[Samba] Samba4 Alpha17 missing libCHARSET3.so
Hello There, I seem to be missing the libCHARSET3.so library in my compiled samba package on ubuntu, the logical deduction would be that I should find it in the git repo and ensure it is present, then recompile and package with it, though seems it has no longer there? root@test:~# samba-tool Traceback (most recent call last): File "/usr/sbin/samba-tool", line 30, in from samba.netcmd.domain import cmd_domain File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 44, in from samba.samba3 import Samba3 File "/usr/lib/python2.7/dist-packages/samba/samba3/__init__.py", line 29, in import passdb ImportError: /usr/lib/x86_64-linux-gnu/samba/libCHARSET3.so: version `SAMBA_4.0.0ALPHA17' not found (required by /usr/lib/x86_64-linux-gnu/libsmbconf.so.0) root@test:/usr/src/samba-master# git grep --name-only libCHARSET3.so Does anyone have any pointers or ideas? Kind Regards Brad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.1 losing browser elections to WinXP
2) How can I force a browser election without restarting the daemons? smbd doesn't seem to respond to a SIGHUP. A command line would be nice. Look at the "smbcontrol" command. os level = 65 Did you try to increase "os level" ? Also, read the man page for the "domain master" parameter. From smb.conf man page: preferred master (G) This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup. If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. *It is recommended that this parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master.* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] server signing = mandatory
On Tue, Feb 14, 2012 at 03:09:44PM -0500, Beau Gauthreaux wrote: > Using samba 3.5.12 on aix 6.1 when I set "server signing = mandatory" > nothing can connect to my server. Is there a fix for this on the server or > client side? Is there a windows registry setting that needs to be tweaked? > We are being forced to use this option for security reasons. Debug level 10 log from the server please. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.1 losing browser elections to WinXP
Hello Samba; I am aware this was a problem years ago... This week I turned up a brand new server to replace an embarrassingly old one. The problem has re-occurred. I expected this to be a problem long ago fixed. I have made the following registry edit to the offending XP machine and restarted Samba. I hope it sticks. I have two questions: 1) Have I missed something in the configuration? or is there some reason this isn't fixed? 2) How can I force a browser election without restarting the daemons? smbd doesn't seem to respond to a SIGHUP. A command line would be nice. Thanks, Ray Details to follow: This is a standalone server in a workgroup (no domain) on an OpenBSD 5.0 platform. My relevant smb.conf settings: Server role: ROLE_STANDALONE [global] workgroup = MY_WORKGROUP server string = Samba %v interfaces = bge0 passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successful* username map = /etc/samba/smbusers unix password sync = Yes log file = /var/log/samba/smbd.%m max log size = 1024 add user script = /usr/sbin/useradd %u delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g delete user from group script = /usr/sbin/deluser %u %g add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u logon script = %U_logon.bat logon path = \\%L\profiles\%U-%m logon drive = H: logon home = \\%L\%U os level = 65 preferred master = Yes domain master = No wins proxy = Yes utmp = Yes idmap config * : backend = tdb admin users = +wheel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] server signing = mandatory
Using samba 3.5.12 on aix 6.1 when I set "server signing = mandatory" nothing can connect to my server. Is there a fix for this on the server or client side? Is there a windows registry setting that needs to be tweaked? We are being forced to use this option for security reasons. Thanks, -- Beau Gauthreaux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] questions about password complexity checking.
Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm package Here are my questions: 1) may we also specify -c along with -d in check password script paramater to enable "NT like complexity checks"? 2) what precisely are "NT like complexity checks"? 3) there is no file /usr/share/cracklib/pw_dict however there in /usr/share/cracklib there is: pw_dict.hwm, pw_dict.pwd, and pw_dict.pwi I am thinking pw_dict.pwd is the actual dictionary. It's in some sort of binary format. Why do we not specify the file extension in the smb.conf paramater? 4) How may we list/modify contents of pw_dict.pwd? thanks for your time! mtoal -- Morgan Toal, RHCE, CFCE, CEH, MCP Network Manager City of Burlington, Iowa 319-759-8882 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 ldbmodify Unwilling to perform error 53
Hi everyone samba --version Version 4.0.0alpha18-GIT-bfc7481 openSUSE 12.1 If I do this: ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site dn: CN=steve6,CN=Users,DC=hh3,DC=site changetype: modify add: objectclass objectclass: posixaccount - replace: primarygroupid primarygroupid: 1134 I get an error something like: ERR: (Unwilling to perform) error 53 If however I do the ldbmodify in 2 stages: ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site dn: CN=steve6,CN=Users,DC=hh3,DC=site changetype: modify add: objectclass objectclass: posixaccount and then: ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site dn: CN=steve6,CN=Users,DC=hh3,DC=site changetype: modify replace: primarygroupid primarygroupid: 1134 It works. I tried with ldapmodify too. Same result. Actually, I'm doing the ldbmodify stuff in a script. Still the same. I have to do: ldbmodify sleep 5 ldbmodify What am I doing wrong? Maybe my slow hardware? Is it possible to add and replace in one go? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0.0 w/AD Support on AIX 6.1 - Error w/Authentication
>> Christian Ambach wrote > >>>On 02/13/2012 06:08 PM, ejp wrote: > >>> It no longer fails on my workstation ID:-) It says "not permitted to >>> access >>>this share (ep)". I'm missing permissions somewhere? > >>>[ep] >>> comment = restricted access >>> path = /home/epluskwa >>> create mask = 0775 >>> valid users = epluskwa,root >>> read only = no > > >>You defined ep to only be accessible for epluskwa and root, but you >>connected as CITNET\ed pluskwa. This does not match and so access to the >>share is denied > > I added "CITNET\Ed Pluskwa" to my share (ep) permissions and it worked! > I'm able to mount the share now. > >>> I also noticed in my nmbd.log that it was growing very quickly with the >>> following messages: >>> [...] >>> [2012/02/13 11:48:43, 2] lib/interface.c:341(add_interface) >>>added interface en4 ip=159.3.99.56 bcast=159.3.99.191 netmask= >>> [2012/02/13 11:48:43, 2] nmbd/nmbd.c:280(reload_interfaces) >>>Found new interface 159.3.99.56 >>> [2012/02/13 11:48:43, 0] lib/util_sock.c:664(open_socket_in) >>> bind failed on port 137 socket_addr = 159.3.99.191. >>> Error = Can't assign requested address >>> >>>Interface 159.3.99.191 is not a defined or valid addr for us. Where is that >>>coming from? Can't ping it and nslookup fails. > >>159.3.99.191 is detected as broadcast address of en4 with 159.3.99.56. >>Maybe the broadcast address is not correctly configured for the NIC? >>Please check your network settings. > >>Cheers, >>Christian > > I'm still receiving the errors above in my nmbd.log file. Here are the > current interface settings: > > # ifconfig -a > en4: > flags=1e080863,480 > inet 159.3.99.56 netmask 0xff00 broadcast 159.3.99.255 > tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1 > > It's not using the broadcast address defined, 159.3.99.255. Is it > calculating the .191 addr somehow? Either way it's not using the right > one. netmask= is not populated either. Perhaps a bug? > > Regards, > > Ed > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-3-6-0-0-w-AD-Support-on-AIX-6-1-Error-w-Authentication-tp4384264p4387332.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, where is wbinfo 'info' stored?
On 14/02/12 10:50, steve wrote: On 02/14/2012 06:47 AM, Gémes Géza wrote: Hi On 02/13/2012 07:53 PM, Gémes Géza wrote: Hi, See comments/questions below: Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 What is your /etc/nsswitch.conf file like? passwd files ldap group files ldap When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Is this on the samba4 box? wbinfo is the samba4 wbinfo or a samba3 one? samba4 box wbinfo = samba4 No s3 installed on this box. Where is the info coming from now? Thanks, Steve Samba4 stores idmap information under an idmap.ldb named ldb file which is NOT exported to AD. So you could modify things by ldbediting it directly. Geza, I'm really struggling with ldbsearch. The doco is almost non existent. As you suggest, the primaryGroupID attribute I'm looking for must be in idmap.ldb as I can't find it using ldapsearch until _after_ I add a user to my posix group using dsa.msc in windows. Afterwards, I see that the primaryGroupID attribute has been added to the user. What i want to do is find out what that primaryGroupID is _before_ I run my posix script so I can add the attribute myself without having to do it from windows. All I can find on ldapsearch is: ldbsearch [-h] [-s base|one|sub] [-b basedn] [-i] [-H LDB-URL] [expression] [attributes] 1. Could you help me with the ldbsearch syntax to have a look inside idmap.ldb? 2. Which database am I consulting when I run ldapsearch? Thanks, Steve Hi I got into /usr/local/samba/private/idmap.ldb by rtfm'ing on ldbsearch --help:-) There I and found the group to sid mappings. Turns out we don't need it. Looking at this: samba-tool group add suseusers then wbinfo --group-info=suseusers suseusers:*:328: I then posixify the group and then: wbinfo --gid-to-sid=328 S-1-5-21-2395500911-3560017633-4088823418-1134 Doing a ldbsearch on 'cn=steve6' gives primaryGroupID: 513 Conclusion: to set the primaryGroupID without using windows, I need to replace the 513 with my posix group, 1134 So I chop off the end using cut and ldbmodify it. For some reason, ldbmodify will not let me do that in one stage. I had to separate the writes into 2 stages: 1. add the posix attributes 2. modify the primaryGroupID Annoying. I've automated the script a bit more it ooks like this: cat s4user #!/bin/sh echo "Creating s4 posix user "$1 echo "Pls enter pwd for "$1 samba-tool user add $1 sleep 2 #get the uid struid=$(wbinfo -i $1) uid=$(echo $struid | cut -d ":" -f 3) #get the gid strgid=$(wbinfo --group-info=$2) gid=$(echo $strgid | cut -d ":" -f 3) get the group from the sid strsid=$(wbinfo --gid-to-sid=$gid) primarygid=$(echo $strsid | cut -d "-" -f 8) strwg=$(echo $struid | cut -d "\\" -f 1) #add the posix attributes to the user echo "dn: CN=$1,CN=Users,DC=hh3,DC=site changetype: modify add: objectclass objectclass: posixaccount - add: uidnumber uidnumber: $uid - add: gidnumber gidnumber: $gid - add:unixhomedirectory unixhomedirectory: /home/CACTUS/$1 - add: loginshell loginshell: /bin/bash" > /tmp/$1 ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1 samba-tool group addmembers $2 $1 #set the user to the posix group echo "dn: CN=$1,CN=Users,DC=hh3,DC=site changetype: modify replace: primarygroupid primarygroupid: $primarygid" > /tmp/$1 sleep 5 ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1 mkdir /home/$strwg/$1 chown $1:$2 /home/$strwg/$1 rm /tmp/$1 echo $1 "rfc2307-ified" It's still a bit of a mess, no error checking, no user friendly stuff etc. Any suggestions for tidying up the script? Any ideas why ldbmodify will not take the add and replace in one go? My slow laptop? Cheers and thanks again for your help. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0.0 w/AD Support on AIX 6.1 - Error w/Authentication
On 02/13/2012 06:08 PM, ejp wrote: It no longer fails on my workstation ID:-) It says "not permitted to access this share (ep)". I'm missing permissions somewhere? [ep] comment = restricted access path = /home/epluskwa create mask = 0775 valid users = epluskwa,root read only = no You defined ep to only be accessible for epluskwa and root, but you connected as CITNET\ed pluskwa. This does not match and so access to the share is denied I also noticed in my nmbd.log that it was growing very quickly with the following messages: [...] [2012/02/13 11:48:43, 2] lib/interface.c:341(add_interface) added interface en4 ip=159.3.99.56 bcast=159.3.99.191 netmask= [2012/02/13 11:48:43, 2] nmbd/nmbd.c:280(reload_interfaces) Found new interface 159.3.99.56 [2012/02/13 11:48:43, 0] lib/util_sock.c:664(open_socket_in) bind failed on port 137 socket_addr = 159.3.99.191. Error = Can't assign requested address Interface 159.3.99.191 is not a defined or valid addr for us. Where is that coming from? Can't ping it and nslookup fails. 159.3.99.191 is detected as broadcast address of en4 with 159.3.99.56. Maybe the broadcast address is not correctly configured for the NIC? Please check your network settings. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
** Low Priority ** Hi, I have made the changes suggested by Stefan. The patch is available at https://bugzilla.samba.org/show_bug.cgi?id=8760#c6. Please send your review comments. Thanks, -Manoj >>> Manoj Dahal 2/13/2012 5:00 PM >>> Hi Volker/Stefan, As per this discussion I have created a bug#8760 and I have attached a patch for the proposed fix in https://bugzilla.samba.org/show_bug.cgi?id=8760#c3. Is it possible for you to review the changes and give comments? When tested with the changes I have found that the share mode entries added by NCP server are no more wiped out by smbd. Thanks, -Manoj >>> Volker Lendecke 1/25/2012 8:21 PM >>> On Wed, Jan 25, 2012 at 03:47:58PM +0100, Stefan (metze) Metzmacher wrote: > Hi Manoj, > > > This is regarding your fix on recycled PIDs. I am an NCP developer from > > Novell and we use libsmbsharemodes library > > from Samba for Cross Protocols Locks between NCP, Samba and others. I have > > few queries regarding your fix. > > > > In your fix, you have added a new field called 'unique_id' in the server_id > > structure > > and we need to pass this in our call to samba share mode APIs e.g. > > create_share_mode_entry(). > > > > Also, you have introduced server registration/de-registration which is > > associated with 'unqiue_id'. If we use these new APIs > > then in which library from Samba do we need to link to? Or without calling > > serverid_register() can we directly pass any 'unique_id' > > while calling to create_share_mode_entry() and in that case whether this > > and other share mode APIs will work properly? > > > > > > Looking forward to your answer, > > Maybe we could invent a special value e.g. UINT64_MAX as "don't verify > this unique id". Good idea. Did not think about that. This would assume that the ncp server process never dies... Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, where is wbinfo 'info' stored?
On 02/14/2012 06:47 AM, Gémes Géza wrote: Hi On 02/13/2012 07:53 PM, Gémes Géza wrote: Hi, See comments/questions below: Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 What is your /etc/nsswitch.conf file like? passwd files ldap group files ldap When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Is this on the samba4 box? wbinfo is the samba4 wbinfo or a samba3 one? samba4 box wbinfo = samba4 No s3 installed on this box. Where is the info coming from now? Thanks, Steve Samba4 stores idmap information under an idmap.ldb named ldb file which is NOT exported to AD. So you could modify things by ldbediting it directly. Geza, I'm really struggling with ldbsearch. The doco is almost non existent. As you suggest, the primaryGroupID attribute I'm looking for must be in idmap.ldb as I can't find it using ldapsearch until _after_ I add a user to my posix group using dsa.msc in windows. Afterwards, I see that the primaryGroupID attribute has been added to the user. What i want to do is find out what that primaryGroupID is _before_ I run my posix script so I can add the attribute myself without having to do it from windows. All I can find on ldapsearch is: ldbsearch [-h] [-s base|one|sub] [-b basedn] [-i] [-H LDB-URL] [expression] [attributes] 1. Could you help me with the ldbsearch syntax to have a look inside idmap.ldb? 2. Which database am I consulting when I run ldapsearch? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 internal dns server cannot find ldap
Set, interfaces=your.realip.add cldap need this to work. Do not use localhost. In my case it did the trick. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Kai Blin Gesendet: Dienstag, 14. Februar 2012 07:57 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 internal dns server cannot find ldap -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2012-02-12 10:23, steve wrote: Hi Steve, > ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - > NT_STATUS_IO_TIMEOUT dns child failed to find name > '_ldap._tcp.HH3.SITE' of type SRV finddcs: Failed to find SRV > record for _ldap._tcp.HH3.SITE > > Is there anything I need to configure in the internal server? That's the client component throwing the error message. What's your resolv.conf setup, and what's your smb.conf and provision settings? Cheers, Kai - -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk86BasACgkQEKXX/bF2FpR6BACeJy/cTlmrIuWOMKbmaEFP/A90 xqUAn1KNLR0fWy2Hq61W6LQTB9qxeA18 =DN0p -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] rpoblem: after renaming a directory permissions are changed
hi i have a directory with permissions 750 wenn i rename a directory, samba changes the permissions to 770. can everybody confirm this? what is wrong? Regards, Heinz Version 3.5.11 smb.conf: [global] server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [sys] path = /samba read only = No directory mask = 0770 inherit acls = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba