbind
library provided by the samba that sun bundles with solaris
10 (but this is samba 3.0.x and too old to be much use.)

In /usr/local/samba/lib -  do you see an nss_winbind.so.1
file?How is your PATH and LD_LIBRARY_PATH set-  you want
to make sure you are using the /usr/local/samba/bin and
/usr/local/samba/lib first.

If you run "truss getent passwd | tee log1.txt"  you should
see it looking for nss_winbind.so.1 -  ideally it will look
in /usr/local/samba/lib before /usr/lib.  If it uses
/usr/lib/nss_winbind.so.1 that will probably NOT work.  You
may want to rename that file just to make sure.






On 09/30/2010 10:57 AM, Ben George wrote:


Sun Solaris 10 (under SPARC)

local users in /etc/passwd

samba 3.4.2 from sunfreeware.com 


getent passwd

*/ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh

/*like this*/

/*/
/Thanks
Ben.T.George*/
/*




On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal
mailto:gaiseric.van...@gmail.com>> wrote:

Then it sounds like you need the AD integration.  If the
user's also login to the linux workstation directly  (or
via ssh) then you will need to configure winbind and
nsswitch to support unix logins.

Why does nsswitch.conf include ldap?  Is this the only
linux/unix machine?  Are local users in ldap or
/etc/passwd?

What version of samba?   What version of linux?

Ideally "getent passwd" woudl show something like



ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh

or

SRE+ben:*:10001:10001:Ben
George:/export/Home/SRE/ben:/bin/bash



I don't think you need a huge amount of AD experience to
make this work but I think you have to have general
understanding of what WIndows domains are about.

You should also review the smb.conf man page for the
section on idmap_ad.





On 09/30/2010 09:24 AM, Ben George wrote:



Thanks for your replay..

yes my client told me like this that's Y..and the
manager gave that work to newly joined me.. :(

i don't have any AD and core unix experience..i have
only experience in linux.not much

may this project will affect my job..  :(

my nsswitch.conf

*/passwd: files ldap winbind
group:  files ldap wi

[Samba] Diagnosing Performance Issues

[Shane Arnold]

 Hi All,

First off my apologies if this is the wrong place to be asking.

I seem to have a problem where the smbd process is using a massive 
amount of CPU for network transfers. It averages about 70-90% usage on 
both cores of a dual-core machine when transferring between disks (or 
over the network) using samba/cifs shares.


Along with this I also notice the transfers going from a steady 
30-40mb/sec to anywhere from 1-4MB/sec. It seems to resolve itself then 
re-occur multiple times during a transfer. I have tried tweaking buffer 
settings and the like with no success.


iostat shows corresponding transfer rates that match what Windows is 
reporting for transfer speeds.


Any ideas where I can start looking? I've done a fair bit of looking, 
but I'm not quite ready to say it's a hardware problem just yet.


Cheers :)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba