[Samba] S4 - Upgrade options from S3

[Thys Nel]

We've been running samba3 with an ldap backend for several years now in our
company. We use a separate exchange server for email, requiring users to
keep two separate passwords - one for the domain (samba) and one for
exchange.

I've been looking at samba4 for a while and am running a test server with
it, built from the latest git source as per the howto description. We would
be quite happy to use the current s4 in production if we could migrate the
user and computer accounts seamlessly (more or less).

I know the upgrade from s3 to s4 is one of the priorities for S4, but
looking through the lists it seems there already are possible usable upgrade
scripts available. It is however not clear exactly what the capabilities or
options are.

Can someone please answer the following questions:

1. From what I see it looks like the upgrade script upgrades an existing s3
installation (on the same machine) to s4. Does it also migrate password
info, i.e. is it possible to do a seamless transition without having to
modify passwords individually?

2. Can the current upgrade script convert s3 user and machine accounts to s4
where s3 uses an ldap backend?

3. If yes, please point me in the right direction re. parameters etc. Can I
export the ldif database and use this as input to the upgrade script? This
would be helpful in that I can leave the production server running
(unmodified) and test the s4 database on a separate test machine.

4. Finally, can anyone confirm that MS Exchange (we use 2003 currently) can
work properly with s4. If so, I'd appreciate any pointers as to the steps
required. (I assume install S4 working, join exchange machine to S4?).

Any help appreciated.

T
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Clearcase, Samba, and mnode values

[Volker Lendecke]

On Wed, Sep 07, 2011 at 02:26:24PM -0700, Kathy wrote:
> >> It looks to me like I have a memory leak, and IBM is blaming Samba,
> >
> > Main question is: Do the smbd processes really consume all
> > that memory?
> >
> 
> I did see smbd processes increase in memory over time, but since I
> have never monitored smbd this closely before, I'm not sure if this is
> normal or not.  I was doing the following memory test every hour and I
> was seeing a general trend up in RSS size.
> 
> ps -e -o user,pid,rss,args | sort -b -k3,3n | awk '{print
> $1,$2,$3,$4}' | tail -n 20 >> /var/log/memory_usage.log
> 
> Here are a couple of smbd pids that were increasing over time, showing
> the trend I was seeing.  There were multiple smbd (typically around
> 18-20) running at the time.
> 
>PID  RSS
> root 9402 4176 smbd
> root 9402 5364 smbd
> root 9402 5752 smbd
> root 9402 5752 smbd
> 
> root 9787 4124 smbd
> root 9787 4556 smbd
> root 9787 4560 smbd
> root 9787 7448 smbd
> root 9787 7460 smbd

That's a couple of megabytes overall. Trivial for 32GB RAM.
It really looks like someone else must be the main consumer.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba on freebsd - permissions issue

[James D. Parra]

Hello,

I have Samba set up on FreeBSD with a share for guests. I don't need or want 
any authentication for this share.

[test2]
path = /data/test2
read only = No
create mask = 0777
guest ok = Yes

The file permission on the host directory was set to 2777 and nobody:nobody. 
When a windows machine writes to the dir the permissions look fine. For example,

-rwxrw-rw- 1 nobody nobody 0 Sep  7 13:38 New Text Document.txt

However, if a Linux machine mounts the share and any user other than root 
writes to it the perm's are different and you get a permissions error;

$ touch ztest.1.txt
touch: cannot touch `ztest.1.txt': Permission denied

Interestingly, regardless of the error, the file is created;

-rw-r--r-- 1 nobody nobody 0 Sep  7 16:15 ztest.1.txt

If the user opens the file to write to it, it is opened in read-only.

I get the same results when mounting the share from Linux using these two 
different commands;

 mount -t cifs //bsd-host/test2 /mnt/test2

and,

 mount -t cifs -o file_mode=0777,dir_mode=0777 //bsd-host/test2 /mnt/test2


Any suggestions on how I can fix this? 


Thank you in advance,

James
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Clearcase, Samba, and mnode values

[Kathy]

>> It looks to me like I have a memory leak, and IBM is blaming Samba,
>
> Main question is: Do the smbd processes really consume all
> that memory?
>

I did see smbd processes increase in memory over time, but since I
have never monitored smbd this closely before, I'm not sure if this is
normal or not.  I was doing the following memory test every hour and I
was seeing a general trend up in RSS size.

ps -e -o user,pid,rss,args | sort -b -k3,3n | awk '{print
$1,$2,$3,$4}' | tail -n 20 >> /var/log/memory_usage.log

Here are a couple of smbd pids that were increasing over time, showing
the trend I was seeing.  There were multiple smbd (typically around
18-20) running at the time.

   PID  RSS
root 9402 4176 smbd
root 9402 5364 smbd
root 9402 5752 smbd
root 9402 5752 smbd

root 9787 4124 smbd
root 9787 4556 smbd
root 9787 4560 smbd
root 9787 7448 smbd
root 9787 7460 smbd
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] 3.5.6 : WINBINDD: cli_negprot failed: NT_STATUS_ACCESS_DENIED with Active Directory

[David Touzeau]

Le mercredi 07 septembre 2011 à 13:33 -0500, Dale Schroeder a écrit :
> On 09/07/2011 4:45 AM, David Touzeau wrote: 
> > Dear
> > 
> > Have connected SAMBA to an Active Directory server
> > The getent did not show any user and winbindd claim :
> > 
> > [2011/09/07 11:33:29.417355,  1]
> > libsmb/cliconnect.c:1769(cli_negprot_done)
> >   cli_negprot: SMB signing is mandatory and the server doesn't support
> > it.
> > [2011/09/07 11:33:29.417444,  1]
> > winbindd/winbindd_cm.c:856(cm_prepare_connection)
> >   cli_negprot failed: NT_STATUS_ACCESS_DENIED
> > [2011/09/07 11:33:29.696520,  1]
> > libsmb/cliconnect.c:1769(cli_negprot_done)
> >   cli_negprot: SMB signing is mandatory and the server doesn't support
> > it.
> > [2011/09/07 11:33:29.696599,  1]
> > winbindd/winbindd_cm.c:856(cm_prepare_connection)
> >   cli_negprot failed: NT_STATUS_ACCESS_DENIED
> > [2011/09/07 11:33:30.068625,  1]
> > libsmb/cliconnect.c:1769(cli_negprot_done)
> >   cli_negprot: SMB signing is mandatory and the server doesn't support
> > it.
> > [2011/09/07 11:33:30.068706,  1]
> > winbindd/winbindd_cm.c:856(cm_prepare_connection)
> >   cli_negprot failed: NT_STATUS_ACCESS_DENIED
> > 
> > How can i fix this issue ?
> 
> If I'm reading this error message correctly, you either need to turn
> on server signing on the AD machine, or turn off server signing on the
> Samba machine.
> server signing = Disabled
> 
> Dale
> > 
> > here it is the smb.conf
> > 
> > [global]
> > workgroup = USGPEOPLEFR
> > netbios name = onesys-samba
> > server string = %h server
> > disable netbios =no
> > strict allocate = No
> > strict locking = Auto
> > sync always = No
> > getwd cache = Yes
> > max protocol = NT1
> > name resolve order =host lmhosts wins bcast
> > dns proxy = No
> > wins support = Yes
> > min protocol = NT1
> > remote announce = 10.7.61.255/USGPEOPLEFR
> > 
> > syslog = 3
> > log level = 1
> > log file = /var/log/samba/log.%m
> > debug timestamp = yes
> > follow symlinks = yes
> > wide links = yes
> > unix extensions = no
> > 
> > usershare allow guests = no
> > usershare max shares = 100
> > usershare owner only = true
> > usershare path=/var/lib/samba/usershares/data
> > guest account = nobody
> > map to guest = Bad Password
> > template homedir = /home/%U
> > template shell = /bin/false
> > enable privileges = yes
> > os level = 40
> > ldap passwd sync = no
> > 
> > 
> > security = ADS
> > realm = USGPEOPLEFR.INT
> > idmap config USGPEOPLEFR:backend= rid
> > idmap config USGPEOPLEFR:read only= yes
> > idmap config USGPEOPLEFR:range  = 10 - 19
> > idmap config USGPEOPLEFR:base_rid   = 0
> > idmap gid = 7 - 9
> > idmap uid = 7 - 9
> > encrypt passwords = Yes
> > client ntlmv2 auth = Yes
> > client lanman auth = No
> > winbind normalize names = Yes
> > winbind separator = /
> > winbind use default domain = No
> > winbind enum users = Yes
> > winbind enum groups = Yes
> > winbind nested groups = Yes
> > winbind nss info = rfc2307
> > winbind offline logon = true
> > winbind cache time = 5
> > winbind refresh tickets = true
> > kerberos method = system keytab
> > allow trusted domains = Yes
> > server signing = mandatory
> > client signing = mandatory
> > lm announce = No
> > ntlm auth = No
> > lanman auth = No
> > preferred master = No
> > printing = bsd
> > nt acl support=yes
> > map acl inherit=yes
> > acl check permissions=yes
> > inherit permissions=no
> > inherit acls=yes
> > acl map full control=yes
> > dos filemode=yes
> > force unknown acl user = no
> > 
> > 
> > # LDAP settings ---
> > ldap delete dn = no
> > passdb backend = ldapsam:ldap://127.0.0.1:389
> > ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int
> > ldap suffix = dc=usgpeoplefr,dc=int
> > ldap group suffix = dc=organizations
> > ldap user suffix =  dc=organizations
> > ldap machine suffix = ou=Computer,dc=samba,dc=organizations
> > ldap delete dn = yes
> > ldap ssl  = off
> > ldap idmap suffix =
> > ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int
> > 
> > logon path =""
> > logon home =""
> > logon drive = ""
> > socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
> > SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
> > case sensitive = No
> > default case = lower
> > preserve case = yes
> > short preserve case = yes
> > wins support = Yes
> > time server = yes
> > msdfs root = no
> > host msdfs = no
> > 
Thanks 

I set it to "server signing = auto" and it's working like charm !!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Clearcase, Samba, and mnode values

[Volker Lendecke]

On Wed, Sep 07, 2011 at 11:48:11AM -0700, Kathy wrote:
> Hi all --
> 
> I recently temporarily deployed an upgraded Clearcase server (7.1.2.3)
> on 64 bit RHEL 5.6.  With it I was using Redhat's release of Samba for
> that version of the OS -- 3.0.33.The system has 32 GB of memory
> and within 12 hours, it would be down into swap.  Maximum active
> licenses used is 36 but a more typical load is 18-25 users having a
> Clearcase license at once.  Clearcase clients are on Windows.  This
> server is the whole shebang  -- license server, view and vob server.
> All disks are local, no NAS.  Most of the time our developers are
> using snapshot views but merge into the dynamic views.
> 
> It looks to me like I have a memory leak, and IBM is blaming Samba,

Main question is: Do the smbd processes really consume all
that memory?

> seeing that I was using an unblessed version of the tool.  Apparently
> 3.0.32 is blessed and 3.0.33 is not.  Although I'm skeptical, I'm
> willing to entertain the idea that a 0.01 release change could be the
> problem, so I recently updated to 3.5.8, which apparently is blessed
> to work with 7.1.2.3.  This system is now a test server so we can test
> it without impacting production use.  We still need to do some load
> testing on it.  The original server is on different hardware (still
> Dell, though), running 32 bit RHEL 5.2 and Clearcase 7.0.1.3, and
> Samba 3.0.28 (which also apparently isn't blessed by IBM but has never
> had any problems).  I am using the samba smb.conf file for both
> releases/servers.
> 
> For those of you who are familiar with how Clearcase and Samba work
> together, my questions are the following:
> 
> 1.  What is typical memory usage with Clearcase and Samba?  Is it
> typical for it to cache all memory, eat into a little bit of swap (say
> 312k) and then sit there like that and work just fine?  Or should I
> expect it to eat up initially a few gigs of memory and then stay
> relatively stable, recognizing that over time the running system will
> slowly eat up memory (but not all in 12 hours).
> 
> 2.  IBM has suggested making sure these conditions are met for mnode
> values on Windows clients and the MAX_OPEN_FILES is big enough on the
> Samba side:   https://www-304.ibm.com/support/docview.wss?uid=swg21169548
> 
> Basically saying that for a 64 bit Clearcase/Samba server, the max
> mnode values should be set to 800 and not the default 1800.
> Anyone with experience with this?  We have not seen the particular
> errors mentioned in this article, but IBM support is telling me about
> it as a guideline.  Also mentioned in the article is MAX_OPEN_FILES.
> My current value for that is 16,384.   How do you know what is an
> optimal value for that for your system?
> 
> Thanks for any input.  I have asked IBM to describe typical memory
> usage but so far I'm not getting any solid answers.
> 
> Kathy
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Migrating Samba 3.5.6 PDC + OpenLDAP to Samba4

[German Molano]

Hi, recently I start to test Samba4, it works great. I want to migrate 
the user data stored in my current LDAP directory. My setup is Samba 
3.5.6 PDC + OpenLDAP. There is any way that i can migrate the current 
accounts and passwords to samba4? any script or utility?


Thanks for your help


German Molano
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Clearcase, Samba, and mnode values

[Kathy]

Hi all --

I recently temporarily deployed an upgraded Clearcase server (7.1.2.3)
on 64 bit RHEL 5.6.  With it I was using Redhat's release of Samba for
that version of the OS -- 3.0.33.The system has 32 GB of memory
and within 12 hours, it would be down into swap.  Maximum active
licenses used is 36 but a more typical load is 18-25 users having a
Clearcase license at once.  Clearcase clients are on Windows.  This
server is the whole shebang  -- license server, view and vob server.
All disks are local, no NAS.  Most of the time our developers are
using snapshot views but merge into the dynamic views.

It looks to me like I have a memory leak, and IBM is blaming Samba,
seeing that I was using an unblessed version of the tool.  Apparently
3.0.32 is blessed and 3.0.33 is not.  Although I'm skeptical, I'm
willing to entertain the idea that a 0.01 release change could be the
problem, so I recently updated to 3.5.8, which apparently is blessed
to work with 7.1.2.3.  This system is now a test server so we can test
it without impacting production use.  We still need to do some load
testing on it.  The original server is on different hardware (still
Dell, though), running 32 bit RHEL 5.2 and Clearcase 7.0.1.3, and
Samba 3.0.28 (which also apparently isn't blessed by IBM but has never
had any problems).  I am using the samba smb.conf file for both
releases/servers.

For those of you who are familiar with how Clearcase and Samba work
together, my questions are the following:

1.  What is typical memory usage with Clearcase and Samba?  Is it
typical for it to cache all memory, eat into a little bit of swap (say
312k) and then sit there like that and work just fine?  Or should I
expect it to eat up initially a few gigs of memory and then stay
relatively stable, recognizing that over time the running system will
slowly eat up memory (but not all in 12 hours).

2.  IBM has suggested making sure these conditions are met for mnode
values on Windows clients and the MAX_OPEN_FILES is big enough on the
Samba side:   https://www-304.ibm.com/support/docview.wss?uid=swg21169548

Basically saying that for a 64 bit Clearcase/Samba server, the max
mnode values should be set to 800 and not the default 1800.
Anyone with experience with this?  We have not seen the particular
errors mentioned in this article, but IBM support is telling me about
it as a guideline.  Also mentioned in the article is MAX_OPEN_FILES.
My current value for that is 16,384.   How do you know what is an
optimal value for that for your system?

Thanks for any input.  I have asked IBM to describe typical memory
usage but so far I'm not getting any solid answers.

Kathy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] 3.5.6 : WINBINDD: cli_negprot failed: NT_STATUS_ACCESS_DENIED with Active Directory

[Dale Schroeder]

On 09/07/2011 4:45 AM, David Touzeau wrote:

Dear

Have connected SAMBA to an Active Directory server
The getent did not show any user and winbindd claim :

[2011/09/07 11:33:29.417355,  1]
libsmb/cliconnect.c:1769(cli_negprot_done)
   cli_negprot: SMB signing is mandatory and the server doesn't support
it.
[2011/09/07 11:33:29.417444,  1]
winbindd/winbindd_cm.c:856(cm_prepare_connection)
   cli_negprot failed: NT_STATUS_ACCESS_DENIED
[2011/09/07 11:33:29.696520,  1]
libsmb/cliconnect.c:1769(cli_negprot_done)
   cli_negprot: SMB signing is mandatory and the server doesn't support
it.
[2011/09/07 11:33:29.696599,  1]
winbindd/winbindd_cm.c:856(cm_prepare_connection)
   cli_negprot failed: NT_STATUS_ACCESS_DENIED
[2011/09/07 11:33:30.068625,  1]
libsmb/cliconnect.c:1769(cli_negprot_done)
   cli_negprot: SMB signing is mandatory and the server doesn't support
it.
[2011/09/07 11:33:30.068706,  1]
winbindd/winbindd_cm.c:856(cm_prepare_connection)
   cli_negprot failed: NT_STATUS_ACCESS_DENIED

How can i fix this issue ?


If I'm reading this error message correctly, you either need to turn on 
server signing on the AD machine, or turn off server signing on the 
Samba machine.

server signing = Disabled

Dale


here it is the smb.conf

[global]
workgroup = USGPEOPLEFR
netbios name = onesys-samba
server string = %h server
disable netbios =no
strict allocate = No
strict locking = Auto
sync always = No
getwd cache = Yes
max protocol = NT1
name resolve order =host lmhosts wins bcast
dns proxy = No
wins support = Yes
min protocol = NT1
remote announce = 10.7.61.255/USGPEOPLEFR

syslog = 3
log level = 1
log file = /var/log/samba/log.%m
debug timestamp = yes
follow symlinks = yes
wide links = yes
unix extensions = no

usershare allow guests = no
usershare max shares = 100
usershare owner only = true
usershare path=/var/lib/samba/usershares/data
guest account = nobody
map to guest = Bad Password
template homedir = /home/%U
template shell = /bin/false
enable privileges = yes
os level = 40
ldap passwd sync = no


security = ADS
realm = USGPEOPLEFR.INT
idmap config USGPEOPLEFR:backend= rid
idmap config USGPEOPLEFR:read only= yes
idmap config USGPEOPLEFR:range  = 10 - 19
idmap config USGPEOPLEFR:base_rid   = 0
idmap gid = 7 - 9
idmap uid = 7 - 9
encrypt passwords = Yes
client ntlmv2 auth = Yes
client lanman auth = No
winbind normalize names = Yes
winbind separator = /
winbind use default domain = No
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = rfc2307
winbind offline logon = true
winbind cache time = 5
winbind refresh tickets = true
kerberos method = system keytab
allow trusted domains = Yes
*server signing = mandatory*
client signing = mandatory
lm announce = No
ntlm auth = No
lanman auth = No
preferred master = No
printing = bsd
nt acl support=yes
map acl inherit=yes
acl check permissions=yes
inherit permissions=no
inherit acls=yes
acl map full control=yes
dos filemode=yes
force unknown acl user = no


# LDAP settings ---
ldap delete dn = no
passdb backend = ldapsam:ldap://127.0.0.1:389
ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int
ldap suffix = dc=usgpeoplefr,dc=int
ldap group suffix = dc=organizations
ldap user suffix =  dc=organizations
ldap machine suffix = ou=Computer,dc=samba,dc=organizations
ldap delete dn = yes
ldap ssl  = off
ldap idmap suffix =
ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int

logon path =""
logon home =""
logon drive = ""
socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = yes
wins support = Yes
time server = yes
msdfs root = no
host msdfs = no


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba (CentOS) + Windows 7 Ultimate 64 = no login

[Dale Schroeder]

On 09/06/2011 2:09 PM, phpMagpie wrote:

Update: I tried the following tutorial
http://www.samba.org/samba/docs/man/Samba-Guide/simple.html#id2550946

*I changed my smb.conf to:*
[global]
workgroup = WEBBEDIT
security = SHARE
[HTML]
path = /var/www/html
read only = No
guest ok = Yes


Shortened version of what I use with 3.5.11 on Debian:

[global]
workgroup = WEBBEDIT
security = User
map to guest = Bad User
unix passwd sync = Yes

[html]
path = /var/www/html
read only = No
valid users = your_login
admin users = your_login

Ensure that your Win7, linux, and samba username and password 
combinations are identical.

If this config works, you can fine tune with other parameters as needed.

Dale



The first validation step is to run 'smbclient -L localhost -U%'.

*It should have returned something like:*
 Sharename Type Comment
 -  ---
 Plans Disk
 IPC$  IPC  IPC Service (Samba 3.0.20)
 ADMIN$ IPC  IPC Service (Samba 3.0.20)

 ServerComment
 -  ---
 webbedit.lan   Samba 3.0.20

 Workgroup  Master
 -  
 WEBBEDIT  SERVER

*Mine returned this:*
Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2]

 Sharename   Type  Comment
 -     ---
 HTML   Disk
 IPC$IPC   IPC Service (Samba 3.5.4-68.el6_0.2)
Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2]

 Server  Comment
 ----

 WorkgroupMaster
 ----

Now the tutorial is on an earlier version so some changes may be required,
but it's clear to see from my output that a domain is being set rather than
a Workgroup.  Any ideas?

Paul.

--
View this message in context: 
http://samba.2283325.n4.nabble.com/Samba-CentOS-Windows-7-Ultimate-64-no-login-tp3793880p3794292.html
Sent from the Samba - General mailing list archive at Nabble.com.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Clear Samba Process

[Aldyth Maharsha]

I have solution for prevent samba oplocks break failed, adding posix locking
= no but it is terrible because if one user open office file and another
user open same file it is not read only,,any another solution?

Best Regards,
Aldyth M

On Tue, Sep 6, 2011 at 1:44 PM, Aldyth Maharsha  wrote:

> I don't know what happening, but i have strange problem. My log show
> oplocks break failed it is only some user(not all user) and it is sometimes
> happening, sometimes good but sometimes close office file extremely
> slow..Any idea?
>
> Best regards,
> Aldyth M
>
> On Fri, Aug 26, 2011 at 7:43 PM, Bruno Martins wrote:
>
>> On 08/26/2011 01:12 PM, Aldyth Maharsha wrote:
>>
>>> Hi list, i'm have problem with samba 3.5 in ubuntu 11.04 server. When my
>>> user open file like office file it is okey but when close file it is
>>> extremely slow, and i'm view at log it is show error message "Oplocks
>>> break
>>> failed for xxx". I try to running smbstatus to view pid process and kill
>>> pid
>>> locked files it is works but my question is, what happening with my
>>> samba?,
>>> because if my user closing file extremely slow i must kill pid
>>> process(locked files), can i have another solution? because i'm copy file
>>> more than 5Gb it is fast and no problem with that...Thanks before
>>>
>>> It is my smb.conf :
>>> [global]
>>> workgroup = AAA
>>> netbios name = SUNKO08
>>> security = user
>>> enable privileges = yes
>>> server string = %h server
>>> encrypt passwords = Yes
>>>
>>> unix password sync = yes
>>> ldap passwd sync = yes
>>> passwd program = /usr/sbin/smbldap-passwd -u "%u"
>>> passwd chat = "Changing *\nNew password*" %n\n "*Retype new
>>> password*" %n\n"
>>>
>>> log level = 0
>>> syslog = 0
>>> log file = /var/log/samba/log.%U
>>> max log size = 10
>>> time server = Yes
>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>> dns proxy = no
>>> mangling method = hash2
>>> Dos charset = CP932
>>> Unix charset = UTF-8
>>> logon script = logon.bat
>>> logon drive = H:
>>> logon home =
>>> logon path =
>>> domain logons = Yes
>>> domain master = Yes
>>> os level = 65
>>> preferred master = Yes
>>> wins support = yes
>>> passdb backend = ldapsam:ldap://sunko02.sunko.
>>> local/
>>> ldap admin dn = cn=admin,dc=sunko,dc=local
>>> ldap suffix = dc=sunko,dc=local
>>> ldap group suffix = ou=groups
>>> ldap user suffix = ou=people
>>> ldap machine suffix = ou=computer
>>>add user script = /usr/sbin/smbldap-useradd -m "%u"
>>> delete user script = /usr/sbin/smbldap-userdel "%u"
>>> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>>> delete group script = /usr/sbin/smbldap-groupdel "%g"
>>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
>>> "%g"
>>> delete user from group script = /usr/sbin/smbldap-groupmod -x
>>> "%u"
>>> "%g"
>>> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
>>> admin users = domainadm
>>> ldap ssl = no
>>> load printers = Yes
>>> create mask = 0640
>>> directory mask = 0750
>>> nt acl support = No
>>> printing = cups
>>> printcap name = cups
>>> deadtime = 10
>>> guest account = nobody
>>> map to guest = Bad User
>>> dont descend = /proc,/dev,/etc,/lib,/lost+**found,/initrd
>>> show add printer wizard = yes
>>> preserve case = yes
>>> short preserve case = yes
>>> case sensitive = no
>>>
>>>
>>> best regards,
>>> Aldyth M
>>>
>> Aldyth,
>>
>> Check this page:
>> http://www.samba.org/samba/**docs/man/Samba-HOWTO-**
>> Collection/locking.html#**id2617810
>>
>> You may have to turn off oplocks.
>>
>> Best regards,
>>
>> --
>> Bruno Martins
>> bmomart...@gmail.com
>> (+351) 939668667
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  
>> https://lists.samba.org/**mailman/options/samba
>>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem exporting samba 3.6 registry

[Alejandro Escanero Blanco]

Runs perfectly.

El 07/09/11 10:51, Gregor Beck escribió:

On Wednesday, September 07, 2011 09:56:59 AM Alejandro Escanero Blanco wrote:

In samba3.6 I get a reject:

rebased on release-3-6-0rc1-1-g69ee029

Gregor



--
-
Alejandro Escanero Blanco
Servicio de Informática Sistemas - GISI
Tel:  671 569 262 (769262)
Edificio Empresarial Aljarafe, mod. 36
41940 Tomares (Sevilla)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] interdomain trusts: known to work on v3.5.4?

[Eric S. Hvozda]

Is anyone using interdomain trusts at all...?

On Aug 18, 2011, at 1:57 PM, "Eric S. Hvozda"  wrote:

> Greetings!
> 
> I'm having problems with winbind and interdomain trusts.
> 
> I've done alot of searching on the topic and there appears to be alot of folk 
> out there with the same problem, but not any solutions.
> 
> Environment is CentOS v5.6 with yumable samba3x-winbind-3.5.4-0.70 on x86_64.
> 
> Specifically, the host is joined (successfully) to A:
> 
> [ehvozda@AD-test samba]$ sudo wbinfo -t
> checking the trust secret for domain A via RPC calls succeeded
> [ehvozda@AD-test samba]$
> 
> A trusts B.
> 
> I can kinit and get valid tickets for principles in each, no problem.
> 
> winbind appears to see both A & B:
> 
> [ehvozda@AD-test samba]$ sudo wbinfo -u
> A\administrator
> A\guest
> A\krbtgt
> A\aselwyn
> A\ehvozda
> A\hvozdae
> A\b$
> B\administrator
> B\guest
> B\krbtgt
> B\ehvozda
> B\ehvozda_xxx
> [ehvozda@AD-test samba]$
> 
> users in A can authenticate via winbind:
> 
> [ehvozda@AD-test samba]$ sudo wbinfo -a A\\hvozdae
> Enter A\hvozdae's password: 
> plaintext password authentication succeeded
> Enter A\hvozdae's password: 
> challenge/response password authentication succeeded
> [ehvozda@AD-test samba]$
> 
> users in B cannot.
> 
> [ehvozda@AD-test samba]$ sudo wbinfo -a B\\ehvozda
> Enter B\ehvozda's password: 
> plaintext password authentication failed
> Could not authenticate user B\ehvozda with plaintext password
> Enter B\ehvozda's password: 
> challenge/response password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc064)
> error messsage was: No such user
> Could not authenticate user B\ehvozda with challenge/response
> [ehvozda@AD-test samba]$ 
> 
> However, clearly the user exists (see above).
> 
> winbind sees the trust:
> 
> [ehvozda@AD-test samba]$ sudo wbinfo -m
> BUILTIN
> AD-TEST
> A
> B
> [ehvozda@AD-test samba]$ 
> 
> However, for whatever reason, B is considered offline:
> 
> [ehvozda@AD-test samba]$ sudo wbinfo --online-status
> BUILTIN : online
> AD-TEST : online
> A : online
> B : offline
> [ehvozda@AD-test samba]$ 
> 
> Cranking debug level = 10 does not show anything obvious.
> 
> A few questions:
> 
> * Is interdomain trusts working in v3.5.4?
> * Is there specific documentation or a recipe that works for folk?
> * What are some debugging techniques I could try?
> *  Why is domain B is offline?
> 
> I've included my smb.conf file below:
> 
> [global]
>   workgroup = A
>   realm = A.LOCAL
>   security = ads
>   idmap backend = tdb
>   idmap uid = 1000-
>   idmap gid = 1000-
>   idmap config A : backend  = ad
>   idmap config A : range = 1000-2999
>   idmap config B : backend  = ad
>   idmap config B : range = 3000-4999
>   template shell = /bin/false
>   winbind offline logon = false
>   log level = 10
> 
>server string = Samba Server Version %v
>
>log file = /var/log/samba/log.%m
>max log size = 50
>
>passdb backend = tdbsam
>
>load printers = yes
>cups options = raw
>
> [homes]
>comment = Home Directories
>browseable = no
>writable = yes
>
> [printers]
>comment = All Printers
>path = /var/spool/samba
>browseable = no
>guest ok = no
>writable = no
>printable = yes
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Setting specific path for home, netlogon and profile

[jcdole]

Hello. 

I have tried every things but I can't make it work. 

On the server 
I want home for user FRED physically in /data/samba/home/FRED 
I want profile for user FRED physically in /data/samba/profile/FRED/linux ( 
when connecting from his laptop under linux ) 
I want profile for user FRED physically in /data/samba/profile/FRED/WinXP ( 
when connecting from his laptop under windows XP ) 
I want netlogon for user FRED physically in /data/samba/netlogon/FRED/linux ( 
when connecting from his laptop under linux ) 
I want netlogon for user FRED physically in /data/samba/netlogon/FRED/WinXP ( 
when connecting from his laptop under windows XP ) 

I am using %$(OSTYPE) be"cause %a return samba and not linux. ( see previous 
thread today ) 

This part of my config files. 

+ 
SMB.CONF 
+ 
[Global] 

logon script = %U.bat 
logon path = \\%L\profiles\%U\%$(OSTYPE) 
logon drive = U: 
logon home = \\%L\homes\%U\%$(OSTYPE) 

[homes] 
comment = Votre Repertoire home 
path = /data_1/100_samba/sysvol/homes/%U/%$(OSTYPE) 
read only = No 
create mask = 0777 
directory mask = 0777 
browseable = Yes 

[profiles] 
comment = Votre Profile itinerant 
path = /data_1/100_samba/sysvol/profiles/%U/%$(OSTYPE) 
read only = No 
create mask = 0777 
directory mask = 0777 
browseable = Yes 

[netlogon] 
comment = Network Logon Service (Netlogon) 
path = /data_1/100_samba/sysvol/netlogon/%U/%$(OSTYPE) 
read only = No 
browseable = Yes 

+ 
SMBLDAP.CONF 
+ 

userSmbHome="" 
userProfile="" 
userHomeDrive="U:" 
userScript="%U.bat" 

Thank you for helping 

jc dole 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Variable substitution

[jcdole]

Hello. 

%a return <>. 
I would like to have <>. So I try to use %$(OSTYPE). But it is not 
recognize ? 

Any idea ? 

Thank you for helping. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] 3.5.6 : WINBINDD: cli_negprot failed: NT_STATUS_ACCESS_DENIED with Active Directory

[David Touzeau]

Dear

Have connected SAMBA to an Active Directory server
The getent did not show any user and winbindd claim :

[2011/09/07 11:33:29.417355,  1]
libsmb/cliconnect.c:1769(cli_negprot_done)
  cli_negprot: SMB signing is mandatory and the server doesn't support
it.
[2011/09/07 11:33:29.417444,  1]
winbindd/winbindd_cm.c:856(cm_prepare_connection)
  cli_negprot failed: NT_STATUS_ACCESS_DENIED
[2011/09/07 11:33:29.696520,  1]
libsmb/cliconnect.c:1769(cli_negprot_done)
  cli_negprot: SMB signing is mandatory and the server doesn't support
it.
[2011/09/07 11:33:29.696599,  1]
winbindd/winbindd_cm.c:856(cm_prepare_connection)
  cli_negprot failed: NT_STATUS_ACCESS_DENIED
[2011/09/07 11:33:30.068625,  1]
libsmb/cliconnect.c:1769(cli_negprot_done)
  cli_negprot: SMB signing is mandatory and the server doesn't support
it.
[2011/09/07 11:33:30.068706,  1]
winbindd/winbindd_cm.c:856(cm_prepare_connection)
  cli_negprot failed: NT_STATUS_ACCESS_DENIED

How can i fix this issue ?

here it is the smb.conf

[global]
workgroup = USGPEOPLEFR
netbios name = onesys-samba
server string = %h server
disable netbios =no
strict allocate = No
strict locking = Auto
sync always = No
getwd cache = Yes
max protocol = NT1
name resolve order =host lmhosts wins bcast
dns proxy = No
wins support = Yes
min protocol = NT1
remote announce = 10.7.61.255/USGPEOPLEFR

syslog = 3
log level = 1
log file = /var/log/samba/log.%m
debug timestamp = yes
follow symlinks = yes
wide links = yes
unix extensions = no

usershare allow guests = no
usershare max shares = 100
usershare owner only = true
usershare path=/var/lib/samba/usershares/data
guest account = nobody
map to guest = Bad Password
template homedir = /home/%U
template shell = /bin/false
enable privileges = yes
os level = 40
ldap passwd sync = no


security = ADS
realm = USGPEOPLEFR.INT
idmap config USGPEOPLEFR:backend= rid
idmap config USGPEOPLEFR:read only= yes
idmap config USGPEOPLEFR:range  = 10 - 19
idmap config USGPEOPLEFR:base_rid   = 0
idmap gid = 7 - 9
idmap uid = 7 - 9
encrypt passwords = Yes
client ntlmv2 auth = Yes
client lanman auth = No
winbind normalize names = Yes
winbind separator = /
winbind use default domain = No
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = rfc2307
winbind offline logon = true
winbind cache time = 5
winbind refresh tickets = true
kerberos method = system keytab
allow trusted domains = Yes
server signing = mandatory
client signing = mandatory
lm announce = No
ntlm auth = No
lanman auth = No
preferred master = No
printing = bsd
nt acl support=yes
map acl inherit=yes
acl check permissions=yes
inherit permissions=no
inherit acls=yes
acl map full control=yes
dos filemode=yes
force unknown acl user = no


# LDAP settings ---
ldap delete dn = no
passdb backend = ldapsam:ldap://127.0.0.1:389
ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int
ldap suffix = dc=usgpeoplefr,dc=int
ldap group suffix = dc=organizations
ldap user suffix =  dc=organizations
ldap machine suffix = ou=Computer,dc=samba,dc=organizations
ldap delete dn = yes
ldap ssl  = off
ldap idmap suffix =
ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int

logon path =""
logon home =""
logon drive = ""
socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = yes
wins support = Yes
time server = yes
msdfs root = no
host msdfs = no

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem exporting samba 3.6 registry

[Alejandro Escanero Blanco]

In samba3.6 I get a reject:

***
*** 333,339 

switch (type) {
case REG_SZ:
-   if (!(f->hex_fmt & REG_FMT_HEX_SZ)) {
char* str = NULL;
size_t dlen;
if (pull_ucs2_talloc(mem_ctx, &str, (const 
smb_ucs2_t*)data, &dlen)) {

--- 339,347 

switch (type) {
case REG_SZ:
+   if (!(f->hex_fmt & REG_FMT_HEX_SZ)
+ && is_zero_terminated_ucs2(data, len))
+   {
char* str = NULL;
size_t dlen;
if (pull_ucs2_talloc(mem_ctx, &str, (const 
smb_ucs2_t*)data, &dlen)) {



Line 342 is:
 if (!(f->flags & REG_FMT_HEX_SZ)) {


El 06/09/11 08:29, Gregor Beck escribió:

Hi,

On Monday, September 05, 2011 10:02:25 AM Alejandro Escanero Blanco wrote:

Valgrind give me:

==25578== Memcheck, a memory error detector
==25578== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==25578== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==25578== Command:
XXX
XXX ==25578== Parent PID: 24066
==25578==
--25578--
--25578-- Valgrind options:
--25578---v
--25578----trace-children=yes
--25578----log-file=vg.log
--25578-- Contents of /proc/version:
--25578--   Linux version 2.6.18-194.el5
(mockbu...@x86-007.build.bos.redhat.com) (gcc version 4.1.2 20080704
(Red Hat 4.1.2-48)) #1 SMP Tue Mar 16 21:52:43 EDT 2010
--25578-- Arch and hwcaps: X86, x86-sse1-sse2
--25578-- Page sizes: currently 4096, max supported 4096
--25578-- Valgrind library directory: /usr/lib/valgrind
--25578-- Reading syms from /usr/local/samba/bin/net (0x108000)
--25578-- Reading syms from /lib/ld-2.5.so (0xb2f000)
--25578-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux
(0x3800)
--25578--object doesn't have a dynamic symbol table
--25578-- Reading suppressions file: /usr/lib/valgrind/default.supp
--25578-- REDIR: 0xb447d0 (index) redirected to 0x3803e483
(vgPlain_x86_linux_REDIR_FOR_index)
--25578-- Reading syms from
/usr/lib/valgrind/vgpreload_core-x86-linux.so (0x4801000)
--25578-- Reading syms from
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so (0x4803000)
==25578== WARNING: new redirection conflicts with existing -- ignoring it
--25578-- new: 0x00b447d0 (index   ) R->  0x04806640 index
--25578-- REDIR: 0xb44970 (strlen) redirected to 0x4806820 (strlen)
--25578-- Reading syms from /lib/libresolv-2.5.so (0x4811000)
--25578-- Reading syms from /lib/libnsl-2.5.so (0x4824000)
--25578-- Reading syms from /lib/libdl-2.5.so (0x483b000)
--25578-- Reading syms from /lib/librt-2.5.so (0x484)
--25578-- Reading syms from /usr/lib/libpopt.so.0.0.0 (0x4849000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libgssapi_krb5.so.2.2 (0x4851000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libkrb5.so.3.3 (0x487f000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libk5crypto.so.3.1 (0x4915000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libcom_err.so.2.1 (0x493b000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libuuid.so.1.2 (0x493f000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libldap-2.3.so.0.2.31 (0x4943000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/liblber-2.3.so.0.2.31 (0x497d000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/local/samba/lib/libtalloc.so.2.0.5
(0x498b000)
--25578-- Reading syms from /usr/local/samba/lib/libtdb.so.1.2.9
(0x4994000) --25578-- Reading syms from
/usr/local/samba/lib/libwbclient.so.0
(0x49a5000)
--25578-- Reading syms from /usr/lib/libz.so.1.2.3 (0x49b2000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libc-2.5.so (0x49c5000)
--25578-- Reading syms from /lib/libpthread-2.5.so (0x4b0b000)
--25578-- Reading syms from /usr/lib/libkrb5support.so.0.1 (0x4b23000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libkeyutils-1.2.so (0x4b2d000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /usr/lib/libsasl2.so.2.0.22 (0x4b3)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libssl.so.0.9.8e (0x4b49000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libcrypto.so.0.9.8e (0x4b91000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libselinux.so.1 (0x4cd2000)
--25578--object doesn't have a symbol table
--25578-- Reading syms from /lib/libcrypt-2.5.so (0x4ceb000)
--25578-- Reading syms from /lib/libsepol.so.1 (0x4d1d000)
--25578--object doesn't have a symbol table
--25578-- R