[Samba] directory permission for samba user

2011-10-17 Thread Kaushal Shriyan 
Hi,

In samba, path = /path/to/share/point so if i have /database as
directory and user as sales whats the preferred read write and user
and group ownership permission on /database ?

Regards

Kaushal
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tattooing of tdbsam backend with logon script value

2011-10-17 Thread Pat Emblen 

On 18/10/11 11:19, TAKAHASHI Motonobu wrote:

On 15:21:48 wrote Pat Emblen:

pdbedit -S ""


Not here, it just sets an empty logon script, it doesn't default back
to the one in smb.conf.

root@sheldon:/home/smb/netlogon# pdbedit -S "" talcom

(snip)

Do you use "old" passdb such as smbpasswd or ldapsam_compat?

---
TAKAHASHI Motonobu


passdb = tdbsam

Those other posts refer to Logon Path, not Logon Script, I suppose you 
mean that both wont reset back to default.


I'm afraid I've never persisted long enough to get ldap working.
If anyone can point to a good how to that works with Debian Squeeze I 
would appreciate it


Pat

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tattooing of tdbsam backend with logon script value

2011-10-17 Thread Pat Emblen 

On 18/10/11 02:29, Harry Jede wrote:

On 15:21:48 wrote Pat Emblen:

On 15/10/11 19:15, Harry Jede wrote:

pdbedit -S ""


Not here, it just sets an empty logon script, it doesn't default back
to the one in smb.conf.

root@sheldon:/home/smb/netlogon# pdbedit -S "" talcom
Unix username:talcom
NT username:

.

Profile Path: \\sheldon\profiles\talcom
Domain:   SHELDON

I can see two differences between your acoounts and my:
1. You dont have a "NT Username"


I'm not sure about this, I checked another couple of machines and they 
dont show them either, but they all work.



2. Your "Home Directory" and your "Profile Path" points to the netbios
server name "sheldon", which is identical to your netbios domain name
"SHELDON".


I've been using this machine as a bit of a test box for some scripts. 
Maybe I added 'talcom' before I set the domain up in smb.conf.That 
probably explains the Domain matching the the machine netbios name.

None of the other accounts are like this.


Try to create a new account with:
pdbedit -a newuser

and check it again. Is your Server Name really equal to your workgroup
name?



It didn't change anything ...

#cat /etc/samba/smb.conf |grep 'logon script'
# Not mandatory with new pylogon script
logon script = scripts\%U.cmd

# cat scripts/fred.cmd
ECHO hi fred
PAUSE

root@sheldon:/home/smb/netlogon# adduser fred
Adding user `fred' ...
Adding new group `fred' (1014) ...
Adding new user `fred' (1007) with group `fred' ...
Creating home directory `/home/fred' ...
Copying files from `/etc/skel' ...
snip

root@sheldon:/home/smb/netlogon# smbpasswd -a fred
New SMB password:
Retype new SMB password:
Added user fred.

root@sheldon:/home/smb/netlogon# pdbedit -Lvu fred
Unix username:fred
NT username:
Account Flags:[U  ]
User SID: S-1-5-21-3019205139-2287944265-981039286-1018
Primary Group SID:S-1-5-21-3019205139-2287944265-981039286-513
Full Name:Fred Flintstone
Home Directory:   \\sheldon\fred
HomeDir Drive:
Logon Script: scripts\fred.cmd
Profile Path: \\sheldon\profiles\fred
Domain:   TALBYCOM
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set:Tue, 18 Oct 2011 10:22:40 EST
Password can change:  Tue, 18 Oct 2011 10:22:40 EST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours : FF

Set a script manually
root@sheldon:/home/smb/netlogon# pdbedit -S "scripts\fred.vbs" -u fred
snip
Home Directory:   \\sheldon\fred
HomeDir Drive:
Logon Script: scripts\fred.vbs
snip

Try to null it back to default
root@sheldon:/home/smb/netlogon# pdbedit -S "" fred
snip
Home Directory:   \\sheldon\fred
HomeDir Drive:
Logon Script: << No good
snip

Tested the account and the logon script does not run
It does run after resetting the account, as I previously described

And FYI
A new user record from passdb.tdb - gets the default Logon Script

key 12 bytes
USER_zaphod
data 194 bytes
[000] 00 00 00 00 FF FF FF 7F  FF FF FF 7F 00 00 00 00   ...
[010] 36 DC 9C 4E 00 00 00 00  FF FF FF 7F 07 00 00 00  6..N... ...
[020] 7A 61 70 68 6F 64 00 09  00 00 00 54 41 4C 42 59  zaphod.. ...TALBY
[030] 43 4F 4D 00 01 00 00 00  00 07 00 00 00 7A 61 70  COM .zap
[040] 68 6F 64 00 00 00 00 00  00 00 00 00 00 00 00 00  hod ...
[050] 00 00 00 00 01 00 00 00  00 01 00 00 00 00 01 00  ... ...
[060] 00 00 00 01 00 00 00 00  FE 03 00 00 01 02 00 00  ... ...
[070] 00 00 00 00 10 00 00 00  A2 AC 52 67 41 D3 CB 37  ... ..RgA..7
[080] EE F2 2A C6 25 1D E4 95  00 00 00 00 10 00 00 00  ..*.%... ...
[090] A8 00 15 00 00 00 20 00  00 00 FF FF FF FF FF FF  ..  
[0A0] FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF 00   ...
[0B0] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 EC 04  ... 
[0C0] 00 00 .

after pdbedit -S "" -u zaphod

key 12 bytes
USER_zaphod
data 195 bytes
[000] 00 00 00 00 FF FF FF 7F  FF FF FF 7F 00 00 00 00   ...
[010] 36 DC 9C 4E 00 00 00 00  FF FF FF 7F 07 00 00 00  6..N... ...
[020] 7A 61 70 68 6F 64 00 09  00 00 00 54 41 4C 42 59  zaphod.. ...TALBY
[030] 43 4F 4D 00 01 00 00 00  00 07 00 00 00 7A 61 70  COM .zap
[040] 68 6F 64 00 00 00 00 00  00 00 00 00 01 00 00 00  hod ...
[050] 00 00 00 00 00 01 00 00  00 00 01 00 00 00 00 01  ... 
[060] 00 00 00 00 01 00 00 00  00 FE 03 00 00 01 02 00  ... ...
[070] 00 00 00 00 00 10 00 00  00 A2 AC 52 67 41 D3 CB  ... ...RgA..
[080] 37 EE F2 2A C6 25 1D E4  95 00 00 00 00 10 00 00  7..*.%.. ...
[090] 00 A8 00 15 00 00 00 20  00 00 00 FF FF FF FF FF  ...  
[0A0] FF FF FF FF FF FF FF

Re: [Samba] tattooing of tdbsam backend with logon script value

2011-10-17 Thread TAKAHASHI Motonobu 

On 07/08/11 00:23, Chris Smith wrote:
> Therefore said users, who have once had
> an explicitly defined "logon script" value can (seemingly) no longer
> returned to the state where they use whatever "logon script" is
> defined in smb.conf.
> Is there a way to reset said users, removing the tattooing effect?

No, as menthioned repeatly in this list:
  http://lists.samba.org/archive/samba/2011-June/163006.html
  http://lists.samba.org/archive/samba/2010-December/159763.html

I think this should be by design as well as Windows NT domain does.

> On 15:21:48 wrote Pat Emblen:
> > > pdbedit -S ""
> > 
> > Not here, it just sets an empty logon script, it doesn't default back
> > to the one in smb.conf.
> > 
> > root@sheldon:/home/smb/netlogon# pdbedit -S "" talcom
(snip)

Do you use "old" passdb such as smbpasswd or ldapsam_compat?

---
TAKAHASHI Motonobu 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Codepage Problem?

2011-10-17 Thread Philipp Schmiedeknecht 
Hi,

I have the following logs in log.smbd:

-
[2011/10/17 16:40:54.464688,  3] smbd/process.c:1485(process_smb)
 Transaction 2732 of length 200 (0 toread)
[2011/10/17 16:40:54.464704,  3] smbd/process.c:1294(switch_message)
 switch message SMBntcreateX (pid 19814) conn 0x7fa6eeb5d430
[2011/10/17 16:40:54.464753,  3] smbd/msdfs.c:746(dfs_redirect)
 dfs_redirect: Not redirecting \vera\Extern\SomeFolder\Sîÿÿ.
[2011/10/17 16:40:54.464768,  3] smbd/msdfs.c:757(dfs_redirect)
 dfs_redirect: Path \vera\Extern\SomeFolder\Sîÿÿ converted to non-dfs path 
SomeFolder/Sîÿÿ
[2011/10/17 16:40:54.464804,  3] smbd/vfs.c:851(check_reduced_name)
 check_reduced_name [SomeFolder/Sîÿÿ] [/raid/extern]
[2011/10/17 16:40:54.464839,  3] smbd/vfs.c:1008(check_reduced_name)
 check_reduced_name: SomeFolder/Sîÿÿ reduced to /raid/extern/SomeFolder/Sîÿÿ
[2011/10/17 16:40:54.464855,  3] smbd/vfs.c:851(check_reduced_name)
 check_reduced_name [SomeFolder/Sîÿÿ] [/raid/extern]
[2011/10/17 16:40:54.464889,  3] smbd/vfs.c:1008(check_reduced_name)
 check_reduced_name: SomeFolder/Sîÿÿ reduced to /raid/extern/SomeFolder/Sîÿÿ
[2011/10/17 16:40:54.464912,  3] smbd/dosmode.c:166(unix_mode)
 unix_mode(SomeFolder/Sîÿÿ) returning 0744
[2011/10/17 16:40:54.464927,  3] smbd/vfs.c:851(check_reduced_name)
 check_reduced_name [SomeFolder/Sîÿÿ] [/raid/extern]
[2011/10/17 16:40:54.464961,  3] smbd/vfs.c:1008(check_reduced_name)
 check_reduced_name: SomeFolder/Sîÿÿ reduced to /raid/extern/SomeFolder/Sîÿÿ
[2011/10/17 16:40:54.464978,  3] smbd/error.c:80(error_packet_set)
 error packet at smbd/error.c(160) cmd=162 (SMBntcreateX) 
NT_STATUS_OBJECT_NAME_NOT_FOUND
-

"Sîÿÿ" of course is no existing file.

Is this caused by a wrong codepage configuration?
In my smb.conf no codepage is configured

On the clients this results in disconnection from the server

Best regards
Philipp



___
Burgunderstr. 3 
71672 Marbach a.N.-Rielingshausen
fon: +49-7144-5072550
fax: +49-7144-1305905
mobil: +49-179-4758994
skype: ph.schmiedeknecht


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] AD authentication against a service name not part of AD.

2011-10-17 Thread Wes Reneau 
I have 3 node VCS cluster who all run the same smb.conf file but they are
all seperate instances.  Samba is not a part of the VCS cluster. I've joined
the boxes to AD and based on AD groups can successfully access the desired
shares only if you reference the server name and not the service name.  The
servername is server1.mydomain.com the service name is
serviceA.somedomain.net.

The service name is simply a DNS zone so no trusts exist.  I've pondered the
idea of having samba reference the interface where the service lives but in
the event the service is moved from server1 to server2 will that crash smb?

Ultimatley I want to access the service name to gain access to the shares as
the server name is going to be unreliable.  I've copied my smb.conf file
below and edited it to reflect the names I've used in the first paragraph.

[global]
> workgroup = mydomain
> realm = mydomain.com
> server string = %h server (Samba %v)
> security = ADS
> allow trusted domains = No
> password server = auth.mydomain.com
> log level = 3
> log file = /var/log/samba/log.%m
> max log size = 1000
> name resolve order = host wins bcast
> time server = Yes
> printcap name = cups
> wins support = Yes
> idmap uid = 16777217-33554431
> idmap gid = 16777217-33554431
> template shell = /bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> cups options = raw
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
> browseable = No
>
> [unixshare]
> comment = UNIX Share
> path = /tmp/UNIX_share
> valid users = @"mydomain\UNIX System Administrators"
> read only = No
> browseable = No
>


> [reports]
> comment = Report repository
> path = /reports
> guest ok = Yes
> writeable = yes
>
> [verify]
> path = /verify
> guest ok = Yes
> writeable = yes
>
>
When trying to access \\serviceA.somedomain.net\reports I get the error that
reads:

"No process is on the other end of the pipe"

However if I try to access \\server1.mydomain.com\reports it works fine.


I would appreciate any help.
Wes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Getting remote registry information.

2011-10-17 Thread Harry Jede 
On 21:53:31 wrote Ken D'Ambrosio:
> Hey, all.  A couple weeks ago, I asked about getting remote registry
> information, and someone helpfully offered up "net rpc registry
> [blah]".  And it does a decent job, but I'm yet to find the right
> permutation that would give me a whole branch of the hierarchy (akin
> to doing an export in regedit).  For what I'm looking to do, that
> would be really, truly handy.  Most seem to save the file remotely,
> or to spit out just the information for that level of the hierarchy
> (e.g., "enumerate").  Is there a way to get an entire branch?

regedt32 or regedit

as member of "domain admins"

> Thanks!
> 
> -Ken


-- 

Gruss
Harry Jede
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Getting remote registry information.

2011-10-17 Thread Ken D'Ambrosio 
Hey, all.  A couple weeks ago, I asked about getting remote registry
information, and someone helpfully offered up "net rpc registry [blah]".  And
it does a decent job, but I'm yet to find the right permutation that would give
me a whole branch of the hierarchy (akin to doing an export in regedit).  For
what I'm looking to do, that would be really, truly handy.  Most seem to save
the file remotely, or to spit out just the information for that level of the
hierarchy (e.g., "enumerate").  Is there a way to get an entire branch?

Thanks!

-Ken





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [quick question] smbclient -m smb2 not working

2011-10-17 Thread Jeremy Allison 
On Mon, Oct 17, 2011 at 06:17:49PM +0800, David Roid wrote:
> Thanks, Michael. But in my case, neither of smbclient/mount.cifs works with
> SMB2.

No smbclient doesn't yet support SMB2. Metze is currently working
on adding this functionality to the base library code.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tattooing of tdbsam backend with logon script value

2011-10-17 Thread Harry Jede 
On 15:21:48 wrote Pat Emblen:
> On 15/10/11 19:15, Harry Jede wrote:
> > pdbedit -S ""
> 
> Not here, it just sets an empty logon script, it doesn't default back
> to the one in smb.conf.
> 
> root@sheldon:/home/smb/netlogon# pdbedit -S "" talcom
> Unix username:talcom
> NT username:
> Account Flags:[U  ]
> User SID: S-1-5-21-3019205139-2287944265-981039286-3000
> Primary Group SID:S-1-5-21-3019205139-2287944265-981039286-513
> Full Name:talcom
> Home Directory:   \\sheldon\talcom
> HomeDir Drive:
> Logon Script: << default 
missing
> Profile Path: \\sheldon\profiles\talcom
> Domain:   SHELDON
> Account desc:
> Workstations:
> Munged dial:
> Logon time:   0
> Logoff time:  9223372036854775807 seconds since the Epoch
> Kickoff time: 9223372036854775807 seconds since the Epoch
> Password last set:Fri, 30 Sep 2011 20:03:00 EST
> Password can change:  Fri, 30 Sep 2011 20:03:00 EST
> Password must change: never
> Last bad password   : 0
> Bad password count  : 0
> Logon hours : FF
> r
I can see two differences between your acoounts and my:
1. You dont have a "NT Username"
2. Your "Home Directory" and your "Profile Path" points to the netbios 
server name "sheldon", which is identical to your netbios domain name 
"SHELDON".

Try to create a new account with:
pdbedit -a newuser

and check it again. Is your Server Name really equal to your workgroup 
name?




-- 

Regards
Harry Jede
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ntlm_auth NT_STATUS_INVALID_HANDLE with windbind

2011-10-17 Thread Harry Jede 
On 09:35:16 wrote Alessandro:
> I should use an authenticated proxy with Squid, but I have a problem
> with winbind.
> I'm working on a PDC, debian squeeze with samba from backport (ver.
> 2:3.5.11~dfsg-1~bpo60+1 )
> 
> Here the problem: I can authenticate users.
> 
> /usr/bin/ntlm_auth --username=myname --domain=MYCOMPANY
> password: 
> NT_STATUS_INVALID_HANDLE: Invalid handle (0xc008)
> 
> 
> wbinfo -a myname
> Enter myname's password: 
> plaintext password authentication failed
> Could not authenticate user myname with plaintext password
> Enter myname's password: 
> challenge/response password authentication failed
> error code was NT_STATUS_INVALID_HANDLE (0xc008)
> error messsage was: Invalid handle
> Could not authenticate user myname with challenge/response
> 
> With --domain argument the result is the same
> 
> wbinfo seems to work fine with all other arguments (-u, -g, etc.. a
> strange behavior: with -m it gives two domains, "BUILTIN" and
> "MYCOMPNAY")


wbinfo should show three domains:
# wbinfo -m
BULITIN
YOUR_DOMAIN
YOUR_SERVER

# net getdomainsid
SID for local machine YOUR_SERVER is: LOCAL-SID
SID for domain YOUR_DOMAIN is: DOMAIN-SID

# ldapsearch -xLLL "(&(objectclass=sambaDomain)(sambaDomainName=*))" 
sambasid
dn: sambaDomainName=YOUR_DOMAIN,dc=example,dc=net
sambaSID: DOMAIN-SID

dn: sambaDomainName=YOUR_SERVER,dc=example,dc=net
sambaSID: LOCAL-SID



and finally 
# wbinfo --ping-dc
MUST succeed




As SATOH Fumiyas tells us, one SHOULD join without a running winbindd 
Daemon. 
# net rpc join -S localhost -U administrator

One are NOT joining "localhost"! One join $HOSTNAME!!

Verify with 
# net rpc testjoin
Join to 'YOUR_DOMAIN' is OK

and 
# pdbedit -v $HOSTNAME$
Account Flags:[S  ]
User SID: "DOMAIN-SID"-"SERVER-RID"
Primary Group SID:"DOMAIN-SID"-515

These tree settings are imortant. It MUST be a server account and the 
primary group sid MUST have the RID=515




# wbinfo -a user%secret
plaintext password authentication succeeded
challenge/response password authentication succeeded



Dont forget to add the user "proxy" to the group "winbindd_priv", so 
that the ntlm_auth helper from squid has enough rights.



> 
> I found the following bug:
> https://bugzilla.samba.org/show_bug.cgi?id=7481
> http://osdir.com/ml/debian-bugs-dist/2011-02/msg00966.html
> http://osdir.com/ml/debian-bugs-dist/2011-02/msg09069.html
> 
> I could compile samba from source applying the #7481 patch, but I'm
> not sure this is my case, because the workaround exposed at the end
> of #7481 doesn't work for me.
> Any idea?
It works for me with Samba 3.5.6 and also with 3.5.11 from backports :-) 
. I use openldap as passdb backend.

Step-by-step guide

You should verify these three groups:
# net sam list builtin
administrators
guests
users

# net sam show administrators
BUILTIN\administrators is a Local Group with SID S-1-5-32-544
# net sam show guests
BUILTIN\guests is a Local Group with SID S-1-5-32-546
# net sam show users
BUILTIN\users is a Local Group with SID S-1-5-32-545

and verify that these groups have their default members:
# net rpc group members Administrators
YOUR_DOMAIN\Domain Admins
# net rpc group members guests
YOUR_DOMAIN\Domain Guests
# net rpc group members users
YOUR_DOMAIN\Domain Users




You must have a valid "idmap alloc setup"
and have stored the secret in secrets.tdb
smb.conf:

; idmap Konfiguration fuer SAMBA 3.5.6 mit LDAP
idmap backend   = ldap
idmap uid   = 100-199
idmap gid   = 100-199
idmap alloc backend = ldap
idmap alloc config : ldap_url   = ldap://127.0.0.1/
idmap alloc config : ldap_base_dn   = ou=Idmap,dc=example,dc=net
idmap alloc config : ldap_user_dn   = cn=admin,dc=example,dc=net


Store the idmap secret in secrets.tdb
# net idmap secret alloc 
The  must be the password from ldap_user_dn

If you are using ldap as passdb backend then set this:

ldapsam:editposix   = yes

in smb.conf. This will prevent samba to use the smbldaptools. They 
produce wrong joins! And by the way, check that the previously created 
builtin groups have sambaGroupType=4. smbldaptools set this to 5, which 
does not work.
If you now have set ldapsam:editposix dont forget to restart samba

now, you should join as explained earlier



Store the authuser in secrets.tdb
# net -Uroot setauthuser

will store user and passord in secrets.tdb, so that winbindd has enough 
rights to work. If your administrator account has uidnumber=0, you may 
use this account.


stop samba, start winbind, start samba
wait some seconds, winbindd will now create the third domain which has 
the name of your PDCs hostname.

check with wbinfo


HINT
when I checked winbindd.conf with testparm, I have get some errors, 
until I put an empty or comment line before the line with the include 
statement :-) .

> Thanks
> Alessandro


-- 

Regards
Harry Jede
-- 
To unsubscribe from this list go to

Re: [Samba] Password expires every month even though 'Password Must Change' is set to 'never' (Samba+LDAP)

2011-10-17 Thread Willy Offermans 
Hello Aaron,

To my knowledge, sambaPwdMustChange is obsolete and is simply ignored by
Samba. Please correct me if I'm wrong.

On Fri, Oct 14, 2011 at 08:30:26AM -0400, Aaron E. wrote:
> Sounds like you've checked mostly all except your ldap backend...
> Check your LDAP DB for... (they will be in nix timestamp)
> 
> sambaPasswordCanChange
> sambaPasswordLastSet
> sambaPasswordMustChange
> 
> setup smbldap-tools package
> 
> On 10/13/2011 11:00 PM, Jeffrey Chan wrote:
> >I'm using OpenLDAP as backend.
> >
> >
> >On Wed, Oct 12, 2011 at 11:16 PM, Aaron E.  wrote:
> >
> >>Just cuirous are you using pam or ldap backend?
> >>
> >>
> >>On 10/12/2011 09:22 AM, Marco Ciampa wrote:
> >>
> >>>On Wed, Oct 12, 2011 at 12:15:16PM +0800, Jeffrey Chan wrote:
> >>>
> Hi all,
> 
> I've posted this a month ago but haven't gotten a reply. Can anyone
> please
> help?
> 
> - Jeff
> 
> 
> 
> On Mon, Aug 29, 2011 at 5:14 PM, Jeffrey Chan
>   wrote:
> 
>   Hi all,
> >
> >Since a few months ago Samba ask each of our users to change password at
> >log on every month and I have not been able to disable it.
> >
> >I found this page and follow the instructions:
> >
> >
> >http://playingwithsid.**blogspot.com/2010/12/change-**
> >samba-password-expiry-setting.**html
> >
> >The default ‘Password Must Change’ policy was set to never and pdbedit
> >shows ‘Password Must Change: never’ for each user, yet the passwords
> >still
> >get expire once a month.
> >
> >Can anyone please give me some pointers?
> >
> >- Jeff
> >
> 
> >>>Just a hint (maybe wrong...)
> >>>
> >>>obey pam restrictions = No
> >>>
> >>>...
> >>>
> >>>
> >>>
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  
> >>https://lists.samba.org/**mailman/options/samba
> >>
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,

Willy

*
 W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ctdb domain question

2011-10-17 Thread Kosa Attila 
On Mon, Oct 17, 2011 at 06:26:05PM +0800, David Roid wrote:
> Sounds like domain membership is not in sync for your cluster, make sure
> smb.conf is identical and "net ads join" is executed on only one node after
> ctdb reaches stable state.

The smb.conf file is identical on the two servers because I
scp-ed it from one to the other. The ctdb was in a stable state,
no AD is present, a third samba server (same version) is the PDC.

-- 
Cheers,
Zsiga
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ctdb domain question

2011-10-17 Thread Kosa Attila 
On Mon, Oct 17, 2011 at 01:03:25PM +0200, Daniel Müller wrote:
> Your both ctdb nodes have the same name and the same ip?
> Is winbind running: http://ctdb.samba.org/samba.html
> CTDB_MANAGES_WINBIND
> This is a parameter in /etc/sysconfig/ctdb
> 
> When this parameter is set to "yes" CTDB will start/stop/restart the local
> winbind daemon as the cluster configuration changes.
> 
> When this parameter is set you should also make sure that winbind is NOT
> started by default by the linux system when it boots: 
>   chkconfig winbind off
> 
> Example: 
>   CTDB_MANAGES_WINBIND="yes"
> 
> It is strongly recommended that you set this parameter to "yes" if you
> intend to use clustered samba in DOMAIN or ADS security mode.

smb-cluster-1 and smb-cluster-2:
---
Debian Squeeze
linux-image-2.6.32-5-amd64
ctdb 1.10+git20110722-1
glusterfs 3.2.3-1
samba 3.5.6~dfsg-3squeeze5

smb-cluster-1:
-
- eth0 - 192.168.100.144 (Bcast:192.168.100.255 Mask:255.255.255.0)
- eth1 - 10.10.10.1 (Bcast:10.10.10.255  Mask:255.255.255.0)
- /dev/sdb1 - ~5 GB, mount /dev/sdb1 /mnt -t ext3

smb-cluster-2:
-
- eth0 - 192.168.100.145 (Bcast:192.168.100.255 Mask:255.255.255.0)
- eth1 - 10.10.10.2 (Bcast:10.10.10.255  Mask:255.255.255.0)
- /dev/sdb1 - ~5 GB, mount /dev/sdb1 /mnt -t ext3

# grep -v ^\# /etc/default/ctdb | grep -v ^$
CTDB_RECOVERY_LOCK="/samba/ctdb/ctdb"
CTDB_PUBLIC_INTERFACE=eth0
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_SAMBA_SKIP_SHARE_CHECK=no
CTDB_SAMBA_CHECK_PORTS="445"
CTDB_MANAGES_WINBIND=yes
CTDB_MANAGES_VSFTPD=no
CTDB_MANAGES_ISCSI=no
CTDB_MANAGES_NFS=no
CTDB_MANAGES_HTTPD=no
CTDB_INIT_STYLE=debian
ulimit -n 3
CTDB_NODES=/etc/ctdb/nodes
CTDB_NOTIFY_SCRIPT=/etc/ctdb/notify.sh
CTDB_DBDIR=/var/lib/ctdb
CTDB_DBDIR_PERSISTENT=/var/lib/ctdb/persistent
CTDB_EVENT_SCRIPT_DIR=/etc/ctdb/events.d
CTDB_SOCKET=/tmp/ctdb.socket
CTDB_TRANSPORT="tcp"
CTDB_START_AS_DISABLED="no"
CTDB_CAPABILITY_RECMASTER=yes
CTDB_CAPABILITY_LMASTER=yes
CTDB_LOGFILE=/var/log/ctdb/log.ctdb
CTDB_DEBUGLEVEL=ERR
CTDB_SUPPRESS_COREFILE=no
CTDB_SYSLOG=no
CTDB_RUN_TIMEOUT_MONITOR=no
CTDB_MAX_PERSISTENT_CHECK_ERRORS=0

# ctdb status
Number of nodes:2
pnn:0 10.10.10.1   OK (THIS NODE)
pnn:1 10.10.10.2   OK
Generation:1071551548
Size:2
hash:0 lmaster:0
hash:1 lmaster:1
Recovery mode:NORMAL (0)
Recovery master:0

#  testparm -v < /dev/null | grep 'netbios aliases'
netbios aliases = samba

-- 
Cheers,
Zsiga
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ctdb domain question

2011-10-17 Thread Daniel Müller 
Your both ctdb nodes have the same name and the same ip?
Is winbind running: http://ctdb.samba.org/samba.html
CTDB_MANAGES_WINBIND
This is a parameter in /etc/sysconfig/ctdb

When this parameter is set to "yes" CTDB will start/stop/restart the local
winbind daemon as the cluster configuration changes.

When this parameter is set you should also make sure that winbind is NOT
started by default by the linux system when it boots: 
  chkconfig winbind off

Example: 
  CTDB_MANAGES_WINBIND="yes"

It is strongly recommended that you set this parameter to "yes" if you
intend to use clustered samba in DOMAIN or ADS security mode.

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: Kosa Attila [mailto:zs...@kosaek.hu] 
Gesendet: Montag, 17. Oktober 2011 12:54
An: Daniel Müller
Cc: samba@lists.samba.org
Betreff: Re: [Samba] ctdb domain question

On Mon, Oct 17, 2011 at 12:40:15PM +0200, Daniel Müller wrote:
> As far as i know you cannot cluster samba as dc with ctdb.
> 
> ---
> EDV Daniel Müller
> 
> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
Im
> Auftrag von Kosa Attila
> Gesendet: Montag, 17. Oktober 2011 12:11
> An: samba@lists.samba.org
> Betreff: [Samba] ctdb domain question
> 
> Hi,
> Is there any reason against making a ctdb connected 2 pc samba
> cluster also a domain member? After setting the [include =
 ^^

No dc, member server.

-- 
Cheers,
Zsiga

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ctdb domain question

2011-10-17 Thread Daniel Müller 
As far as i know you cannot cluster samba as dc with ctdb.

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Kosa Attila
Gesendet: Montag, 17. Oktober 2011 12:11
An: samba@lists.samba.org
Betreff: [Samba] ctdb domain question

Hi,
Is there any reason against making a ctdb connected 2 pc samba
cluster also a domain member? After setting the [include =
registry] option, one member of the cluster didn't let the users
to log in. If I relogin this cluster member to the domain, then
the other member starts to refuse users to log in. Did I miss
some option that I have to use in this scenario? The name of the
servers are different, but at the netbios aliases option they are
the same. The used samba version is: 3.5.6~dfsg-3squeeze5.

-- 
Cheers,
Zsiga
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [quick question] smbclient -m smb2 not working

2011-10-17 Thread David Roid 
Thanks, Michael. But in my case, neither of smbclient/mount.cifs works with
SMB2.

-David

2011/10/17 Michael Wood 

> Hi
>
> On 17 October 2011 11:35, David Roid  wrote:
> > Greetings list,
> >
> > I just upgraded to samba 3.6.0 trying SMB2. Though Windows 2008 R2 can
> work
> > with SMB2 shares just fine, I'm unable to access SMB2 shares with
> mount.cifs
> > or smbclient, even with "-m smb2" specified -- I get this
> >
> > "Unrecognised protocol level smb2", whereas smbclient comes with
> > samba-client-3.6.0-63.1.rpm.
> >
> > So is this supported yet (from client side) or I miss anything?
>
> smbclient and mount.cifs are two different things.  mount.cifs is from
> the cifs-utils project and is no longer part of Samba.  I suspect it
> does not yet support SMB2.
>
> http://wiki.samba.org/index.php/LinuxCIFS_utils
>
> The mailing list is here:
>
> http://vger.kernel.org/vger-lists.html#linux-cifs
>
> --
> Michael Wood 
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] ctdb domain question

2011-10-17 Thread Kosa Attila 
Hi,
Is there any reason against making a ctdb connected 2 pc samba
cluster also a domain member? After setting the [include =
registry] option, one member of the cluster didn't let the users
to log in. If I relogin this cluster member to the domain, then
the other member starts to refuse users to log in. Did I miss
some option that I have to use in this scenario? The name of the
servers are different, but at the netbios aliases option they are
the same. The used samba version is: 3.5.6~dfsg-3squeeze5.

-- 
Cheers,
Zsiga
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [quick question] smbclient -m smb2 not working

2011-10-17 Thread Michael Wood 
Hi

On 17 October 2011 11:35, David Roid  wrote:
> Greetings list,
>
> I just upgraded to samba 3.6.0 trying SMB2. Though Windows 2008 R2 can work
> with SMB2 shares just fine, I'm unable to access SMB2 shares with mount.cifs
> or smbclient, even with "-m smb2" specified -- I get this
>
> "Unrecognised protocol level smb2", whereas smbclient comes with
> samba-client-3.6.0-63.1.rpm.
>
> So is this supported yet (from client side) or I miss anything?

smbclient and mount.cifs are two different things.  mount.cifs is from
the cifs-utils project and is no longer part of Samba.  I suspect it
does not yet support SMB2.

http://wiki.samba.org/index.php/LinuxCIFS_utils

The mailing list is here:

http://vger.kernel.org/vger-lists.html#linux-cifs

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [quick question] smbclient -m smb2 not working

2011-10-17 Thread David Roid 
Greetings list,

I just upgraded to samba 3.6.0 trying SMB2. Though Windows 2008 R2 can work
with SMB2 shares just fine, I'm unable to access SMB2 shares with mount.cifs
or smbclient, even with "-m smb2" specified -- I get this

"Unrecognised protocol level smb2", whereas smbclient comes with
samba-client-3.6.0-63.1.rpm.

So is this supported yet (from client side) or I miss anything?

Regards
-David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] PDC emulator overloaded

2011-10-17 Thread blizza...@libero.it 
Hello all,

i'm using samba + winbind yo connect to AD win 2003 on many linux box.
I use winbind to retrive users and groups list quering PDC emulator.
When PDC get many requests (i use squid with ntml transparent auth + winbind 
also) it get overloaded and slow down reply to my servers.
The problem is that when this situation occur, all services stop to work, and 
the users (10.000) became very angry.
How can i solve this problem?
I know that there was only i PDC on network, so can i build a dedicate samba 
server to act as PDC or BDC or other to help real PDC emulator to load the 
share?
Someone can give me advices?
Thank you.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba