Re: [Samba] No admin privileges after upgrade from 3.5.8 to 3.6.0rc3
Hans-Peter Jansen wrote: Hi, since I was bitten badly by this today, I take the additional time to report this issue here. After upgrading from samba 3.5.8 to 3.6.0rc3, Administrator on the xp clients (yes, still xp sp3, no vista, no win7 clients here) lost its admin privileges. My Samba PDC setup evolved over about a decade now, Ditto. but since it still needs to support a small environment only (20 xp, 30 users), I kept the "security = user" approach, --- (only need to support 1-2 users ! ... + my many personalities! Users and admin can "domain" login just fine, but with 3.6.0rc3, the admin lost his privileges, simply downgrading samba to 3.5.8 fixed this. I didn't catch my problem soon enough and it corrupted my DB, so after going back to 3.5.10, I'm slowing working on ironing out the problems again. Here's my samba build: https://build.opensuse.org/package/show?package=samba&project=home%3Afrispete%3Asamba%3ASTABLE That's linked to project network:samba:STABLE. If somebody from this project there is reading here: Doesn't the term "STABLE" and the project description imply stable released packages? IMHO, a release candidate doesn't match this criteria, but others might disagree. I saw the joke on the suse servers...but these are the same guys jumping to every new tech for 'stable' User releases (still haven't recovered from an 11.2->11.4 server upgrade done last april...keep finding "gotcha's" and collateral damage. --- FWIW, I reported 3.6 problems in the user database area on the samba tech list back a month ago...never got any feedback. http://lists.samba.org/archive/samba-technical/2011-July/078663.html My prob, is everytime I get my config 'correct', they change the definition of correct in a newer version...(sigh...what else is new...)... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Very slow samba performance on Centos 6
On 8/4/2011 1:11 PM, vg_ us wrote: > cifsfs mounts are really slow, so what happens when linux, windows and > mac clients map/mount the share? Are they gonna be this slow? Any way to > speed it up? Unfortunately I don't have an answer to the slow mounts issue. However, you're showing a peak performance of only about half line speed with FTP, which tends to demonstrate your system is in need of overall performance tuning for 10 GbE. Reading, digesting, and using the information in the following article may get you much closer to the ~1GB/s mark of which 10GbE is capable. http://www.redhat.com/promo/summit/2008/downloads/pdf/Thursday/Mark_Wagner.pdf If tweaking these things can double your raw network and FTP throughput, it should do similar for Samba, which would mean ~94 MB/s for cifsfs mount ramdisk-to-ramdisk or to disk. -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross-compile and directory locations
Oops! I apologize for posting in HTML.. maybe I found the answer: ./configure --prefix=/home/martin/result/ --exec-prefix=/home/martin/result/ --sbindir=/sbin --with-rootsbindir=/opt/sbin does the job? (sbindir defines the install directory, rootsbindir defines the location where the binaries will search) Trying this tomorrow.. 2011/8/4 Martin Herrman > > All, > > I have cross-compiled 3.5.10 succesfully. The smbd binary can be executed, > e.g. ./smbd -b works fine. The smbd binary also allows me to override > directory locations, e.g. --libdir=/opt/lib. Unfortunately, other binaries > (like smbpasswd) cannot find their libraries because they are looking in the > wrong directory (/home/martin/result/.../lib), which only exist on the host > on which I compiled the source. > > When I use e.g. --with-privatedir=/opt/var/samba/private during ./configure, > the binary is ok, but 'make install' fails. 'make install' wants to create > /opt/var/samba/private on the host, instead of using the prefix as well (e.g. > /home/martin/result/opt/var/samba/private). > > Is there any already available solution to this? > > Thanks in advance, > > Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cross-compile and directory locations
All, I have cross-compiled 3.5.10 succesfully. The smbd binary can be executed, e.g. ./smbd -b works fine. The smbd binary also allows me to override directory locations, e.g. --libdir=/opt/lib. Unfortunately, other binaries (like smbpasswd) cannot find their libraries because they are looking in the wrong directory (/home/martin/result/.../lib), which only exist on the host on which I compiled the source. When I use e.g. --with-privatedir=/opt/var/samba/private during ./configure, the binary is ok, but 'make install' fails. 'make install' wants to create /opt/var/samba/private on the host, instead of using the prefix as well (e.g. /home/martin/result/opt/var/samba/private). Is there any already available solution to this? Thanks in advance, Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 3.5.11 Available for Download - correction
Hey folks, please note, that I listed "Fix DoS in Winbind and smbd with many file descriptors open (bug #7949)" by accident in the release notes of Samba 3.5.11. This one was already fixed with Samba 3.5.7. Many thanks to Vincent Danen for reporting! http://samba.org/samba/history/samba-3.5.11.html has been updated accordingly. Cheers, Karolin On Thu, Aug 04, 2011 at 10:34:06AM +0200, Karolin Seeger wrote: > === > "Birthdays are nature's way of >telling us to eat more cake." > >Source Unknown > == > > > Release Announcements > = > > This is the latest stable release of Samba 3.5. > > Major enhancements in Samba 3.5.11 include: > > o Fix access to Samba shares when Windows security patch KB2536276 is > installed >(bug #7460). > o Fix DoS in Winbind and smbd with many file descriptors open (bug #7949). > o Fix Winbind panics if verify_idpool() fails (bug #8253). > > > Changes since 3.5.10: > > > > o Jeremy Allison > * BUG 7462: Make SA_RESETHAND conditional on its existance. > * BUG 8254: Make "acl check permissions = no" working in all cases. > > > o Gregor Beck > * BUG 8253: Fix Winbind panics if verify_idpool() fails. > > > o David Disseldorp > * BUG 8269: Stop spamming log with "Could not find child X -- ignoring" > messages in smbd. > > > o Björn Jacke > * BUG 7460: Include sys/file.h only when available. > > > o Volker Lendecke > * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). > * BUG 8238: Fix access to Samba shares when Windows security patch > KB2536276 is installed. > * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR. > > > o Stefan Metzmacher > * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain. > * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. > * BUG 8276: Close all sockets attached to a subnet in close_subnet(). > > > ## > Reporting bugs & Development Discussion > ### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical IRC channel on irc.freenode.net. > > If you do report problems then please try to send high quality > feedback. If you don't provide vital information to help us track down > the problem then you will probably be ignored. All bug reports should > be filed under the Samba 3.5 product in the project's Bugzilla > database (https://bugzilla.samba.org/). > > > == > == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > == > > > > Download Details > > > The uncompressed tarballs and patch files have been signed > using GnuPG (ID 6568B7EA). The source code can be downloaded > from: > > http://download.samba.org/samba/ftp/stable > > The release notes are available online at: > > http://www.samba.org/samba/history/samba-3.5.11.html > > Binary packages will be made available on a volunteer basis from > > http://download.samba.org/samba/ftp/Binary_Packages/ > > Our Code, Our Bugs, Our Responsibility. > (https://bugzilla.samba.org/) > > --Enjoy > The Samba Team > > > > -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Very slow samba performance on Centos 6
-- From: "Volker Lendecke" Sent: Thursday, August 04, 2011 11:01 AM To: "vg_ us" Cc: Subject: Re: [Samba] Very slow samba performance on Centos 6 On Thu, Aug 04, 2011 at 10:49:50AM -0400, vg_ us wrote: I have 2 identical Dell r510 servers with 10gig card, running centos 6 with samba-3.5.4-68.el6_0.2.x86_64. I setup 16G ramdisk samba share on both and ran cp from local ramdisk to samba ramdisk mount. If I cp 12 1-gig files, I get combined 100MB/s transfer rate. Single file cp maxes out at about 15MB/s. Ftp transfer give me over 300MB/s. Running with 9000 MTU. Most smb.conf is default. I even disabled atime and tried ext2 and xfs on ramdisk. Any help will be greatly appreciated. What client application are you using? If it is a cifsfs kernel mount, you might see such artifacts. Please retry with the smbclient(1) application. If that is also slow, we need to investigate further. I re-ran some of the tests with following result: Ftp ramdisk-to-ramdisk: 13572 MB, 32.8 secs - 413.8 MB/s Ftp ramdisk-to-hardisk: 13572 MB, 62.8 secs - 222.4 MB/s Smbclient ramdisk-to-ramdisk: 13572 MB 40 secs - 339 MB/s Smbclient ramdisk-to-harddisk: 13572 MB 64 secs - 212 MB/s cifsfs mount ramdisk-to-ramdisk: 13572 MB 289.8 - 47MB/s cifsfs mounts are really slow, so what happens when linux, windows and mac clients map/mount the share? Are they gonna be this slow? Any way to speed it up? Thanks - Vadim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 on debian squeeze
Quoting Christian PERRIER (bubu...@debian.org): > I suspect that samba4 uploaded yesterday by Jelmer in experimental > will solve this, but this package introduces new binary packages and > is therefore waiting in the NEW queue, for being processed by Debian > ftpmasters (any source package introducing binaries goes this way). It has been ACCEPTed today. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind 3.3.1.5 as 2008 r2 domain member | groups are not resolving after couple of hours
Oliver Weinmann-3 wrote: > > Has really no one else this problem??? I mean if someone could make a > recommendation what version to use with w2008r2 would be good too. Hello Oliver, I don't know if you've gotten this sorted out but I spent about a few hours over the past two days struggling with a similar problem and samba 3.5.4. I'm using the "Identity Management for UNIX" add-on for Active Directory to provide the user and group ID mappings. In my case the problem was that even though I had set the "Primary Group/GID" under the UNIX Attributes tab, winbind was reading the "Primary Group" from the AD portion and so I had to configure the "Domain Users" group with UNIX attributes as well. So far everything's now working as expected. -- View this message in context: http://samba.2283325.n4.nabble.com/winbind-3-3-1-5-as-2008-r2-domain-member-groups-are-not-resolving-after-couple-of-hours-tp3497728p3719057.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Very slow samba performance on Centos 6
On Thu, Aug 04, 2011 at 10:49:50AM -0400, vg_ us wrote: > I have 2 identical Dell r510 servers with 10gig card, running centos > 6 with samba-3.5.4-68.el6_0.2.x86_64. > I setup 16G ramdisk samba share on both and ran cp from local > ramdisk to samba ramdisk mount. > If I cp 12 1-gig files, I get combined 100MB/s transfer rate. Single > file cp maxes out at about 15MB/s. > Ftp transfer give me over 300MB/s. > > Running with 9000 MTU. Most smb.conf is default. I even disabled > atime and tried ext2 and xfs on ramdisk. > > Any help will be greatly appreciated. What client application are you using? If it is a cifsfs kernel mount, you might see such artifacts. Please retry with the smbclient(1) application. If that is also slow, we need to investigate further. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Very slow samba performance on Centos 6
Hello all, I have 2 identical Dell r510 servers with 10gig card, running centos 6 with samba-3.5.4-68.el6_0.2.x86_64. I setup 16G ramdisk samba share on both and ran cp from local ramdisk to samba ramdisk mount. If I cp 12 1-gig files, I get combined 100MB/s transfer rate. Single file cp maxes out at about 15MB/s. Ftp transfer give me over 300MB/s. Running with 9000 MTU. Most smb.conf is default. I even disabled atime and tried ext2 and xfs on ramdisk. Any help will be greatly appreciated. - Vadim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help: id user : non existant user using Active Directory connexion ( NT_STATUS_OBJECT_NAME_NOT_FOUND)
Dear i have connected Samba 3.5.6 with an Active Directory 2008 R2 When i try to get the uid number of an Active Directory user on the linux box: * root@bdc2:~# id angelique id: angelique : utilisateur inexistant (means non existent user) * The winbindd debug claim NT_STATUS_OBJECT_NAME_NOT_FOUND and NT_STATUS_INVALID_PARAMETER but the Active Directry is correcly linked. Where i'm wrong ? *** Winbind debug output : trusted_domains(ads): Searching trusted domain list of TOUZEAU and storing trust flags for domain touzeau.home [2011/08/04 14:23:45.166249, 10] winbindd/winbindd_cache.c:4397(wcache_tdc_add_domain) wcache_tdc_add_domain: Adding domain TOUZEAU (touzeau.home), SID S-1-5-21-3487440176-1554673074-2687830590, flags = 0x1d, attributes = 0x0, type = 0x2 [2011/08/04 14:23:45.166273, 10] winbindd/winbindd_cache.c:4121(add_wbdomain_to_tdc_array) add_wbdomain_to_tdc_array: Found existing record for TOUZEAU [2011/08/04 14:23:45.166284, 10] winbindd/winbindd_cache.c:4206(pack_tdc_domains) pack_tdc_domains: Packing 3 trusted domains [2011/08/04 14:23:45.166298, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain BUILTIN () [2011/08/04 14:23:45.166309, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain BDC2 () [2011/08/04 14:23:45.166319, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain TOUZEAU (touzeau.home) [2011/08/04 14:23:45.166337, 4] winbindd/winbindd_dual.c:1532(fork_domain_child) Finished processing child request 20 [2011/08/04 14:23:45.166347, 10] winbindd/winbindd_dual.c:1548(fork_domain_child) Writing 3560 bytes to parent [2011/08/04 14:23:45.166363, 10] lib/events.c:182(get_timed_events_timeout) timed_events_timeout: 2909/510746 [2011/08/04 14:23:47.371126, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 2302:GETPWNAM [2011/08/04 14:23:47.371158, 3] winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send) getpwnam angelique [2011/08/04 14:23:47.371187, 10] winbindd/winbindd_cache.c:451(fetch_cache_seqnum) fetch_cache_seqnum: timeout [TOUZEAU][33401 @ 1312460590] [2011/08/04 14:23:47.371200, 3] winbindd/winbindd_ads.c:1206(sequence_number) ads: fetch sequence_number for TOUZEAU [2011/08/04 14:23:47.371210, 10] winbindd/winbindd_ads.c:46(ads_cached_connection) ads_cached_connection [2011/08/04 14:23:47.371220, 7] winbindd/winbindd_ads.c:59(ads_cached_connection) Current tickets expire in 35422 seconds (at 1312496049, time is now 1312460627) [2011/08/04 14:23:47.371726, 5] libads/ldap_utils.c:64(ads_do_search_retry_internal) Search for (objectclass=*) in <> gave 1 replies [2011/08/04 14:23:47.371770, 10] winbindd/winbindd_cache.c:494(wcache_store_seqnum) wcache_store_seqnum: success [TOUZEAU][33401 @ 1312460627] [2011/08/04 14:23:47.371784, 10] winbindd/winbindd_cache.c:581(refresh_sequence_number) refresh_sequence_number: TOUZEAU seq number is now 33401 [2011/08/04 14:23:47.371799, 10] winbindd/idmap_ad.c:71(ad_idmap_cached_connection_internal) ad_idmap_cached_connection: called for domain 'TOUZEAU' [2011/08/04 14:23:47.371810, 7] winbindd/idmap_ad.c:86(ad_idmap_cached_connection_internal) Current tickets expire in 35451 seconds (at 1312496078, time is now 1312460627) [2011/08/04 14:23:47.380451, 5] libads/ldap_utils.c:64(ads_do_search_retry_internal) Search for (uid=angelique) in gave 0 replies [2011/08/04 14:23:47.380476, 5] winbindd/winbindd_cache.c:1206(resolve_alias_to_username) resolve_alias_to_username: backend query returned NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/08/04 14:23:47.380497, 5] winbindd/winbindd_getpwnam.c:68(winbindd_getpwnam_send) Could not parse domain user: angelique [2011/08/04 14:23:47.380515, 5] winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv) Could not convert sid S-0-0: NT_STATUS_INVALID_PARAMETER [2011/08/04 14:23:47.380528, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[2302:GETPWNAM]: NT_STATUS_INVALID_PARAMETER [2011/08/04 14:23:47.380552, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[2302:GETPWNAM]: deliverd response to client [2011/08/04 14:23:50.163136, 10] lib/events.c:131(run_events) Running timed event "rescan_trusted_domains" 0x7f88fb21c7c0 [2011/08/04 14:23:50.163284, 4] winbindd/winbindd_dual.c:1524(fork_domain_child) child daemon request 20 [2011/08/04 14:23:50.166642, 10] winbindd/winbindd_dual.c:479(child_process_request) child_process_request: request fn LIST_TRUSTDOM [2011/08/04 14:23:50.16, 3] winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) [15477]: list trusted domains [2011/08/04 14:23:50.166684, 10] winbindd/winbindd_cache.c:2780(trusted_domains) trusted_domains: [Cached] - doing backend query for info for domain TOUZ
[Samba] No admin privileges after upgrade from 3.5.8 to 3.6.0rc3
Hi, since I was bitten badly by this today, I take the additional time to report this issue here. After upgrading from samba 3.5.8 to 3.6.0rc3, Administrator on the xp clients (yes, still xp sp3, no vista, no win7 clients here) lost its admin privileges. My Samba PDC setup evolved over about a decade now, but since it still needs to support a small environment only (20 xp, 30 users), I kept the "security = user" approach, mainly because it allows different passwords for the linux and windows environment. [global] security = user domain master = yes preferred master = yes local master = yes domain logons = yes wins support = yes admin users = root @ntadmin My admin is called admin: $ id admin uid=1002(admin) gid=71(ntadmin) Gruppen=71(ntadmin),512(domadmin) $ cat /etc/samba/smbusers admin = administrator nobody = guest pcguest smbguest $ getent group domadmin:*:512:admin domuser:*:513:u1,u2,... domguest:*:514: ntadmin:*:71: $ net groupmap list Domänen Benutzer (S-1-5-21-884593593-3352586541-3369792858-513) -> domuser Domänen Administratoren (S-1-5-21-884593593-3352586541-3369792858-512) -> domadmin Domänen Gäste (S-1-5-21-884593593-3352586541-3369792858-514) -> domguest $ net rpc user u1 u2 admin ... $ net rpc user info admin Domänen Benutzer Domänen Administratoren Users and admin can "domain" login just fine, but with 3.6.0rc3, the admin lost his privileges, simply downgrading samba to 3.5.8 fixed this. Here's my samba build: https://build.opensuse.org/package/show?package=samba&project=home%3Afrispete%3Asamba%3ASTABLE That's linked to project network:samba:STABLE. If somebody from this project there is reading here: Doesn't the term "STABLE" and the project description imply stable released packages? IMHO, a release candidate doesn't match this criteria, but others might disagree. Since this is a productive environment, I can perform tests during the weekend only (as long as my family permits..). Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failed to allocate new gidNumber. smbldap_modify() failed.
Sorry, the message about the mapping error for the group is not relevant because we have a duplicate entry in the ldap. but the message in winbindd-idmap log is still relevant, sometimes we have a another message : [2011/08/04 13:13:52, 0] lib/smbldap.c:(578) PANIC: assert failed at lib/smbldap.c(578) [2011/08/04 13:13:52, 2] lib/smbldap.c:(786) Best regards and thank you for your help. Armand DELCROS Service système/réseau/téléphonie Mairie de Saint-Ouen Direction des Systèmes d'Informations 6, Place de la république 93406 Saint-Ouen Cedex. Tel : 01.49.45.67.60 Fax : 01.49.45.67.34 -samba-boun...@lists.samba.org a écrit : - A : samba@lists.samba.org De : Armand DELCROS Envoyé par : samba-boun...@lists.samba.org Date : 04/08/2011 12:26 Objet : [Samba] Failed to allocate new gidNumber. smbldap_modify() failed. Hello, We are using samba 3.0.37 on solaris 10 We encountered errors with winbind : "Failed to allocate new gidNumber. smbldap_modify() failed." and also in the samba.log : "could not lookup membership for group sid S-1-5-21-2446956985-2243763730-1737288511-3325 in domain STOUEN (error: NT_STATUS_NONE_MAPPED)" After some searching with google,I increase the gidnumber max and uidnumber max but we still experienced problem with the guid allocation. so i don't know what can i do, it is not possible for us to upgrade to a newer version of samba. smb.conf : -- [global] workgroup = STOUEN server string = VMFILE01 netbios name = VMFILE01 # wins support = yes wins server = 10.2.200.1 password server = vmdc01.stouen.local log level = 2 log file = /var/samba/log/samba.log max log size = 3 unix charset = UTF-8 dos charset = CP850 #ldap ssl = no ldap ssl = off ldap admin dn = cn=admin,dc=stouen,dc=local ldap suffix = dc=stouen,dc=local encrypt passwords = yes security = domain load printers = no domain master = no local master = no preferred master = no os level = 0 idmap backend = ldap:ldap://10.2.200.2 ldap idmap suffix = ou=Idmap idmap uid = 16777216-1000 idmap gid = 16777216-1000 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template shell = /sbin/nologin winbind use default domain = yes -- Armand DELCROS Service système/réseau/téléphonie Mairie de Saint-Ouen Direction des Systèmes d'Informations 6, Place de la république 93406 Saint-Ouen Cedex. Tel : 01.49.45.67.60 Fax : 01.49.45.67.34 Avant d'imprimer, pensez à l'environnement . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Avant d'imprimer, pensez à l'environnement . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failed to allocate new gidNumber. smbldap_modify() failed.
Hello, We are using samba 3.0.37 on solaris 10 We encountered errors with winbind : "Failed to allocate new gidNumber. smbldap_modify() failed." and also in the samba.log : "could not lookup membership for group sid S-1-5-21-2446956985-2243763730-1737288511-3325 in domain STOUEN (error: NT_STATUS_NONE_MAPPED)" After some searching with google,I increase the gidnumber max and uidnumber max but we still experienced problem with the guid allocation. so i don't know what can i do, it is not possible for us to upgrade to a newer version of samba. smb.conf : -- [global] workgroup = STOUEN server string = VMFILE01 netbios name = VMFILE01 # wins support = yes wins server = 10.2.200.1 password server = vmdc01.stouen.local log level = 2 log file = /var/samba/log/samba.log max log size = 3 unix charset = UTF-8 dos charset = CP850 #ldap ssl = no ldap ssl = off ldap admin dn = cn=admin,dc=stouen,dc=local ldap suffix = dc=stouen,dc=local encrypt passwords = yes security = domain load printers = no domain master = no local master = no preferred master = no os level = 0 idmap backend = ldap:ldap://10.2.200.2 ldap idmap suffix = ou=Idmap idmap uid = 16777216-1000 idmap gid = 16777216-1000 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template shell = /sbin/nologin winbind use default domain = yes -- Armand DELCROS Service système/réseau/téléphonie Mairie de Saint-Ouen Direction des Systèmes d'Informations 6, Place de la république 93406 Saint-Ouen Cedex. Tel : 01.49.45.67.60 Fax : 01.49.45.67.34 Avant d'imprimer, pensez à l'environnement . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu: From: "J. Echter" Date: Tue, 02 Aug 2011 14:12:05 +0200 I thought im done setting domain to WORKGROUP, as its set in smbldap.conf. I don't get why smbldap tools thinks im on a domain called BDC. Would it help if i post some output from pdbedit or stuff like that? I really don't get where this error comes from. Have you set the SID same as PDC on BDC? For example - bdc# net rpc getsid Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain DomanName in secrets.tdb - Remembet that before running the command, you have to set smb.conf correctly as BDC. here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 You have to set "domain logons = yes" to make this machine act as BDC. And are you running Winbind? If not, idmap backend/uid/gid does not mean anything. there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf "getent passwd" on BDC shows his entry? --- TAKAHASHI Motonobu ok, im sorry. im stupid. i overlooked that i disabled domain logons... now its showing the right domain with pdbedit -v thanks a lot. now im trying to logon again... cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.5.11 Available for Download
=== "Birthdays are nature's way of telling us to eat more cake." Source Unknown == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to Samba shares when Windows security patch KB2536276 is installed (bug #7460). o Fix DoS in Winbind and smbd with many file descriptors open (bug #7949). o Fix Winbind panics if verify_idpool() fails (bug #8253). Changes since 3.5.10: o Jeremy Allison * BUG 7462: Make SA_RESETHAND conditional on its existance. * BUG 8254: Make "acl check permissions = no" working in all cases. o Gregor Beck * BUG 8253: Fix Winbind panics if verify_idpool() fails. o David Disseldorp * BUG 8269: Stop spamming log with "Could not find child X -- ignoring" messages in smbd. o Björn Jacke * BUG 7460: Include sys/file.h only when available. o Volker Lendecke * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). * BUG 8238: Fix access to Samba shares when Windows security patch KB2536276 is installed. * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR. o Stefan Metzmacher * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain. * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. * BUG 8276: Close all sockets attached to a subnet in close_subnet(). ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.11.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba