Re: [Samba] can't turn on wide links in homedir
On Wed, 2011-09-14 at 18:16 -0700, Linda Walsh wrote: > > Jeremy Allison wrote: > > I didn't like re-enabling the feature as it re-introduces something > > that was widely regarded as a security hole, > People widely regarded the earth as flat and ... well sometime > ago, > as in some areas, as only 6000 years old... Did you know the greks (150 BC and earlier) knew perfectly well the earth was round and calculated things like the radius of the earth with decent accuracy for the means and things like the precession ? Sometimes people walk backward :) Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't turn on wide links in homedir
Jeremy Allison wrote: I didn't like re-enabling the feature as it re-introduces something that was widely regarded as a security hole, People widely regarded the earth as flat and ... well sometime ago, as in some areas, as only 6000 years old... but recognised the need some sites have to enable it without patching the code. So naming it "allow insecure widelinks" is the best solution IMHO. That way people who are experimenting won't turn it on by accident and blame us (and yes, things like that *do* happen), but people who need it can do so happily. smb.conf is not a user interface, it's a configuration file. It's ok to have ugly options we don't recommend people use (as Volker said, you can set "guest user = root" if you really want to :-). If not, I didn't win. I feel that I failed to communicate with you. "What we have here is a failure to communicate..." :-) :-). (name that movie ! :-). -- *sigh*... I'm just fed up of discussing it. As you are one of the sites who vociferously requested this option back in the code (even to the extent of opening a bug and writing a patch) then let's just leave things as they are. I won't respond again on this topic, I have far too many other things to do. Oh...ok...well, ... um... thanks? I think? :-) (still wish I could help you deal with the idiots who think the world is flat...but I'm rarely if ever a good convincer of anything, even though what I say is often valid )...*sigh* I think my nick should have been Cassandra... Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unexpected "Access Denied"
Background: This situation is using Rational ClearCase in a situation with server on Solaris 10 and clients on a mixture of Windows XP and Windows 7, with access to the VOB (repository) enabled via Samba version: 3.4.9 Users are getting a consistent error with a specific ClearCase operation (Add to Source Control), which we have traced to a Samba interaction. The issue: For the interaction described, I need to know is it a) Working as Designed (would then like to understand why it is designed that way) b) defective c) dependent on Samba config/compile options (would then want to know which options control the behaviour) The file: -r--r- 1 cc_admin cc_users 5 Aug 1 16:29 /data01/vobstore/vobs_test_special.vbs/c/cdft/1c/19/1045e69c222a4a92bc1d733ec7cb1d6a The Samba connection made (log message): 141.11.249.110 (141.11.249.110) connect to service data01 initially as user rivacl (uid=20213, gid=9007) (pid 14214) GID 9007 is "cc_users" Microsoft Process Monitor / Network Trace shows that file access succeeds for "Generic Read" on the UNC path --- snip from process monitor event properties Result:SUCCESS Desired Access: Generic Read Disposition: Open Options: Synchronous IO Alert -- The failing operation is --- process monitor event properties Date & Time:27/07/2011 5:18:03 PM Event Class:File System Operation:CreateFile Result:ACCESS DENIED Path:\\MYSERVER .MYORG.com\data01\vobstore\vobs_test_special.vbs\c\cdft\20\3a\2fd3179605c4436d83180c065bc59c67 TID:4112 Duration:0.0008641 Desired Access:Read EA, Read Attributes, Read Control, Synchronize Disposition:Open Options:Synchronous IO Non-Alert Attributes:n/a ShareMode:Read, Write, Delete AllocationSize:n/a -- This gets passed to the network as (flags same on request as response) 1622 00:55:07.589682 192.11.249.139 192.11.248.155 SMB NT Create AndX Request, Path: \vobstore\vobs_test_special.vbs\c\cdft\1c\19\1045e69c222a4a92bc1d733ec7cb1d6a Create Flags: 0x0010 ... ...1 = Extended Response: Extended responses required ... 0... = Create Directory: Target of open can be a file ... .0.. = Batch Oplock: Does NOT request batch oplock ... ..0. = Exclusive Oplock: Does NOT request oplock Access Mask: 0x00120088 ... ...1 = Synchronize: Can wait on handle to SYNCHRONIZE on completion of I/O ... ..1. = Read Control: READ ACCESS to owner, group and ACL of the SID ... 1... = Read Attributes: READ ATTRIBUTES access ... 1... = Read EA: READ EXTENDED ATTRIBUTES access Share Access: 0x0007 SHARE_DELETE SHARE_WRITE SHARE_READ 1623 00:55:07.590514 192.11.248.155 192.11.249.139 SMB NT Create AndX Response, FID: 0x, Error: STATUS_ACCESS_DENIED The request succeeds when the file permissions are 444 but fails when they are 440 The connection resolves to being in the same group as the file, so it seems to me the world readable bit should be irrelevant. FYI attaching the output of "testparm -v -s" Thanks you for any help you can give. David Every act is an act of self-definition.[global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = EU realm = MYORG.com netbios name = MYSERVER netbios aliases = netbios scope = server string = MYSERVER interfaces = bind interfaces only = No security = ADS auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = No password server = MYORG.com smb passwd file = /opt/samba-3.4.9/private/smbpasswd private dir = /opt/samba-3.4.9/private passdb backend = tdbsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = /opt/samba/etc/username.map password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No cli
Re: [Samba] can't turn on wide links in homedir
On Wed, Sep 14, 2011 at 04:28:43PM -0700, Linda W wrote: > > I don't think you felt good about adding the option, but assuaged > yourself with > naming it something belligerent to users rather than descriptively > and neutrally, > (something I don't think appropriate in a user interface of the sort > samba presents), > which really -- did that make you feel 'ok' with adding the option? I didn't like re-enabling the feature as it re-introduces something that was widely regarded as a security hole, but recognised the need some sites have to enable it without patching the code. So naming it "allow insecure widelinks" is the best solution IMHO. That way people who are experimenting won't turn it on by accident and blame us (and yes, things like that *do* happen), but people who need it can do so happily. smb.conf is not a user interface, it's a configuration file. It's ok to have ugly options we don't recommend people use (as Volker said, you can set "guest user = root" if you really want to :-). > If not, I didn't win. I feel that I failed to communicate with you. "What we have here is a failure to communicate..." :-) :-). (name that movie ! :-). I'm just fed up of discussing it. As you are one of the sites who vociferously requested this option back in the code (even to the extent of opening a bug and writing a patch) then let's just leave things as they are. I won't respond again on this topic, I have far too many other things to do. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't turn on wide links in homedir
But what if we didn't need the option in the first place? (i.e. the workaround code?)... Wouldn't it make for a cleaner implementation to not add a hack on top of a hack? I'm a perfectionist -- just just a "it'll do" type...that's why I tend to persist. Though if you aren't interested, you aren't interested... What name did you choose anyway? I'm not sure why I should declare victory... It's not about a battle...it's about doing the best one can -- but there is no triumph ... of a over b. or such.. I don't find such to ever be a valuable attitude (though many people engage in 'win/lose' stuff). I prefer not to. I think the above reasons are partly why I get misinterpreted at times... (that and the seemingly opposite 'lack of attention to detail -- a case of overfocusing on one part of a problem (or the whole problem) and therefore missing pieces...it happens. I don't feel like I won because you didn't feel good about adding the option even though you got to make it a silly name. I don't think you felt good about adding the option, but assuaged yourself with naming it something belligerent to users rather than descriptively and neutrally, (something I don't think appropriate in a user interface of the sort samba presents), which really -- did that make you feel 'ok' with adding the option? If not, I didn't win. I feel that I failed to communicate with you. But that's me and my warped definitions... Jeremy Allison wrote: On Wed, Sep 14, 2011 at 03:37:11PM -0700, Linda Walsh wrote: I would like to put forth a possible alternative for consideration (perhaps a bit late in the game), though perhaps a goal for a release in the near future. Better to say someting that be accused later of saying nothing... Linda, you're flogging a dead horse. The code you wanted is in, even though it has a name you don't like. Declare victory and move on. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Browsing confusion
From: steff...@gmx.de Date: Tue, 13 Sep 2011 17:17:23 +0200 (snip) > The question is how the clients > on the other subnets should find the BDC if the PDC is down if only > one of them has wins support = yes set as suggested in the manpage > for smb.conf. As you would understand, WINS server implementation of Samba lacks the function of replication, which means no redundancy. Unfortunately, there is no smart way to resolve that: 1) using samba4wins or WINS server on Windows server which can replicate their WINS database to each other. 2) using LMHOSTS file 3) using one of some hand-made replication solutions: I know 2 solutions in Japan. Both use "wins hook" parameter. - http://www.osstech.co.jp/techinfo/samba/wins-push - http://wiki.samba.gr.jp/mediawiki/index.php?title=WINS-replication If you are interested in them, I will translate them in English. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Printing api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed
It is odd here also, on one server (debian lenny with samba 3.5.6 from
backports) using
dos charset = 850
unix charset = UTF8
fixed that issue on an other server (same osand versions) i also had to
add the unix charset line and it worked for an document which did not
work without and generated an error log entry like yours. looking at the
log file i still see a few of those SPOOLSS error messages. Users did
not report problems but i have to ask em if they have had issues with
printing this week.
If the error occures there is no print job generated at the cups server
at all and errors like those above appear in log.smbd
[2011/09/14 16:09:28.780842, 0] lib/charcnv.c:650(convert_string_talloc)
Conversion error: Illegal multibyte sequence(@^W^TH^X^T^A^D)
[2011/09/14 16:09:28.780969, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP)
api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed.
[2011/09/14 16:09:29.001633, 0] lib/charcnv.c:650(convert_string_talloc)
Conversion error: Illegal multibyte sequence(@^W^TH^X^T^A^D)
[2011/09/14 16:09:29.001724, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP)
api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed.
[2011/09/14 16:20:05.843419, 0] lib/charcnv.c:650(convert_string_talloc)
Conversion error: Illegal multibyte
sequence(<88>^H^N<9F>^T^T`^K^T)
[2011/09/14 16:20:05.843511, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP)
api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed.
[2011/09/14 16:20:06.107415, 0] lib/charcnv.c:650(convert_string_talloc)
Conversion error: Illegal multibyte
sequence(<88>^H^N<9F>^T^T`^K^T)
[2011/09/14 16:20:06.107788, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP)
achim~
Am 14.09.2011 14:19, schrieb Claus Rosenberger:
From the Windows side the samba connected printers show "printer not
connected" if the problem appears, on all clients the same time. But Cups connected
printers will be shown as Printer Ready. This situation is just a few minutes, now it was
45 minutes, but no more interesting things in the logfiles. Perhaps somebody knows whicn
keywords to search for.
Am 14.09.2011 14:03:37, schrieb Claus Rosenberger:
Thats really annoying because the printing with samba is not possible, just
printing directly to cups is possible. The clients are working with UTF-8, the
server is working with UTF-8, don't know why character conversion should be a
problem here.
More details:
[2011/09/14 13:55:24.173846, 5] rpc_server/srv_pipe.c:2367(api_pipe_request)
Requested \PIPE\\spoolss
[2011/09/14 13:55:24.173878, 4] rpc_server/srv_pipe.c:2404(api_rpcTNP)
api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX
[2011/09/14 13:55:24.173912, 6] rpc_server/srv_pipe.c:2434(api_rpcTNP)
api_rpc_cmds[69].fn == 0x7f844834b140
[2011/09/14 13:55:24.173953, 3] lib/charcnv.c:644(convert_string_talloc)
convert_string_talloc: Conversion error: Illegal multibyte
sequence(Û<8A><8A><8A><9C>^G)
[2011/09/14 13:55:24.173986, 0] lib/charcnv.c:650(convert_string_talloc)
Conversion error: Illegal multibyte sequence(Û<8A><8A><8A><9C>^G)
[2011/09/14 13:55:24.174017, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error)
ndr_pull_error(5): Bad character conversion
[2011/09/14 13:55:24.174064, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP)
api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed.
[2011/09/14 13:55:24.174099, 3]
rpc_server/srv_pipe_hnd.c:344(free_pipe_context)
free_pipe_context: destroying talloc pool of size 0
[2011/09/14 13:55:24.174130, 3]
rpc_server/srv_pipe_hnd.c:656(process_complete_pdu)
process_complete_pdu: DCE/RPC fault sent on pipe \spoolss
[2011/09/14 13:55:24.174161, 10]
rpc_server/srv_pipe_hnd.c:180(set_incoming_fault)
set_incoming_fault: Setting fault state on pipe \spoolss
[2011/09/14 13:55:24.174193, 5] rpc_parse/parse_prs.c:89(prs_debug)
00 smb_io_rpc_hdr
major : 05
0001 minor : 00
0002 pkt_type : 03
0003 flags : 23
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0020
000a auth_len :
000c call_id : 796c
[2011/09/14 13:55:24.174346, 5] rpc_parse/parse_prs.c:89(prs_debug)
10 smb_io_rpc_hdr_resp resp
0010 alloc_hint:
0014 context_id:
0016 cancel_ct : 00
0017 reserved : 00
[2011/09/14 13:55:24.174431, 5] rpc_parse/parse_prs.c:89(prs_debug)
18 smb_io_rpc_hdr_fault fault
0018 status : DCERPC_FAULT_OP_RNG_ERROR
001c reserved:
[2011/09/14 13:55:24.174487, 10]
rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe)
write_to_pipe: data_used = 2670
[2011/09/14 13:55:24.174538, 6]
rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe)
name: \spoolss len: 1024
[2011/09/14 13:55:24.174573, 10]
rpc_server/srv_pipe_hnd.c:854(read_from_internal_pipe)
read_from_pipe: \spoolss: current_pdu_len = 32, current_pdu_sent = 0
returning 32 bytes.
Am 19.08.
Re: [Samba] can't turn on wide links in homedir
On Wed, Sep 14, 2011 at 03:37:11PM -0700, Linda Walsh wrote: > I would like to put forth a possible alternative for consideration > (perhaps a bit late in the game), though perhaps a goal for a release in > the near future. Better to say someting that be accused later of saying > nothing... Linda, you're flogging a dead horse. The code you wanted is in, even though it has a name you don't like. Declare victory and move on. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't turn on wide links in homedir
Jeremy Allison wrote: We needed to make it impossible to configure Samba insecurely. At the time this was proposed, it was posted to the list and no dissenting voices were heard. --- Not exactly true -- as soon as this feature was available for testing in a downloadable package, there were dissenting voices. Proposing patches or changes on 1 product that one is responsible for, out of the 100's to 1000's of packages (over 3600 on one machine I just checked), that people use on their machines, AND expecting any representative or informed response from those that will affected by such a patch, is provincial, at best. When people were hit by this remote-management disabling patch, in the first release that included it, there was, there was notable dissent. dissent. It improved server security in the same way that ANY disabling of remote- administration abilities will 'improve' server security -- i.e. it may or it may result in creating worse problems. The 'bug'[sic], was that a user could create a symlink in their home dir to point to /etc/passwd. Using that, they could allow /etc/passd to be readable by anyone who had pass-through access on the user's home dir, and the ability to read /etc/passwd. However, users who have their home directory on the server, as in one some of the samba-suggested configurations where *nix security is controlled by a samba PDC, could always manage symlinks remotely via ssh. If a site expected users to be able to use directed links in specfic shares, they could turn on wide-links for the share that needs them (on which USERS may have no write access), while on user-writable shares, wide-links would not be enabled. This would be the expected way someone would manage this feature. But limiting wide links to non-user-writeable shares was considered too difficult for people to figure out. And somehow, allowing wide-links to function, ONLY on non-user-write-able shares was considered 'insecure' (how?). Even though there was an easy solution t0 the problem, the solution was server-wide disabling of wide-links on all shares, if unix extensions were enabled --- something that did more harm than good and likely *created* 'insecure samba configurations', for sites that needed that functionality by had to work around it.. Contrary to the assertion that server-wide disabling of 'wide links' (an imprecise and non descriptive term that probably led to the problem that arose in the first place!) resulted in disallowing 'insecure configurations', It created some configs that were more secure, AND some configs that were less secure. Now there is the strong possiblity of another option with another bad name being added to get around previously ill-chosen named options in order to allow 're-hardening' of security on sites that were 'made less secure' the original disabling patch. ARG!... I would like to put forth a possible alternative for consideration (perhaps a bit late in the game), though perhaps a goal for a release in the near future. Better to say someting that be accused later of saying nothing... Immediate: - Revert the original patch. - deprecate 'wide links'. - add new, descriptive term: allow symlinks outside share boundaries = (yes/no) Or, longer term solution might be to add: permitted symlink targets = ... veto symlink targets = ... e.g. permitted symlink targets = / veto symlink targets = /etc /proc /sbin /dev /root /tmp or permitted symlink targets = /home /Share /backup /bin ... (excluding /etc, thus passwd, for example). Claiming that some options are 'insecure' - when used correctly is confusing, as it leads one to wonder why is it that an option that is not insecure on linux, IS insecure on samba...are there bugs in samba that make it more insecure? Certainly, if options are unclear, then they should be renamed over time. Through a @allow_compat options could be immediately deprecated, and 're-allowed' for 2-3 releases (or some fixed time). But going with descriptions that label 'useful (and used) features' as "insecure", when the opposite may be true for a given site is bound to cause confusion and a desire to give multitudes of *worse* ways the samba can be be abused even though it is claimed that it is impossible to configure it "insecurely"... I'm sure that wouldn't be appreciated, bug some might feel a need to relate such configs, purely so that every useful samba config (or option) can be "prohibited" in the name of protecting us... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.4 and duplicated UIDs after connection to ADS domain
Hello, I have connected Samba 3.5.4 to Windows 2008 R2 domain and Samba has allocated the same UID number for several users from ADS ? I think each user should have unique UID number. Do you know what can cause the problem ? cat /etc/smb.conf [global] netbios name = san01 workgroup = DEVEL server string = SAN Server security = ADS password server = kerberos.server realm = DEVEL.LOCAL allow trusted domains = no # interfaces = 127.0.0.1 eth0 bind interfaces only = True lock directory = /usr/local/samba/var/locks usershare path = /usr/local/samba/var/locks/usershares encrypt passwords = Yes use spnego = yes domain logons = no obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 6000 socket options = TCP_NODELAY IPTOS_LOWDELAY keep alive = 10 os level = 0 local master = no preferred master = no domain master = False dns proxy = No invalid users = root whell deadtime = 0 create mask = 0777 directory mask = 0777 inherit permissions = yes map acl inherit = yes inherit acls = yes locking = yes admin users = map hidden = no map system = no map archive = no store dos attributes = yes guest account = guest map to guest = bad password printable = no restrict anonymous = yes follow symlinks = yes wide links = no dos charset = CP852 display charset = UTF8 wins server = pid directory = /tmp force unknown acl user = yes winbind separator = + winbind uid = 101-200 winbind gid = 101-200 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U template shell = /bin/bash enable asu support = Yes # enable svcctl = printcap cache time = 0 acl check permissions = Yes # acl group control = No dos filemode = Yes acl map full control = Yes inherit owner = No ldap admin dn= "cn=admin,dc=server,dc=nas" ldap suffix= "dc=server,dc=nas" #ldap server= 127.0.0.1 passdb backend = ldapsam:ldap://127.0.0.1:389 # ldap port= 389 ldap ssl= no lanman auth = yes client lanman auth = yes client plaintext auth = yes max stat cache size = 1024 smb encrypt = disabled unix extensions = no [share] path = /volume/samba comment = guest ok = No read only = NO browseable = YES printable = No valid users = "DEVEL+user2000","DEVEL+user1999" case sensitive = no default case = lower preserve case = yes short preserve case = yes inherit owner = NO inherit acls = YES inherit permissions = YES locking = YES map acl inherit = YES cat /etc/nsswitch.conf passwd: files winbind group: files winbind shadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Best Regards Adrian Berlin -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 2GB of Storage! http://connections.rock.com/user/displayUserRegisterPage.kickAction?as=116748&STATUS=MAIN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] copy acls with getfacl / setfalc - invalid argument ....
Hello Oliver, what's the content around line 756635? Am 14.09.2011 15:40:22, schrieb Fink Oliver: > Hello Claus, > > No I don't think so: > > My old fileserver: > fileserver /etc/samba/private > locale > LANG=en_US.ISO8859-1 > LC_CTYPE="en_US.ISO8859-1" > LC_NUMERIC="en_US.ISO8859-1" > LC_TIME="en_US.ISO8859-1" > LC_COLLATE=C > LC_MONETARY="en_US.ISO8859-1" > LC_MESSAGES="en_US.ISO8859-1" > LC_PAPER="en_US.ISO8859-1" > LC_NAME="en_US.ISO8859-1" > LC_ADDRESS="en_US.ISO8859-1" > LC_TELEPHONE="en_US.ISO8859-1" > LC_MEASUREMENT="en_US.ISO8859-1" > LC_IDENTIFICATION="en_US.ISO8859-1" > LC_ALL= > > My new fileserver: > fileneu /data/raid/fileserver > locale > LANG=en_US.ISO8859-1 > LC_CTYPE="en_US.ISO8859-1" > LC_NUMERIC="en_US.ISO8859-1" > LC_TIME="en_US.ISO8859-1" > LC_COLLATE=C > LC_MONETARY="en_US.ISO8859-1" > LC_MESSAGES="en_US.ISO8859-1" > LC_PAPER="en_US.ISO8859-1" > LC_NAME="en_US.ISO8859-1" > LC_ADDRESS="en_US.ISO8859-1" > LC_TELEPHONE="en_US.ISO8859-1" > LC_MEASUREMENT="en_US.ISO8859-1" > LC_IDENTIFICATION="en_US.ISO8859-1" > LC_ALL= > > What else could that be? > > Thanks in advance! > Olli > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] copy acls with getfacl / setfalc - invalid argument ....
Hello Claus, No I don't think so: My old fileserver: fileserver /etc/samba/private > locale LANG=en_US.ISO8859-1 LC_CTYPE="en_US.ISO8859-1" LC_NUMERIC="en_US.ISO8859-1" LC_TIME="en_US.ISO8859-1" LC_COLLATE=C LC_MONETARY="en_US.ISO8859-1" LC_MESSAGES="en_US.ISO8859-1" LC_PAPER="en_US.ISO8859-1" LC_NAME="en_US.ISO8859-1" LC_ADDRESS="en_US.ISO8859-1" LC_TELEPHONE="en_US.ISO8859-1" LC_MEASUREMENT="en_US.ISO8859-1" LC_IDENTIFICATION="en_US.ISO8859-1" LC_ALL= My new fileserver: fileneu /data/raid/fileserver > locale LANG=en_US.ISO8859-1 LC_CTYPE="en_US.ISO8859-1" LC_NUMERIC="en_US.ISO8859-1" LC_TIME="en_US.ISO8859-1" LC_COLLATE=C LC_MONETARY="en_US.ISO8859-1" LC_MESSAGES="en_US.ISO8859-1" LC_PAPER="en_US.ISO8859-1" LC_NAME="en_US.ISO8859-1" LC_ADDRESS="en_US.ISO8859-1" LC_TELEPHONE="en_US.ISO8859-1" LC_MEASUREMENT="en_US.ISO8859-1" LC_IDENTIFICATION="en_US.ISO8859-1" LC_ALL= What else could that be? Thanks in advance! Olli -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Claus Rosenberger Gesendet: Mittwoch, 14. September 2011 15:33 An: samba@lists.samba.org Betreff: Re: [Samba] copy acls with getfacl / setfalc - invalid argument Take a look into your backup file at this line, perhaps there is an issue with encoding of the filesystems. I.e. old server uses latin1, new one uses utf-8. Am 14.09.2011 15:29:22, schrieb Fink Oliver: > I hav a problem porting my ACLS from my old filserver to a new one... > > > > > > My old Fileserver: > > I have my shares on a partition supporting acls with ext3 > > /dev/md0 on /data/raid type ext3 (rw,acl,user_xattr) > > > > > > My new Fileserver: > > /dev/md0 on /data/raid type ext4 (rw,acl,user_xattr) > > > > > > Now I copied all my shares to the new Fileserver with rsync and backed > up my acls with: > > > > getfacl -R > acls-fileserver.facl > > > > I copyied the file "acls-fileserver.facl" to the new one and tried to > restore > > all the acls to the files and directories with: > > > > setfacl -restore=acls-fileserver.facl > > > > There I keep getting an error > > "Invalid argument in line 75635" > > Sometimes sonner sometimes later. > > > > I also had: "Invalid argument in line 14" > > > > It seems to be if there is a ":rwx" behind the user like the following > line: > > "user:MYDOMAIN/some.user:rwx" > > > > > > I use getfacl / setfacl Version 2.5.1 > > > > Thanks for your help in advance! > > Greetings > > Oliver > > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] copy acls with getfacl / setfalc - invalid argument ....
Take a look into your backup file at this line, perhaps there is an issue with encoding of the filesystems. I.e. old server uses latin1, new one uses utf-8. Am 14.09.2011 15:29:22, schrieb Fink Oliver: > I hav a problem porting my ACLS from my old filserver to a new one... > > > > > > My old Fileserver: > > I have my shares on a partition supporting acls with ext3 > > /dev/md0 on /data/raid type ext3 (rw,acl,user_xattr) > > > > > > My new Fileserver: > > /dev/md0 on /data/raid type ext4 (rw,acl,user_xattr) > > > > > > Now I copied all my shares to the new Fileserver with rsync and backed > up my acls with: > > > > getfacl -R > acls-fileserver.facl > > > > I copyied the file "acls-fileserver.facl" to the new one and tried to > restore > > all the acls to the files and directories with: > > > > setfacl -restore=acls-fileserver.facl > > > > There I keep getting an error > > "Invalid argument in line 75635" > > Sometimes sonner sometimes later. > > > > I also had: "Invalid argument in line 14" > > > > It seems to be if there is a ":rwx" behind the user like the following > line: > > "user:MYDOMAIN/some.user:rwx" > > > > > > I use getfacl / setfacl Version 2.5.1 > > > > Thanks for your help in advance! > > Greetings > > Oliver > > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] copy acls with getfacl / setfalc - invalid argument ....
I hav a problem porting my ACLS from my old filserver to a new one... My old Fileserver: I have my shares on a partition supporting acls with ext3 /dev/md0 on /data/raid type ext3 (rw,acl,user_xattr) My new Fileserver: /dev/md0 on /data/raid type ext4 (rw,acl,user_xattr) Now I copied all my shares to the new Fileserver with rsync and backed up my acls with: getfacl -R > acls-fileserver.facl I copyied the file "acls-fileserver.facl" to the new one and tried to restore all the acls to the files and directories with: setfacl -restore=acls-fileserver.facl There I keep getting an error "Invalid argument in line 75635" Sometimes sonner sometimes later. I also had: "Invalid argument in line 14" It seems to be if there is a ":rwx" behind the user like the following line: "user:MYDOMAIN/some.user:rwx" I use getfacl / setfacl Version 2.5.1 Thanks for your help in advance! Greetings Oliver -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Printing api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed
From the Windows side the samba connected printers show "printer not connected" if the problem appears, on all clients the same time. But Cups connected printers will be shown as Printer Ready. This situation is just a few minutes, now it was 45 minutes, but no more interesting things in the logfiles. Perhaps somebody knows whicn keywords to search for. Am 14.09.2011 14:03:37, schrieb Claus Rosenberger: > Thats really annoying because the printing with samba is not possible, just printing directly to cups is possible. The clients are working with UTF-8, the server is working with UTF-8, don't know why character conversion should be a problem here. > > More details: > > [2011/09/14 13:55:24.173846, 5] rpc_server/srv_pipe.c:2367(api_pipe_request) > Requested \PIPE\\spoolss > [2011/09/14 13:55:24.173878, 4] rpc_server/srv_pipe.c:2404(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX > [2011/09/14 13:55:24.173912, 6] rpc_server/srv_pipe.c:2434(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7f844834b140 > [2011/09/14 13:55:24.173953, 3] lib/charcnv.c:644(convert_string_talloc) > convert_string_talloc: Conversion error: Illegal multibyte sequence(Û<8A><8A><8A><9C>^G) > [2011/09/14 13:55:24.173986, 0] lib/charcnv.c:650(convert_string_talloc) > Conversion error: Illegal multibyte sequence(Û<8A><8A><8A><9C>^G) > [2011/09/14 13:55:24.174017, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error) > ndr_pull_error(5): Bad character conversion > [2011/09/14 13:55:24.174064, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP) > api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed. > [2011/09/14 13:55:24.174099, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 > [2011/09/14 13:55:24.174130, 3] rpc_server/srv_pipe_hnd.c:656(process_complete_pdu) > process_complete_pdu: DCE/RPC fault sent on pipe \spoolss > [2011/09/14 13:55:24.174161, 10] rpc_server/srv_pipe_hnd.c:180(set_incoming_fault) > set_incoming_fault: Setting fault state on pipe \spoolss > [2011/09/14 13:55:24.174193, 5] rpc_parse/parse_prs.c:89(prs_debug) > 00 smb_io_rpc_hdr > major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 23 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : > 000c call_id : 796c > [2011/09/14 13:55:24.174346, 5] rpc_parse/parse_prs.c:89(prs_debug) > 10 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: > 0014 context_id: > 0016 cancel_ct : 00 > 0017 reserved : 00 > [2011/09/14 13:55:24.174431, 5] rpc_parse/parse_prs.c:89(prs_debug) > 18 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_OP_RNG_ERROR > 001c reserved: > [2011/09/14 13:55:24.174487, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) > write_to_pipe: data_used = 2670 > [2011/09/14 13:55:24.174538, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) > name: \spoolss len: 1024 > [2011/09/14 13:55:24.174573, 10] rpc_server/srv_pipe_hnd.c:854(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. > > Am 19.08.2011 11:49:27, schrieb Claus Rosenberger: > > After connecting the same printers directly to cups using the same > > > drivers the printouts are available without any problems. So probably > > > some conversion inside of samba will cancel the printjobs. > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Printing api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed
Thats really annoying because the printing with samba is not possible, just printing directly to cups is possible. The clients are working with UTF-8, the server is working with UTF-8, don't know why character conversion should be a problem here. More details: [2011/09/14 13:55:24.173846, 5] rpc_server/srv_pipe.c:2367(api_pipe_request) Requested \PIPE\\spoolss [2011/09/14 13:55:24.173878, 4] rpc_server/srv_pipe.c:2404(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2011/09/14 13:55:24.173912, 6] rpc_server/srv_pipe.c:2434(api_rpcTNP) api_rpc_cmds[69].fn == 0x7f844834b140 [2011/09/14 13:55:24.173953, 3] lib/charcnv.c:644(convert_string_talloc) convert_string_talloc: Conversion error: Illegal multibyte sequence(Û<8A><8A><8A><9C>^G) [2011/09/14 13:55:24.173986, 0] lib/charcnv.c:650(convert_string_talloc) Conversion error: Illegal multibyte sequence(Û<8A><8A><8A><9C>^G) [2011/09/14 13:55:24.174017, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error) ndr_pull_error(5): Bad character conversion [2011/09/14 13:55:24.174064, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP) api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed. [2011/09/14 13:55:24.174099, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2011/09/14 13:55:24.174130, 3] rpc_server/srv_pipe_hnd.c:656(process_complete_pdu) process_complete_pdu: DCE/RPC fault sent on pipe \spoolss [2011/09/14 13:55:24.174161, 10] rpc_server/srv_pipe_hnd.c:180(set_incoming_fault) set_incoming_fault: Setting fault state on pipe \spoolss [2011/09/14 13:55:24.174193, 5] rpc_parse/parse_prs.c:89(prs_debug) 00 smb_io_rpc_hdr major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 23 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 000c call_id : 796c [2011/09/14 13:55:24.174346, 5] rpc_parse/parse_prs.c:89(prs_debug) 10 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0014 context_id: 0016 cancel_ct : 00 0017 reserved : 00 [2011/09/14 13:55:24.174431, 5] rpc_parse/parse_prs.c:89(prs_debug) 18 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_OP_RNG_ERROR 001c reserved: [2011/09/14 13:55:24.174487, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 2670 [2011/09/14 13:55:24.174538, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \spoolss len: 1024 [2011/09/14 13:55:24.174573, 10] rpc_server/srv_pipe_hnd.c:854(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. Am 19.08.2011 11:49:27, schrieb Claus Rosenberger: > After connecting the same printers directly to cups using the same > drivers the printouts are available without any problems. So probably > some conversion inside of samba will cancel the printjobs. > > Am 11.08.2011 11:32, schrieb Claus Rosenberger: > > Hello, > > > > after upgrading to samba 3.5.6 of Debian Squeeze some printouts will not > printed. The same prinjob will printed after a couple of tries. I increased > the loglevel and there are only a few messages which showing whtat could be > the problem. The printjobs doesn't arrive at cups. > > > > [2011/08/10 11:32:12.700665, 0] lib/charcnv.c:650(convert_string_talloc) > Conversion error: Illegal multibyte sequence(^A^H <8C>^R ) > > [2011/08/10 11:32:12.700720, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error) > ndr_pull_error(5): Bad character conversion > > [2011/08/10 11:32:12.700756, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP) > api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed. > > [2011/08/10 11:32:13.901183, 0] lib/charcnv.c:650(convert_string_talloc) > Conversion error: Illegal multibyte sequence(^A^H <8C>^R ) > > [2011/08/10 11:32:13.924149, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error) > ndr_pull_error(5): Bad character conversion > > [2011/08/10 11:32:13.924206, 0] rpc_server/srv_pipe.c:2439(api_rpcTNP) > api_rpcTNP: \spoolss: SPOOLSS_OPENPRINTEREX failed. > > > > The printer is a Konica Minolta bizhup 40P, which is installed on client with > Point and Print and the newest ppd files from Konica Minolta. > > > > What could be the problem? > > > > Thank you > > Claus > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ctdb node disable windows xcopy break
On Thu, Sep 08, 2011 at 02:39:09PM +0200, Kosa Attila wrote: > Hi, > > What did I miss / do wrong? My config didn't work like on the > below linked video: > http://www.samba.org/~tridge/ctdb_movies/node_disable.html > > With my config, the copy process fails/breaks despite that the > tesztxp PC successfully maps the other (samba) PC in case the > first (samba) PC is out. In the samba logs (even at log level = 10) > I didn't see any information that can help me solve this problem. I tested if I copy files from a dos window at C:\ with the command (xcopy /S /E /F /Y /Z C:\DATA1 Z:\DATA2), the copy process didn't break when I disable the active ctdb (ctdb disable -n 0). On the other hand, if I reverse the direction and copy from the share to the local disk, shortly after the execution of the "ctdb disable -n 0" command, the copy process breaks. Because the copy only broke when the remote share was the source I thought that the problem might be somewhere around the reading process. I tried the process with increased windows memory (512MB -> 1G) and with different file sizes (0 byte, 1MB and 2 MB) but none of them changed the result (the copy process breaks when the active node gets disabled) As previously, the samba logs didn't contain any information that could lead me to the root of the problem. Can anyone help me what should I try/do to find a working cluster config/solution? -- Cheers, Zsiga -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
