Re: [Samba] Samba 4 WBC_ERR_DOMAIN_NOT_FOUND [broken again]
Hi Steve, Do you have idmap config * : backend = ... idmap config * : range = ... in your smb.conf (besides domain specific backend and range)? Regards -David 2011/12/21 steve > Works for a while, then falls over: > > wbinfo -u > hh3$ > administrator > dns-hh3 > krbtgt > guest > lynn2 > > wbinfo -i lynn2 > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user lynn2 > > Here is the log: > > hh3:/home/steve # winbindd -i -S -d=4 > winbindd version 4.0.0alpha18-GIT-bfc7481 started. > Copyright Andrew Tridgell and the Samba Team 1992-2011 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > params.c:pm_process() - Processing configuration file > "/usr/local/samba/etc/smb.**conf" > Processing section "[global]" > doing parameter server role = domain controller > doing parameter workgroup = SITE > doing parameter realm = hh3.site > doing parameter netbios name = HH3 > doing parameter passdb backend = samba4 > pm_process() returned Yes > Registered MSG_REQ_POOL_USAGE > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > params.c:pm_process() - Processing configuration file > "/usr/local/samba/etc/smb.**conf" > Processing section "[global]" > doing parameter server role = domain controller > doing parameter workgroup = SITE > doing parameter realm = hh3.site > doing parameter netbios name = HH3 > doing parameter passdb backend = samba4 > pm_process() returned Yes > added interface eth1 ip=192.168.1.3 bcast=192.168.1.255 > netmask=255.255.255.0 > added interface eth1 ip=192.168.1.3 bcast=192.168.1.255 > netmask=255.255.255.0 > TimeInit: Serverzone is -3600 > initialize_winbindd_cache: clearing cache and re-creating with version > number 2 > ldb_wrap open of idmap.ldb > Added domain BUILTIN S-1-5-32 > Added domain SITE S-1-5-21-821565856-2698423283-**2299657328 > Home server: hh3 > Home server: hh3 > get_privileges: No privileges assigned to SID [S-1-22-1-0] > get_privileges: No privileges assigned to SID [S-1-22-2-0] > get_privileges: No privileges assigned to SID [S-1-5-2] > get_privileges: No privileges assigned to SID [S-1-5-11] > child daemon request 51 > Finished processing child request 51 > child daemon request 20 > [ 3378]: list trusted domains > samr: trusted domains > Create pipe requested \lsarpc > Created internal pipe \lsarpc > _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) > but overritten by euid == sec_initial_uid() > _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: > 0x000f0fff) > Opened policy hnd[1] [] 00 00 00 00 01 00 00 00 00 00 00 00 F1 4E 3D > 0D .N=. > [0010] 34 0D 00 00 4... > Found policy hnd[0] [] 00 00 00 00 01 00 00 00 00 00 00 00 F1 4E 3D > 0D .N=. > [0010] 34 0D 00 00 4... > Found policy hnd[0] [] 00 00 00 00 01 00 00 00 00 00 00 00 F1 4E 3D > 0D .N=. > [0010] 34 0D 00 00 4... > Found policy hnd[0] [] 00 00 00 00 01 00 00 00 00 00 00 00 F1 4E 3D > 0D .N=. > [0010] 34 0D 00 00 4... > Closed policy > Finished processing child request 20 > [ 3381]: request interface version > [ 3381]: request location of privileged pipe > getpwnam lynn2 > child daemon request 59 > sam_name_to_sid > Create pipe requested \lsarpc > Created internal pipe \lsarpc > _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) > but overritten by euid == sec_initial_uid() > _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: > 0x000f0fff) > Opened policy hnd[1] [] 00 00 00 00 02 00 00 00 00 00 00 00 F1 4E 47 > 0D .NG. > [0010] 34 0D 00 00 4... > name_to_sid: SITE\LYNN2 for domain SITE > Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 F1 4E 47 > 0D .NG. > [0010] 34 0D 00 00 4... > Home server: hh3 > Home server: hh3 > Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 F1 4E 47 > 0D .NG. > [0010] 34 0D 00 00 4... > Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 F1 4E 47 > 0D .NG. > [0010] 34 0D 00 00 4... > Closed policy > samr: sequence number > Create pipe requested \samr > Created internal pipe \samr > _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f) > but overritten by euid == sec_initial_uid() > _samr_Connect2: access GRANTED (requested: 0x000f003f, granted: 0x000f003f) > Opened policy hnd[1] [] 00 00 00 00 03 00 00 00 00 00 00 00 F1 4E 47 > 0D .NG.
Re: [Samba] Samba 4 WBC_ERR_DOMAIN_NOT_FOUND [broken again]
Works for a while, then falls over: wbinfo -u hh3$ administrator dns-hh3 krbtgt guest lynn2 wbinfo -i lynn2 failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user lynn2 Here is the log: hh3:/home/steve # winbindd -i -S -d=4 winbindd version 4.0.0alpha18-GIT-bfc7481 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf" Processing section "[global]" doing parameter server role = domain controller doing parameter workgroup = SITE doing parameter realm = hh3.site doing parameter netbios name = HH3 doing parameter passdb backend = samba4 pm_process() returned Yes Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf" Processing section "[global]" doing parameter server role = domain controller doing parameter workgroup = SITE doing parameter realm = hh3.site doing parameter netbios name = HH3 doing parameter passdb backend = samba4 pm_process() returned Yes added interface eth1 ip=192.168.1.3 bcast=192.168.1.255 netmask=255.255.255.0 added interface eth1 ip=192.168.1.3 bcast=192.168.1.255 netmask=255.255.255.0 TimeInit: Serverzone is -3600 initialize_winbindd_cache: clearing cache and re-creating with version number 2 ldb_wrap open of idmap.ldb Added domain BUILTIN S-1-5-32 Added domain SITE S-1-5-21-821565856-2698423283-2299657328 Home server: hh3 Home server: hh3 get_privileges: No privileges assigned to SID [S-1-22-1-0] get_privileges: No privileges assigned to SID [S-1-22-2-0] get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] child daemon request 51 Finished processing child request 51 child daemon request 20 [ 3378]: list trusted domains samr: trusted domains Create pipe requested \lsarpc Created internal pipe \lsarpc _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) Opened policy hnd[1] [] 00 00 00 00 01 00 00 00 00 00 00 00 F1 4E 3D 0D .N=. [0010] 34 0D 00 00 4... Found policy hnd[0] [] 00 00 00 00 01 00 00 00 00 00 00 00 F1 4E 3D 0D .N=. [0010] 34 0D 00 00 4... Found policy hnd[0] [] 00 00 00 00 01 00 00 00 00 00 00 00 F1 4E 3D 0D .N=. [0010] 34 0D 00 00 4... Found policy hnd[0] [] 00 00 00 00 01 00 00 00 00 00 00 00 F1 4E 3D 0D .N=. [0010] 34 0D 00 00 4... Closed policy Finished processing child request 20 [ 3381]: request interface version [ 3381]: request location of privileged pipe getpwnam lynn2 child daemon request 59 sam_name_to_sid Create pipe requested \lsarpc Created internal pipe \lsarpc _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) Opened policy hnd[1] [] 00 00 00 00 02 00 00 00 00 00 00 00 F1 4E 47 0D .NG. [0010] 34 0D 00 00 4... name_to_sid: SITE\LYNN2 for domain SITE Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 F1 4E 47 0D .NG. [0010] 34 0D 00 00 4... Home server: hh3 Home server: hh3 Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 F1 4E 47 0D .NG. [0010] 34 0D 00 00 4... Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 F1 4E 47 0D .NG. [0010] 34 0D 00 00 4... Closed policy samr: sequence number Create pipe requested \samr Created internal pipe \samr _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f) but overritten by euid == sec_initial_uid() _samr_Connect2: access GRANTED (requested: 0x000f003f, granted: 0x000f003f) Opened policy hnd[1] [] 00 00 00 00 03 00 00 00 00 00 00 00 F1 4E 47 0D .NG. [0010] 34 0D 00 00 4... Found policy hnd[0] [] 00 00 00 00 03 00 00 00 00 00 00 00 F1 4E 47 0D .NG. [0010] 34 0D 00 00 4... _samr_OpenDomain: ACCESS should be DENIED (requested: 0x000f07ff) but overritten by euid == sec_initial_uid() _samr_OpenDomain: access GRANTED (requested: 0x000f07ff, grante
Re: [Samba] Logging in to a Samba 3.5.6 domain from Windows 7 takes more than 2 minutes.
On 12/20/2011 5:38 AM, steve wrote On 12/20/2011 11:23 AM, pradip mondal wrote: dear all, i am also face the same problem. any body give us solution to fast login in samba pdc by win7 client. regards Pradip Mondal 9831626957 --- On Tue, 20/12/11, Daniel Hedblom wrote: From: Daniel Hedblom Subject: [Samba] Logging in to a Samba 3.5.6 domain from Windows 7 takes more than 2 minutes. To: samba@lists.samba.org Date: Tuesday, 20 December, 2011, 2:46 PM Hi, are about to roll out Samba to 2600 users and 1500+ machines and have a slight problem. Server: Samba 3.4.9 running on ubuntu 10.04 Client: Windows 7, 32 and 64 bit on various hardware The problem is that logging in takes time and much of it seems to be the Windows 7 client just waiting. While 2 minutes may sound pretty ok this is without any roaming profiles or GPO applied. The logs shows nothing interesting ,on Windows i see error 6005 and 6006 but thats just a standard logging when things take a long time, can be anything. On a wireshark trace nothing in perticulat comes up before the long to the stick timeouts. Anyone else who has seen this problem after applying the various remedies on this mailing list and from other places on the internet? Thankful for any input. //danielh Don't allow solid colour desktop backgrounds. Leave the win 7 background as the stock jpg. Halves the logon time. Samba 3.6, openSUSE. HTH Steve Also see the GPO setting from this thread: http://lists.samba.org/archive/samba/2010-February/153585.html Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] My smb.conf file works on Fedora 11, but not Fedora 16
I setup a new box with Fedora 16. I have Firewall and SELinux disabled. I can ping the IP and host name from the outside. I copied the smb.conf file from a similar box that was running Fedora 11 to my new box. When I try to browse the shares on the new box, I keep getting rejected "cannot browse the shares". This happens whether I browse from a Windows or Linux system. What am I doing wrong? Here is the smb.conf file that was working in Fedora 11, but not Fedora 16. [global] workgroup = AUSTIN server string = SQABVT Samba Server log file = /var/log/samba/%m.log max log size = 1 security = share socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 1 domain master = no preferred master = yes dns proxy = no password level = 8 username level = 8 wins support = yes [homes] comment = Home Directories browseable = yes writable = yes [automation_logs] comment = Logs directory path = /home/sqa/bvt.new/logs browseable = yes writeable = no guest ok = yes The smbd.log file on the Fedora 16 server keeps spitting out the same message, which I don't understand - "[2011/12/20 12:49:41.855121, 0] smbd/server.c:1101(main) standard input is not a socket, assuming -D option". Any ideas what I can do? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is possible to force the domain in ntlm_auth with squid-2.5-ntlmssp helper?
I find that ntlm_auth --helper-protocol=squid-2.5-ntlmssp don't use the switch --domain at all. Is this normal or a bug? Thanks -- - Alejandro Escanero Blanco Servicio de Informática Sistemas - GISI Tel: 671 569 262 (769262) Edificio Empresarial Aljarafe, mod. 36 41940 Tomares (Sevilla) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] printers keep stopping
I am running Samba 3.5.8 on Ubuntu 11.04 with lpr for printing. For reasons unknown, about 1-4 times a month at seemingly random times, a printer will stop working. If I try to send a test page, windows reports that there was a problem sending the test page. To fix it I edit /etc/printcap and comment out the offending printer, save printcap, wait about 30 seconds and then uncomment the printer and save printcap. That's it. Then the printer starts working again. Does anyone have any ideas on what would cause this? [global] workgroup = ENDOR map to guest = Bad User passwd chat = syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 139 add user script = useradd -s /bin/false %u add user to group script = /usr/sbin/adduser %u %g add machine script = /usr/sbin/useradd -N -g machines -c Machine -d /var/lib/samba -s /bin/false %u logon script = logon.bat logon path = logon drive = G: logon home = \\%L\%U domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d printing = bsd print command = lpr -r -P'%p' %s lpq command = lprm command = lprm -P'%p' %j [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [VOL1] path = /usr/vol1 read only = No inherit permissions = Yes oplocks = No vfs objects = recycle recycle:directory_mode = 700 recycle:exclude = *.tmp,*.temp recycle:keeptree = yes recycle:repository = .recycle/%U recycle:touch = yes recycle:versions = yes [netlogon] path = /usr/vol1/netlogon browseable = No [homes] comment = Home Directories read only = No create mask = 0740 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 does not survive a restart [solved]
On 19/12/11 19:38, steve wrote: Hi everyone The first time after a new build, Samba 4 works fine. After restarting, it doesn't. openSUSE 12.1, bind 9.8.1-SP and Kerberos all working as per the samba wiki. sudo samba -i -M single root's password: samba version 4.0.0alpha18-GIT-bfc7481 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 samba: using 'single' process model WARNING: no socket to connect to Kill that and restart and there is /usr/local/samba/var/run/samba.pid but wbinfo does not work nor does smbclient. What is preventing it from working? Where can I start to look? Thanks. Steve Hi On previous versions, winbindd was started with samba, on this version, not. Is that correct? Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 WBC_ERR_DOMAIN_NOT_FOUND [solved]
On 19/12/11 19:24, steve wrote: On 19/12/11 19:16, steve wrote: On 19/12/11 11:06, Matthieu Patou wrote: Hi Steve For me it's ok unless I ask for an unknown user: mat@ares:/usr/local/src/samba4$ ./bin/wbinfo -i administrator TEST\Administrator:*:0:100::/home/TEST/Administrator:/bin/false mat@ares:/usr/local/src/samba4$ ./bin/wbinfo -i ares failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user ares mat@ares:/usr/local/src/samba4$ ./bin/wbinfo -i administrator TEST\Administrator:*:0:100::/home/TEST/Administrator:/bin/false mat@ares:/usr/local/src/samba4$ ./bin/wbinfo -u Administrator Guest krbtgt dns-ares mat@ares:/usr/local/src/samba4$ ./bin/wbinfo -i Guest TEST\Guest:*:313:314::/home/TEST/Guest:/bin/false mat@ares:/usr/local/src/samba4$ ./bin/wbinfo -i dns-ares TEST\dns-ares:*:315:100::/home/TEST/dns-ares:/bin/false what wbinfo -u gives on your domain ? Steve /usr/local/samba/bin is in PATH steve@hh3:~$ wbinfo -u Error looking up domain users root@hh3:/home/steve# wbinfo -u Error looking up domain users What is returned by which wbinfo ? Some other stuff: FQDN hh3.site domain SITE steve@hh3:~$ host -t SRV _kerberos._udp.hh3.site. _kerberos._udp.hh3.site has SRV record 0 100 88 hh3.hh3.site. steve@hh3:~$ kinit ste...@hh3.site Password for ste...@hh3.site: Warning: Your password will expire in 40 days on Sat Jan 28 20:18:06 2012 steve@hh3:~$ host hh3 hh3.hh3.site has address 192.168.1.3 steve@hh3:~$ smbclient //localhost/home -Usteve2 Password for [SITE\steve2]: smb: \> steve@hh3:~$ smbclient //hh3/home -Usteve2 Password for [SITE\steve2]: Password for [SITE\steve2]: Password for [SITE\steve2]: Connection to \\hh3\home failed - NT_STATUS_LOGON_FAILURE hh3 resolves fine, but hh3 is not resolved when using smbclient. steve@hh3:~$ smbclient //192.168.1.3/home -Usteve2 Password for [SITE\steve2]: smb: \> DNS and kerberos seem OK. Is this Samba 4? Now with everything as root: root@hh3:/home/steve# smbclient //hh3.site/home -Uadministrator Password for [SITE\administrator]: Password for [SITE\administrator]: Password for [SITE\administrator]: Connection to \\hh3.site\home failed - NT_STATUS_LOGON_FAILURE Increase log level and try to understand what's wrong in your log root@hh3:/home/steve# smbclient //localhost/home -Uadministrator Password for [SITE\administrator]: smb: \> This suggests DNS is failing. Adding winbind here makes no difference:( It's useless in your problem. /etc/nsswitch.conf passwd: files ldap lsass group: files ldap lsass hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4 Agghh!! Steve. After new install. Works fine up until samba is restarted. That is when wbinfo and all else fails. Samba does not survive the restart and nothing works thereafter. Where can I start looking? Thanks, Steve. Will start new thread. samba -i -M single does not start winbindd (neither does samba alone) on these versions at least. Start samba -i -M single and winbindd -i -S in separate shells. Is there a way to be able do this as one command? Thanks Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Logging in to a Samba 3.5.6 domain from Windows 7 takes more than 2 minutes.
On 12/20/2011 11:23 AM, pradip mondal wrote: dear all, i am also face the same problem. any body give us solution to fast login in samba pdc by win7 client. regards Pradip Mondal 9831626957 --- On Tue, 20/12/11, Daniel Hedblom wrote: From: Daniel Hedblom Subject: [Samba] Logging in to a Samba 3.5.6 domain from Windows 7 takes more than 2 minutes. To: samba@lists.samba.org Date: Tuesday, 20 December, 2011, 2:46 PM Hi, are about to roll out Samba to 2600 users and 1500+ machines and have a slight problem. Server: Samba 3.4.9 running on ubuntu 10.04 Client: Windows 7, 32 and 64 bit on various hardware The problem is that logging in takes time and much of it seems to be the Windows 7 client just waiting. While 2 minutes may sound pretty ok this is without any roaming profiles or GPO applied. The logs shows nothing interesting ,on Windows i see error 6005 and 6006 but thats just a standard logging when things take a long time, can be anything. On a wireshark trace nothing in perticulat comes up before the long to the stick timeouts. Anyone else who has seen this problem after applying the various remedies on this mailing list and from other places on the internet? Thankful for any input. //danielh Don't allow solid colour desktop backgrounds. Leave the win 7 background as the stock jpg. Halves the logon time. Samba 3.6, openSUSE. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Logging in to a Samba 3.5.6 domain from Windows 7 takes more than 2 minutes.
dear all, i am also face the same problem. any body give us solution to fast login in samba pdc by win7 client. regards Pradip Mondal 9831626957 --- On Tue, 20/12/11, Daniel Hedblom wrote: From: Daniel Hedblom Subject: [Samba] Logging in to a Samba 3.5.6 domain from Windows 7 takes more than 2 minutes. To: samba@lists.samba.org Date: Tuesday, 20 December, 2011, 2:46 PM Hi, are about to roll out Samba to 2600 users and 1500+ machines and have a slight problem. Server: Samba 3.4.9 running on ubuntu 10.04 Client: Windows 7, 32 and 64 bit on various hardware The problem is that logging in takes time and much of it seems to be the Windows 7 client just waiting. While 2 minutes may sound pretty ok this is without any roaming profiles or GPO applied. The logs shows nothing interesting ,on Windows i see error 6005 and 6006 but thats just a standard logging when things take a long time, can be anything. On a wireshark trace nothing in perticulat comes up before the long timeouts. Anyone else who has seen this problem after applying the various remedies on this mailing list and from other places on the internet? Thankful for any input. //danielh -- With best regards, Daniel Hedblom Sysadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Logging in to a Samba 3.5.6 domain from Windows 7 takes more than 2 minutes.
Hi, are about to roll out Samba to 2600 users and 1500+ machines and have a slight problem. Server: Samba 3.4.9 running on ubuntu 10.04 Client: Windows 7, 32 and 64 bit on various hardware The problem is that logging in takes time and much of it seems to be the Windows 7 client just waiting. While 2 minutes may sound pretty ok this is without any roaming profiles or GPO applied. The logs shows nothing interesting ,on Windows i see error 6005 and 6006 but thats just a standard logging when things take a long time, can be anything. On a wireshark trace nothing in perticulat comes up before the long timeouts. Anyone else who has seen this problem after applying the various remedies on this mailing list and from other places on the internet? Thankful for any input. //danielh -- With best regards, Daniel Hedblom Sysadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba