Re: [Samba] winbind and group permissions
Gaiseric, thank you sooo much for the reply I will make comments inline: On Mon, 2011-01-03 at 20:06 -0500, Gaiseric Vandal wrote: > Winbind is used for allowing unix things like file system access, getent > passwd and getent group to handle windows users (windows users and groups > get unix uid's and gid's allocated.) To say this another way; getent maps users/groups and their respective uids/gids/sids, winbind is what determines if those uids/gids have permission to do what is being requested? > I don't use winbind to login to a > unix system as a windows user but I do use it to allow the unix file system > on a samba server to handle file perms for windows users. Winbind would > have nothing to do with subnet issues. So wbinfo commands are not affected by working across a vpn... > WINS (Windows Internet Naming Service, or something like that) is really > useful for having a windows client (e.g. an XP machine) find a Windows > server (a Samba server or a real Windows server)- this is really useful > when subnet issues are involved, and actually a WINS server should be a > standard item even on a local network. Understood and agreed, I always enable wins server even on the simplest samba installs. > Depending on your VPN, your > "remote" client may have a virtual NIC on the "office" LAN. The VPN is an openswan site-to-site tunnel. I have just spent the last hour or two checking, double-checking, re-double-checking, triple-checking, and re-triple-checking that everything is in order. All traffic from several different protocols are travelling in both directions without restriction. I never say never with networks and computers, but I am quite certain this is not the problem. > The big problem I found with Samba member servers and winbind was that the > "Windows" user on a member server might have a unix uid or gid that is not > consistent with the PDC or other member servers. But this doesn't seem to > be your problem. As I understand it, having a map be consistent across multiple samba servers is required in the case of BDCs and PDCs, where a BDC may be required to authorize a user on behalf of the PDC. In that case, the BDC must have the same info as the PDC else a user may end up with different access to different files depending on which member server it connects too. I also understand it to be that using ldap will nicely work around this problem. In my case, there is only one PDC, and my member server is purely a client that is not going to share anything, so as I understand it, that is not a concern here. > > Can you post your smb.conf section for the idmap settings? Very gladly, and anything else you think might be useful to look at: This is from the PDC (debian - samba=3.5.6): ;winbind idmap backend = tdb idmap uid = 15000-2 idmap gid = 15000-2 ;winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind cache time = 300 template homedir = template shell = /bin/false This is from the DMC (ubuntu - samba=3.4.7): ;Workstation Settings idmap backend = tdb idmap uid = 15000-2 idmap gid = 15000-2 wins server = 192.168.150.10 ;winbind use default domain = yes winbind enum groups = yes winbind enum users = yes password server = 192.168.150.10 template shell = /bin/bash template homedir = /home/%D/%U Some notes: I did have it set up more like your file at first, using idmap config instead of idmap alloc. Two days ago I read every line of the man page, and set it up without the idmap config, and instead used the plain idmap parameters. It seemed to me that this was a better implementation of the 'Keep It Simple' principle. I read a post that suggested that if the uid and gid idmap were not "all encompassing" enough that groups and users would not get displayed. I have increased the range and moved the winbind_cache.tdb and idmap_cache.tdb to create new ones, but no joy. I have commented the default domain directive so as to tell what whether wbinfo -u is returning a local user or a domain user. as far as I know all other winbind settings are default values. I can make the rest of the file available and other stuff as well. > The syntax for > samba 3.0.x, 3.2.x, 3.3.x, and 3.4.x varies. The docs on samba.org may not > be current so you should check man pages for idmap_tdb etc. Some versions > may let you spec "idmap uid =- " and "idmap gid =-" > > > I have the following entry (samba 3.4.x with LDAP backend)- > > idmap alloc backend = ldap > idmap alloc config:ldap_url = ldap://ldapserver1.mydomain.com > idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=mydomain.com > idmap alloc config:ldap_user_dn = cn=xx > idmap alloc config:range = 5 - 7 > > > > I have some issues with getting new id's allocated, but it you have users > working but not groups , at least winbind allocation is generally working. I spent a considerable amount of time investigating the possibi
[Samba] %N 3.0.28 on centos/rhel 4.7 (wanting to split up the profile shares to multiple servers)
I am having a hard time finding documentation on the %N construct. I have /etc/auto.master loading /etc/auto.smb and in /etc/auto.smb it reads username-fstype-smb,username=accountant ://otherhost/username In the log file I get: '/home/username' does not exist or ... Error was No such file or directory I am trying to move certain users' profiles to another server for load distribution. I am I going about this wrong or where do I get more information on making %N work for me. -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] authentication using both ADS and smbpasswd
Hi My Samba configuration uses ADS for user authentication. I have a request to grant users access who are not members of ADS. Is it possible to set up both smbpasswd and ADS authentication? I've looked through the archives without any success. If Samba 3.0 doesn't support this, can someone tell me how they have resolved this situation? Thank you for your help. Regards, Cathy --- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Phone: 509.375.2687 Fax: 509.375.2330 Email: cathy.sm...@pnl.gov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind and group permissions
Winbind is used for allowing unix things like file system access, getent passwd and getent group to handle windows users (windows users and groups get unix uid's and gid's allocated.)I don't use winbind to login to a unix system as a windows user but I do use it to allow the unix file system on a samba server to handle file perms for windows users. Winbind would have nothing to do with subnet issues. WINS (Windows Internet Naming Service, or something like that) is really useful for having a windows client (e.g. an XP machine) find a Windows server (a Samba server or a real Windows server)- this is really useful when subnet issues are involved, and actually a WINS server should be a standard item even on a local network.Depending on your VPN, your "remote" client may have a virtual NIC on the "office" LAN. The big problem I found with Samba member servers and winbind was that the "Windows" user on a member server might have a unix uid or gid that is not consistent with the PDC or other member servers. But this doesn't seem to be your problem. Can you post your smb.conf section for the idmap settings? The syntax for samba 3.0.x, 3.2.x, 3.3.x, and 3.4.x varies. The docs on samba.org may not be current so you should check man pages for idmap_tdb etc. Some versions may let you spec "idmap uid =- " and "idmap gid =-" I have the following entry (samba 3.4.x with LDAP backend)- idmap alloc backend = ldap idmap alloc config:ldap_url = ldap://ldapserver1.mydomain.com idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=mydomain.com idmap alloc config:ldap_user_dn = cn=xx idmap alloc config:range = 5 - 7 I have some issues with getting new id's allocated, but it you have users working but not groups , at least winbind allocation is generally working. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Bob Miller Sent: Monday, January 03, 2011 5:13 PM To: samba@lists.samba.org Subject: [Samba] winbind and group permissions Hello, I have spent the last week and a bit searching google and reading documentation trying to get this figured. At this point, I have read the same things so many times, I am not even sure I would notice the answer any more time to ask for some help. Having gone through what seems like hundreds of posts, I have begun to see where the problem gets lost in the information provided when posts are really large. To this end, I will try to keep this as short as possible by not posting all my configs and logs (though I can certainly make all of that available). It takes considerable time to go through everything and I don't expect anyone to do that, so I am not looking for someone to review every config file and log entry, but I am hoping someone can say what they have done to troubleshoot similar situations. The situation: I have a network of ~50 XP machines all authenticating to a Samba PDC. This has been working without flaw for the last two years. There are three shares; a public one that all users have access too, individual shares for each user that can only be accessed by the user, and a departmental share that contains folders that are governed by group ownerships. The PDC runs debian, and has samba 3.5.6 installed, and the XP workstations all seem to be working as expected. I am not using ldap. The goal: More computers are required, so we have been going through the retired computers and pulling out a number of them that are suitable for running ubuntu. We need these ubuntu machines to authenticate against the PDC, and the shares should be mounted automatically on login. The added challenge: Since the office where the LAN exists is closed over the holiday break and there are no existing ubuntu workstations on that LAN, I am forced to get the test ubuntu workstation to work over a vpn. This is soon a requirement anyway, but for the time being, I cannot remove the vpn from the mix. I do have ssh access to the Samba PDC, and can vnc to windows workstations inside the network. Given that the vast majority of everything seems to be working, I am doubtful the vpn is the problem, however it must be mentioned in the name of giving a complete picture... The path I have followed: Documentation has me understanding that in order to authenticate across different subnets or as a DMS or DMC, winbind is the answer. I have configured winbind as per the online Samba 3 documentation. There are also a prolific number of tutorials on the web that I have consulted, though most of them seem to be geared towards having an MS ADS instead of a Samba PDC. On the PDC, I have modified the nsswitch.conf file to have passwd and group use compat winbind (tried file winbind too, same effect). I have also configured in there the hosts entry to use wins. On the ubuntu workstation, I have done the same with the nsswitch.conf file, and I have modified the pam.d/comm
[Samba] winbind and group permissions
Hello, I have spent the last week and a bit searching google and reading documentation trying to get this figured. At this point, I have read the same things so many times, I am not even sure I would notice the answer any more time to ask for some help. Having gone through what seems like hundreds of posts, I have begun to see where the problem gets lost in the information provided when posts are really large. To this end, I will try to keep this as short as possible by not posting all my configs and logs (though I can certainly make all of that available). It takes considerable time to go through everything and I don't expect anyone to do that, so I am not looking for someone to review every config file and log entry, but I am hoping someone can say what they have done to troubleshoot similar situations. The situation: I have a network of ~50 XP machines all authenticating to a Samba PDC. This has been working without flaw for the last two years. There are three shares; a public one that all users have access too, individual shares for each user that can only be accessed by the user, and a departmental share that contains folders that are governed by group ownerships. The PDC runs debian, and has samba 3.5.6 installed, and the XP workstations all seem to be working as expected. I am not using ldap. The goal: More computers are required, so we have been going through the retired computers and pulling out a number of them that are suitable for running ubuntu. We need these ubuntu machines to authenticate against the PDC, and the shares should be mounted automatically on login. The added challenge: Since the office where the LAN exists is closed over the holiday break and there are no existing ubuntu workstations on that LAN, I am forced to get the test ubuntu workstation to work over a vpn. This is soon a requirement anyway, but for the time being, I cannot remove the vpn from the mix. I do have ssh access to the Samba PDC, and can vnc to windows workstations inside the network. Given that the vast majority of everything seems to be working, I am doubtful the vpn is the problem, however it must be mentioned in the name of giving a complete picture... The path I have followed: Documentation has me understanding that in order to authenticate across different subnets or as a DMS or DMC, winbind is the answer. I have configured winbind as per the online Samba 3 documentation. There are also a prolific number of tutorials on the web that I have consulted, though most of them seem to be geared towards having an MS ADS instead of a Samba PDC. On the PDC, I have modified the nsswitch.conf file to have passwd and group use compat winbind (tried file winbind too, same effect). I have also configured in there the hosts entry to use wins. On the ubuntu workstation, I have done the same with the nsswitch.conf file, and I have modified the pam.d/common-auth and pam.d/common-account files to use winbind. I have installed pam_mount for the auto-mounting part and modified the pam.d files accordingly. What works and what doesn't: On the ubuntu workstation, I can log into gdm using my domain credentials. pam_mount successfully mounts the shares as expected. However, when I try to access the folders in the departmental share that are governed by group permissions, I am denied access. At this point, I do not log out of gdm on the workstation reliably either, but that is not the problem I am working on at the moment. On the workstation and PDC, it seems I can successfully use all wbinfo commands except -g (ie, wbinfo -t, -a, -G, -Y, -S, -s, -n, etc all work as expected). my troubleshooting so far: On the ubuntu workstation, I can issue wbinfo -u and I get expected results like DOM\user.name, and I get as many as I expect to get. However, wbinfo -g returns nothing, no error and no groups. getent passwd returns contents of the local password folder and the list of DOM \user.names as expected. getent group returns only the contents of /etc/group. When I su to my domain user, it tells me it cannot get the names of my groups, yet I can use wbinfo to retrieve this information: r...@test1:~# su - DOM\\bob.miller reenter password for pam_mount: groups: cannot find name for group ID 15004 groups: cannot find name for group ID 15005 groups: cannot find name for group ID 15006 dom\bob.mil...@test1:~$ i=$(wbinfo -G 15004); wbinfo -s $i DOM\accpac 4 dom\bob.mil...@test1:~$ i=$(wbinfo -G 15005); wbinfo -s $i DOM\public 4 dom\bob.mil...@test1:~$ i=$(wbinfo -G 15006); wbinfo -s $i DOM\it 4 Permissions on the workstation are like so: dom\bob.mil...@test1:~/Departments$ ls -al d---rws--- 14 DOM\bob.miller DOM\none0 2010-12-29 13:22 Finance d---rws--- 9 DOM\bob.miller DOM\none0 2010-12-14 15:24 IT and permissions on the server are like so: d---rws--- 14 root accpac 4096 2010-12-29 13:22 Finance d---rws--- 9 root it 4096 2010-12-14 15:24 IT On the PDC, wbinfo -u returns only the conte
Re: [Samba] Remote connection to Samba service doesn't work
No, it's not. And as I've said I'm already using Samba shares from a two different servers on my Windows 7. I've already tried to change Windows settings via local policies and registry. No effect. Windows says it can't find the specified network name, smbclient on cygwin can't even open a connection. Just like there's a magical firewall blocking just the samba. There is no single log with my ip in it. Is there any simple way to test the connection itself? By telnet or sending just one packet, perhaps? You can try the host yourself, it's "revik.one.pl", ip 88.198.15.203. OK prism# nbtscan -v 88.198.15.203 Doing NBT name scan for addresses from 88.198.15.203 NetBIOS Name Table for Host 88.198.15.203: Incomplete packet, 227 bytes long. Name Service Type REVIK<00> UNIQUE REVIK<03> UNIQUE REVIK<20> UNIQUE __MSBROWSE__ <01> GROUP WORKGROUP<1d> UNIQUE WORKGROUP<1e> GROUP WORKGROUP<00> GROUP Adapter address: 00-00-00-00-00-00 I would probably lock that down if I were you. Samba is currently up and running. Even a successful connection try would tell something. On Mon, Jan 3, 2011 at 10:01 AM, Daniel Müller wrote: Windows XP should work on the fly! Isn't it??? For Windows 7 you got to hack the registry. All entries HKLM. You find the enties: google Windows 7 samba On Fri, 31 Dec 2010 14:03:05 +0100, Mateusz Szymaniec wrote: Hi. I've got a nasty problem with Samba. Basically, I can't connect to my Samba service from a home laptop (running Windows 7). I guess that on this side everything is fine, I'm using my corporate Samba shares via VPN, I've been using Samba on my previous server and it was running OK. I've asked my buddy living nearby to connect and it didn't work for him, as well as for 15 other people across living my country. The weirdest thing is, that there are actually people that are able to connect. They were using both Windows XP and 7 and I can't really tell why. I see their connections in logs, but I can't really tell a difference between my and theirs setup. I've tried to use default Debian Etch 2.x Samba, 3.x backports version, compiled 3.x from sources, even reinstalled operating system on the server. I've used default config, copied one from my previous server, wrote it from stretch server times. Every single time it was possible to connect locally (smbclient -L localhost). On the client side, I've tried using default Windows 7 (and XP) smb/cifs implementation and cygwin's smbclient. My server ISP tells that they don't block anything and it's the first time someone has reported problem like this. My iptables are clean at the moment. Currently I'm using v. 3.2.5 with default config with one share and added user by smbpasswd. revik:~# smbclient localhost\\test Enter root's password: Domain=[REVIK] OS=[Unix] Server=[Samba 3.2.5] smb: \> ls . D0 Fri Dec 31 13:57:25 2010 .. D0 Fri Dec 31 13:57:16 2010 testfile 0 Fri Dec 31 13:57:25 2010 35201 blocks of size 8388608. 33290 blocks available I don't really can think of any single idea how to make it work or where the problem actually lies. I'd appreciate any help, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Remote connection to Samba service doesn't work
you try to connect vi internet?? and your local net? Can you work with your shares?? Is in your "hosts allow=" the subnet of your vpn?? I am doing remote domain login with openvpn without any errors. Your host can be pinged ping 88.198.15.203 Ping wird ausgeführt für 88.198.15.203 mit 32 Bytes Daten: Antwort von 88.198.15.203: Bytes=32 Zeit=17ms TTL=55 No telnet: telnet 88.198.15.203 Verbindungsaufbau zu 88.198.15.203...Es konnte keine Verbindung mit dem Host her gestellt werden, auf Port 23: Verbinden fehlgeschlagen Putty,ssh: OK. You can login from remote to your Host! I think with (ex mine ) the hosts allow = 127.0.0.1 192.168.129.0/24 192.168.133.0/24 192.168.134.0/24 192. 168.132.0/24 192.168.135.0/24 10.0.11.0/24 where 10.0.11.0.0/24 is my vpn range Fix the host allow to your vpn range. Good Luck Daniel On Mon, 3 Jan 2011 10:51:58 +0100, Mateusz Szymaniec wrote: > No, it's not. > And as I've said I'm already using Samba shares from a two different > servers on my Windows 7. I've already tried to change Windows settings > via local policies and registry. No effect. Windows says it can't find > the specified network name, smbclient on cygwin can't even open a > connection. Just like there's a magical firewall blocking just the > samba. There is no single log with my ip in it. > Is there any simple way to test the connection itself? By telnet or > sending just one packet, perhaps? > You can try the host yourself, it's "revik.one.pl", ip 88.198.15.203. > Samba is currently up and running. Even a successful connection try > would tell something. > > On Mon, Jan 3, 2011 at 10:01 AM, Daniel Müller > wrote: >> >> Windows XP should work on the fly! Isn't it??? >> For Windows 7 you got to hack the registry. All entries HKLM. >> You find the enties: google Windows 7 samba >> >> >> >> >> On Fri, 31 Dec 2010 14:03:05 +0100, Mateusz Szymaniec >> >> wrote: >>> Hi. >>> I've got a nasty problem with Samba. Basically, I can't connect to my >>> Samba service from a home laptop (running Windows 7). I guess that on >>> this side everything is fine, I'm using my corporate Samba shares via >>> VPN, I've been using Samba on my previous server and it was running >>> OK. I've asked my buddy living nearby to connect and it didn't work >>> for him, as well as for 15 other people across living my country. The >>> weirdest thing is, that there are actually people that are able to >>> connect. They were using both Windows XP and 7 and I can't really tell >>> why. I see their connections in logs, but I can't really tell a >>> difference between my and theirs setup. >>> I've tried to use default Debian Etch 2.x Samba, 3.x backports >>> version, compiled 3.x from sources, even reinstalled operating system >>> on the server. I've used default config, copied one from my previous >>> server, wrote it from stretch server times. Every single time it was >>> possible to connect locally (smbclient -L localhost). On the client >>> side, I've tried using default Windows 7 (and XP) smb/cifs >>> implementation and cygwin's smbclient. >>> My server ISP tells that they don't block anything and it's the first >>> time someone has reported problem like this. My iptables are clean at >>> the moment. >>> Currently I'm using v. 3.2.5 with default config with one share and >>> added user by smbpasswd. >>> >>> revik:~# smbclient localhost\\test >>> Enter root's password: >>> Domain=[REVIK] OS=[Unix] Server=[Samba 3.2.5] >>> smb: \> ls >>> . D 0 Fri Dec 31 13:57:25 >> 2010 >>> .. D 0 Fri Dec 31 13:57:16 >> 2010 >>> testfile 0 Fri Dec 31 13:57:25 >> 2010 >>> >>> 35201 blocks of size 8388608. 33290 blocks available >>> I don't really can think of any single idea how to make it work or >>> where the problem actually lies. >>> I'd appreciate any help, thanks. >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] error adding a user
On Mon, Jan 03, 2011 at 09:54:39AM +0100, Daniel Müller wrote: > First of all which kind of Windows are you using. Usermgr with XP is ok > with Windows Vista/7 no chance. ok I'm using XP... > To use usrmgr under xp and 2000 you must fit your ldap.conf and your > smb.conf and youse smbldap-tools or similar: > in your smb.conf there should be something like: > add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy > "%u" if I use: add user script = smbldap-useradd -a -m "%u" it gives me the error reported above. If I use: add user script = smbldap-useradd -m "%u" it works. It seems that Samba creates the samba specific objects to the ldap server directly. If I am no wrong, the option -a to smbldap-useradd should be used only if the script is called from outside samba (as in a user populating script, for example...) Am I write or am I wrong? I understand that these basic concepts are important. I can't do forward without before clarifying this ... :-( > > to fit the right params for your linux OS you have to try. > > > or ldap.conf, ex : > basedc=your,dc=domain > nss_base_passwd ou=Users,dc=your,dc=domain?sub > nss_base_passwd ou=Computers,dc=your,dc=domain?sub > nss_base_shadow ou=Users,dc=your,dc=domain?sub > nss_base_group ou=Groups,dc=yourc,dc=domain?one > > In your slapd.conf , ex: > access to attrs=sambaLMPassword > by self write > by anonymous auth > by dn="cn=admin,dc=your,dc=domain" write > by * none > > access to attrs=sambaNTPassword > by self write > by anonymous auth > by dn="cn=admin,dc=your,dc=domain" write > by * none > > access to attrs=sambaPwdLastSet,sambaPwdMustChange > by self write > by anonymous auth > by dn="cn=admin,dc=your,dc=domain" write > by * none > My slapd.conf is this, for what I understand, it could be right... access to attrs=userPassword,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=lsgalilei,dc=org" write by anonymous auth by self write by * none Ok Next problem: User deleting through usermanager is not able to delete the home directory. Maybe it is this fault: ldap delete dn = yes if Samba delete the ldap object the smbldap-userdel script have no chance to delete an already deleted user... setting ldap delete dn = no seems to cure. Again: am I right or am I totally wrong? Next problem: I can't browse the groups during user creation step in the usermanager or, after creating the user, browse its groups... It seems (looking into samba logs) that it insists to search a group "Users" instead of "Domain Users"... mmm where could it be wrong? Ldap or Samba ... tomorrow I will investigate more deeply... Thank you _very much_ for your help and support. Very often happens to me that just the action of trying to expose a problem to someonelse help me a lot clarifying myself... -- Marco Ciampa ++ | Linux User #78271 | | FSFE fellow #364 | ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly[Closed]
Nope - didn't fix it. Same error. But an excellent suggestion though, thanks. Bob -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Hodges,Robert CTR USAF AFMC 520 SMXS/MXDEC Sent: Monday, January 03, 2011 8:39 AM To: Chris Smith Cc: samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly[Closed] Could be. I'm trying it now just out of curiosity. Who knows, maybe we'll get lucky and this will be a fix. :-) -Original Message- From: Chris Smith [mailto:smb...@chrissmith.org] Sent: Monday, January 03, 2011 8:25 AM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed] On Mon, Jan 3, 2011 at 10:17 AM, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: > A key item I have to keep remembering is that all of this works great in > Windows 2000. It's only XP that's having the problem. Don't know if I would put so much weight on that - a difference, yes, but not a key item. XP may just be more finicky when it comes to things like proper naming conventions. I haven't run a Samba-2.x installation in years but I have at one time or another had Samba working successfully with everything from the workgroup add-on for MS-DOS to Windows 7. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed]
Could be. I'm trying it now just out of curiosity. Who knows, maybe we'll get lucky and this will be a fix. :-) -Original Message- From: Chris Smith [mailto:smb...@chrissmith.org] Sent: Monday, January 03, 2011 8:25 AM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed] On Mon, Jan 3, 2011 at 10:17 AM, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: > A key item I have to keep remembering is that all of this works great in > Windows 2000. It's only XP that's having the problem. Don't know if I would put so much weight on that - a difference, yes, but not a key item. XP may just be more finicky when it comes to things like proper naming conventions. I haven't run a Samba-2.x installation in years but I have at one time or another had Samba working successfully with everything from the workgroup add-on for MS-DOS to Windows 7. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed]
On Mon, Jan 3, 2011 at 10:17 AM, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: > A key item I have to keep remembering is that all of this works great in > Windows 2000. It's only XP that's having the problem. Don't know if I would put so much weight on that - a difference, yes, but not a key item. XP may just be more finicky when it comes to things like proper naming conventions. I haven't run a Samba-2.x installation in years but I have at one time or another had Samba working successfully with everything from the workgroup add-on for MS-DOS to Windows 7. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Pdbedit problem
On Fri, Dec 31, 2010 at 10:38 AM, Michel, Loubert wrote: > I am not using ldap however. Is that the reason why it is not working. Are you using: passdb backend = tdbsam ? With: passdb backend = smbpasswd you will find some limitations. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed]
No, I didn't. Nor can I because of the impact it would have on a number of different issues that are unchangeable/written in stone. A key item I have to keep remembering is that all of this works great in Windows 2000. It's only XP that's having the problem. Bob -Original Message- From: Chris Smith [mailto:smb...@chrissmith.org] Sent: Monday, January 03, 2011 8:13 AM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: Jeremy Allison; samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed] On Mon, Jan 3, 2011 at 8:36 AM, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: > Workgroup only, no domain > Solaris with Samba loaded, a few shares, enabled as WINS server, > configured as Master Browser Did you ever correct the underscore in the hostname issue and then test? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed]
On Mon, Jan 3, 2011 at 8:36 AM, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: > Workgroup only, no domain > Solaris with Samba loaded, a few shares, enabled as WINS server, > configured as Master Browser Did you ever correct the underscore in the hostname issue and then test? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning -When adding a computer to the domain
Thank you, I'll give it a read and do some more research on it.. To be honest my predecessor set up Samba before I got here (6-7 years ago), so that's what I was left with (BLAH.COM), and not knowing any better, have used it ever since. Just FYI, my Domain name (workgroup in smb.conf) is BLAH.COM ... the netbios name of the actual samba server is HAPPINESS On Mon, Jan 3, 2011 at 9:32 AM, wrote: > > > > On Monday 03/01/2011 at 4:58 am, Chris Beach wrote: > > I wanted to send this out a 2nd (and last) time.. I got suggestions not to > use BLAH.COM and to use BLAH instead for my domain name, however I don't > think that's causing my problem as it's been this way for 6 years? > > Then you have done no research regarding NetBIOS names. > > NetBIOS > Restictions > Characters > Unicode characters, numbers, white space, symbols: ! @ # $ % ^ & ' ) ( . - > _ { } ~ > > See chart top of page: > > http://technet.microsoft.com/en-us/library/cc959336.aspx > > Machine trusts MUST be able to resolve NetBIOS names. The preferred method > is via WINS. Misconfigured NetBIOS names will make this, shall we say, > difficult. > > Any way I > still can't add machines to my domain and am fairly panicked (this is > production, 140~ users). > > Any other suggestions? > > Thank you. > > On Thu, Dec 30, 2010 at 1:35 PM, Chris Beach wrote: > > Hi all, > > I just setup a Samba 3.3.14, with an ldap back-end. > > I migrated the ldap back end and samba shares from my old samba server. > I've found when adding a machine (WinXP) to the domain, I get the following > error on XP: > > The following error occurred attempting to join the domain "Blah.com": > A device attached to the system is not functioning. > > in my /var/log/messages I have: > > Dec 30 09:40:24 hap smbd[29379]: [2010/12/30 09:40:24, 0] > passdb/pdb_get_set.cdb_get_group_sid(210) > Dec 30 09:40:24 hap smbd[29379]: pdb_get_group_sid: Failed to find Unix > account for OAKRND02$ > > repeated about 6 times. > > My smb.conf looks like this for the scripts to run: > > * add machine script = /usr/sbin/smbldap-useradd -w "%u" > add user script = /usr/sbin/smbldap-useradd -m -a "%u" > delete user script = /usr/sbin/smbldap-userdel -r "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > > ldap passwd sync = yes > passwd program = /usr/sbin/smbldap-passwd %u > passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new > password*" %n\n"* > > When I do an LDAP search, I see there is an entry in LDAP for it the > machine, so some of the add machine script must have worked: > > ldapsearch -b "dc=mydomain,dc=com" -x "(uid=oakrnd01$)" > > # OAKRND01$, Computers, mydomain, com > dn: uid=OAKRND01$,ou=Computers,dc=pintys,dc=com > uid: OAKRND01$ > sambaSID: S-1-5-21-3318375643-2463009161-75282-41448 > sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-75282-515 > sambaAcctFlags: [W ] > objectClass: sambaSamAccount > objectClass: account > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > sambaPwdCanChange: 1291378566 > sambaPwdMustChange: 1299154566 > sambaNTPassword: EED67D5B90ED8B5C2C168FB90DC4D313 > sambaPwdLastSet: 1291378566 > > Also, I get results in pdbedit: > > [r...@happiness ~]# pdbedit -v oakrnd01$ > Unix username: OAKRND01$ > NT username: OAKRND01$ > Account Flags: [W ] > User SID: S-1-5-21-3318375643-2463009161-75282-41448 > *pdb_get_group_sid: Failed to find Unix account for OAKRND01$* > *Primary Group SID: (NULL SID)* > Full Name: > Home Directory: > HomeDir Drive: > Logon Script: logon.exe > Profile Path: > Domain: MYDOMAIN.COM > Account desc: > Workstations: > Munged dial: > Logon time: 0 > Logoff time: never > Kickoff time: never > Password last set: Fri, 03 Dec 2010 06:16:06 CST > Password can change: Fri, 03 Dec 2010 06:16:06 CST > Password must change: Thu, 03 Mar 2011 06:16:06 CST > Last bad password : 0 > Bad password count : 0 > Logon hours : FF > > Also: > > /usr/sbin/smbldap-useradd -w OAKRND02 > failed to add entry: Unexpected EOF at /usr/sbin//smbldap_tools.pm line > 616. > > And then my slapd dies out (crashes)... this same behaviour happens when > trying to use USRMGR.exe to add a new user (but doing it manually via > smbldap DOES work for adding a new user). > > What's most annoying is I tested joining a Windows 7 machine to the domain > before I went live with this server, and it was successful, so I've no clue > why this isn't working now > > Any help I can get it REALLY APPRECIATED, right now I've got a PC I can't > get on the domain, so a user how can't work. > > > > > -- > Chris Beach > IT Analyst > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http
Re: [Samba] A device attached to the system is not functioning -When adding a computer to the domain
On Monday 03/01/2011 at 4:58 am, Chris Beach wrote: I wanted to send this out a 2nd (and last) time.. I got suggestions not to use BLAH.COM and to use BLAH instead for my domain name, however I don't think that's causing my problem as it's been this way for 6 years? Then you have done no research regarding NetBIOS names. NetBIOS Restictions Characters Unicode characters, numbers, white space, symbols: ! @ # $ % ^ & ' ) ( . - _ { } ~ See chart top of page: http://technet.microsoft.com/en-us/library/cc959336.aspx Machine trusts MUST be able to resolve NetBIOS names. The preferred method is via WINS. Misconfigured NetBIOS names will make this, shall we say, difficult. Any way I still can't add machines to my domain and am fairly panicked (this is production, 140~ users). Any other suggestions? Thank you. On Thu, Dec 30, 2010 at 1:35 PM, Chris Beach wrote: Hi all, I just setup a Samba 3.3.14, with an ldap back-end. I migrated the ldap back end and samba shares from my old samba server. I've found when adding a machine (WinXP) to the domain, I get the following error on XP: The following error occurred attempting to join the domain "Blah.com": A device attached to the system is not functioning. in my /var/log/messages I have: Dec 30 09:40:24 hap smbd[29379]: [2010/12/30 09:40:24, 0] passdb/pdb_get_set.cdb_get_group_sid(210) Dec 30 09:40:24 hap smbd[29379]: pdb_get_group_sid: Failed to find Unix account for OAKRND02$ repeated about 6 times. My smb.conf looks like this for the scripts to run: * add machine script = /usr/sbin/smbldap-useradd -w "%u" add user script = /usr/sbin/smbldap-useradd -m -a "%u" delete user script = /usr/sbin/smbldap-userdel -r "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" ldap passwd sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"* When I do an LDAP search, I see there is an entry in LDAP for it the machine, so some of the add machine script must have worked: ldapsearch -b "dc=mydomain,dc=com" -x "(uid=oakrnd01$)" # OAKRND01$, Computers, mydomain, com dn: uid=OAKRND01$,ou=Computers,dc=pintys,dc=com uid: OAKRND01$ sambaSID: S-1-5-21-3318375643-2463009161-75282-41448 sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-75282-515 sambaAcctFlags: [W ] objectClass: sambaSamAccount objectClass: account objectClass: top objectClass: inetOrgPerson objectClass: posixAccount sambaPwdCanChange: 1291378566 sambaPwdMustChange: 1299154566 sambaNTPassword: EED67D5B90ED8B5C2C168FB90DC4D313 sambaPwdLastSet: 1291378566 Also, I get results in pdbedit: [r...@happiness ~]# pdbedit -v oakrnd01$ Unix username:OAKRND01$ NT username: OAKRND01$ Account Flags:[W ] User SID: S-1-5-21-3318375643-2463009161-75282-41448 *pdb_get_group_sid: Failed to find Unix account for OAKRND01$* *Primary Group SID:(NULL SID)* Full Name: Home Directory: HomeDir Drive: Logon Script: logon.exe Profile Path: Domain: MYDOMAIN.COM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fri, 03 Dec 2010 06:16:06 CST Password can change: Fri, 03 Dec 2010 06:16:06 CST Password must change: Thu, 03 Mar 2011 06:16:06 CST Last bad password : 0 Bad password count : 0 Logon hours : FF Also: /usr/sbin/smbldap-useradd -w OAKRND02 failed to add entry: Unexpected EOF at /usr/sbin//smbldap_tools.pm line 616. And then my slapd dies out (crashes)... this same behaviour happens when trying to use USRMGR.exe to add a new user (but doing it manually via smbldap DOES work for adding a new user). What's most annoying is I tested joining a Windows 7 machine to the domain before I went live with this server, and it was successful, so I've no clue why this isn't working now Any help I can get it REALLY APPRECIATED, right now I've got a PC I can't get on the domain, so a user how can't work. -- Chris Beach IT Analyst -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed]
You bet. http://search.yahoo.com/search;_ylt=AsEw2kKriectewf3wTL9r42bvZx4?p=Windows+XP+%2B+Samba+%2B+%22The+specified+network+name+is+no+longer+available%22&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-312 Bob -Original Message- From: Ryan Novosielski [mailto:novos...@umdnj.edu] Sent: Monday, January 03, 2011 7:28 AM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC; Jeremy Allison Cc: samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed] Might you be able to provide a couple of links to other places you've seen this on the internet (or sample search terms)? Perhaps one has some of the information that could be used to look into the problem further, or something that could be used to triangulate the problem. Would be neat to get it nailed down one way or another. -- Sent from my Palm Pre On Jan 3, 2011 8:36, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: Jeremy, All, I truly appreciate your willingness to help me work on this further. Unfortunately, we have simply run out of time. To make matters worse, I cannot provide traces, logs, etc because this is a classified government system that cannot be exposed in any way, which means rather difficult and sometimes problematic troubleshooting limitations that may keep this problem from being solved. However, this error is found all over the internet and rarely do you ever see a fix for it. When I have seen one, it's not a fix that works for me. To make matters worse, Microsoft stamped a "Microsoft has confirmed this to be a problem with the products specified" on WinXP and Samba. Microsoft has no fix, they have tried many times before, and as it now stands, appears to be disinterested in providing a hot fix due to the remaining shelf life of XP. Any support you get form Microsoft on this particular issue is what they call a "best effort", and do not guarantee a fix like they do with their own products. For anyone that wants to play around with this, here's the config: All static IPs Workgroup only, no domain Solaris with Samba loaded, a few shares, enabled as WINS server, configured as Master Browser No DNS server XP has WINS setting pointing at Samba box, hosts file used instead of DNS, lmjosts file NTO in use because of WINS on Samba, XP's Computer Browser service disabled to force XP to see Samba box as master browser (otherwise will elect itself as master browser and totally ignore Samba) Behavior: WinXP can map to any resource on Samba with zero problems - it is not a permissions issue. Attempting to browse to a Samba resource, however, produces "The specified network name is no longer available" in XP. If Computer Browser service enabled on XP, XP may or may not be able to browse to Samba box (this is entirely unstable, because within 15 minutes, if XP has elected itself as master browser, XP will eventually time out and lose the server list, and "Specified network no longer available" error returns). Never, is WinXP able to retrieve the browse list from Samba. Microsoft claims that this is because the network configuration is too simplified and because real WINS and DNS servers are not in use. All we're trying to do is get one stinkin' XP workstation to talk to one stinkin' Samba box in a simple workgroup. That's it. So far, it's got everyone that looks at this problem absolutely baffled as to how this could not work. Those who have looked at it and given up: Microsoft US Air Force US Marine Corps Various private military contractors Samba email list group (best support so far, but still no dice) Again, thanks to all who have tried figuring this out. I know I haven't given you much to work with, so don't feel bad. It's just that I have simply run out of time to get this resolved. Bob -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Thursday, December 30, 2010 3:04 PM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: samba Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed] On Thu, Dec 30, 2010 at 12:29:53PM -0700, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: > Well, here's what's happening. > > Microsoft Tech Support confirms that this is a problem with Windows XP. > There is no fix, and I don't expect one coming considering XP's end of > life in 2012. All Microsoft has are workarounds. Don't throw in the towel just yet. I've never seen a WindowsXP box that won't work with Samba, we just need more info. > Microsoft's recommendations are to add more servers to the mix (DNS, > WINS, etc) and if that doesn't work, then one of their several > "workarounds" is to dump the use of Samba altogether. None of the > proposed workarounds work for us, we're locked into a specific > configuration. > > So both Microsoft and my shop are throwing in the towel on this one and > we're resorting to simply mapping to all
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed]
Might you be able to provide a couple of links to other places you've seen this on the internet (or sample search terms)? Perhaps one has some of the information that could be used to look into the problem further, or something that could be used to triangulate the problem. Would be neat to get it nailed down one way or another. -- Sent from my Palm Pre On Jan 3, 2011 8:36, Hodges,Robert CTR USAF AFMC 520 SMXS/MXDECwrote: Jeremy, All, I truly appreciate your willingness to help me work on this further. Unfortunately, we have simply run out of time. To make matters worse, I cannot provide traces, logs, etc because this is a classified government system that cannot be exposed in any way, which means rather difficult and sometimes problematic troubleshooting limitations that may keep this problem from being solved. However, this error is found all over the internet and rarely do you ever see a fix for it. When I have seen one, it's not a fix that works for me. To make matters worse, Microsoft stamped a "Microsoft has confirmed this to be a problem with the products specified" on WinXP and Samba. Microsoft has no fix, they have tried many times before, and as it now stands, appears to be disinterested in providing a hot fix due to the remaining shelf life of XP. Any support you get form Microsoft on this particular issue is what they call a "best effort", and do not guarantee a fix like they do with their own products. For anyone that wants to play around with this, here's the config: All static IPs Workgroup only, no domain Solaris with Samba loaded, a few shares, enabled as WINS server, configured as Master Browser No DNS server XP has WINS setting pointing at Samba box, hosts file used instead of DNS, lmjosts file NTO in use because of WINS on Samba, XP's Computer Browser service disabled to force XP to see Samba box as master browser (otherwise will elect itself as master browser and totally ignore Samba) Behavior: WinXP can map to any resource on Samba with zero problems - it is not a permissions issue. Attempting to browse to a Samba resource, however, produces "The specified network name is no longer available" in XP. If Computer Browser service enabled on XP, XP may or may not be able to browse to Samba box (this is entirely unstable, because within 15 minutes, if XP has elected itself as master browser, XP will eventually time out and lose the server list, and "Specified network no longer available" error returns). Never, is WinXP able to retrieve the browse list from Samba. Microsoft claims that this is because the network configuration is too simplified and because real WINS and DNS servers are not in use. All we're trying to do is get one stinkin' XP workstation to talk to one stinkin' Samba box in a simple workgroup. That's it. So far, it's got everyone that looks at this problem absolutely baffled as to how this could not work. Those who have looked at it and given up: Microsoft US Air Force US Marine Corps Various private military contractors Samba email list group (best support so far, but still no dice) Again, thanks to all who have tried figuring this out. I know I haven't given you much to work with, so don't feel bad. It's just that I have simply run out of time to get this resolved. Bob -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Thursday, December 30, 2010 3:04 PM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: samba Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed] On Thu, Dec 30, 2010 at 12:29:53PM -0700, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: > Well, here's what's happening. > > Microsoft Tech Support confirms that this is a problem with Windows XP. > There is no fix, and I don't expect one coming considering XP's end of > life in 2012. All Microsoft has are workarounds. Don't throw in the towel just yet. I've never seen a WindowsXP box that won't work with Samba, we just need more info. > Microsoft's recommendations are to add more servers to the mix (DNS, > WINS, etc) and if that doesn't work, then one of their several > "workarounds" is to dump the use of Samba altogether. None of the > proposed workarounds work for us, we're locked into a specific > configuration. > > So both Microsoft and my shop are throwing in the towel on this one and > we're resorting to simply mapping to all the shares instead of having > users browse to them. Sounds simple, but this represents a huge config > and documentation change on many levels for us, a lot bigger than anyone > could know. A very frustrating and expensive workaround if you knew the > scope. Don't do this yet. I haven't seen any debug logs from you, or a network trace. Changing your config without proper investigation is completely premature IMHO. > This decision to pull the
Re: [Samba] A device attached to the system is not functioning - When adding a computer to the domain
Turns out it is only the one machine having this problem, I've just tried joining a Windows 7 and Windows XP client to the domain and it's worked without problems, so whatever is causing this error is local to one machine (thank god). Thanks to those who replied! On Mon, Jan 3, 2011 at 8:13 AM, Volker Lendecke wrote: > On Mon, Jan 03, 2011 at 07:57:35AM -0500, Chris Beach wrote: > > I wanted to send this out a 2nd (and last) time.. I got suggestions not > to > > use BLAH.COM and to use BLAH instead for my domain name, however I don't > > think that's causing my problem as it's been this way for 6 years? Any > way I > > still can't add machines to my domain and am fairly panicked (this is > > production, 140~ users). > > > > Any other suggestions? > > If you're 100% sure that you don't have nscd running, this > might be a case sensivity bug. I think we fixed that some > time ago. We used to not try the case-insensitive search in > all cases. Please try 3.5.6. > > With best regards, > > Volker Lendecke > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-37-0, fax: +49-551-37-9 > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen > -- Chris Beach IT Analyst -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed]
Jeremy, All, I truly appreciate your willingness to help me work on this further. Unfortunately, we have simply run out of time. To make matters worse, I cannot provide traces, logs, etc because this is a classified government system that cannot be exposed in any way, which means rather difficult and sometimes problematic troubleshooting limitations that may keep this problem from being solved. However, this error is found all over the internet and rarely do you ever see a fix for it. When I have seen one, it's not a fix that works for me. To make matters worse, Microsoft stamped a "Microsoft has confirmed this to be a problem with the products specified" on WinXP and Samba. Microsoft has no fix, they have tried many times before, and as it now stands, appears to be disinterested in providing a hot fix due to the remaining shelf life of XP. Any support you get form Microsoft on this particular issue is what they call a "best effort", and do not guarantee a fix like they do with their own products. For anyone that wants to play around with this, here's the config: All static IPs Workgroup only, no domain Solaris with Samba loaded, a few shares, enabled as WINS server, configured as Master Browser No DNS server XP has WINS setting pointing at Samba box, hosts file used instead of DNS, lmjosts file NTO in use because of WINS on Samba, XP's Computer Browser service disabled to force XP to see Samba box as master browser (otherwise will elect itself as master browser and totally ignore Samba) Behavior: WinXP can map to any resource on Samba with zero problems - it is not a permissions issue. Attempting to browse to a Samba resource, however, produces "The specified network name is no longer available" in XP. If Computer Browser service enabled on XP, XP may or may not be able to browse to Samba box (this is entirely unstable, because within 15 minutes, if XP has elected itself as master browser, XP will eventually time out and lose the server list, and "Specified network no longer available" error returns). Never, is WinXP able to retrieve the browse list from Samba. Microsoft claims that this is because the network configuration is too simplified and because real WINS and DNS servers are not in use. All we're trying to do is get one stinkin' XP workstation to talk to one stinkin' Samba box in a simple workgroup. That's it. So far, it's got everyone that looks at this problem absolutely baffled as to how this could not work. Those who have looked at it and given up: Microsoft US Air Force US Marine Corps Various private military contractors Samba email list group (best support so far, but still no dice) Again, thanks to all who have tried figuring this out. I know I haven't given you much to work with, so don't feel bad. It's just that I have simply run out of time to get this resolved. Bob -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Thursday, December 30, 2010 3:04 PM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: samba Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly [Closed] On Thu, Dec 30, 2010 at 12:29:53PM -0700, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: > Well, here's what's happening. > > Microsoft Tech Support confirms that this is a problem with Windows XP. > There is no fix, and I don't expect one coming considering XP's end of > life in 2012. All Microsoft has are workarounds. Don't throw in the towel just yet. I've never seen a WindowsXP box that won't work with Samba, we just need more info. > Microsoft's recommendations are to add more servers to the mix (DNS, > WINS, etc) and if that doesn't work, then one of their several > "workarounds" is to dump the use of Samba altogether. None of the > proposed workarounds work for us, we're locked into a specific > configuration. > > So both Microsoft and my shop are throwing in the towel on this one and > we're resorting to simply mapping to all the shares instead of having > users browse to them. Sounds simple, but this represents a huge config > and documentation change on many levels for us, a lot bigger than anyone > could know. A very frustrating and expensive workaround if you knew the > scope. Don't do this yet. I haven't seen any debug logs from you, or a network trace. Changing your config without proper investigation is completely premature IMHO. > This decision to pull the plug was made after I came across an online > forum where someone had this very same issue, worked with Microsoft Tech > Support for 7 months(!), and it never got resolved. We have been networking Windowx XP boxes to Samba for longer than anyone still working in Microsoft Tech support, trust me on that :-). So I'd still like to fix this properly. > So, it sucks to be me. Please get the network trace and debug level 10 log of the Windows XP box trying to connect to Samba, this should give us the information we need to fix it. Jeremy. -- To unsubscribe from this l
Re: [Samba] A device attached to the system is not functioning - When adding a computer to the domain
On Mon, Jan 03, 2011 at 07:57:35AM -0500, Chris Beach wrote: > I wanted to send this out a 2nd (and last) time.. I got suggestions not to > use BLAH.COM and to use BLAH instead for my domain name, however I don't > think that's causing my problem as it's been this way for 6 years? Any way I > still can't add machines to my domain and am fairly panicked (this is > production, 140~ users). > > Any other suggestions? If you're 100% sure that you don't have nscd running, this might be a case sensivity bug. I think we fixed that some time ago. We used to not try the case-insensitive search in all cases. Please try 3.5.6. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning - When adding a computer to the domain
I wanted to send this out a 2nd (and last) time.. I got suggestions not to use BLAH.COM and to use BLAH instead for my domain name, however I don't think that's causing my problem as it's been this way for 6 years? Any way I still can't add machines to my domain and am fairly panicked (this is production, 140~ users). Any other suggestions? Thank you. On Thu, Dec 30, 2010 at 1:35 PM, Chris Beach wrote: > Hi all, > > I just setup a Samba 3.3.14, with an ldap back-end. > > I migrated the ldap back end and samba shares from my old samba server. > I've found when adding a machine (WinXP) to the domain, I get the following > error on XP: > > The following error occurred attempting to join the domain "Blah.com": > A device attached to the system is not functioning. > > in my /var/log/messages I have: > > Dec 30 09:40:24 hap smbd[29379]: [2010/12/30 09:40:24, 0] > passdb/pdb_get_set.cdb_get_group_sid(210) > Dec 30 09:40:24 hap smbd[29379]: pdb_get_group_sid: Failed to find Unix > account for OAKRND02$ > > repeated about 6 times. > > My smb.conf looks like this for the scripts to run: > > * add machine script = /usr/sbin/smbldap-useradd -w "%u" > add user script = /usr/sbin/smbldap-useradd -m -a "%u" > delete user script = /usr/sbin/smbldap-userdel -r "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > > ldap passwd sync = yes > passwd program = /usr/sbin/smbldap-passwd %u > passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new > password*" %n\n"* > > When I do an LDAP search, I see there is an entry in LDAP for it the > machine, so some of the add machine script must have worked: > > ldapsearch -b "dc=mydomain,dc=com" -x "(uid=oakrnd01$)" > > # OAKRND01$, Computers, mydomain, com > dn: uid=OAKRND01$,ou=Computers,dc=pintys,dc=com > uid: OAKRND01$ > sambaSID: S-1-5-21-3318375643-2463009161-75282-41448 > sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-75282-515 > sambaAcctFlags: [W ] > objectClass: sambaSamAccount > objectClass: account > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > sambaPwdCanChange: 1291378566 > sambaPwdMustChange: 1299154566 > sambaNTPassword: EED67D5B90ED8B5C2C168FB90DC4D313 > sambaPwdLastSet: 1291378566 > > Also, I get results in pdbedit: > > [r...@happiness ~]# pdbedit -v oakrnd01$ > Unix username:OAKRND01$ > NT username: OAKRND01$ > Account Flags:[W ] > User SID: S-1-5-21-3318375643-2463009161-75282-41448 > *pdb_get_group_sid: Failed to find Unix account for OAKRND01$* > *Primary Group SID:(NULL SID)* > Full Name: > Home Directory: > HomeDir Drive: > Logon Script: logon.exe > Profile Path: > Domain: MYDOMAIN.COM > Account desc: > Workstations: > Munged dial: > Logon time: 0 > Logoff time: never > Kickoff time: never > Password last set:Fri, 03 Dec 2010 06:16:06 CST > Password can change: Fri, 03 Dec 2010 06:16:06 CST > Password must change: Thu, 03 Mar 2011 06:16:06 CST > Last bad password : 0 > Bad password count : 0 > Logon hours : FF > > Also: > > /usr/sbin/smbldap-useradd -w OAKRND02 > failed to add entry: Unexpected EOF at /usr/sbin//smbldap_tools.pm line > 616. > > And then my slapd dies out (crashes)... this same behaviour happens when > trying to use USRMGR.exe to add a new user (but doing it manually via > smbldap DOES work for adding a new user). > > What's most annoying is I tested joining a Windows 7 machine to the domain > before I went live with this server, and it was successful, so I've no clue > why this isn't working now > > Any help I can get it REALLY APPRECIATED, right now I've got a PC I can't > get on the domain, so a user how can't work. > > -- Chris Beach IT Analyst -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba OpenLDAP TLS
Dear Michael and Samba friends, On Fri, Dec 31, 2010 at 11:50:49PM +0200, Michael Wood wrote: > Hi > > On 30 December 2010 14:35, Willy Offermans wrote: > > Dear Samba friends, > > > > I have setup a samba server 3.5 on FreeBSD 8.1-RELEASE-p2 with > > openldap-sasl-server-2.4. I have specified ``TLSVerifyClient demand'' in > > slapd.conf and want to enforce the clients to connect and show a > > valid certificate to the ldap server. As far as I have understood, Samba > > will act as a client as well and in order to access the ldap server it will > > need a client certificate as well. I do know how to generate a client > > certificate, but I do not know where to tell samba to use this > > client certificate. Is this supported by Samba or do I need to lower the > > constraints regarding the TLSVerifyClient? Maybe to ``TLSVerifyClient try''? > > Just a guess, but have you tried the TLS_CERT and TLS_KEY options from > the LDAP client config? They're listed in ldap.conf(5) as "user-only > options", so should be specified in $HOME/.ldaprc or ldaprc in the > current directory. Not sure where $HOME or the current directory are > for Samba, though, but perhaps that will point you in the right > direction. > > Hope that helps. > > -- Thanks for your answer! I guess $HOME is the home directory of root in this case, but I'm not sure yet. I have created the following file: /root/ldaprc with the following content: # # User specific LDAP settings # # Override global directive (if set) TLS_REQCERT demand # client authentication TLS_CERT /root/certs/root.pem TLS_KEY /root/certs/keys/root.key It helped me to work with ldapadd -ZZ ... commands from the command prompt. I hope that samba works in a similar way, meaning that it will make use of /root/ldaprc to show its client certificate. I have not yet tested samba, because I'm still setting up this server and I was distracted by the installation of other programs. If somebody has already experienced that /root/ldaprc will not work for samba, then please give me a hint on how to setup this correctly. -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, Willy * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl Powered by (__) \\\'',) \/ \ ^ .\._/_) www.FreeBSD.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Remote connection to Samba service doesn't work
Windows XP should work on the fly! Isn't it??? For Windows 7 you got to hack the registry. All entries HKLM. You find the enties: google Windows 7 samba On Fri, 31 Dec 2010 14:03:05 +0100, Mateusz Szymaniec wrote: > Hi. > I've got a nasty problem with Samba. Basically, I can't connect to my > Samba service from a home laptop (running Windows 7). I guess that on > this side everything is fine, I'm using my corporate Samba shares via > VPN, I've been using Samba on my previous server and it was running > OK. I've asked my buddy living nearby to connect and it didn't work > for him, as well as for 15 other people across living my country. The > weirdest thing is, that there are actually people that are able to > connect. They were using both Windows XP and 7 and I can't really tell > why. I see their connections in logs, but I can't really tell a > difference between my and theirs setup. > I've tried to use default Debian Etch 2.x Samba, 3.x backports > version, compiled 3.x from sources, even reinstalled operating system > on the server. I've used default config, copied one from my previous > server, wrote it from stretch server times. Every single time it was > possible to connect locally (smbclient -L localhost). On the client > side, I've tried using default Windows 7 (and XP) smb/cifs > implementation and cygwin's smbclient. > My server ISP tells that they don't block anything and it's the first > time someone has reported problem like this. My iptables are clean at > the moment. > Currently I'm using v. 3.2.5 with default config with one share and > added user by smbpasswd. > > revik:~# smbclient localhost\\test > Enter root's password: > Domain=[REVIK] OS=[Unix] Server=[Samba 3.2.5] > smb: \> ls > . D 0 Fri Dec 31 13:57:25 2010 > .. D 0 Fri Dec 31 13:57:16 2010 > testfile 0 Fri Dec 31 13:57:25 2010 > > 35201 blocks of size 8388608. 33290 blocks available > I don't really can think of any single idea how to make it work or > where the problem actually lies. > I'd appreciate any help, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] error adding a user
First of all which kind of Windows are you using. Usermgr with XP is ok with Windows Vista/7 no chance. To use usrmgr under xp and 2000 you must fit your ldap.conf and your smb.conf and youse smbldap-tools or similar: in your smb.conf there should be something like: add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy "%u" to fit the right params for your linux OS you have to try. or ldap.conf, ex : basedc=your,dc=domain nss_base_passwd ou=Users,dc=your,dc=domain?sub nss_base_passwd ou=Computers,dc=your,dc=domain?sub nss_base_shadow ou=Users,dc=your,dc=domain?sub nss_base_group ou=Groups,dc=yourc,dc=domain?one In your slapd.conf , ex: access to attrs=sambaLMPassword by self write by anonymous auth by dn="cn=admin,dc=your,dc=domain" write by * none access to attrs=sambaNTPassword by self write by anonymous auth by dn="cn=admin,dc=your,dc=domain" write by * none access to attrs=sambaPwdLastSet,sambaPwdMustChange by self write by anonymous auth by dn="cn=admin,dc=your,dc=domain" write by * none On Sun, 2 Jan 2011 22:44:20 +0100, Marco Ciampa wrote: > On Fri, Dec 31, 2010 at 04:34:05AM +0100, Marco Ciampa wrote: >> Sorry for (I'm shure) my stupid question (and my bad english)... >> >> If this is not the right place to post this kind of question forgive me >> and please point me to the right mailinglist. >> >> I've a Samba 3 that works with an openldap server as a sole domain >> controller. >> >> I used to use the Microsoft usermanager. >> After a general migration/upgrate I am not able to create new users >> anymore. >> I can do it with the smbldap-tools, manually only from the root user but >> if I do it through the usermanager it gives me an error. >> A net user add command done with the same adminitrator user give me this >> error: >> >> Failed to add user 'pippo' with: WERR_GENERAL_FAILURE. >> >> from the logs: >> >> [2010/12/31 04:30:44, 0] passdb/pdb_ldap.c:2197(ldapsam_add_sam_account) >> ldapsam_add_sam_account: User 'pippo' already in the base, with samba >> attributes >> >> Any hint? > > Need some other info? > > I've seen in the Internet many times asked this question so it seems a > recurring problem but with generic answers (check all your conf > data/permission/so on...) or no answer at all... > > Maybe it is a generic-catch-all error message a la Windows so it could > be fired by a hundred reasons or what? > > Sorry I am not a Samba nor LDAP expert... you see... > > -- > > > Marco Ciampa > > ++ > | Linux User #78271 | > | FSFE fellow #364 | > ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.5.6 and AIO on Linux
Hi list, I have been trying to enable AIO on ARMv5 Samba built with kernel headers 2.6.31.8, the configure indicated that AIO is supported via kernel headers and all went smooth (regarding the build process). Once I added the smb.conf 'aio write size=1' and tried to perform a file copy to the Samba share I noticed that 32K of the file (of the 1GB file) have been copied to the share but the file copy stalled and did not finish. I had to restart Samba to see that share since it was stuck, I have experienced the same fenomenon with XPsp2 and W7 clients. I also noticed that the Samba daemon that was forked as root (not as nobody as it usually does) and stayed blocked on some FUTEX taken. Can anyone confirm that AIO actually works on Linux, I have seen xBSD related mail claiming that it does work and brings nice performance improvement. -Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba