Re: [Samba] Password sync in 3.6.0 on OS X 10.7, Lion
On 7/22/64 1:59 PM, Jeremy Allison wrote: > On Fri, Aug 19, 2011 at 09:11:22AM -0500, Martin Diers wrote: >> My company, which is a mac-heavy shop in the printing industry, needed >> to migrate to a faster file server. As our directory trees are very >> large, both Samba, and Netatalk were bogging down badly on our Linux >> server (Samba, due to heavy CPU usage during directory listings - the >> case-sensitive file system issue, and netatalk because the cnid db was >> getting too big). > Did you look into the Samba large directory HOWTO to fix this ? > > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/largefile.html > Yes, I did. Forcing all filenames to upper or lower case was not an option in my company. Our Prepress department immediately rejected this. Otherwise I could have just moved all the Mac users over to SMB and retired AFP. Also, the bulk of our network is on Mac, so this was a huge boost in performance to have native AFP. (Spotlight works over the network, for one). >> smbd.log shows nothing at all. >> >> If the user's password is changed using the root account, no errors of >> any kind are logged, and no smbpasswd sync takes place. >> >> I know that pam_smbpass works in FreeBSD, which also uses OpenPam, so I >> doubt it is an OpenPam incompatibility. I'm just not sure where to look >> next. > Might be a modified version of OpenPam used by MacOSX - not sure. > > Can you look in the Darwin source code to see when PAM_AUTHINFO_UNAVAIL > is returned ? > > Jeremy. > I guess that's my next step. Pulling down Darwin 11 OpenPam now. Not sure I'm qualified to dig too deeply into this, but I'll give it a shot. Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.6.0 core dump
On Thu, 18 Aug 2011, Jeremy Allison wrote: On Sat, Aug 13, 2011 at 01:18:00PM -0400, Justin Piszcz wrote: Hello, Any thoughts on what is causing this? Aug 13 12:42:00 box smbd[29073]: [2011/08/13 12:42:00.489676, 0] lib/fault.c:47(fault_report) Aug 13 12:42:00 box smbd[29073]: === Aug 13 12:42:00 box smbd[29073]: [2011/08/13 12:42:00.490368, 0] lib/fault.c:48(fault_report) Aug 13 12:42:00 box smbd[29073]: INTERNAL ERROR: Signal 11 in pid 29073 (3.6.0) Aug 13 12:42:00 box smbd[29073]: Please read the Trouble-Shooting section of the Samba3-HOWTO Aug 13 12:42:00 box smbd[29073]: [2011/08/13 12:42:00.490448, 0] lib/fault.c:50(fault_report) Aug 13 12:42:00 box smbd[29073]: Aug 13 12:42:00 box smbd[29073]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Aug 13 12:42:00 box smbd[29073]: [2011/08/13 12:42:00.490516, 0] lib/fault.c:51(fault_report) Aug 13 12:42:00 box smbd[29073]: === Aug Can you install with debug symbols, and then add the line: panic action = /bin/sleep 999 to the [global] section of your smb.conf. Once it crashes, this will cause the crashed process to stay around waiting for the sleep process to finish. Find the crashed process using ps (it'll be the parent of the "sleep") then attach to it using gdb - then type "bt" which will give a full backtrace with symbols - allowing us to track it down much more easily. Thanks ! Jeremy. Hello, This is done, will do if it crashes again, thanks. Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Whitespace in password
try wbinfo -a myuser%pass\ word Rodriguez Nuño, Claudia wrote: Hi I am sorry if this has been asked before but after searching I haven't been able to find an answer. I have samba installed on a Centos machine and joined a windows active directory. Everything works fine in general except for users who have a whitespace in their password. For example if I have a user called myuser > whose password is pass word when I do wbinfo -a myuser%pass word it gives me errors. How can I fix it and make users with passwords with whitespace get to authenticate to the shares? Is it possible at all? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Long Pause the First Time I Do an 'ls' on Linux.
We have a lot of users on our AD domain, and the more we add the longer it takes to get a directory listing on my Linux servers. When I do 'ls -l' it might take 20 seconds before the listing starts. However, if I immediately do 'ls -l' again, it comes up quickly. I assume this is because samba/winbind is polling the AD domain controller on the first attempt. Is there any way to speed this up? -- Eric Robinson Disclaimer - August 19, 2011 This email and any files transmitted with it are confidential and intended solely for samba@lists.samba.org. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physicians' Managed Care or Physician Select Management. Warning: Although Physicians' Managed Care or Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password sync in 3.6.0 on OS X 10.7, Lion
On Fri, Aug 19, 2011 at 09:11:22AM -0500, Martin Diers wrote: > My company, which is a mac-heavy shop in the printing industry, needed > to migrate to a faster file server. As our directory trees are very > large, both Samba, and Netatalk were bogging down badly on our Linux > server (Samba, due to heavy CPU usage during directory listings - the > case-sensitive file system issue, and netatalk because the cnid db was > getting too big). Did you look into the Samba large directory HOWTO to fix this ? http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/largefile.html > Our solution was to switch to a Mac server running a Thunderbolt RAID > array. This forced us into using Lion, as the only Snow Leopard machines > with thunderbolt ports are laptops. The new server as extremely fast > even with our large file systems. But SMBX is causing numerous problems. > > Yesterday, I succeeded in getting Samba 3.6.0 compiled and running on > Lion, and now have a working Macports package. Only one patch was > required: to address issues with NGROUPS_MAX on Lion, which prevented > smbd from starting. (FYI: Because groups can be nested in Lion, but > getgrouplist() reports the list without nesting, the number of groups in > some system account used by Samba, exceeds NGROUPS_MAX. The fix just > forces it to 32 in lib/system.c - ugly, but it works). > > I do not understand how Apple's OpenDirectory integration used to work > with Samba in versions <= 10.6. I assume they maintained smbpasswd > tokens inside OpenDirectory. Regardless, this is no longer done in Lion. > Instead, I attempted to use the pam_smbpass module to sync passwords > with the tdb backend. > > I copied the complied pam_smbpass.dynlib module to > /usr/lib/pam/pam_smbpass.so.2. > > I then setup /etc/pam.d/passwd like so: > > auth required pam_permit.so > accountrequired pam_opendirectory.so > password requisite pam_opendirectory.so > password required pam_smbpass.so nullok use_authtok try_first_pass > sessionrequired pam_permit.so > > This prevents user accounts on the Server from changing their own > password at all. The root user can still change individual system > account passwords, but no smbpasswd syncing takes place. > > I have tried several variants on the "password required" line. All of > them exhibit the same behavior. > > I have been unable to find any debug or log information that sheds much > light on this behavior. When the user attempts to change their password, > this is what is shown in /var/log/secure.log: > > passwd[229]: in _openpam_check_error_code(): pam_sm_chauthtok(): > unexpected return value 12 >From the source code here : http://trac.des.no/openpam/browser/trunk/include/security/pam_constants.h enum { 51 PAM_SUCCESS = 0, 52 PAM_OPEN_ERR= 1, 53 PAM_SYMBOL_ERR = 2, 54 PAM_SERVICE_ERR = 3, 55 PAM_SYSTEM_ERR = 4, 56 PAM_BUF_ERR = 5, 57 PAM_CONV_ERR= 6, 58 PAM_PERM_DENIED = 7, 59 PAM_MAXTRIES= 8, 60 PAM_AUTH_ERR= 9, 61 PAM_NEW_AUTHTOK_REQD= 10, 62 PAM_CRED_INSUFFICIENT = 11, 63 PAM_AUTHINFO_UNAVAIL= 12, 64 PAM_USER_UNKNOWN= 13, 65 PAM_CRED_UNAVAIL= 14, 66 PAM_CRED_EXPIRED= 15, 67 PAM_CRED_ERR= 16, 68 PAM_ACCT_EXPIRED= 17, 69 PAM_AUTHTOK_EXPIRED = 18, 70 PAM_SESSION_ERR = 19, 71 PAM_AUTHTOK_ERR = 20, 72 PAM_AUTHTOK_RECOVERY_ERR= 21, 73 PAM_AUTHTOK_LOCK_BUSY = 22, 74 PAM_AUTHTOK_DISABLE_AGING = 23, 75 PAM_NO_MODULE_DATA = 24, 76 PAM_IGNORE = 25, 77 PAM_ABORT = 26, 78 PAM_TRY_AGAIN = 27, 79 PAM_MODULE_UNKNOWN = 28, 80 PAM_DOMAIN_UNKNOWN = 29, 81 PAM_NUM_ERRORS /* OpenPAM extension */ 82 }; > And this is what the user sees: > > $ passwd > Changing password for . > passwd: authentication information is unavailable Indeed - 12 == PAM_AUTHINFO_UNAVAIL. > smbd.log shows nothing at all. > > If the user's password is changed using the root account, no errors of > any kind are logged, and no smbpasswd sync takes place. > > I know that pam_smbpass works in FreeBSD, which also uses OpenPam, so I > doubt it is an OpenPam incompatibility. I'm ju
Re: [Samba] Samba4 - Cannot get quick test to succeed
I get this error: ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error ./bin/samba got signal 9 and exits with 0! samba: EOF on stdin - terminating ./bin/samba exited with no error FAILED (1 failures and 1 errors in 2 testsuites) A summary with detailed information can be found in: ./st/summary ERROR: test failed with exit code 1 make: *** [quicktest] Error 1 could someone please help me fix this? -- View this message in context: http://samba.2283325.n4.nabble.com/Samba4-Cannot-get-quick-test-to-succeed-tp3657311p3755607.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failed join operations
Ok it works. However I find it strange that Windows 7 does not automatically allow the Domain Admins group to run administrative tasks although I can see Domain Admins is listed under the Administrators group of the Windows 7 PC. Had to assign the individual admin users to be under the Administrators group. On Thu, Aug 18, 2011 at 4:22 PM, John Huong wrote: > Strange I believe the user already had the rights. Anyway will run the > suggested command and try again. > > On Thu, Aug 18, 2011 at 4:10 PM, Volker Lendecke > wrote: >> On Thu, Aug 18, 2011 at 03:34:47PM +0800, John Huong wrote: >>> Ok here are the files. >> >> [2011/08/18 15:09:32.136554, 10] >> rpc_server/samr/srv_samr_nt.c:3678(can_create) >> STELLA-PC$ does not exist, can create it >> [2011/08/18 15:09:32.136583, 5] >> rpc_server/samr/srv_samr_nt.c:3772(_samr_CreateUser2) >> _samr_CreateUser2: acmesupport can add this account : False >> >> You need to assign "acmesupport" the privilege to join >> machines: >> >> net sam rights grant acmesupport SeMachineAccountPrivilege >> >> should do it. >> >> Volker >> >> -- >> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen >> phone: +49-551-37-0, fax: +49-551-37-9 >> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users "WBC_ERR_DOMAIN_NOT_FOUND"
Am 19.08.2011 14:44, schrieb David Touzeau: > The winbindd allows to have correct informations > > #wbinfo -t > checking the trust secret for domain MAISON via RPC calls succeeded > > #wbinfo -n MAISON/Administrateur > S-1-5-21-3790408397-595478388-2982168515-500 SID_USER (1) > > #wbinfo -s S-1-5-21-3790408397-595478388-2982168515-500 > MAISON/Administrateur 1 > > #wbinfo -S S-1-5-21-3790408397-595478388-2982168515-500 > 60500 if this works. everything should be fine. > > Bet getent did not see any Active directoy users > > > Any tips on this ? > Does the service "nscd" run on your server? Turn it off and try again. You could also try if you could connect to the server, even if it does not list the users in "getent". Before testing i would flush the cache "net cache flush" justin case :) I also don't know if it is a problem that your "* range" is in the range of MAISON. idmap config MAISON:range = 6-5000 idmap config * : range = 100-199 why don't you try idmap config * : backend = rid idmap config * : range = 5001-599 best regards Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Password sync in 3.6.0 on OS X 10.7, Lion
My company, which is a mac-heavy shop in the printing industry, needed to migrate to a faster file server. As our directory trees are very large, both Samba, and Netatalk were bogging down badly on our Linux server (Samba, due to heavy CPU usage during directory listings - the case-sensitive file system issue, and netatalk because the cnid db was getting too big). Our solution was to switch to a Mac server running a Thunderbolt RAID array. This forced us into using Lion, as the only Snow Leopard machines with thunderbolt ports are laptops. The new server as extremely fast even with our large file systems. But SMBX is causing numerous problems. Yesterday, I succeeded in getting Samba 3.6.0 compiled and running on Lion, and now have a working Macports package. Only one patch was required: to address issues with NGROUPS_MAX on Lion, which prevented smbd from starting. (FYI: Because groups can be nested in Lion, but getgrouplist() reports the list without nesting, the number of groups in some system account used by Samba, exceeds NGROUPS_MAX. The fix just forces it to 32 in lib/system.c - ugly, but it works). I do not understand how Apple's OpenDirectory integration used to work with Samba in versions <= 10.6. I assume they maintained smbpasswd tokens inside OpenDirectory. Regardless, this is no longer done in Lion. Instead, I attempted to use the pam_smbpass module to sync passwords with the tdb backend. I copied the complied pam_smbpass.dynlib module to /usr/lib/pam/pam_smbpass.so.2. I then setup /etc/pam.d/passwd like so: auth required pam_permit.so accountrequired pam_opendirectory.so password requisite pam_opendirectory.so password required pam_smbpass.so nullok use_authtok try_first_pass sessionrequired pam_permit.so This prevents user accounts on the Server from changing their own password at all. The root user can still change individual system account passwords, but no smbpasswd syncing takes place. I have tried several variants on the "password required" line. All of them exhibit the same behavior. I have been unable to find any debug or log information that sheds much light on this behavior. When the user attempts to change their password, this is what is shown in /var/log/secure.log: passwd[229]: in _openpam_check_error_code(): pam_sm_chauthtok(): unexpected return value 12 And this is what the user sees: $ passwd Changing password for . passwd: authentication information is unavailable smbd.log shows nothing at all. If the user's password is changed using the root account, no errors of any kind are logged, and no smbpasswd sync takes place. I know that pam_smbpass works in FreeBSD, which also uses OpenPam, so I doubt it is an OpenPam incompatibility. I'm just not sure where to look next. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Whitespace in password
Hi I am sorry if this has been asked before but after searching I haven't been able to find an answer. I have samba installed on a Centos machine and joined a windows active directory. Everything works fine in general except for users who have a whitespace in their password. For example if I have a user called myuser whose password is pass word when I do wbinfo -a myuser%pass word it gives me errors. How can I fix it and make users with passwords with whitespace get to authenticate to the shares? Is it possible at all? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users "WBC_ERR_DOMAIN_NOT_FOUND"
Le vendredi 19 août 2011 à 06:51 -0500, John H Terpstra a écrit : > On 08/19/2011 03:54 AM, David Touzeau wrote: > > Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : > > > >> Am 18.08.2011 06:07, schrieb John H Terpstra: > >>> On 08/17/2011 02:05 PM, David Touzeau wrote: > I think this new version is not really ready for production... > There is so many strange things... Or misunderstanding whats going wrong > >>> > >>> I respect that some may be experiencing difficulties with deployment of > >>> Samba 3.6.0. > >>> > >>> I have been using 3.6.0 in its various pre-release forms (and now the > >>> stable release) for many months without a single problem. I have > >>> deployed it in some very complex as well as some simple configurations - > >>> all without any issues. > >>> > >>> The purpose of this response is to point out that Samba 3.6.0 is perhaps > >>> not as "not really ready" for production use readers of this list may > >>> interpret from these reports. > >>> > >>> Cheers, > >>> John T. > >>> > > Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : > > > > > > > ` Peacock,Josh wrote: > >> I am also experiencing the same problems. I am running 3.6 on AIX > >> 6.1. I do have a 3.5.8 installation running without problem (I > >> understand some major changes have happened.) I took the smb.conf > >> from my 3.5.8 install and changed appropriately for 3.6 (At least as > >> far as I catell). > >> > > > > Yeah, I still have this error even after downgrading to 3.5.10 -- > > I think 3.6 corrupted my userdb or changed the format... I suppose > > I need to allocate a new one and start from scratch to fix it... > > > > But lots of problems related to looking up the domain, the > > PDC and some users. > > > > I did try to report it, but since I wasn't certain what was going on and > > just had a bunch of random symptoms, I got ignored. > > > > But I did warn them that other users would likely have problems and > > should > > be warned... That was ignored too.. > > > > > > > > > > > >>> > >> > >> I had the same error until today. It works for me with base_rid = 0 > >> > >> TRY: > >> > >> idmap config MYDOMAIN : backend = rid > >> idmap config MYDOMAIN : range = 6-5000 > >> idmap config MYDOMAIN : base_rid = 0 > >> > >> > >> > >> -- > >> Benedikt > > > > > > i have set > > idmap config MYDOMAIN : backend = ad > > > > Is there any difference using > > > > idmap config MYDOMAIN : backend = rid > > > > instead > > > > idmap config MYDOMAIN : backend = ad > > > > When using Active Directory ? > > > > > > > > > > Check the man pages (man idmap_rid) and (man idmap_ad): > > The RID method generates the uid/gid from the RID. As a result all users > in Active Directory can access the Samba server. > > The AD method requires the use of the RFC2307bis extensions to the > Active Directory schema and that you populate the uid and gid in with > valid values using the Active Directory Users and Group management tool. > If you have not populated the RFC2307bis uid/gid values the user will > not be able to access the Samba server. > > Using the AD method the systems administrator has control over which > users can and cannot access the Samba server/s. > > - John T. This is very strange I have changed my settings according your example has follow security = ADS realm = MAISON.TOUZEAU.BIZ idmap config MAISON:backend = rid idmap config MAISON:read only = yes idmap config MAISON:range = 6-5000 idmap config MAISON:base_rid = 0 idmap config * : backend = tdb idmap config * : range = 100-199 client use spnego = No client use spnego principal = No encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = mandatory client signing = mandatory lm announce = No ntlm auth = No lanman auth = No preferred master = No The winbindd allows to have correct informations #wbinfo -t checking the trust secret for domain MAISON via RPC calls succeeded #wbinfo -n MAISON/Administrateur S-1-5-21-3790408397-595478388-2982168515-500 SID_USER (1) #wbinfo -s S-1-5-21-3790408397-595478388-2982168515-500 MAISON/Administrateur 1 #wbinfo -S S-1-5-21-3790408397-595478388-2982168515-500 60500 Bet getent did not see any Active di
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users "WBC_ERR_DOMAIN_NOT_FOUND"
Le vendredi 19 août 2011 à 06:51 -0500, John H Terpstra a écrit : > On 08/19/2011 03:54 AM, David Touzeau wrote: > > Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : > > > >> Am 18.08.2011 06:07, schrieb John H Terpstra: > >>> On 08/17/2011 02:05 PM, David Touzeau wrote: > I think this new version is not really ready for production... > There is so many strange things... Or misunderstanding whats going wrong > >>> > >>> I respect that some may be experiencing difficulties with deployment of > >>> Samba 3.6.0. > >>> > >>> I have been using 3.6.0 in its various pre-release forms (and now the > >>> stable release) for many months without a single problem. I have > >>> deployed it in some very complex as well as some simple configurations - > >>> all without any issues. > >>> > >>> The purpose of this response is to point out that Samba 3.6.0 is perhaps > >>> not as "not really ready" for production use readers of this list may > >>> interpret from these reports. > >>> > >>> Cheers, > >>> John T. > >>> > > Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : > > > > > > > ` Peacock,Josh wrote: > >> I am also experiencing the same problems. I am running 3.6 on AIX > >> 6.1. I do have a 3.5.8 installation running without problem (I > >> understand some major changes have happened.) I took the smb.conf > >> from my 3.5.8 install and changed appropriately for 3.6 (At least as > >> far as I catell). > >> > > > > Yeah, I still have this error even after downgrading to 3.5.10 -- > > I think 3.6 corrupted my userdb or changed the format... I suppose > > I need to allocate a new one and start from scratch to fix it... > > > > But lots of problems related to looking up the domain, the > > PDC and some users. > > > > I did try to report it, but since I wasn't certain what was going on and > > just had a bunch of random symptoms, I got ignored. > > > > But I did warn them that other users would likely have problems and > > should > > be warned... That was ignored too.. > > > > > > > > > > > >>> > >> > >> I had the same error until today. It works for me with base_rid = 0 > >> > >> TRY: > >> > >> idmap config MYDOMAIN : backend = rid > >> idmap config MYDOMAIN : range = 6-5000 > >> idmap config MYDOMAIN : base_rid = 0 > >> > >> > >> > >> -- > >> Benedikt > > > > > > i have set > > idmap config MYDOMAIN : backend = ad > > > > Is there any difference using > > > > idmap config MYDOMAIN : backend = rid > > > > instead > > > > idmap config MYDOMAIN : backend = ad > > > > When using Active Directory ? > > > > > > > > > > Check the man pages (man idmap_rid) and (man idmap_ad): > > The RID method generates the uid/gid from the RID. As a result all users > in Active Directory can access the Samba server. > > The AD method requires the use of the RFC2307bis extensions to the > Active Directory schema and that you populate the uid and gid in with > valid values using the Active Directory Users and Group management tool. > If you have not populated the RFC2307bis uid/gid values the user will > not be able to access the Samba server. > > Using the AD method the systems administrator has control over which > users can and cannot access the Samba server/s. > > - John T. Good !! And what method did you suggest for better compatibilities and your experiences...? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users "WBC_ERR_DOMAIN_NOT_FOUND"
On 08/19/2011 03:54 AM, David Touzeau wrote: Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as "not really ready" for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? Check the man pages (man idmap_rid) and (man idmap_ad): The RID method generates the uid/gid from the RID. As a result all users in Active Directory can access the Samba server. The AD method requires the use of the RFC2307bis extensions to the Active Directory schema and that you populate the uid and gid in with valid values using the Active Directory Users and Group management tool. If you have not populated the RFC2307bis uid/gid values the user will not be able to access the Samba server. Using the AD method the systems administrator has control over which users can and cannot access the Samba server/s. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems joining Windows 2003 Domain
so how do I connect an LDAP on udp port WITH samba? Am 13.08.2011 um 10:14:49 Uhr schrieb Marc-Christian Petersen : > Hi TAKAHASHI, > >> [2011/08/12 11:17:44.272472, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad2.blub.local >> [2011/08/12 11:17:44.273248, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> [2011/08/12 11:17:44.273738, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad3.blub.local >> [2011/08/12 11:17:44.275965, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> [2011/08/12 11:17:44.276005, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad1.blub.local >> [2011/08/12 11:17:44.276496, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> - >> >> Can you connect to those DCs' 389/udp from Samba? > > hmm and how do I do that? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Printing api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed
After connecting the same printers directly to cups using the same drivers the printouts are available without any problems. So probably some conversion inside of samba will cancel the printjobs. Am 11.08.2011 11:32, schrieb Claus Rosenberger: > Hello, > > after upgrading to samba 3.5.6 of Debian Squeeze some printouts will not > printed. The same prinjob will printed after a couple of tries. I increased > the loglevel and there are only a few messages which showing whtat could be > the problem. The printjobs doesn't arrive at cups. > > [2011/08/10 11:32:12.700665, 0] lib/charcnv.c:650(convert_string_talloc) > Conversion error: Illegal multibyte sequence(^A^H <8C>^R ) > [2011/08/10 11:32:12.700720, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error) > ndr_pull_error(5): Bad character conversion > [2011/08/10 11:32:12.700756, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP) > api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed. > [2011/08/10 11:32:13.901183, 0] lib/charcnv.c:650(convert_string_talloc) > Conversion error: Illegal multibyte sequence(^A^H <8C>^R ) > [2011/08/10 11:32:13.924149, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error) > ndr_pull_error(5): Bad character conversion > [2011/08/10 11:32:13.924206, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP) > api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed. > > The printer is a Konica Minolta bizhup 40P, which is installed on client with > Point and Print and the newest ppd files from Konica Minolta. > > What could be the problem? > > Thank you > Claus > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users "WBC_ERR_DOMAIN_NOT_FOUND"
Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : > Am 18.08.2011 06:07, schrieb John H Terpstra: > > On 08/17/2011 02:05 PM, David Touzeau wrote: > >> I think this new version is not really ready for production... > >> There is so many strange things... Or misunderstanding whats going wrong > > > > I respect that some may be experiencing difficulties with deployment of > > Samba 3.6.0. > > > > I have been using 3.6.0 in its various pre-release forms (and now the > > stable release) for many months without a single problem. I have > > deployed it in some very complex as well as some simple configurations - > > all without any issues. > > > > The purpose of this response is to point out that Samba 3.6.0 is perhaps > > not as "not really ready" for production use readers of this list may > > interpret from these reports. > > > > Cheers, > > John T. > > > >> > >> Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : > >> > >>> > >>> > >>> ` Peacock,Josh wrote: > I am also experiencing the same problems. I am running 3.6 on AIX > 6.1. I do have a 3.5.8 installation running without problem (I > understand some major changes have happened.) I took the smb.conf > from my 3.5.8 install and changed appropriately for 3.6 (At least as > far as I catell). > > >>> > >>> Yeah, I still have this error even after downgrading to 3.5.10 -- > >>> I think 3.6 corrupted my userdb or changed the format... I suppose > >>> I need to allocate a new one and start from scratch to fix it... > >>> > >>> But lots of problems related to looking up the domain, the > >>> PDC and some users. > >>> > >>> I did try to report it, but since I wasn't certain what was going on and > >>> just had a bunch of random symptoms, I got ignored. > >>> > >>> But I did warn them that other users would likely have problems and > >>> should > >>> be warned... That was ignored too.. > >>> > >>> > >>> > >>> > >> > >> > > > > I had the same error until today. It works for me with base_rid = 0 > > TRY: > > idmap config MYDOMAIN : backend = rid > idmap config MYDOMAIN : range = 6-5000 > idmap config MYDOMAIN : base_rid = 0 > > > > -- > Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba