Re: [Samba] windows 7 roaming profiles
2. Is it correct that the profile files are not synced until the user logs off? That is the correct working of roaming profiles. If you want the files only on the server, you should look into "Folder redirection". The Samba docs contain good info on that. You can use roaming profiles only, folder redirection only, or a combination of both, which I usually consider the more appropriate option. Samba-3 by Example -- Configuration of Default Profile with Folder Redirection http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#redirfold There's another good web page about this issue (Windows System Management: Real Men Don't Click) but it seems unavailable now. I have it in my archives and I will send it to your email address as a .mht file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Receiving async directory change notifications from a Windows Server host on a Linux client
I'll take a look, thanks! On Thu, Mar 22, 2012 at 11:10 PM, Jeremy Allison wrote: > On Mon, Mar 19, 2012 at 11:30:34AM +0100, Tin Tvrtković wrote: > > Hello everyone, > > > > I need a way to programatically monitor a remote SMB share (hosted on a > > Windows server) for new files, in an asynchronous (inotify-like) way > from a > > Linux machine. The directory I'd be monitoring might have a large number > of > > files, so I'd like to avoid constant polling. I'm open to just about > > anything, from parsing smbclient stdout, to writing my own little C > wrapper > > around libsmbclient or a JCIFS Java application. > > > > I'd like to know if this kind of async monitoring is even possible, and > > what would be a good way to go about implementing it? > > If you're willing to work out of git-master, Volker just added a > notify command to smbclient > > Jeremy. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 2 GB file size limit with libsmbclient and Filesys::SmbClient perl module?!
Hi, I have a 32-bit installation of Arch Linux and I have developed my own little script (in perl) for downloading files over SMB/CIFS using multiple TCP connections to speed up the transfer. I have googled a lot but could not find any good download accelerator for files hosted over SMB/ CIFS. For example, the DownThemAll firefox add-on allows you to download files hosted over SMB/ CIFS, but is not able to speed it up using multiple parallel connections. That being the motivation for me to write my own script which splits a file into multiple chunks and downloads them in parallel. Now, my script is written in perl and uses Filesys::SmbClient, which in turn, uses libsmbclient for SMB/ CIFS access. Attached is my script tarball. The problem I am facing, is that, I am unable to download files over 2GB in size!!! I know this has to do "something" with 32-bitness and other parameters like _FILE_OFFSET_BITS=64 etc. while compiling various components, but I am out of my wits end to understand where the problem is. I have no specific 32/64 bitness in my perl script. So I assume it must be a problem either in Filesys::Smbclient or in libsmbclient itself? My environment is as follows: 1) Arch Linux 32 bit. 2) Perl 32 bit (obviously) 3) The SMB/ CIFS share is hosted on a Windows box (and not SAMBA). Everything works fine if I try to download using explorer, which means it's something in the toolchain (perl/libsmbclient) that I am using. 4) Latest versions of everything. Perl is version 5.14, smbclient package is version 3.6.3-4, Filesys::Smbclient is version 3.1 Specifically, when I call a stat() on the file before beginning to download the file, for files over 2GB, the file size is reported as zero! What can be the problem here? Any advice on what can I do to troubleshoot more? Could it be that somewhere, a 64 bit value is getting truncated to a 32 bit value, leaving the size as zero. Thanks and Regards, -Devavrat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I know if I'm using SMB2?
Never mind...I ran Ethereal and started a capture and right in the "Protocol" column it said: SMB2. So, problem solved. Thanks, Rob On 3/27/12 9:31 PM, Rob Marshall wrote: Hi Jeremy, Well, since I'd rather not have to look at the actual negotiation, anything would help. I'm just a little surprised there isn't some sort of way to check it...And by offering a "low debug-level message" are you saying that there is one? Or that you could add one? Thanks, Rob On 3/27/12 8:13 PM, Jeremy Allison wrote: On Tue, Mar 27, 2012 at 05:03:49PM -0400, Rob Marshall wrote: Hi, I've installed 3.6.3 on a Linux system (SLES 10) and I am connecting from a Windows 7 VM running on my Mac. I added "max protocol = SMB2" to my smb.conf and restarted Samba. How can I check and verify that the protocol I'm using is actually SMB2? No easy way to be sure without looking at the wire traffic. Would a low debug-level message help ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I know if I'm using SMB2?
Hi Jeremy, Well, since I'd rather not have to look at the actual negotiation, anything would help. I'm just a little surprised there isn't some sort of way to check it...And by offering a "low debug-level message" are you saying that there is one? Or that you could add one? Thanks, Rob On 3/27/12 8:13 PM, Jeremy Allison wrote: On Tue, Mar 27, 2012 at 05:03:49PM -0400, Rob Marshall wrote: Hi, I've installed 3.6.3 on a Linux system (SLES 10) and I am connecting from a Windows 7 VM running on my Mac. I added "max protocol = SMB2" to my smb.conf and restarted Samba. How can I check and verify that the protocol I'm using is actually SMB2? No easy way to be sure without looking at the wire traffic. Would a low debug-level message help ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and admin users performance
On Tue, Mar 27, 2012 at 09:13:44AM +0200, Stijn De Smet wrote: > Hello, > > I have a performance problem when I don't connect using root and/or a user > in the "admin users". > Configuration: > Samba 3.5.11 running on SLES11SP1. The share exported is on a GPFS > filesystem and the GPFS vfs object is loaded(not loading it doesn't change > the described behaviour) > clients: Windows 7 and Windows 2008R2 all at latest update level. > > [testshare] > comment = testshare > path = /testfs1/testshare > read only = no > force create mode = 0666 > force directory mode = 0777 > force security mode = 0666 > force directory security mode = 0777 > admin users = testuser > > > If I connect using a user other than testuser, I get ~8 MB/s from the > clients, and if I look at a trace, I can see that all read operations are > in 4K blocks(Read AndX Request/Response). If I connect using root or > testuser(which is in the admin users), I get 50MB/s and samba goes up to > 60KB blocks when reading. Also during the negotiation, I can clearly see > that "Max Buffer: 0" is set in the "Session Setup AndX Request, > NTLMSSP_NEGOTIATE sent by the client, while this is 16644 when connecting > as root/testuser. > When switching to "security = share" and using guest access, I can see the > same behaviour. Setting force user/group to root gives good performance, > setting it to something else kills performance. > > Is this expected, or am I missing something? No it's not expected. Something else is going on here... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I know if I'm using SMB2?
On Tue, Mar 27, 2012 at 05:03:49PM -0400, Rob Marshall wrote: > Hi, > > I've installed 3.6.3 on a Linux system (SLES 10) and I > am connecting from a Windows 7 VM running on my Mac. I > added "max protocol = SMB2" to my smb.conf and restarted > Samba. How can I check and verify that the protocol I'm > using is actually SMB2? No easy way to be sure without looking at the wire traffic. Would a low debug-level message help ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - user permissions on shares
Hi all, I installed Samba4 on an Ubuntu Server 11.10 at home for some testing. It is configured as DC and everything seems to work just fine. I managed to add win7 and win xp machines to the domain and to browse the AD settings with the microsoft administrative tools. I also created a simple share and it works. Now I would like to learn how to give specific permissions to my shares. How to give read and write permissions to AD users and groups. Is there any good guide around? Can you give me any good hints?I tried to give an search on google but I got scarce results. Thank you for any advice you could give me, -- Cesare Carli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
Users typically are not on any subnet that has our PDC or BDC nor can they browse for their share. They are directly connecting by giving the full hostname of the server such as \\server.x.x.x\sharename by using the map network drive dialog in windows. On Tue, Mar 27, 2012 at 1:27 PM, Gaiseric Vandal wrote: > Ah. I wasn't clear on the domain authentication issue. > Are users unable to see shares? Or are they just unable to authenticate to > them once they see them. > > Also, just to clarify, were the users on the same subnet as the PDC but not > the BDC? > > > > > > In smb.conf, verify that the following is set: > > security=user > > > You can use the "smbclient -L" command on your BDC to verify the credentials > for a windows user. > > On windows machine, you can use the following to verify credentials: > > "net use \\theserver /user:yourname" > > > Assuming credentials are OK, users will still need to use wins to browse > resources not on the same subnet (unless the specifically map drives on IP > or hostname) > > > > > > > > > On 03/27/12 14:16, David Noriega wrote: >> >> The users of our service are on windows machines that are typically >> not on our subnet or part of our domain. They simply use windows 'map >> network drive' function to get to their share. >> >> On the BDC, yes testpart reports ROLE_DOMAIN_BDC and pdbedit does list >> all of our users. >> >> Maybe this is part of my misunderstanding, but does the windows >> machine need to know of the BDC(which they wouldnt as the user is >> typically on a different subnet)? If they are using the hostname of >> the file share server, then isnt authentication happening on that >> server? Users are not logging onto our domain on their machines, >> simply accessing their share. >> >> On Tue, Mar 27, 2012 at 1:01 PM, Gaiseric Vandal >> wrote: >>> >>> There are several factors determining which machine is the local master >>> browser for the subnet- but in general if you have one DC on the subnet >>> it >>> should be the browser. I think the browser provides a list of file and >>> print shares. I don't think it is used for actually locating a DC. (I >>> could be wrong.) I think either WINS or broadcasts are used for >>> locating >>> the actual server and other machines- including the DC (for login) or >>> the >>> master browser (to browse file and print shares.) >>> >>> I don't think the browser issue is relevant to the login issue. >>> >>> "testparm -v" should verify that the machine is a DC. >>> "pdbedit -Lv" should show that accounts are setup. >>> >>> Did you look at the event log in the Windows machine? They may show if >>> you >>> are unable to locate an authentication server. >>> >>> Are you able to put a Win machine on the same subnet as the working DC? >>> >>> It may be quicker to head to your local computer supply store to replace >>> the >>> bad RAM. >>> >>> >>> >>> >>> >>> >>> On 03/27/12 13:49, David Noriega wrote: As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal wrote: > > To break the problem into 3 separate parts: > > 1. Logging in to a domain controller when the domain controller is on > a > different subnet. > 2. Accessing file shares when the domain controller is on a different > subnet. > 3. LDAP backend. > > > 1. Logging into the domain controller > If the clients don't have access to a WINS server (either a real wins > server > or a proxy to a wins server) they won't be able to find the login > server. > If you can enable the WINS server on the BDC, you can then configure > your > windows clients IP settings to use the BDC's IP as the WINS server. > it > isn't the recommended way to do it but it should help figure out if > WINS > really is the issue. > > "nbtstat -c" should show somthing like > > MYBDC<20> ip.address.of.bdc > MYDOMAIN<1B> ip.address.of.bdc > MYDOMAIN<1C> ip.address.of.bdc > > > 1B and 1C are browser and controller entries. > > > > 2. Accessing file shares > > If you are browsing for file shares access as subnet, you will need > WINS > access. > If manually try to connect via host name (e.g with the windows explorer > OR > the "net use" or "net view" commands) WINS should not be is not > needed > but > DNS needs to be working. So exisiting connections, or connections > mapped > via login script should be OK. > > If connecting via hostname doesn't work, try connecting using the name > of > the IP. (If the server has a name resolution issue, that could >
[Samba] How do I know if I'm using SMB2?
Hi, I've installed 3.6.3 on a Linux system (SLES 10) and I am connecting from a Windows 7 VM running on my Mac. I added "max protocol = SMB2" to my smb.conf and restarted Samba. How can I check and verify that the protocol I'm using is actually SMB2? Thanks, Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
Ah. I wasn't clear on the domain authentication issue. Are users unable to see shares? Or are they just unable to authenticate to them once they see them. Also, just to clarify, were the users on the same subnet as the PDC but not the BDC? In smb.conf, verify that the following is set: security=user You can use the "smbclient -L" command on your BDC to verify the credentials for a windows user. On windows machine, you can use the following to verify credentials: "net use \\theserver /user:yourname" Assuming credentials are OK, users will still need to use wins to browse resources not on the same subnet (unless the specifically map drives on IP or hostname) On 03/27/12 14:16, David Noriega wrote: The users of our service are on windows machines that are typically not on our subnet or part of our domain. They simply use windows 'map network drive' function to get to their share. On the BDC, yes testpart reports ROLE_DOMAIN_BDC and pdbedit does list all of our users. Maybe this is part of my misunderstanding, but does the windows machine need to know of the BDC(which they wouldnt as the user is typically on a different subnet)? If they are using the hostname of the file share server, then isnt authentication happening on that server? Users are not logging onto our domain on their machines, simply accessing their share. On Tue, Mar 27, 2012 at 1:01 PM, Gaiseric Vandal wrote: There are several factors determining which machine is the local master browser for the subnet- but in general if you have one DC on the subnet it should be the browser.I think the browser provides a list of file and print shares. I don't think it is used for actually locating a DC. (I could be wrong.) I think either WINS or broadcasts are used for locating the actual server and other machines- including the DC (for login) or the master browser (to browse file and print shares.) I don't think the browser issue is relevant to the login issue. "testparm -v" should verify that the machine is a DC. "pdbedit -Lv" should show that accounts are setup. Did you look at the event log in the Windows machine? They may show if you are unable to locate an authentication server. Are you able to put a Win machine on the same subnet as the working DC? It may be quicker to head to your local computer supply store to replace the bad RAM. On 03/27/12 13:49, David Noriega wrote: As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal wrote: To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. "nbtstat -c" should show somthing like MYBDC<20>ip.address.of.bdc MYDOMAIN<1B>ip.address.of.bdc MYDOMAIN<1C>ip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the "net use" or "net view" commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP.(If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on both machines you probably don't need to worry about this for the moment. But it will cause problems for you at some point. On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon
Re: [Samba] Is the PDC always needed?
The users of our service are on windows machines that are typically not on our subnet or part of our domain. They simply use windows 'map network drive' function to get to their share. On the BDC, yes testpart reports ROLE_DOMAIN_BDC and pdbedit does list all of our users. Maybe this is part of my misunderstanding, but does the windows machine need to know of the BDC(which they wouldnt as the user is typically on a different subnet)? If they are using the hostname of the file share server, then isnt authentication happening on that server? Users are not logging onto our domain on their machines, simply accessing their share. On Tue, Mar 27, 2012 at 1:01 PM, Gaiseric Vandal wrote: > There are several factors determining which machine is the local master > browser for the subnet- but in general if you have one DC on the subnet it > should be the browser. I think the browser provides a list of file and > print shares. I don't think it is used for actually locating a DC. (I > could be wrong.) I think either WINS or broadcasts are used for locating > the actual server and other machines- including the DC (for login) or the > master browser (to browse file and print shares.) > > I don't think the browser issue is relevant to the login issue. > > "testparm -v" should verify that the machine is a DC. > "pdbedit -Lv" should show that accounts are setup. > > Did you look at the event log in the Windows machine? They may show if you > are unable to locate an authentication server. > > Are you able to put a Win machine on the same subnet as the working DC? > > It may be quicker to head to your local computer supply store to replace the > bad RAM. > > > > > > > On 03/27/12 13:49, David Noriega wrote: >> >> As I've been looking around the core issue seems to be that the domain >> member, even though from its point of view, the BDC is the local >> browser, it still uses the PDC to do authentication(ie turning up the >> log level I only see 'check_ntlm_password' on the PDC) >> >> On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal >> wrote: >>> >>> To break the problem into 3 separate parts: >>> >>> 1. Logging in to a domain controller when the domain controller is on a >>> different subnet. >>> 2. Accessing file shares when the domain controller is on a different >>> subnet. >>> 3. LDAP backend. >>> >>> >>> 1. Logging into the domain controller >>> If the clients don't have access to a WINS server (either a real wins >>> server >>> or a proxy to a wins server) they won't be able to find the login server. >>> If you can enable the WINS server on the BDC, you can then configure your >>> windows clients IP settings to use the BDC's IP as the WINS server. >>> it >>> isn't the recommended way to do it but it should help figure out if WINS >>> really is the issue. >>> >>> "nbtstat -c" should show somthing like >>> >>> MYBDC<20> ip.address.of.bdc >>> MYDOMAIN<1B> ip.address.of.bdc >>> MYDOMAIN<1C> ip.address.of.bdc >>> >>> >>> 1B and 1C are browser and controller entries. >>> >>> >>> >>> 2. Accessing file shares >>> >>> If you are browsing for file shares access as subnet, you will need WINS >>> access. >>> If manually try to connect via host name (e.g with the windows explorer >>> OR >>> the "net use" or "net view" commands) WINS should not be is not needed >>> but >>> DNS needs to be working. So exisiting connections, or connections >>> mapped >>> via login script should be OK. >>> >>> If connecting via hostname doesn't work, try connecting using the name of >>> the IP. (If the server has a name resolution issue, that could >>> potentially cause connection issues- unlikely but it happened to me >>> once.) >>> >>> >>> 3. Authentication >>> >>> Samba doesn't actually care it the BDC and PDC use the same LDAP >>> server(s). >>> You should use either the same LDAP server OR have LDAP servers that >>> synchronize, otherwise changes on one server are not replicated. But- >>> in >>> terms of testing authentication if your user ids and passwords are the >>> same >>> on both machines you probably don't need to worry about this for the >>> moment. >>> But it will cause problems for you at some point. >>> >>> >>> >>> >>> >>> >>> On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(whic
Re: [Samba] Is the PDC always needed?
There are several factors determining which machine is the local master browser for the subnet- but in general if you have one DC on the subnet it should be the browser.I think the browser provides a list of file and print shares. I don't think it is used for actually locating a DC. (I could be wrong.) I think either WINS or broadcasts are used for locating the actual server and other machines- including the DC (for login) or the master browser (to browse file and print shares.) I don't think the browser issue is relevant to the login issue. "testparm -v" should verify that the machine is a DC. "pdbedit -Lv" should show that accounts are setup. Did you look at the event log in the Windows machine? They may show if you are unable to locate an authentication server. Are you able to put a Win machine on the same subnet as the working DC? It may be quicker to head to your local computer supply store to replace the bad RAM. On 03/27/12 13:49, David Noriega wrote: As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal wrote: To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. "nbtstat -c" should show somthing like MYBDC<20> ip.address.of.bdc MYDOMAIN<1B> ip.address.of.bdc MYDOMAIN<1C> ip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the "net use" or "net view" commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP.(If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on both machines you probably don't need to worry about this for the moment. But it will cause problems for you at some point. On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(which yes is separate from logging onto a windows computer). On Tue, Mar 27, 2012 at 5:33 AM, Jorellwrote: On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? The PDC/BDC controls logging onto the network. Network file shares are different, what server was hosting the "network drive"? If the PDC also hosted the network drive then they would also go down. -- To unsubscribe from this list go to the followi
Re: [Samba] Is the PDC always needed?
As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal wrote: > To break the problem into 3 separate parts: > > 1. Logging in to a domain controller when the domain controller is on a > different subnet. > 2. Accessing file shares when the domain controller is on a different > subnet. > 3. LDAP backend. > > > 1. Logging into the domain controller > If the clients don't have access to a WINS server (either a real wins server > or a proxy to a wins server) they won't be able to find the login server. > If you can enable the WINS server on the BDC, you can then configure your > windows clients IP settings to use the BDC's IP as the WINS server. it > isn't the recommended way to do it but it should help figure out if WINS > really is the issue. > > "nbtstat -c" should show somthing like > > MYBDC <20> ip.address.of.bdc > MYDOMAIN <1B> ip.address.of.bdc > MYDOMAIN <1C> ip.address.of.bdc > > > 1B and 1C are browser and controller entries. > > > > 2. Accessing file shares > > If you are browsing for file shares access as subnet, you will need WINS > access. > If manually try to connect via host name (e.g with the windows explorer OR > the "net use" or "net view" commands) WINS should not be is not needed but > DNS needs to be working. So exisiting connections, or connections mapped > via login script should be OK. > > If connecting via hostname doesn't work, try connecting using the name of > the IP. (If the server has a name resolution issue, that could > potentially cause connection issues- unlikely but it happened to me once.) > > > 3. Authentication > > Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). > You should use either the same LDAP server OR have LDAP servers that > synchronize, otherwise changes on one server are not replicated. But- in > terms of testing authentication if your user ids and passwords are the same > on both machines you probably don't need to worry about this for the moment. > But it will cause problems for you at some point. > > > > > > > On 03/27/12 11:49, David Noriega wrote: >> >> The file shares are on a domain member. Is it that having the BDC as a >> wins proxy and more importantly simply having wins on causing this >> issue? We are on the university's network and they have their own wins >> server for their own system wide windows domain. Our users primarily >> logon from their office machines which are part of the university's >> domain, not ours(which is only in our computer lab). >> >> I'm just confused since the BDC has access to its own ldap server and >> watching the logs when the setting is up high I see the domain member >> which hosts the file shares is authenticating on the BDC. Yet why is >> it when the PDC failed, users couldn't access their file share(which >> yes is separate from logging onto a windows computer). >> >> On Tue, Mar 27, 2012 at 5:33 AM, Jorell wrote: >>> >>> On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? >>> The PDC/BDC controls logging onto the network. >>> Network file shares are different, what server was hosting the "network >>> drive"? If the PDC also hosted the network drive then they would also go >>> down. >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >> >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- David Noriega System Administrator Computational Biology Initiative High Performance Computing Center University of Texas at San Antonio One UTSA Circle San Antonio, TX 78249 Office: BSE 3.112 Phone: 210-458-7100 http://www.cbi.utsa.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 PDC w/Exchange 5.5 migration
On Tue, Mar 27, 2012 at 1:03 PM, Gaiseric Vandal wrote: > So presumably you would use the net vampire command to extract all the > account info from the NT server. The samba server is then a BDC, you then > promote it to a PDC and make the NT server a BDC (or even a member server.) Have already done this. > Since you have to keep the NT4 server as a DC anyway, I don't see how > temporarily making it a member server helps anything. It doesn't have to be a DC, but does need to at least be a domain member server or Exchange Server will not run. > I wouldn't count on > being able to join it back to a Samba 3.5.x domain. That was the original sticking point but it now appears I've accomplished this, basically needed to remove the NT4 system (no longer a PDC) from the Samba (3.6.3) domain, join it to a workgroup, then rejoin it to the domain. Even Exchange came up after the reboot, although I'm not sure it's actually usable yet. Seems that there are a bunch of things that vampire didn't handle well and some account membership, group mapping, rights, etc. that need some attending to. Thanks to virtualization I get to make a lot of mistakes along the path to finding out if this is workable or not. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 PDC w/Exchange 5.5 migration
On 03/27/12 12:49, Chris Smith wrote: On Tue, Mar 27, 2012 at 12:28 PM, Chris Weiss wrote: to clarify, this sounds kind of like you are running exchange on the PDC? Indeed. you can't demote an NT4 PDC to a stand alone or member server, it requires a re-install. Officially, yes. In reality, no. Changing ProductType (under HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions) from LanmanNT to ServerNT accomplishes this. Also, has upgrading exchange or migrating to something else been considered, like zimbra or Kerio (which is what i use now) that's still Outlook friendly but more flexible? There's a custom Exchange/Outlook app that eventually needs to be replaced. The procedure is only a temporary fix to allow new Win7 workstations to join the domain, albeit they wont be able to use the latest version of Outlook. Chris So presumably you would use the net vampire command to extract all the account info from the NT server.The samba server is then a BDC, you then promote it to a PDC and make the NT server a BDC (or even a member server.)Since you have to keep the NT4 server as a DC anyway, I don't see how temporarily making it a member server helps anything. I wouldn't count on being able to join it back to a Samba 3.5.x domain. And then your Windows 7 machines run a good chance of trying to authenticate to the NT4 server- which will fail. Windows clients prefer a BDC, but if you are using WINS (and excluding the NT4 server) this may help.Maybe you can disable some of the windows networking services on the NT4 box. Maybe it is easier to just create a new samba domain. It means the Outlook users won't be able to do domain-based authentication to Exchange. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 PDC w/Exchange 5.5 migration
On Tue, Mar 27, 2012 at 12:28 PM, Chris Weiss wrote: > to clarify, this sounds kind of like you are running exchange on the PDC? Indeed. > you can't demote an NT4 PDC to a stand alone or member server, it > requires a re-install. Officially, yes. In reality, no. Changing ProductType (under HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions) from LanmanNT to ServerNT accomplishes this. > Also, has upgrading exchange or migrating to something else been > considered, like zimbra or Kerio (which is what i use now) that's > still Outlook friendly but more flexible? There's a custom Exchange/Outlook app that eventually needs to be replaced. The procedure is only a temporary fix to allow new Win7 workstations to join the domain, albeit they wont be able to use the latest version of Outlook. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 PDC w/Exchange 5.5 migration
On Tue, Mar 27, 2012 at 11:15 AM, Chris Smith wrote: > Hello, > > I'm working on migrating an NT4 PDC to a Samba 3 PDC. The tricky part, > is that the NT4 server is also running Exchange 5.5 which needs to > remain running. So unlike a migrate and toss the NT4 system, I need to > migrate, then demote the NT4 PDC to an NT4 Server, then (probably) > rejoin the domain as Exchange Server will not run on a non-domain > member system. to clarify, this sounds kind of like you are running exchange on the PDC? you can't demote an NT4 PDC to a stand alone or member server, it requires a re-install. I have done exchange 5.5 server migrations in the past, it's not too difficult. setup a new member nt4 server, install exchange on it and join the existing (what's it called? domain, cluster, group, something) and then you can move connectors and public folders and mailboxes to the new one. Also, has upgrading exchange or migrating to something else been considered, like zimbra or Kerio (which is what i use now) that's still Outlook friendly but more flexible? Kerio can even be setup to auth to PAM, so you can switch out how it auths by switching up the PAM config. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Two Problem
Here is the log [2012/03/27 11:14:18, 0] ../source4/dsdb/repl/drepl_out_helpers.c:714(dreplsrv_op_pull_source_apply_changes_trigger) Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. "nbtstat -c" should show somthing like MYBDC <20> ip.address.of.bdc MYDOMAIN <1B> ip.address.of.bdc MYDOMAIN <1C> ip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the "net use" or "net view" commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP.(If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on both machines you probably don't need to worry about this for the moment. But it will cause problems for you at some point. On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(which yes is separate from logging onto a windows computer). On Tue, Mar 27, 2012 at 5:33 AM, Jorell wrote: On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? The PDC/BDC controls logging onto the network. Network file shares are different, what server was hosting the "network drive"? If the PDC also hosted the network drive then they would also go down. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NT4 PDC w/Exchange 5.5 migration
Hello, I'm working on migrating an NT4 PDC to a Samba 3 PDC. The tricky part, is that the NT4 server is also running Exchange 5.5 which needs to remain running. So unlike a migrate and toss the NT4 system, I need to migrate, then demote the NT4 PDC to an NT4 Server, then (probably) rejoin the domain as Exchange Server will not run on a non-domain member system. Basically looking for any caveats, tips or hints from anyone who has wrestled (or thought about wrestling) with this. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(which yes is separate from logging onto a windows computer). On Tue, Mar 27, 2012 at 5:33 AM, Jorell wrote: > On 3/26/2012 9:27 AM, David Noriega wrote: >> >> Maybe my understanding is flawed but I thought the purpose of the BDC >> was in the case of the PDC going offline, users could still use the >> system. Just this morning our PDC failed with bad memory, yet users >> were unable to map their network drive. The PDC is in our office while >> the file server is in the server room where its been setup as a domain >> member. On the server room subnet is its own BDC with its own ldap >> server. Checking the logs I see that the server room BDC is listed as >> the local domain server. The only thing that comes to mind is the BDC >> does point to the PDC as the wins server. Is that the issue? Is there >> a way around it? >> > > The PDC/BDC controls logging onto the network. > Network file shares are different, what server was hosting the "network > drive"? If the PDC also hosted the network drive then they would also go > down. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- David Noriega System Administrator Computational Biology Initiative High Performance Computing Center University of Texas at San Antonio One UTSA Circle San Antonio, TX 78249 Office: BSE 3.112 Phone: 210-458-7100 http://www.cbi.utsa.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
On Tue, Mar 27, 2012 at 7:55 AM, steve wrote: > This works OK and the user can logon to different boxes with the same > profile. The profile folders such as Desktop, Downloads etc. however, also > appear stored on the local disk under c:\users\username. Any file saved e.g. > on the Desktop, is not saved to the roaming profile until the user logs off. this is exactly how roaming profiles work. it syncs at logon and logoff. What you are looking for is called folder redirection, most of the user folders can be redirected, but certain things can't mostly because MS doesn't want to "trust" a network drive for something like a registry hive. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
On 3/27/2012 5:55 AM, steve wrote: Hi Samba4 DC and win 7 clients. The user profiles are stored in a profiles share: [profiles] path = /home/CACTUS/profiles read only = No This works OK and the user can logon to different boxes with the same profile. The profile folders such as Desktop, Downloads etc. however, also appear stored on the local disk under c:\users\username. Any file saved e.g. on the Desktop, is not saved to the roaming profile until the user logs off. It seems pointless to have a roaming _and_ a local profile. A few qns: 1. What am I doing wrong? 2. Is it correct that the profile files are not synced until the user logs off? 3. Unless /the profiles folder is world read/write, the user gets logged on with a temporary profile. Correct? Thanks, Steve 1. looks like your doing nothing wrong. 2. correct. 3. there maybe a few tricks to deal with this but at the moment I do not know what they are. what you might be looking for is to remap user folders, this would be in the group policies. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles not being loaded
On Tue, Mar 27, 2012 at 9:01 AM, Sean Crosby wrote: > Hi Simon, > >> However, a user login in which the profile is defined to be on a samba >> server that is not the PDC never gets a roaming profile -- instead the > user >> always gets a temporary profile. Looking at the Windows logs, it is >> complaining about a permissions issue. However, once logged in (with the >> temporary profile), that user can create and modify files in the profile >> directory. I have turned logging level to 3, but I don't see anything >> useful. > > I have had the same issue as well. I had to run a regkey on each client to > disable profile permission checking. The reg key is below: > > Windows Registry Editor Version 5.00 > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] > "CompatibleRUPSecurity"=dword:0001 > > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] > "CompatibleRUPSecurity"=dword:0001 > > Once you run that, your clients should be able to get their roaming profile I recently ran into a similar issue that was solved by adding "nt acl support = yes" to my [profiles] share. Not sure if that's related but thought I'd share just in case. Took me half a day looking at one of my working systems and the one that was failing till I finally noticed that entry. -- Paul Dugas • p...@dugas.cc • +1.404.932.1355 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Two problem
In a ADS ord ADS DS you just have DCs replicating each other?! http://technet.microsoft.com/en-us/library/cc755994 http://technet.microsoft.com/en-us/library/cc739941 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von sandy.napo...@eccmg.cupet.cu Gesendet: Dienstag, 27. März 2012 10:30 An: samba@lists.samba.org Betreff: [Samba] Two problem Hello list, I have two problem. 1. How I can replicate the netlogon folder and sysvol folder on samba4 and windows server 2003, if I create a security police in samba 4 do not replicate to windows server, I have to copy it manual. 2. My PDC have Windows server 2003 an my BDC samba4, sometime i reboot the PDC, then when i create a user in samba4 do not replicate to windows server, I Shutdown windows server and samba4, firstly I power on windows server after samba4, if a tests again to create user then repicate cool. This order is important to samba4 or I have some problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMBLDAP PROBLEM
Am 2012-03-27 15:08, schrieb Leonam Silva: Hello All, I'm having trouble using smbldap, users that i created can't login . Only when I add the them into system (through adduser) I can log in with them, the problem is because I also need to create / home and set permissions but can not because the system does not recognize the group Domain Users (513). I do not understand how this happened as another opportunity to achieve this integration success. sorry no idea with this smbldap :( but this "home-dir" create stuff could be done via pam here on a SLE_11 it is: /etc/pam.d/common-session-pc session requiredpam_limits.so session requiredpam_unix2.so session optionalpam_umask.so # added for winbind session sufficient pam_winbind.so # added for AD Integration session optionalpam_mkhomedir.so silent Cheers -- Christian - Please do not 'CC' me on list mails. Just reply to the list :) Der ultimative shop für Sportbekleidung und Zubehör http://www.sc24.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Two problem
Hello list, I have two problem. 1. How I can replicate the netlogon folder and sysvol folder on samba4 and windows server 2003, if I create a security police in samba 4 do not replicate to windows server, I have to copy it manual. 2. My PDC have Windows server 2003 an my BDC samba4, sometime i reboot the PDC, then when i create a user in samba4 do not replicate to windows server, I Shutdown windows server and samba4, firstly I power on windows server after samba4, if a tests again to create user then repicate cool. This order is important to samba4 or I have some problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMBLDAP PROBLEM
Hello All, I'm having trouble using smbldap, users that i created can't login . Only when I add the them into system (through adduser) I can log in with them, the problem is because I also need to create / home and set permissions but can not because the system does not recognize the group Domain Users (513). I do not understand how this happened as another opportunity to achieve this integration success. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles not being loaded
Hi Simon, > However, a user login in which the profile is defined to be on a samba > server that is not the PDC never gets a roaming profile -- instead the user > always gets a temporary profile. Looking at the Windows logs, it is > complaining about a permissions issue. However, once logged in (with the > temporary profile), that user can create and modify files in the profile > directory. I have turned logging level to 3, but I don't see anything > useful. I have had the same issue as well. I had to run a regkey on each client to disable profile permission checking. The reg key is below: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "CompatibleRUPSecurity"=dword:0001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "CompatibleRUPSecurity"=dword:0001 Once you run that, your clients should be able to get their roaming profile Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 roaming profiles
Hi Samba4 DC and win 7 clients. The user profiles are stored in a profiles share: [profiles] path = /home/CACTUS/profiles read only = No This works OK and the user can logon to different boxes with the same profile. The profile folders such as Desktop, Downloads etc. however, also appear stored on the local disk under c:\users\username. Any file saved e.g. on the Desktop, is not saved to the roaming profile until the user logs off. It seems pointless to have a roaming _and_ a local profile. A few qns: 1. What am I doing wrong? 2. Is it correct that the profile files are not synced until the user logs off? 3. Unless /the profiles folder is world read/write, the user gets logged on with a temporary profile. Correct? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? The PDC/BDC controls logging onto the network. Network file shares are different, what server was hosting the "network drive"? If the PDC also hosted the network drive then they would also go down. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ctdb_recovery_lock: Failed to get recovery lock
Hi, I'm happily progressing toward the successful setup of my two nodes samba cluster : cman, qdisk, clvm, gfs2, ctdb, samba, winbind, ad. And now, I'm in testing phase. When my cluster is up and running, I can transfer each ip address toward on node or the other, seamlessly. They can fence each other. But I still have one big issue : though they have been setup as clones, they don't behave identically : when shutting down node 1, node 0 takes over every part of ctdb setup (ip, recmaster, services). But when I stop ctdb daemon on node 1, though ctdb node 0 correctly stops its children daemons (nmbd, smbd and winbind) and kills itself, node 1 claims : ctdb_recovery_lock: Failed to get recovery lock on '/ctdb/.ctdb.lock' (This directory is clvm + gfs2 shared, writable and correctly accessible from both nodes) This leads node 1 to get banned. Then, (I guess), when being unbanned, reelection occurs, but I get : Recmaster node 1 no longer available. Force reelection I suppose that node 1 can't become recmaster as it can not get the recovery lock. But there's no way I see why this node claims it can take this lock. I don't know if this may help, but : - I removed the lock file, and restarting ctdb recreates it correctly - Every process is ran as root, who can obviously write in this dir - I don't know if it is correct, but this file weights zero byte? Waiting for your advice, I'm heading to reading the source code, in the hope I may understand what's wrong. -- Nicolas Ecarnot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba and admin users performance
Hello, I have a performance problem when I don't connect using root and/or a user in the "admin users". Configuration: Samba 3.5.11 running on SLES11SP1. The share exported is on a GPFS filesystem and the GPFS vfs object is loaded(not loading it doesn't change the described behaviour) clients: Windows 7 and Windows 2008R2 all at latest update level. [testshare] comment = testshare path = /testfs1/testshare read only = no force create mode = 0666 force directory mode = 0777 force security mode = 0666 force directory security mode = 0777 admin users = testuser If I connect using a user other than testuser, I get ~8 MB/s from the clients, and if I look at a trace, I can see that all read operations are in 4K blocks(Read AndX Request/Response). If I connect using root or testuser(which is in the admin users), I get 50MB/s and samba goes up to 60KB blocks when reading. Also during the negotiation, I can clearly see that "Max Buffer: 0" is set in the "Session Setup AndX Request, NTLMSSP_NEGOTIATE sent by the client, while this is 16644 when connecting as root/testuser. When switching to "security = share" and using guest access, I can see the same behaviour. Setting force user/group to root gives good performance, setting it to something else kills performance. Is this expected, or am I missing something? Best regards, Stijn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba