Re: [Samba] Clear Samba Process

[Aldyth Maharsha]

I don't know what happening, but i have strange problem. My log show oplocks
break failed it is only some user(not all user) and it is sometimes
happening, sometimes good but sometimes close office file extremely
slow..Any idea?

Best regards,
Aldyth M

On Fri, Aug 26, 2011 at 7:43 PM, Bruno Martins  wrote:

> On 08/26/2011 01:12 PM, Aldyth Maharsha wrote:
>
>> Hi list, i'm have problem with samba 3.5 in ubuntu 11.04 server. When my
>> user open file like office file it is okey but when close file it is
>> extremely slow, and i'm view at log it is show error message "Oplocks
>> break
>> failed for xxx". I try to running smbstatus to view pid process and kill
>> pid
>> locked files it is works but my question is, what happening with my
>> samba?,
>> because if my user closing file extremely slow i must kill pid
>> process(locked files), can i have another solution? because i'm copy file
>> more than 5Gb it is fast and no problem with that...Thanks before
>>
>> It is my smb.conf :
>> [global]
>> workgroup = AAA
>> netbios name = SUNKO08
>> security = user
>> enable privileges = yes
>> server string = %h server
>> encrypt passwords = Yes
>>
>> unix password sync = yes
>> ldap passwd sync = yes
>> passwd program = /usr/sbin/smbldap-passwd -u "%u"
>> passwd chat = "Changing *\nNew password*" %n\n "*Retype new
>> password*" %n\n"
>>
>> log level = 0
>> syslog = 0
>> log file = /var/log/samba/log.%U
>> max log size = 10
>> time server = Yes
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> dns proxy = no
>> mangling method = hash2
>> Dos charset = CP932
>> Unix charset = UTF-8
>> logon script = logon.bat
>> logon drive = H:
>> logon home =
>> logon path =
>> domain logons = Yes
>> domain master = Yes
>> os level = 65
>> preferred master = Yes
>> wins support = yes
>> passdb backend = ldapsam:ldap://sunko02.sunko.
>> local/
>> ldap admin dn = cn=admin,dc=sunko,dc=local
>> ldap suffix = dc=sunko,dc=local
>> ldap group suffix = ou=groups
>> ldap user suffix = ou=people
>> ldap machine suffix = ou=computer
>>add user script = /usr/sbin/smbldap-useradd -m "%u"
>> delete user script = /usr/sbin/smbldap-userdel "%u"
>> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> delete group script = /usr/sbin/smbldap-groupdel "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
>> "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
>> admin users = domainadm
>> ldap ssl = no
>> load printers = Yes
>> create mask = 0640
>> directory mask = 0750
>> nt acl support = No
>> printing = cups
>> printcap name = cups
>> deadtime = 10
>> guest account = nobody
>> map to guest = Bad User
>> dont descend = /proc,/dev,/etc,/lib,/lost+**found,/initrd
>> show add printer wizard = yes
>> preserve case = yes
>> short preserve case = yes
>> case sensitive = no
>>
>>
>> best regards,
>> Aldyth M
>>
> Aldyth,
>
> Check this page:
> http://www.samba.org/samba/**docs/man/Samba-HOWTO-**
> Collection/locking.html#**id2617810
>
> You may have to turn off oplocks.
>
> Best regards,
>
> --
> Bruno Martins
> bmomart...@gmail.com
> (+351) 939668667
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Not crazy...really! Domain!=DOMAIN (win7 showing both versions of my dom)...

[Linda Walsh]

Hah!  Caught it in the act!...

Filed it with a bug report talking about the problem...

Shows me being offered a choice between two icon types (anyone know what
those are?  for 'BLISS' (the newly mangled samba name) and 'Bliss' (the
original name)...

https://attachments.samba.org/attachment.cgi?id=6856

Not sure why or how what went into the case name changing, but it was
another source of havoc on my setup, as on linux, usernames (Bliss\user !=
BLISS\user,) and pathnames /home/DOMAIN/user != /home/Domain/user

Still getting occasional weirdnesses ... though oddly most of my group
mapping problems went away recently after upgrading to 3.5.11 (don't know
if it was exactly co-incident, but that's the only thing I can think of
that would have changed that could have caused such a thing).   I still
can't SEE most of my groups... (no builtins, and only a few domain groups,
-- NO well-known groups (that are defined in my domain), like 'Domain
Admins'...(though it's still in some access lists in my local Win7
workstation, I can't ADD it on any new security tab .. nor most other
domain groups.

Oh well... keeps one entertained I suppose...




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] rid generation questions

[TAKAHASHI Motonobu]

From: steff...@gmx.de
Date: Mon, 05 Sep 2011 16:51:57 +0200

> I have a few questions to ask... I am about to migrate from Samba 2
> to 3 (3.5.9). I am going to use LDAP as backend in the future and
> came across something I don't understand. As far as I know the 'old'
> way to generate RIDs for users is to take their uidnumber, multiply
> it by two and add 1000. For computer accounts it would be 1001
> instead of 1000. I am now trying to figure out how this works with
> 3.5.9 and ldapsam and if it is possible to re-enable the old
> behaviour.

If you want to use old way, you have to use 'old' passdb such as
smbpasswd or ldapsam_compat instead of ldapsam or tdbsam, although
they can not keep the detail information of users.

---
TAKAHASHI Motonobu 




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] rid generation questions

[steffo76]

Hello list,

I have a few questions to ask... I am about to migrate from Samba 2 to 3 
(3.5.9). I am going to use LDAP as backend in the future and came across 
something I don't understand. As far as I know the 'old' way to generate RIDs 
for users is to take their uidnumber, multiply it by two and add 1000. For 
computer accounts it would be 1001 instead of 1000. I am now trying to figure 
out how this works with 3.5.9 and ldapsam and if it is possible to re-enable 
the old behaviour. The only thing I could find was this:

http://samba.org/samba/history/samba-3.0.11.html

where it says:

"Beginning with Samba 3.0.0beta3, the RID allocation functions
have been moved into winbindd.  Previously these were handled
by each passdb backend.  This means that winbindd must be running
to automatically allocate RIDs for users and/or groups.  Otherwise,
smbd will use the 2.2 algorithm for generating new RIDs"

I am not using winbindd but I noticed that new RIDs get created independently 
from the uidnumber of the account. In the Domain Object the value for 
sambaAlgorithmicRidBase is 1000, still new RIDs for computer accounts get 
created by incrementing the value of sambaNextRid which is 1027 right now. 

I tried to increase sambaAlgorithmicRidBase to 1 so there wouldn't be a 
collision between old samba 3 accounts and the new ones but this only lead to 
smbd refusing to start saying that "The value of 'algorithmic RID base' has 
changed since the LDAP database was initialised.".

Since the whole shebang isn't online yet I only have a handful of computer 
accounts for testing purposes with RIDs in the unwanted 1000s which I could 
delete.

To make a long story short: how do I tell samba to just use the old behaviour 
for allocation RIDs ? Or if that's not possible: how do I change the 
algorithmic RID base afterwards ?

Thanks,
Stephan

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem exporting samba 3.6 registry

[Alejandro Escanero Blanco]

Valgrind give me:

==25578== Memcheck, a memory error detector
==25578== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==25578== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==25578== Command: 
XX

==25578== Parent PID: 24066
==25578==
--25578--
--25578-- Valgrind options:
--25578---v
--25578----trace-children=yes
--25578----log-file=vg.log
--25578-- Contents of /proc/version:
--25578--   Linux version 2.6.18-194.el5 
(mockbu...@x86-007.build.bos.redhat.com) (gcc version 4.1.2 20080704 
(Red Hat 4.1.2-48)) #1 SMP Tue Mar 16 21:52:43 EDT 2010

--25578-- Arch and hwcaps: X86, x86-sse1-sse2
--25578-- Page sizes: currently 4096, max supported 4096
--25578-- Valgrind library directory: /usr/lib/valgrind
--25578-- Reading syms from /usr/local/samba/bin/net (0x108000)
--25578-- Reading syms from /lib/ld-2.5.so (0xb2f000)
--25578-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux 
(0x3800)

--25578--object doesn't have a dynamic symbol table
--25578-- Reading suppressions file: /usr/lib/valgrind/default.supp
--25578-- REDIR: 0xb447d0 (index) redirected to 0x3803e483 
(vgPlain_x86_linux_REDIR_FOR_index)
--25578-- Reading syms from 
/usr/lib/valgrind/vgpreload_core-x86-linux.so (0x4801000)
--25578-- Reading syms from 
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so (0x4803000)

==25578== WARNING: new redirection conflicts with existing -- ignoring it
--25578-- new: 0x00b447d0 (index   ) R-> 0x04806640 index
--25578-- REDIR: 0xb44970 (strlen) redirected to 0x4806820 (strlen)
--25578-- Reading syms from /lib/libresolv-2.5.so (0x4811000)
--25578-- Reading syms from /lib/libnsl-2.5.so (0x4824000)
--25578-- Reading syms from /lib/libdl-2.5.so (0x483b000)
--25578-- Reading syms from /lib/librt-2.5.so (0x484)
--25578-- Reading syms from /usr/lib/libpopt.so.0.0.0 (0x4849000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libgssapi_krb5.so.2.2 (0x4851000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libkrb5.so.3.3 (0x487f000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libk5crypto.so.3.1 (0x4915000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libcom_err.so.2.1 (0x493b000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libuuid.so.1.2 (0x493f000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libldap-2.3.so.0.2.31 (0x4943000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/liblber-2.3.so.0.2.31 (0x497d000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/local/samba/lib/libtalloc.so.2.0.5 
(0x498b000)

--25578-- Reading syms from /usr/local/samba/lib/libtdb.so.1.2.9 (0x4994000)
--25578-- Reading syms from /usr/local/samba/lib/libwbclient.so.0 
(0x49a5000)

--25578-- Reading syms from /usr/lib/libz.so.1.2.3 (0x49b2000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libc-2.5.so (0x49c5000)
--25578-- Reading syms from /lib/libpthread-2.5.so (0x4b0b000)
--25578-- Reading syms from /usr/lib/libkrb5support.so.0.1 (0x4b23000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libkeyutils-1.2.so (0x4b2d000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libsasl2.so.2.0.22 (0x4b3)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libssl.so.0.9.8e (0x4b49000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libcrypto.so.0.9.8e (0x4b91000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libselinux.so.1 (0x4cd2000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libcrypt-2.5.so (0x4ceb000)
--25578-- Reading syms from /lib/libsepol.so.1 (0x4d1d000)
--25578--object doesn't have a symbol table
--25578-- REDIR: 0x4a363e0 (memset) redirected to 0x4806b80 (memset)
--25578-- REDIR: 0x4a368d0 (memcpy) redirected to 0x4807a70 (memcpy)
--25578-- REDIR: 0x4a35540 (rindex) redirected to 0x4806550 (rindex)
--25578-- REDIR: 0x4a30e30 (malloc) redirected to 0x480587e (malloc)
--25578-- REDIR: 0x4a35ee0 (memchr) redirected to 0x48069f0 (memchr)
--25578-- REDIR: 0x4a351a0 (strlen) redirected to 0x4806800 (strlen)
--25578-- REDIR: 0x4a2e990 (free) redirected to 0x4805498 (free)
--25578-- REDIR: 0x4a36440 (mempcpy) redirected to 0x48072d0 (mempcpy)
--25578-- REDIR: 0x4a312a0 (realloc) redirected to 0x480592d (realloc)
--25578-- REDIR: 0x4a34ad0 (index) redirected to 0x48065e0 (index)
--25578-- REDIR: 0x4a30af0 (calloc) redirected to 0x4804b8e (calloc)
--25578-- REDIR: 0x4a34c40 (strcmp) redirected to 0x48068d0 (strcmp)
--25578-- REDIR: 0x4a35390 (strncmp) redirected to 0

[Samba] Problems with ntlm_auth and machines accounts

[Alejandro Escanero Blanco]

I upgrade a samba 3.2.14 to samba 3.6.0 radius server for 802.1x.
I discover that ntlm_auth fails for machines accounts with error: No 
logon workstation trust account


Put winbind in debug with winbindd -F -i -d 10 give:

accepted socket 24
process_request: request fn INTERFACE_VERSION
[2]: request interface version
winbind_client_response_written[2:INTERFACE_VERSION]: delivered 
response to client

process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2]: request location of privileged pipe
winbind_client_response_written[2:WINBINDD_PRIV_PIPE_DIR]: delivered 
response to client

accepted socket 27
closing socket 24, client exited
process_request: Handling async request 2:PAM_AUTH_CRAP
[2]: pam auth crap domain: [DOMAIN] user: machine$
child daemon request 14
child_process_request: request fn AUTH_CRAP
[19561]: pam auth crap domain: DOMAIN user: machine$
attempting to make a user_info for machine$ (machine$)
making strings for machine$'s user_info struct
making blobs for machine$'s user_info struct
made a user_info for machine$ (machine$)
smbldap_search_ext: base => [o=midomain,c=es], filter => 
[(&(uid=machine$)(objectclass=sambaSamAccount))], scope => [2]

init_sam_from_ldap: Entry found for user: machine$
pdb_set_username: setting username machine$, was
pdb_set_domain: setting domain DOMAIN, was
pdb_set_nt_username: setting nt username machine$, was
pdb_set_user_sid_from_string: setting user sid S-1-5-21-x-y-z-403267
pdb_set_user_sid: setting user sid S-1-5-21-x-y-z-403267
attribute sambaPwdLastSet does not exist
attribute sambaLogonTime does not exist
attribute sambaLogoffTime does not exist
attribute sambaKickoffTime does not exist
attribute sambaPwdCanChange does not exist
attribute sambaPwdMustChange does not exist
pdb_set_full_name: setting full name machine$, was
attribute sambaHomeDrive does not exist
pdb_set_dir_drive: setting dir drive , was NULL
attribute sambaHomePath does not exist
pdb_set_homedir: setting home dir , was
attribute sambaLogonScript does not exist
pdb_set_logon_script: setting logon script , was
attribute sambaProfilePath does not exist
pdb_set_profile_path: setting profile path , was
attribute sambaUserWorkstations does not exist
attribute sambaMungedDial does not exist
attribute sambaLMPassword does not exist
attribute sambaBadPasswordCount does not exist
attribute sambaBadPasswordTime does not exist
attribute sambaLogonHours does not exist
Adding cache entry with key = IDMAP/SID2UID/S-1-5-21-x-y-z-403267 and 
timeout = Mon Sep 12 10:11:25 2011

 (604800 seconds ahead)
Adding cache entry with key = IDMAP/UID2SID/5059 and timeout = Mon Sep 
12 10:11:25 2011

 (604800 seconds ahead)
gid 515 -> sid S-1-5-21-x-y-z-515
gid 515 -> sid S-1-5-21-x-y-z-515
do lookup_sid(S-1-5-21-x-y-z-515) for group of user machine$
lookup_sid called for SID 'S-1-5-21-x-y-z-515'
Accepting SID S-1-5-21-x-y-z in level 1
lookup_rids called for domain sid 'S-1-5-21-x-y-z'
smbldap_search_ext: base => [o=users,o=midomain,c=es], filter => 
[(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-x-y-z-515)))], 
scope => [2]
smbldap_search_ext: base => [o=midomain,c=es], filter => 
[(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-x-y-z-515)))], 
scope => [2]

Sid S-1-5-21-x-y-z-515 -> DOMAIN\Domain Computers(2)
Adding cache entry with key = IDMAP/SID2GID/S-1-5-21-x-y-z-515 and 
timeout = Mon Sep 12 10:11:25 2011

 (604800 seconds ahead)
Adding cache entry with key = IDMAP/GID2SID/515 and timeout = Mon Sep 12 
10:11:25 2011

 (604800 seconds ahead)
Looking up login cache for user machine$
No cache entry found
No cache entry, bad count = 0, bad time = 0
pdb_set_username: setting username machine$, was
pdb_set_domain: setting domain DOMAIN, was
pdb_set_nt_username: setting nt username machine$, was
pdb_set_full_name: setting full name machine$, was
pdb_set_homedir: setting home dir , was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
pdb_set_profile_path: setting profile path , was
pdb_set_workstations: setting workstations , was
pdb_set_user_sid: setting user sid S-1-5-21-x-y-z-403267
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-x-y-z-403267 from rid 403267
sid S-1-5-21-x-y-z-515 -> gid 515
pdb_set_group_sid: setting group sid S-1-5-21-x-y-z-515
ntlm_password_check: Checking NT MD4 password
sam_account_ok: Checking SMB password for user machine$
logon_hours_ok: user machine$ allowed to logon at this time (Mon Sep  5 
08:11:25 2011

)
sam_account_ok: Wksta trust account machine$ denied by server
check_sam_security failed: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Authenticaticating user DOMAIN\machine$ returned 
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
NTLM CRAP authentication for user [DOMAIN]\[machine$] returned 
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (PAM: 9)

Finished processing child request 14
Writing 3496 bytes to parent
wb_request_done[2:PAM_AUTH_CRAP]: 
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT