[Samba] SWAT problem
Hy Everyone Iam a beginer in samba. We recently upgraded o mac os x lion and a few days later we figured out that the samba in it is not THE real samba. So we decided to install the new samba by ourselves. Everything is fine now (we needed about 10 to 12 reinstall to get that), samba running swat is up. We got 2 little problem. 1. We cant access to swat except when we in demo mode, because our root password didnt do the magic 2. We see everything in demo mode and most of the parameters we can change, but the user creating handeling is another story We got a lion 10.7.3 server edition the new samba 3 installed with macports. A read the manual but i couldnt find the solution for any of the problems. Manly i would satisfied if yoou have some kind of magic for the 1 problem. Best regards Richard Zsoldos Hungary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On 03:06:34 wrote Stan Hoeppner: On 4/10/2012 9:36 AM, Volker Lendecke wrote: On Tue, Apr 10, 2012 at 08:55:14AM -0500, Chris Weiss wrote: On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke Volker.Lendecke at sernet.de wrote: On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Wait until the next major releases pick it up. that's a really crappy option. in certain cases that could be 4 years from now. Well, if you are an important enough RH customer you might be able to apply pressure. But that's a LOT of money probably. Same for SuSE. Debian will likely be very resistant against that kind of bribery^Wincentive. Debian already has 3.2.6 available in the stable repo: $ aptitude search linux-image ... i linux-image-3.2.6 - Linux kernel, version 3.2.6 ... My Fedora is running 3.3 and performance screams with reads and writes over cifs, especially to Samba. At least SuSE and RHEL6.2 appear to have upgraded their kernel far enough to get the really fast writes over cifs. Jeff Layton did a good job on these performance patches. Hard to complain about 95% network utilization (and it will get even better when the SMB2 and SMB2.1 support is merged). You will be even happier with 3.4 kernel on the client because then you can get even more parallelism (assuming you have a big set of disks to distribute work across on your server) when you set much larger values for max mux in the server's smb.conf you will be able to get up to 32768 requests in parallel queued to Samba. With today's networks and Samba the default for servers (of 50) is way too low - and with 3.4 kernel cifs client we will be able to send even more requests in parallel if the server indicates it can support it (more than 50 maximum multiplex requests). Note that Linux cifs kernel client always supported great parallelism and would easily use most of the network bandwidth if multiple processes were doing i/o against multiple files on the same mount - but with 3.0 (for sequential write like file copies) and later kernels for reads - cifs is VERY fast now. Prior to 3.0 kernel for fast file copies from Windows or Samba servers you can use smbclient (user space tool) which due to good work by Volker has had nice performance for sequential read/wirte for a few years. -- Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On 03:06:34 wrote Stan Hoeppner: On 4/10/2012 9:36 AM, Volker Lendecke wrote: On Tue, Apr 10, 2012 at 08:55:14AM -0500, Chris Weiss wrote: On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke Volker.Lendecke at sernet.de wrote: On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Wait until the next major releases pick it up. that's a really crappy option. in certain cases that could be 4 years from now. Well, if you are an important enough RH customer you might be able to apply pressure. But that's a LOT of money probably. Same for SuSE. Debian will likely be very resistant against that kind of bribery^Wincentive. Debian already has 3.2.6 available in the stable repo: $ aptitude search linux-image ... i linux-image-3.2.6 - Linux kernel, version 3.2.6 ... My Fedora is running 3.3 and performance screams with reads and writes over cifs, especially to Samba. At least SuSE and RHEL6.2 appear to have upgraded their kernel far enough to get the really fast writes over cifs. Jeff Layton did a good job on these performance patches. Hard to complain about 95% network utilization (and it will get even better when the SMB2 and SMB2.1 support is merged). You will be even happier with 3.4 kernel on the client because then you can get even more parallelism (assuming you have a big set of disks to distribute work across on your server) when you set much larger values for max mux in the server's smb.conf you will be able to get up to 32768 requests in parallel queued to Samba. With today's networks and Samba the default for servers (of 50) is way too low - and with 3.4 kernel cifs client we will be able to send even more requests in parallel if the server indicates it can support it (more than 50 maximum multiplex requests). Note that Linux cifs kernel client always supported great parallelism and would easily use most of the network bandwidth if multiple processes were doing i/o against multiple files on the same mount - but with 3.0 (for sequential write like file copies) and later kernels for reads - cifs is VERY fast now. Prior to 3.0 kernel for fast file copies from Windows or Samba servers you can use smbclient (user space tool) which due to good work by Volker has had nice performance for sequential read/wirte for a few years. -- Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Configuration of idmap_ldap No backend defined
Hi, please check your ldap configuration in your smb.conf file. At first verify that your base-dn is really dc=example,dc=com. Than remove cn=Manager from each option that contains base_dn. As usual, make sure that your LDAP server is set up correctly and that everthing works fine. Than you can connect samba to your LDAP. Cheers, Christian Jon Theil Nielsen jonth...@gmail.com schrieb: Hi list, I can't make idmap talk to my LDAP server. And I haven't found an updated howto. Some entries from log.windbindd-imap: [2012/04/13 20:05:40.500475, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'ldap' [2012/04/13 20:05:40.501112, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'tdb' [2012/04/13 20:05:40.501318, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'passdb' [2012/04/13 20:05:40.501516, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'nss' [2012/04/13 20:05:40.540035, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/13 20:05:40.550305, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2012/04/13 20:05:40.592075, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.606655, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 548 [2012/04/13 20:06:23.629123, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1006 [2012/04/13 20:06:23.632141, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.637118, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1005 [2012/04/13 20:06:23.640003, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.653837, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287504, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287723, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN [2012/04/13 20:06:38.048645, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN Part of my smb.conf: [global] ldap admin dn = cn=Manager,dc=example,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=example,dc=com ldap user suffix = ou=People ldap debug level = 1 idmap config *:backend = ldap idmap config *:readonly = no idmap config *:range = 1000-199 idmap config *:ldap_url=ldap://localhost idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:backend = ldap idmap config MYDOMAIN:readonly = no idmap config MYDOMAIN:range = 1000-199 idmap config MYDOMAIN:ldap_url=ldap://localhost idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:ldap_user_dn = cn=admin,ou=Idmap,dc=example,dc=com I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems to work otherwise. At least, I can do user authentication this way. Of course, I can provide much more information from the logs and the configuration files. I just don't know where to start. And any help would be much appreciated. Best regards, Jon Theil Nielsen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen Fon: +49 2306 910 658 Fax: +48 2306 910 664 URL: www.rocon-it.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Configuration of idmap_ldap No backend defined
Hi, your security concerns are welcome. Well I didn't use LDAP based idmap yet, but multiple entries returned could be a result of your duplicate settings for idmap config - one with the asterisk and the second with MYDOMAIN. Please read the docs to determine which of the entries is necessary. Cheers, Christian Jon Theil Nielsen jonth...@gmail.com schrieb: Hi and thanks, The base dn is not as shown. Might be some kind of paranoia... I changed the smb.conf as suggested. Did not change any other file. Now my log shows: [2012/04/14 20:29:36.891125, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/14 20:29:36.901600, 0] winbindd/idmap_ldap.c:192(verify_idpool) Multiple entries returned from (objectclass=sambaUnixIdPool) (base == dc=example,dc=com) [2012/04/14 20:29:36.901919, 1] winbindd/idmap_ldap.c:516(idmap_ldap_db_init) idmap_ldap_db_init: failed to verify ID pool (NT_STATUS_UNSUCCESSFUL) [2012/04/14 20:29:36.903646, 5] winbindd/idmap_ldap.c:421(idmap_ldap_close_destructor) The connection to the LDAP server was closed [2012/04/14 20:29:36.904039, 1] winbindd/idmap.c:249(idmap_init_domain) idmap initialization returned NT_STATUS_UNSUCCESSFUL Regards, Jon On 14 April 2012 20:14, Christian Rost christian.r...@rocon-it.de wrote: Hi, please check your ldap configuration in your smb.conf file. At first verify that your base-dn is really dc=example,dc=com. Than remove cn=Manager from each option that contains base_dn. As usual, make sure that your LDAP server is set up correctly and that everthing works fine. Than you can connect samba to your LDAP. Cheers, Christian Jon Theil Nielsen jonth...@gmail.com schrieb: Hi list, I can't make idmap talk to my LDAP server. And I haven't found an updated howto. Some entries from log.windbindd-imap: [2012/04/13 20:05:40.500475, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'ldap' [2012/04/13 20:05:40.501112, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'tdb' [2012/04/13 20:05:40.501318, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'passdb' [2012/04/13 20:05:40.501516, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'nss' [2012/04/13 20:05:40.540035, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/13 20:05:40.550305, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2012/04/13 20:05:40.592075, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.606655, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 548 [2012/04/13 20:06:23.629123, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1006 [2012/04/13 20:06:23.632141, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.637118, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1005 [2012/04/13 20:06:23.640003, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.653837, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287504, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287723, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN [2012/04/13 20:06:38.048645, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN Part of my smb.conf: [global] ldap admin dn = cn=Manager,dc=example,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=example,dc=com ldap user suffix = ou=People ldap debug level = 1 idmap config *:backend = ldap idmap config *:readonly = no idmap config *:range = 1000-199 idmap config *:ldap_url=ldap://localhost idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:backend = ldap idmap config MYDOMAIN:readonly = no idmap config MYDOMAIN:range = 1000-199 idmap config MYDOMAIN:ldap_url=ldap://localhost idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:ldap_user_dn = cn=admin,ou=Idmap,dc=example,dc=com I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems to work otherwise. At least, I can do user authentication this way. Of course, I can provide much more information from the
[Samba] Problems with samba as PDC
Greeting- I have a mixed network of ms-windows, macintosh and freebsd systems. I am setting up a FreeBSD 9.0 system as a PDC using samba. I can from a FreeBSD box attach to the SMB server as a user that is defined on the Samba Server. [wynkoop@dt0 ~]$ smbclient -L hp1 Enter wynkoop's password: Domain=[HARAPARTNERS] OS=[Unix] Server=[Samba 3.6.4] SharenameTypeComment ---- IPC$ IPCIPC Service (HP1 Samba Server) wynkoop DiskHome Directories Domain=[HARAPARTNERS] OS=[Unix] Server=[Samba 3.6.4] ServerComment - --- HP1 HP1 Samba Server Workgroup Master - --- DB HP4 HARAPARTNERS HP1 WORKGROUP PRINTSTATION [wynkoop@dt0 ~]$ I was also able to join the FreeBSD workstation to the Samba Domain as evidenced by the output of wbinfo: [wynkoop@dt0 ~]$ wbinfo -u nobody wynkoop testme www alish [wynkoop@dt0 ~]$ Note that users testme www and alish do not exist on the workstation. They only exist on the Samba Server which is FreeBSD 9 with samba 3.6. I have the following in /etc/pam.d/sshd # # $FreeBSD: releng/9.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $ # # PAM configuration for the sshd service # # auth auth sufficientpam_opie.sono_warn no_fake_prompts auth sufficient /usr/local/lib/pam_winbind.so auth requisitepam_opieaccess.so no_warn allow_local #auth sufficientpam_krb5.so no_warn try_first_pass #auth sufficientpam_ssh.so no_warn try_first_pass #auth sufficient /usr/local/lib/pam_winbind.so auth required pam_unix.so no_warn try_first_pass # account account sufficient /usr/local/lib/pam_winbind.so account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so want_agent session required pam_permit.so # password #passwordsufficientpam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass Here is /etc/security/pam_winbind.conf # # pam_winbind configuration file # # /etc/security/pam_winbind.conf # [global] # turn on debugging ;debug = no debug = yes # turn on extended PAM state debugging ;debug_state = no # request a cached login if possible # (needs winbind offline logon = yes in smb.conf) ;cached_login = no # authenticate using kerberos ;krb5_auth = no # when using kerberos, request a FILE krb5 credential cache type # (leave empty to just do krb5 authentication but not have a ticket # afterwards) ;krb5_ccache_type = # make successful authentication dependend on membership of one SID # (can also take a name) ;require_membership_of # password expiry warning period in days ;warn_pwd_expire = 14 # omit pam conversations ;silent = no # create homedirectory on the fly ;mkhomedir = no mkhomedir = yes When I attempt to ssh into the system as a user defined only in the Samba= domain these are the results: [testme@hp1 ~]$ id uid=1003(testme) gid=1003(testme) groups=1003(testme) [testme@hp1 ~]$ ssh dt0 Password: Wrong Password Password: Wrong Password Password: Wrong Password Permission denied (publickey,keyboard-interactive). [testme@hp1 ~]$ And from the logs on the system dt0 [root@dt0 /var/log]# tail debug.log Apr 16 12:17:08 dt0 sshd[80774]: pam_winbind(sshd): [pamh: 0x80300b840] LEAVE: pam_sm_authenticate returning 9 (PAM_AUTH_ERR) Apr 16 12:42:39 dt0 sshd[81031]: pam_winbind(sshd): [pamh: 0x80300b840] ENTER: pam_sm_authenticate (flags: 0x0001) Apr 16 12:42:39 dt0 sshd[81031]: pam_winbind(sshd): getting password (0x4001) Apr 16 12:42:42 dt0 sshd[81031]: pam_winbind(sshd): [pamh: 0x80300b840] LEAVE: pam_sm_authenticate returning 9 (PAM_AUTH_ERR) Apr 16 12:42:42 dt0 sshd[81032]: pam_winbind(sshd): [pamh: 0x80300b840] ENTER: pam_sm_authenticate (flags: 0x0001) Apr 16 12:42:42 dt0 sshd[81032]: pam_winbind(sshd): getting password (0x4001) Apr 16 12:42:44 dt0 sshd[81032]: pam_winbind(sshd): [pamh: 0x80300b840] LEAVE: pam_sm_authenticate returning 9 (PAM_AUTH_ERR) Apr 16 12:42:44 dt0 sshd[81033]: pam_winbind(sshd): [pamh: 0x80300b840] ENTER: pam_sm_authenticate (flags: 0x0001) Apr 16 12:42:44 dt0 sshd[81033]: pam_winbind(sshd): getting password (0x4001) Apr 16 12:42:46 dt0 sshd[81033]: pam_winbind(sshd): [pamh: 0x80300b840] LEAVE: pam_sm_authenticate returning 9 (PAM_AUTH_ERR) [root@dt0 /var/log]# Apr 16 12:42:42 dt0 sshd[81031]: pam_winbind(sshd): user 'testme' denied access (incorrect password or invalid membership) Apr 16 12:42:42 dt0 sshd[81029]: Failed keyboard-interactive/pam for invalid user testme from 192.168.1.3 port 16746 ssh2 Apr 16 12:42:44 dt0 sshd[81032]: pam_winbind(sshd):
[Samba] Custom SAMBA4/OpenChage ZEG applicance
Question following HowTo build your own OpenChange/SOGo appliance: I have been building my own SAMBA4/OpenChange appliance *MOSTLY* following the instructions at http://tracker.openchange.org/projects/openchange/wiki/HowTo_build_your_own_OpenChangeSOGo_appliance . I am using Ubuntu-Server 12.04 LTS (Precise Pangolin) precise-server-amd64.iso OpenChange from svn co -r 3923 https://svn.openchange.org/openchange/branches/sogo SAMBA4 - Samba-4.0.0Alpha18 At the step titled Configure DNS service # cd /etc/bind # mkdir samba # cp /usr/local/samba/private/named.* samba/ # cp –rfi /usr/local/samba/private/dns samba/ my named.* files are actually in /usr/local/samba/share/setup/ (no big deal) logically I would assume my dns files would be in /usr/local/samba/share/setup/dns but no cookie :( Find reveals: find / -name dns /openchange/sogo/samba4/lib/dnspython/dns /openchange/sogo/samba4/libcli/dns /openchange/sogo/samba4/bin/default/libcli/dns /openchange/sogo/samba4/bin/default/source4/dsdb/dns /openchange/sogo/samba4/source4/selftest/provisions/alpha13/private/dns /openchange/sogo/samba4/source4/dsdb/dns /usr/share/pyshared/dns /usr/lib/python2.7/dist-packages/dns /usr/src/linux-headers-3.2.0-23-generic/include/config/ceph/lib/use/dns /usr/src/linux-headers-3.2.0-23-generic/include/config/dns Does anyone know the correct dns file or directory to copy to the bind directory? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.4 smbd dies on solaris 10 sparc64
Hi list, Disclaimer: not a subscriber, not a samba expert, just trying to get samba running on a Solaris 10 system. We build samba 3.6.4 from source for various platforms. We link against our own builds of cyrus-sasl 2.1.23, openldap 2.4.23, and openssl 1.0.0h. On Solaris we also compile against krb5-1.10.1. Builds are done with GNU tools whenever possible (gcc/ld/make). The build host, as well as the host generating the smbd crash, is: $ uname -a SunOS skidmark 5.10 Generic_147440-14 sun4u sparc SUNW,Sun-Fire-V215 The smb.conf is identical to what is in use with a 3.6.4 install on a linux box. testparm doesn't seem to be unhappy: $ /usr/local/samba/bin/testparm Load smb config files from /usr/local/adm/config/samba/smb.conf rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384) Processing section [scratch] Processing section [data] Processing section [htdocs] Processing section [homes] Processing section [share] Processing section [costain] Processing section [steen] Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions Below I'll paste the output of 'smbd -b' first and the level 10 log from smbd second. There's a 50mb core file from smbd as well so I can put that somewhere if it's needed. If anyone has any insight into what's happening, please let me know. Thanks! Jesse smbd -b output: $ /usr/local/samba/sbin/smbd -b Build environment: Built by:jesse@skidmark Built on:Tue Apr 17 10:46:37 MDT 2012 Built using: gcc Build host: SunOS skidmark 5.10 Generic_147440-14 sun4u sparc SUNW,Sun-Fire-V215 SRCDIR: /tmp/bs/tmp/samba_build/samba-3.6.4/source3 BUILDDIR:/tmp/bs/tmp/samba_build/samba-3.6.4/source3 Paths: SBINDIR: /usr/local/samba-3.6.4/sbin BINDIR: /usr/local/samba-3.6.4/bin SWATDIR: /usr/local/samba-3.6.4/swat CONFIGFILE: /usr/local/adm/config/samba/smb.conf LOGFILEBASE: /var/adm/log/samba LMHOSTSFILE: /usr/local/adm/config/samba/lmhosts LIBDIR: /usr/local/samba-3.6.4/lib MODULESDIR: /usr/local/samba-3.6.4/lib SHLIBEXT: so LOCKDIR: /var/adm/log/samba/locks STATEDIR: /var/adm/log/samba/locks CACHEDIR: /var/adm/log/samba/locks PIDDIR: /var/adm/log/samba/locks SMB_PASSWD_FILE: /usr/local/adm/config/samba/private/smbpasswd PRIVATE_DIR: /usr/local/adm/config/samba/private NCALRPCDIR: /var/adm/log/samba/ncalrpc NMBDSOCKETDIR: /var/adm/log/samba/nmbd System Headers: HAVE_SYS_ACL_H HAVE_SYS_FCNTL_H HAVE_SYS_FILE_H HAVE_SYS_FILIO_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_PRIV_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_SOCKIO_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TERMIO_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UIO_H HAVE_SYS_UNISTD_H HAVE_SYS_UN_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H Headers: HAVE_AIO_H HAVE_ALLOCA_H HAVE_ARPA_INET_H HAVE_COM_ERR_H HAVE_CRYPT_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_FCNTL_H HAVE_FLOAT_H HAVE_FNMATCH_H HAVE_GETOPT_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_GSSAPI_EXT_H HAVE_GSSAPI_GSSAPI_GENERIC_H HAVE_GSSAPI_GSSAPI_H HAVE_GSSAPI_H HAVE_KRB5_H HAVE_KRB5_LOCATE_PLUGIN_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIBINTL_H HAVE_LIMITS_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_NETDB_H HAVE_NETINET_IN_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSSWITCH_H HAVE_NSS_COMMON_H HAVE_POLL_H HAVE_PTHREAD_H HAVE_PWD_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_NETTYPE_H HAVE_RPC_RPC_H HAVE_SECURITY_PAM_APPL_H HAVE_SECURITY_PAM_MODULES_H HAVE_SETJMP_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDBOOL_H HAVE_STDINT_H HAVE_STDIO_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_STROPTS_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_TIME_H HAVE_UNISTD_H HAVE_UTIME_H HAVE_UUID_UUID_H HAVE_ZLIB_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_EXIT HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDRTYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ASPRINTF HAVE_ATEXIT HAVE_ATTROPEN HAVE_BER_SCANF HAVE_BER_SOCKBUF_ADD_IO HAVE_BINDTEXTDOMAIN HAVE_BLKCNT_T HAVE_BLKSIZE_T HAVE_BOOL HAVE_BZERO HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_CLOCK_GETTIME HAVE_CLOCK_MONOTONIC
[Samba] FW: Regd Security patches for Red hat linux
Hello, Good afternoon Am trying to install the security patches from https://www.samba.org/samba/history/security.html (to avoid Remote code execution vulnerability in smbd and my samba version is 3.0.37). Can you please suggest me which patch I have to install and also how to install the package in my Red hat Linux server 5.5 Thanks Vipanhesh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba latest version for AIX5.3
Hi Adam, I have a couple of questions for you. 1). whats the latest revision of Samba we can get within AIX 5.3? 2). what version of AIX do they have to go to in order to get Samba later than 3.6.3? Please help. Thank you. zoohir -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] I have created a gui frontend for smbclient
I have created a gui frontend for certain features of smbclient, so far more than 600 downloads. There are some posts regarding various graphical frontends and links which take you no where. I wondered if mine sharescanner could also be mentioned on the website. http://sourceforge.net/projects/sharescanner/?source=directory Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I have created a gui frontend for smbclient
I meant that many links on http://www.samba.org/samba/GUI/ are obsolete. On Wed, Apr 18, 2012 at 1:15 PM, adnan adnan.kam...@gmail.com wrote: I have created a gui frontend for certain features of smbclient, so far more than 600 downloads. There are some posts regarding various graphical frontends and links which take you no where. I wondered if mine sharescanner could also be mentioned on the website. http://sourceforge.net/projects/sharescanner/?source=directory Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACLs behaving differently on Samba 4 / Ubuntu 12.04 / Bind 9.81 between ZFS and EXT4 file systems
Dear all,
The system is Ubuntu 12.04 (latest beta as of yesterday)
Bind 9.81 (12.04 standard)
Samba 4, also git-cloned yesterday.
I've imported a zpool created on another ubuntu system with the same
version of zfs-linux (RC-8) http://zfsonlinux.org/
The zpool is working perfectly well; responsive, no errors reported,
scrubbed.
Samba can see the zpool as part of the greater file system and share the
600GB or so spread across the varios zfs file systems on it via cifs.
I've been through all the tests mentioned on the Samba 4 HOWTO and they
return successful results.
I'm sharing only via smb.conf - not using native ZFS CIFS commands.
The problem:
When I alter file permissions via CIFS from an XP Pro sp3 client (patched
up to date, joined to the domain and able to administer AD users and
computers) on any folder or subfolder shared from the zpool, I lose access
to that folder via CIFS. I can still see the folder from its parent
directory, but can't browse into it via CIFS. I can still browse the folder
on the server's command line.
The XP Pro client fails with the message:
*The data area passed to a system call is too small*
The OSX Snowleopard client just gives a silent fail.
I click in, and nothing happens.
When I mv the same broken folder to an EXT4 file system via the server's
command line, I can repair the acls using:
get acls: /usr/local/samba/bin/samba-tool ntacl get --as-sddl
/${ZPOOL}/Lou/stuff/
returns: ‘O:S-1-5-21-1345677-x-2594716733-500G..etc
set acls: /usr/local/samba/bin/samba-tool ntacl set
‘O:S-1-5-21-1345677-x-2594716733-500G..etc’ /${EXT4
Sharename}/Lou/stuff/
...after which I update the smb.conf entry and can browse the folder as
normal, as long as it stays on the EXT4-backed share.
The acl-compliance tests:
setfattr -n user.test -v test test.txt
setfattr -n security.test -v test2 test.txt
getfattr -d test.txt
...return the correct results on both filesystems; EXT4 and ZFS.
Samba is running in stdout debug more: sudo /usr/local/samba/sbin/samba -i
-M single and throws no errors during the course of the problem.
I've set the zpool's aclinherit flag to =passthrough with no difference
detected in the behaviour.
I'll try on another samba 3 + zfs machine tomorrow to see if I can
replicate this.
Any ideas welcome in the mean time (I *should* be able to alter permissions
on Samba 4 shares from XP Pro; don't need Windows 7 to administer?).
Thanks,
Ben.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Building issue with GPFS and ctdb under RHEL 5.x
Hello, I have to build a SAMBA cluster and want to do that with version 3.6.x. I did that with version 3.5.8 under guidance of Michael Adam, we must use the option: CC=$CC CFLAGS=-Wall -g -D_GNU_SOURCE LDFLAGS=-Wl,--no-as-needed for successfully build SAMBA. Is this still valid? Thank you very much, Mit freundlichen Grüßen / Kind regards i.A. Achim Homann Dipl. Ing. (FH) Systems Architect TelHome Office +49 (0)8642 / 595 642 Fax Home Office +49 (0)8642 / 595 643 TelGS München +49 (0)89 / 93086 480 Fax GS München +49 (0)89 / 93086 499 mobil +49 (0)151 / 550 057 94 eMail achim.hom...@sva.de web http://www.sva.de SVA Systemvertrieb Alexander GmbH IBM Premier Business Partner Home Office Geschäftsstelle München Franziska-Hager-Str. 8 Stefan-George-Ring 29 83236 Übersee 81929 München Geschäftsführung: Felix Alexander, Philipp Alexander, Sven Eichelbaum Sitz der Gesellschaft: Wiesbaden Registergericht: Amtsgericht Wiesbaden, HRB 10315 Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail sind nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient or have received this e-mail in error please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMBD not running
All, I cloned a machine running AIX 5.3 (TL11) and it had Samba 3.0.29 on it. Everything is working fine with the exception of Samba. When I start Samba, nmbd starts, but smbd does not. I checked under /var/log/samba and there is no log file there. All looks correct in the inetd.conf file, and as far as I can tell, the services file is correct. I have several ports that I have been checking, but I am not sure which one is key. My records show these as being ports that are used: TCP port 445 UDP 137, 138 TCP 137, 139 TCP 901 I even tried upgrading to the latest Samba (3.6) hoping that it was just one of the files being corrupted, but still the same thing. In inetd.conf, I have the following lines: netbios-ssn stream tcp nowait root /opt/pware/sbin/smbd smbd netbios-ns dgram upd wait root /opt/pware/sbin/nmbd nmbd What could it be? Please email me directly, as I am not currently not joined on the list. Any help you can offer would be greatly appreciated. Thanks, Jeff jeff.zeilm...@clientservices.commailto:jeff.zeilm...@clientservices.com This message, and any attachment(s), contains CONFIDENTIAL information. This transmission is intended to be for the sole use of the individual(s) or entity(ies) named on the e-mail transmission message. If you are not the intended recipient, you are hereby advised that any review, disclosure, copying, distribution or use of the information, contents and/or attachments of this e-mail message is prohibited. If you have received this transmission in error, please immediately delete this message and notify us of this error by telephone at (800) 521-3867. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to access public shares without password even when security = user
hello there, does not ANYone have an idea about this following post? On Tue, Oct 11, 2011 at 4:50 PM, Athanasios Silis athanasios.si...@gmail.com wrote: Hello everyone, I have always thought that with security = user , a login window will pop-up and you must insert credentials to access the shares of a samba server. Yet here I am sitting in front of a QNAP system file server, running Samba 3.5.2. When I type in the address of the samba server, I am presented with the top level shares (public or not). No login window pops up.. Then if I try to access some of these shares (that are not public), a login in window will pop up.. I checked the QNAP's smb.conf thoroughly and found the following security = USER map to guest = Bad User I used the 'map to user' option in another samba server i have (slackware64 v13.37) Samba v.3.5.10. I also allowed guest users I almost mimiced the behaviour. I.e. I access the samba server, a login window pops up, i can type in some random characters and will access the shares without the need for a proper username password. But I want to omit having a login window pop up in the top level of the shares. how should I go about doing that? (of course that will map me to some guest user and give me access to public folders. the private folders should still throw a login window at me) Thank you for your help Nass -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMBD Crash
Our software utilizes an OS X Server (Snow Leopard 10.6.8) for file read and writes. We gather files out of many directories, process them, and then write files back to the server. We had a long time end user who utilizes our software with an XP box upgrade from XP to Windows 7. Now with Windows 7 the SMBD is crashing routinely under heavy loads. Whatever information it was working on at the time is corrupted. EVEN WORSE the SMBD respawns silently under a new process and reconnects, so we don't know that the smb server crashed or that the data has become corrupt. The problem is intermitant, but frequent. I'll throw 16 duplicates of the same file at the system and it will fail on, say, files 11 and 16. This is the same file under a different name. Here's a sample crash log (they're all about the same.) Process: smbd [96275] Path:/usr/sbin/smbd Identifier: smbd Version: ??? (???) Code Type: X86-64 (Native) Parent Process: smbd [871] Date/Time: 2012-04-17 14:24:53.924 -0500 OS Version: Mac OS X Server 10.6.8 (10K549) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x Crashed Thread: 0 Thread 0 Crashed: 0 libSystem.B.dylib 0x7fff8a25ce20 strcmp + 80 1 odsam.dylib 0x00010008ee95 0x100088000 + 28309 2 odsam.dylib 0x00010008f1e4 0x100088000 + 29156 3 odsam.dylib 0x00010008f3f6 0x100088000 + 29686 4 odsam.dylib 0x000100093455 init_module + 15567 5 odsam.dylib 0x0001000941b1 init_module + 18987 6 smbd 0x000137429f2d pdb_getsampwnam + 32 7 odsam.dylib 0x00010035f78d init_module + 8191 8 smbd 0x00013748f8b1 add_mapping_entry + 2591 9 smbd 0x000137496ab7 auth_ntlmssp_start + 575 10 smbd 0x00013736fc09 ntlmssp_set_password + 4447 11 smbd 0x00013736e476 ntlmssp_update + 583 12 smbd 0x00013749680e auth_ntlmssp_update + 43 13 smbd 0x0001373cee41 rpc_pipe_register_commands + 907 14 smbd 0x0001373d0140 api_pipe_bind_auth3 + 772 15 smbd 0x0001373c96d6 init_rpc_pipe_hnd + 3771 16 smbd 0x0001373c9ffd init_rpc_pipe_hnd + 6114 17 smbd 0x0001372ec819 reply_pipe_write_and_X + 360 18 smbd 0x00013730026b reply_write_and_X + 499 19 smbd 0x00013732e695 schedule_deferred_open_smb_message + 2481 20 smbd 0x00013732fd87 smbd_process + 2360 21 smbd 0x0001374f8183 main + 4456 22 smbd 0x0001372bccf0 start + 52 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0c10 rbx: 0x00010010c580 rcx: 0x000102a0 rdx: 0x00c1 rdi: 0x rsi: 0x0001001143f0 rbp: 0x7fff5fbf9800 rsp: 0x7fff5fbf97e8 r8: 0x60c10410 r9: 0x001d r10: 0x102a050b r11: 0x7fff8a2604b9 r12: 0x r13: 0x r14: 0x7fff5fbf9980 r15: 0x000137600df8 rip: 0x7fff8a25ce20 rfl: 0x00010202 cr2: 0x Binary Images: 0x100088000 -0x10009afff odsam.dylib ??? (???) 39DE0ED4-5FAB-4D22-2DA7-B2D87EF4EE4F /usr/lib/samba/pdb/odsam.dylib 0x1000f2000 -0x1000f8fff darwin_streams.dylib ??? (???) 733DDD25-1228-5364-7930-69B65F048322 /usr/lib/samba/vfs/ darwin_streams.dylib 0x100356000 -0x100363ff7 odsam.dylib ??? (???) 217BA59F-853C-EE95-2129-C315B11D11DC /usr/lib/samba/auth/odsam.dylib 0x10037e000 -0x100386ff7 com.apple.ByteRangeLocking 1.1.2 (1.1.2) 71331B90-233E-F3FA-DDB0-E257800D2F8F /System/Library/ PrivateFrameworks/ByteRangeLocking.framework/Versions/A/ByteRangeLocking 0x1005bb000 -0x1005c0fff darwinacl.dylib ??? (???) 4DD79B8E-4F66-FA89-E5DA-D6EEDC4044E5 /usr/lib/samba/vfs/ darwinacl.dylib 0x1005c5000 -0x1005c6fff notify_kqueue.dylib ??? (???) CBB7D7DC-3D11-B628-6BBF-503A24548363 /usr/lib/samba/vfs/ notify_kqueue.dylib 0x1372bc000 -0x1375ebff7 +smbd ??? (???) 27BF9F95-6C18-4AAB-30B0-5F681DE2CF2F /usr/sbin/smbd 0x7fff5fc0 - 0x7fff5fc3bdef dyld 132.1 (???) 486E6C61-1197-CC7C-2197-82CE505102D7 /usr/lib/dyld 0x7fff80dc3000 - 0x7fff80dc3ff7 com.apple.CoreServices 44 (44) DC7400FB-851E-7B8A-5BF6-6F50094302FB
Re: [Samba] Synchronizing multiple samba servers
Thanks a lot all . i will look into unison On 4/24/2012 1:43 PM, ciradhb.forw...@laposte.net wrote: Hi, Maybe you could have a look to Unison which is a tool like rsync but in bidirectionnal way . http://www.cis.upenn.edu/~bcpierce/unison/index.html Henri -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] De la part de Janantha Marasinghe Envoyé : mardi 24 avril 2012 07:20 À : samba@lists.samba.org Objet : [Samba] Synchronizing multiple samba servers Hi. I have two servers located in two different time zones. I want to know if there is a way to keep the shares synchronized.Right now what i thought is to run rsync from Server A to Server B . However the issue is say Server B has a new version of the file in server A and that should not be overwritten but should be copied back to server A. How to go about this? Regards Janantha -- To unsubscribe from this list go to the following URL and read the instructions:https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Registry
Hello, Is there a way to stop the registry service ? If not, is there anyway to control access to the registry ? Thanks Pat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Smaba : name of root change
Hi, I'm currently working on a server whitch use samba and openldap, The OS used is Debian squeeze 6.0.1 64 on the server, the previous was fedora 5 My Samba is the domain Master of the network, the users of the ldap are link with the samba, and i try to join computer XP to this domain, so the user present in the ldap could (with login and password) log on in the domain, access shares etc ... ldap schema : ou=people ou=group ou=temppeople ou=tempgroups ou=systeme Samba is well configured with libpam-ldap, libnss-ldap, smb-ldaptools and the file /etc/nsswitch.conf with passwd files ldap groupfiles ldap shadow files ldap When using getent passwd, the server get all the users of the ldap. But, ( and their is the problem ) : when trying to join the machine to the domain, how do i say to samba that only my users in ou = systeme ; are the only one able to join this one ? Beacause currently, anyone can join the domain and i don't want it. Other Strange things, when i try to join the domain with for exemple admin99 ( whitch is present in the ou=systeme) , when i'm on the server and open a Terminal, when i log in root ( su - root ) with the right password of root, i obtain : admin99@server , not root@server , and with a ls -lh on folder, files are on admin99:root If i stop ldap 2 minutes after, and re-open a terminal and log as root, everything come back to normal. If you need some infomations, I can give it in the next mail. Regards. -- Thibaut JACOB SCIRC Orléans (Bourgogne) IUFM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CVE-2012-1182 patches
Hi, We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at the samba site for patches for the CVE-2012-1182 vulnerability, but the closest patch versions I see are for samba 3.4.15 3.4.16. Is there a specific patch to fix samba 3.4.2? Also, since we are patching, is there a cluster of patches available specifically for samba 3.4.2? Can you please point me to the links for the samba 3.4.2 patch sets? Thank you, -- Earl Sanchez Engineering IT Ph: 831-439-7431 SV14-122 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba auth error messages / hints ?
hello * Problem: User authentications fails, error messages see below at end of Info Part Any hints what i should check, what goes astray ? I have to analyse / unterstand a legacy installation and move it to an more recent samba INFO Config Samba: Config wrt LDAP NO DOMAIN !! [global] netbios name = Kairo server string = ABC Kairo workgroup = kai interfaces = em1 127.0.0.1 bind interfaces only = Yes os level = 65 local master = yes preferred master = yes domain master = yes domain logons = no wins support = yes LDAP PART passdb backend = ldapsam:ldap://localhost ldap delete dn = no ldap passwd sync = yes ldap suffix = l=Kairo,dc=org,o=ABC ldap user suffix = cn=Benutzer ldap group suffix = cn=Gruppen ldap ssl = no ldap admin dn = cn=samba Admin,l=Kairo,dc=org,o=ABC Info new server versions / OS Server with the error Message is redhat el 6.2 samba-3.5.10-114.el6.x86_64 samba-winbind-clients-3.5.10-114.el6.x86_64 samba-client-3.5.10-114.el6.x86_64 samba-winbind-3.5.10-114.el6.x86_64 samba-common-3.5.10-114.el6.x86_64 the above is the target server i try to get working Info legacy server samba / OS versions -- SUSE LINUX 10.0 (i586) VERSION = 10.0 samba-doc-3.0.20-4 samba-client-3.0.20b-3.3 samba-3.0.20b-3.3 yast2-samba-client-2.12.4-2 samba-vscan-0.3.6b-4.3 Error Messages: Now the errors from the smb.abc-client.log User adler in passdb, but getpwnam() fails! check_ntlm_password: Authentication for user [adler] - [adler] FAILED with error NT_STATUS_NO_SUCH_USER Got user=[adler] domain=[ABC-164] workstation=[ABC-164] len1=24 len2=24 check_ntlm_password: Checking password for unmapped user [ABC-164][adler]@[ABC-164] with the new password interface check_ntlm_password: mapped user is: [KAIRO][adler]@[ABC-164] init_sam_from_ldap: Entry found for user: adler pdb_get_group_sid: Failed to find Unix account for adler User adler in passdb, but getpwnam() fails! check_ntlm_password: Authentication for user [adler] - [adler] FAILED with error NT_STATUS_NO_SUCH_USER Got user=[adler] domain=[ABC-164] workstation=[ABC-164] len1=24 len2=24 check_ntlm_password: Checking password for unmapped user [ABC-164][adler]@[ABC-164] with the new password interface check_ntlm_password: mapped user is: [KAIRO][adler]@[ABC-164] init_sam_from_ldap: Entry found for user: adler pdb_get_group_sid: Failed to find Unix account for adler User adler in passdb, but getpwnam() fails! check_ntlm_password: Authentication for user [adler] - [adler] FAILED with error NT_STATUS_NO_SUCH_USER thx for hints micha PS: i'd try to work it out on myself, but i am a bit within a tight time schedule :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I have created a gui frontend for smbclient
Le Wed, 18 Apr 2012 13:15:55 +0530 vous écriviez: I have created a gui frontend for certain features of smbclient, so far more than 600 downloads. There are some posts regarding various graphical frontends and links which take you no where. I wondered if mine sharescanner could also be mentioned on the website. http://sourceforge.net/projects/sharescanner/?source=directory Looks nice, I definitely will have a look. Thanks for the good job! -- Emmanuel Florac | Direction technique | Intellique | eflo...@intellique.com | +33 1 78 94 84 02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems ldap authentication for Samba 3.5.11-2-1
Hi Christian, The attributes I sent where just a glance of the user profile. The complete one can be seen below: dn: uid=rlvcosta,ou=People,dc=flores,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount homeDirectory: /dev/null loginShell: /bin/false cn: rlvcosta givenName: rlvcosta sn: rlvcosta uid: rlvcosta uidNumber: 500 gidNumber: 9126 sambaSID: S-1-5-21-1299536883-3844537390-917088389-1001 displayName: rlvcosta sambaNTPassword: 2D20D252A479F485CDF5E171D93985BF sambaPasswordHistory: sambaAcctFlags: [U ] sambaPwdLastSet: 1335551014 userPassword:: ... I believe its completed. I will give a look in the howto confirming it. In any case I was confuse in how the sambaSID suffix is included. By the LDAP search with filters for a user with the correct sambaSID I was expecting some sort of previous search from Samba to LDAP, for example for SID. The suffix would come from somewhere else like passwd or smbpasswd. Or maybe the dynamics are different and I'm not sure if this information is included in Howto, since it is a design information. Best Regards, Rodrigo. To: rlvco...@hotmail.com Subject: Re: [Samba] Problems ldap authentication for Samba 3.5.11-2-1 From: christian.r...@rocon-it.de Date: Sat, 28 Apr 2012 09:21:15 +0200 CC: samba@lists.samba.org Hi rlvcosta, the official samba howto provides all the information you are looking for. IMHO the LDAP user profile is incomplete, because necessary attributes are missing. So check out the howto and search for LDAP and/ or go to the section concerning Domain Backup. Cheers Christian Von meinem iPod gesendet Am 28.04.2012 um 04:53 schrieb rlvcosta : Samba team, I'm having some problems to have a client Windows XP, I believe all systems could have the same issue, using Ldap authentication with Samba. This is a native OpenFiler configuration with a local LDAP server for Samba shares. The problem is that sharing is never authenticated where my suspicious is about sambaSID. Basically I create a test user called rlvcosta. This user was created into LDAP as : dn: uid=rlvcosta,ou=People,dc=flores,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount homeDirectory: /dev/null loginShell: /bin/false cn: rlvcosta givenName: rlvcosta sn: rlvcosta uid: rlvcosta uidNumber: 500 gidNumber: 9126 sambaSID: S-1-5-21-1299536883-3844537390-917088389-1001 This appears to be ok. Although when I put a tcpdumo trace I see: Lightweight Directory Access Protocol LDAPMessage searchRequest(161) dc=flores,dc=com wholeSubtree messageID: 161 protocolOp: searchRequest (3) searchRequest baseObject: dc=flores,dc=com scope: wholeSubtree (2) derefAliases: neverDerefAliases (0) sizeLimit: 0 timeLimit: 15 typesOnly: False Filter: ((sambaSID=S-1-5-21-1299536883-3844537390-917088389-513)(objectclass=sambaSamAccount)) filter: and (0) and: ((sambaSID=S-1-5-21-1299536883-3844537390-917088389-513)(objectclass=sambaSamAccount)) and: 2 items Filter: (sambaSID=S-1-5-21-1299536883-3844537390-917088389-513) and item: equalityMatch (3) equalityMatch attributeDesc: sambaSID assertionValue: S-1-5-21-1299536883-3844537390-917088389-513 Filter: (objectclass=sambaSamAccount) and item: equalityMatch (3) equalityMatch attributeDesc: objectclass assertionValue: sambaSamAccount attributes: 38 items AttributeDescription: uid AttributeDescription: uidNumber AttributeDescription: gidNumber AttributeDescription: homeDirectory AttributeDescription: sambaPwdLastSet AttributeDescription: sambaPwdCanChange AttributeDescription: sambaPwdMustChange AttributeDescription: sambaLogonTime AttributeDescription: sambaLogoffTime AttributeDescription: sambaKickoffTime AttributeDescription: cn AttributeDescription: sn AttributeDescription: displayName AttributeDescription: sambaHomeDrive AttributeDescription: sambaHomePath AttributeDescription: sambaLogonScript AttributeDescription: sambaProfilePath AttributeDescription: description AttributeDescription: sambaUserWorkstations AttributeDescription: sambaSID AttributeDescription: sambaPrimaryGroupSID AttributeDescription: sambaLMPassword AttributeDescription: sambaNTPassword AttributeDescription: sambaDomainName AttributeDescription: objectClass AttributeDescription: sambaAcctFlags AttributeDescription: sambaMungedDial AttributeDescription: sambaBadPasswordCount AttributeDescription: sambaBadPasswordTime AttributeDescription: sambaPasswordHistory AttributeDescription: modifyTimestamp AttributeDescription: sambaLogonHours AttributeDescription: modifyTimestamp AttributeDescription: uidNumber AttributeDescription: gidNumber AttributeDescription: homeDirectory AttributeDescription: loginShell
Re: [Samba] Transfer speed
Hello, I have tested with the same version of Samba/Kernel but from a Win7 x64 client. Transfert speed at 98/99% of bandwidth used so it's not the server which have a problem but the client used ! You have right :) So for the moment, I doesn't change kernel version because I use it from a Windows 2003 x64 and can't reach better speed. Windows 2003 x64 seem limited at ~50% of bandwidth at gigabit speed :( Thank you ! I have understand the gigabit secret and the famous unreachable gigabit speed now :) On 4/13/12, Steve French smfre...@gmail.com wrote: On 03:06:34 wrote Stan Hoeppner: On 4/10/2012 9:36 AM, Volker Lendecke wrote: On Tue, Apr 10, 2012 at 08:55:14AM -0500, Chris Weiss wrote: On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke Volker.Lendecke at sernet.de wrote: On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Wait until the next major releases pick it up. that's a really crappy option. in certain cases that could be 4 years from now. Well, if you are an important enough RH customer you might be able to apply pressure. But that's a LOT of money probably. Same for SuSE. Debian will likely be very resistant against that kind of bribery^Wincentive. Debian already has 3.2.6 available in the stable repo: $ aptitude search linux-image ... i linux-image-3.2.6 - Linux kernel, version 3.2.6 ... My Fedora is running 3.3 and performance screams with reads and writes over cifs, especially to Samba. At least SuSE and RHEL6.2 appear to have upgraded their kernel far enough to get the really fast writes over cifs. Jeff Layton did a good job on these performance patches. Hard to complain about 95% network utilization (and it will get even better when the SMB2 and SMB2.1 support is merged). You will be even happier with 3.4 kernel on the client because then you can get even more parallelism (assuming you have a big set of disks to distribute work across on your server) when you set much larger values for max mux in the server's smb.conf you will be able to get up to 32768 requests in parallel queued to Samba. With today's networks and Samba the default for servers (of 50) is way too low - and with 3.4 kernel cifs client we will be able to send even more requests in parallel if the server indicates it can support it (more than 50 maximum multiplex requests). Note that Linux cifs kernel client always supported great parallelism and would easily use most of the network bandwidth if multiple processes were doing i/o against multiple files on the same mount - but with 3.0 (for sequential write like file copies) and later kernels for reads - cifs is VERY fast now. Prior to 3.0 kernel for fast file copies from Windows or Samba servers you can use smbclient (user space tool) which due to good work by Volker has had nice performance for sequential read/wirte for a few years. -- Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMBD Crash
On Sun, Apr 22, 2012 at 02:29:29PM -0400, Patrick Flaherty wrote: Our software utilizes an OS X Server (Snow Leopard 10.6.8) for file read and writes. We gather files out of many directories, process them, and then write files back to the server. We had a long time end user who utilizes our software with an XP box upgrade from XP to Windows 7. Now with Windows 7 the SMBD is crashing routinely under heavy loads. Whatever information it was working on at the time is corrupted. EVEN WORSE the SMBD respawns silently under a new process and reconnects, so we don't know that the smb server crashed or that the data has become corrupt. The problem is intermitant, but frequent. I'll throw 16 duplicates of the same file at the system and it will fail on, say, files 11 and 16. This is the same file under a different name. Here's a sample crash log (they're all about the same.) Is this the 3.0.x-based smbd that Apple ships ? Or a more modern smbd running somewhere else ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs behaving differently on Samba 4 / Ubuntu 12.04 / Bind 9.81 between ZFS and EXT4 file systems
On 04/18/2012 01:06 PM, Ben Metcalfe wrote:
Dear all,
The system is Ubuntu 12.04 (latest beta as of yesterday)
Bind 9.81 (12.04 standard)
Samba 4, also git-cloned yesterday.
I've imported a zpool created on another ubuntu system with the same
version of zfs-linux (RC-8) http://zfsonlinux.org/
The zpool is working perfectly well; responsive, no errors reported,
scrubbed.
Samba can see the zpool as part of the greater file system and share the
600GB or so spread across the varios zfs file systems on it via cifs.
I've been through all the tests mentioned on the Samba 4 HOWTO and they
return successful results.
I'm sharing only via smb.conf - not using native ZFS CIFS commands.
The problem:
When I alter file permissions via CIFS from an XP Pro sp3 client (patched
up to date, joined to the domain and able to administer AD users and
computers) on any folder or subfolder shared from the zpool, I lose access
to that folder via CIFS. I can still see the folder from its parent
directory, but can't browse into it via CIFS. I can still browse the folder
on the server's command line.
The XP Pro client fails with the message:
*The data area passed to a system call is too small*
The OSX Snowleopard client just gives a silent fail.
I click in, and nothing happens.
When I mv the same broken folder to an EXT4 file system via the server's
command line, I can repair the acls using:
get acls: /usr/local/samba/bin/samba-tool ntacl get --as-sddl
/${ZPOOL}/Lou/stuff/
returns: ‘O:S-1-5-21-1345677-x-2594716733-500G..etc
set acls: /usr/local/samba/bin/samba-tool ntacl set
‘O:S-1-5-21-1345677-x-2594716733-500G..etc’ /${EXT4
Sharename}/Lou/stuff/
...after which I update the smb.conf entry and can browse the folder as
normal, as long as it stays on the EXT4-backed share.
Well it might be something completely different.
Can you post the sddl you get + posix acls for the folder in ZFS ?
The acl-compliance tests:
setfattr -n user.test -v test test.txt
setfattr -n security.test -v test2 test.txt
getfattr -d test.txt
...return the correct results on both filesystems; EXT4 and ZFS.
Can you try to create a new folder in the ZFS filesystem and set ACLs on
it and see how you can access it ?.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CVE-2012-1182 patches
On 04/16/2012 05:45 PM, Earl J Sanchez wrote: Hi, We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at the samba site for patches for the CVE-2012-1182 vulnerability, but the closest patch versions I see are for samba 3.4.15 3.4.16. Is there a specific patch to fix samba 3.4.2? Also, since we are patching, is there a cluster of patches available specifically for samba 3.4.2? No we produce patches always for the latest version in a given branch (3.4, 3.5, 3.6, ...), if the samba that you are using is the one that was packaged by Sun and if you are still under support by Oracle then ask them for an update. If you build your own samba then you have two options: * try to backport the patches between 3.4.14 and 3.4.15 as they all are related to the security fix * upgrade to 3.4.15 The backport should work pretty easily as it's related to generated code and shouldn't be much impacted by the fixes made between 3.4.2 and 3.4.14. Upgrade to 3.4.15 should be doable too as we just push minor fix between version in the same branch. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMBD Crash
On Sat, Apr 28, 2012 at 06:35:05PM -0400, Patrick Flaherty wrote: Yes, version 3.0.28-apple which ships with 10.6.8. Apple so far has been useless in trying to solve this. I have Redhat machines with later versions and have not had the problem reported. Best I can tell it has to do with our software accessing the registry repeatedly and finally SMBD falls over. This only with a Windows 7 box as I can run XP all day without issue doing the same access to the registry. I'm almost sure it accessing the registry going by what I see in packet traces. (DCERPC Bind .. is the packet that shows a fault and the daemon terminates and another SMBD picks the session up like nothing happened.) Well we have updated our RPC implementation significantly since 3.0.28, but unfortunately for religious reasons Apple refuses to ship versions of Samba after 3.0.x. Unless you can reproduce with the 3.5.x or 3.6.x series of Samba I'm afraid we can't help, only Apple can help. 3.0.x has been out of support from the Samba Team for many years now. It's one of the costs of lock-in from a proprietary vendor I'm afraid. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMBD Crash
Yes, version 3.0.28-apple which ships with 10.6.8. Apple so far has been useless in trying to solve this. I have Redhat machines with later versions and have not had the problem reported. Best I can tell it has to do with our software accessing the registry repeatedly and finally SMBD falls over. This only with a Windows 7 box as I can run XP all day without issue doing the same access to the registry. I'm almost sure it accessing the registry going by what I see in packet traces. (DCERPC Bind .. is the packet that shows a fault and the daemon terminates and another SMBD picks the session up like nothing happened.) Pat. On Apr 28, 2012, at 4:37 PM, Jeremy Allison wrote: On Sun, Apr 22, 2012 at 02:29:29PM -0400, Patrick Flaherty wrote: Our software utilizes an OS X Server (Snow Leopard 10.6.8) for file read and writes. We gather files out of many directories, process them, and then write files back to the server. We had a long time end user who utilizes our software with an XP box upgrade from XP to Windows 7. Now with Windows 7 the SMBD is crashing routinely under heavy loads. Whatever information it was working on at the time is corrupted. EVEN WORSE the SMBD respawns silently under a new process and reconnects, so we don't know that the smb server crashed or that the data has become corrupt. The problem is intermitant, but frequent. I'll throw 16 duplicates of the same file at the system and it will fail on, say, files 11 and 16. This is the same file under a different name. Here's a sample crash log (they're all about the same.) Is this the 3.0.x-based smbd that Apple ships ? Or a more modern smbd running somewhere else ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smb.conf: per group config for multiple group environment
I have 2 groups of users: sales and support. In my samba server, I create 2 shares: sales_share and support_share. I want to make: - sales_share available to sales group but not support group. - support_share available to support group but not sales group. First, I try to config sales_share: [sales_share] path = /mnt/sales valid users = @sales force group = sales read only = No available = No include = /etc/samba/%G.conf I create file /etc/samba/sales.conf as follow: available = Yes I restart smb service and try on Windows PC, login as sales user and I can access to sales_share. Login as support user and the sales_share is not available. So far so good. I then create support_share: [support_share] path = /mnt/support valid users = @support force group = support read only = No available = No include = /etc/samba/%G.conf and create file /etc/samba/support.conf as follow: available = Yes Restart the smb service but the outcome: - sales_share is available to sales and support group - support_share is available to sales and support group How may I configure samba share to allow per group config if I have multiple groups? -- Best regards, Chau Chee Yang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem adding sambaGroupMapping
Thank you! it runs On 04/27/2012 08:10 PM, steve wrote: dn: cn=Students,ou=Groups,dc=amahoro,dc=bi changetype: modify add: objectClass objectClass: posixGroup - add: objectClass objectClass: sambaGroupMapping - add: sambaSID sambaSID: S-1-5-21-251852451-2940789264-3475694606 - add: sambaGroupType sambaGroupType: 5 Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB2 write performace slower than SMB1 in 10Gb network
On Sat, Apr 28, 2012 at 01:46:35PM +0800, Zhiming Zhou wrote: I use Iometer to test normal file read/write performance, at first, SMB2 is not enabled,test 1MB sequential read/write performance with SMB1, I got 610 MB/s write performance which is really good, while read performance is just 280 MB/s. Then I change max protocol to SMB2 in smb.conf to enable SMB2, other configs in smb.conf are not changed, restart samba, reconnect in Windows 2008, use Iometer to run test again, I got 470 MB/s write performance and 505 MB/s read performance. It's quite good that read performance bursts with SMB2, but write performace droped by 140 MB/s, I run this write test serveral times again, write performance indeed droped a lot, so is it normal that SMB2 write performance is slower than SMB1? No, this is not normal. Maybe you want to enable async I/O. Depending on the platform, plain aio might work with aio write size = 1 It might be a good idea to also enable vfs objects = aio_fork With latest Samba Jeremy Allison has also added the aio_pthread module, but that is not yet in released code. You can get it from the latest v3-6-test branch in our git repository. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems ldap authentication for Samba 3.5.11-2-1
Hi rlvcosta, the official samba howto provides all the information you are looking for. IMHO the LDAP user profile is incomplete, because necessary attributes are missing. So check out the howto and search for LDAP and/ or go to the section concerning Domain Backup. Cheers Christian Von meinem iPod gesendet Am 28.04.2012 um 04:53 schrieb rlvcosta rlvco...@hotmail.com: Samba team, I'm having some problems to have a client Windows XP, I believe all systems could have the same issue, using Ldap authentication with Samba. This is a native OpenFiler configuration with a local LDAP server for Samba shares. The problem is that sharing is never authenticated where my suspicious is about sambaSID. Basically I create a test user called rlvcosta. This user was created into LDAP as : dn: uid=rlvcosta,ou=People,dc=flores,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount homeDirectory: /dev/null loginShell: /bin/false cn: rlvcosta givenName: rlvcosta sn: rlvcosta uid: rlvcosta uidNumber: 500 gidNumber: 9126 sambaSID: S-1-5-21-1299536883-3844537390-917088389-1001 This appears to be ok. Although when I put a tcpdumo trace I see: Lightweight Directory Access Protocol LDAPMessage searchRequest(161) dc=flores,dc=com wholeSubtree messageID: 161 protocolOp: searchRequest (3) searchRequest baseObject: dc=flores,dc=com scope: wholeSubtree (2) derefAliases: neverDerefAliases (0) sizeLimit: 0 timeLimit: 15 typesOnly: False Filter: ((sambaSID=S-1-5-21-1299536883-3844537390-917088389-513)(objectclass=sambaSamAccount)) filter: and (0) and: ((sambaSID=S-1-5-21-1299536883-3844537390-917088389-513)(objectclass=sambaSamAccount)) and: 2 items Filter: (sambaSID=S-1-5-21-1299536883-3844537390-917088389-513) and item: equalityMatch (3) equalityMatch attributeDesc: sambaSID assertionValue: S-1-5-21-1299536883-3844537390-917088389-513 Filter: (objectclass=sambaSamAccount) and item: equalityMatch (3) equalityMatch attributeDesc: objectclass assertionValue: sambaSamAccount attributes: 38 items AttributeDescription: uid AttributeDescription: uidNumber AttributeDescription: gidNumber AttributeDescription: homeDirectory AttributeDescription: sambaPwdLastSet AttributeDescription: sambaPwdCanChange AttributeDescription: sambaPwdMustChange AttributeDescription: sambaLogonTime AttributeDescription: sambaLogoffTime AttributeDescription: sambaKickoffTime AttributeDescription: cn AttributeDescription: sn AttributeDescription: displayName AttributeDescription: sambaHomeDrive AttributeDescription: sambaHomePath AttributeDescription: sambaLogonScript AttributeDescription: sambaProfilePath AttributeDescription: description AttributeDescription: sambaUserWorkstations AttributeDescription: sambaSID AttributeDescription: sambaPrimaryGroupSID AttributeDescription: sambaLMPassword AttributeDescription: sambaNTPassword AttributeDescription: sambaDomainName AttributeDescription: objectClass AttributeDescription: sambaAcctFlags AttributeDescription: sambaMungedDial AttributeDescription: sambaBadPasswordCount AttributeDescription: sambaBadPasswordTime AttributeDescription: sambaPasswordHistory AttributeDescription: modifyTimestamp AttributeDescription: sambaLogonHours AttributeDescription: modifyTimestamp AttributeDescription: uidNumber AttributeDescription: gidNumber AttributeDescription: homeDirectory AttributeDescription: loginShell AttributeDescription: gecos See that by Ldap DB the rlvcosta sambaSID is supposed to be S-1-5-21-1299536883-3844537390-917088389-1001. But the search made from Samba use the sufix 513, unless 1001. Samba receives appropriately the request from client but looks like it doesn't map correctly the search to LDAP server. I could not understand by the tcpdump trace the dynamic from Samba authentication with LDAP. The LDAP has the correct structure but the search from Samba doesn't create the correct sambaSID. My understand would be that Samba search the sambaSID prefix, like below, and then suffix with user. But not sure how it does it or if there is abug in Samba. dn: sambaDomainName=CACTO,dc=flores,dc=com sambaDomainName: CACTO sambaSID: S-1-5-21-1299536883-3844537390-917088389 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain Do you have any comments? Is there any documentation about detailed ldap authentication used by Samba? In the end I can only make shares available using Public guest access, not controlled access. -- View this message in context: http://samba.2283325.n4.nabble.com/Problems-ldap-authentication-for-Samba-3-5-11-2-1-tp4594155p4594155.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions:
[Samba] cannot populate with smbldap-populate
Hi, i cannot end the populating process using smbldap-populate due to this errors: root@amahoro:~# smbldap-populate Populating LDAP directory for domain AMAHORO (S-1-5-21-251852451-2940789264-3475694606) (using builtin directory structure) entry dc=amahoro,dc=bi already exist. entry ou=Users,dc=amahoro,dc=bi already exist. entry ou=Groups,dc=amahoro,dc=bi already exist. entry ou=Computers,dc=amahoro,dc=bi already exist. entry ou=Idmap,dc=amahoro,dc=bi already exist. adding new entry: uid=root,ou=Users,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 58. adding new entry: uid=nobody,ou=Users,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 101. adding new entry: cn=Domain Users,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 134. adding new entry: cn=Administrators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 179. adding new entry: cn=Account Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 201. adding new entry: cn=Print Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 223. adding new entry: cn=Replicators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, GEN1 line 234. entry sambaDomainName=AMAHORO,dc=amahoro,dc=bi already exist. Updating it... Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist i don't find the error index generation failed on internet. Do you know the problem? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] s3fs proposal
Hi How about calling s3fs, s4fs? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Tools
On 27/04/12 21:40, sandy.napo...@eccmg.cupet.cu wrote: Helo list, there is some tool to admin samba4 active directory users and gpo under linux, for examplo in windows thereis a adminpack, in linux thereis something as adminpack? PD: I do not like phpldapadmin salu2s Resara have quite a nice front end for Linux called Admin Console: http://www.resara.org/index.php?option=com_contentview=articleid=49 The source is here: https://bitbucket.org/resara/resara-server/downloads salu2, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Installing Samba on RedHat Linux 5.3
Hi there, I am a real Linux newbie and need help how to install these samba files. Red Hat Enterprise Linux Server release 5.3 (Tikanga) Kernel 2.6.18-128.el5 on an x86_64 $ ls libsmbclient0-3.6.4-44.el5.x86_64.rpm libsmbclient-devel-3.6.4-44.el5.x86_64.rpm libwbclient0-32bit-3.6.4-44.el5.i386.rpm libwbclient0-3.6.4-44.el5.x86_64.rpm libwbclient-devel-3.6.4-44.el5.x86_64.rpm samba3-3.6.4-44.el5.x86_64.rpm samba3-client-3.6.4-44.el5.x86_64.rpm samba3-debuginfo-3.6.4-44.el5.x86_64.rpm samba3-doc-3.6.4-44.el5.x86_64.rpm samba3-utils-3.6.4-44.el5.x86_64.rpm samba3-winbind-32bit-3.6.4-44.el5.i386.rpm samba3-winbind-3.6.4-44.el5.x86_64.rpm $ uname -a Linux euapg-db005 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86x $ rpm -qa | grep release redhat-release-notes-5Server-25 redhat-release-5Server-5.3.0.3 $ Please help me with this as soon as possible. Many thanks Ronnie This email and any files transmitted with it contain information which may be confidential and which may also be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Unless you are the intended recipient you may not copy or use it, or disclose it to anyone else. Any opinions expressed are that of the individual and not necessarily that of Europ Assistance Holdings Ltd or any of its subsidiaries. If you have received this email in error please notify mailto:postmas...@europ-assistance.co.uk Europ Assistance Holdings Limited Registered Office: Sussex House, Perrymount Road, Haywards Heath, West Sussex, RH16 1DN. Registered in England No: 758979. Europ Assistance Holdings Limited is authorised and regulated by the Financial Services Authority. (FSA Registered number 311883) This footnote also confirms that this email message has been swept by Sophos Anti-Virus for the presence of computer viruses. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0dc3f42 Add an audit file VFS routine so we can handle auditing
with SACLs.
from 12ee793 s4:torture: add a check for talloc success in
rpc.samba3.randomauth2
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267
Author: Richard Sharpe realrichardsha...@gmail.com
Date: Fri Apr 27 21:31:34 2012 -0700
Add an audit file VFS routine so we can handle auditing with SACLs.
Autobuild-User: Richard Sharpe sha...@samba.org
Autobuild-Date: Sat Apr 28 08:05:00 CEST 2012 on sn-devel-104
---
Summary of changes:
source3/include/vfs.h |6 ++
source3/include/vfs_macros.h |5 +
source3/modules/vfs_default.c | 10 ++
source3/smbd/vfs.c| 14 ++
4 files changed, 35 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index e858235..b5f234a 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -370,6 +370,12 @@ struct vfs_fn_pointers {
uint32 security_info_sent,
const struct security_descriptor *psd);
+ NTSTATUS (*audit_file_fn)(struct vfs_handle_struct *handle,
+ struct smb_filename *file,
+ struct security_acl *sacl,
+ uint32_t access_requested,
+ uint32_t access_denied);
+
/* POSIX ACL operations. */
int (*chmod_acl_fn)(struct vfs_handle_struct *handle, const char *name,
mode_t mode);
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index c324439..3c2256b 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -389,6 +389,11 @@
#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) \
smb_vfs_call_get_nt_acl((handle)-next, (name), (security_info),
(ppdesc))
+#define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \
+ smb_vfs_call_audit_file((conn)-vfs_handles, (name), (sacl),
(access_requested), (access_denied))
+#define SMB_VFS_NEXT_AUDIT_FILE(handle, name, sacl, access_requested,
access_denied) \
+ smb_vfs_call_audit_file((handle)-next, (name), (sacl),
(access_requested), (access_denied))
+
#define SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd) \
smb_vfs_call_fset_nt_acl((fsp)-conn-vfs_handles, (fsp),
(security_info_sent), (psd))
#define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd) \
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index dd54417..887dbcb 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1872,6 +1872,15 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct
*handle, files_struct *fsp
return result;
}
+NTSTATUS vfswrap_audit_file(struct vfs_handle_struct *handle,
+ struct smb_filename *file,
+ struct security_acl *sacl,
+ uint32_t access_requested,
+ uint32_t access_denied)
+{
+ return NT_STATUS_OK; /* Nothing to do here ... */
+}
+
static int vfswrap_chmod_acl(vfs_handle_struct *handle, const char *name,
mode_t mode)
{
#ifdef HAVE_NO_ACL
@@ -2249,6 +2258,7 @@ static struct vfs_fn_pointers vfs_default_fns = {
.fget_nt_acl_fn = vfswrap_fget_nt_acl,
.get_nt_acl_fn = vfswrap_get_nt_acl,
.fset_nt_acl_fn = vfswrap_fset_nt_acl,
+ .audit_file_fn = vfswrap_audit_file,
/* POSIX ACL operations. */
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 6c9692a..2be6c54 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1958,6 +1958,20 @@ NTSTATUS smb_vfs_call_fset_nt_acl(struct
vfs_handle_struct *handle,
psd);
}
+NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle,
+struct smb_filename *file,
+struct security_acl *sacl,
+uint32_t access_requested,
+uint32_t access_denied)
+{
+ VFS_FIND(audit_file);
+ return handle-fns-audit_file_fn(handle,
+ file,
+ sacl,
+ access_requested,
+ access_denied);
+}
+
int smb_vfs_call_chmod_acl(struct vfs_handle_struct *handle, const char *name,
mode_t mode)
{
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5712e51 s3: Remove a SMB_ASSERT
via 4a28c6c s3: Fix bug 8904 -- wbinfo --lookup-sids crashes winbind
from 0dc3f42 Add an audit file VFS routine so we can handle auditing
with SACLs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5712e5199ec0231c241f0d0ca02f477d05892bb7
Author: Volker Lendecke v...@samba.org
Date: Sat Apr 28 19:55:31 2012 +0200
s3: Remove a SMB_ASSERT
Autobuild-User: Volker Lendecke v...@samba.org
Autobuild-Date: Sat Apr 28 23:38:45 CEST 2012 on sn-devel-104
commit 4a28c6ca7cd97535596dd93741689ff17bb1c395
Author: Volker Lendecke v...@samba.org
Date: Sat Apr 28 19:51:46 2012 +0200
s3: Fix bug 8904 -- wbinfo --lookup-sids crashes winbind
Much of the code further down and up the call chain expects the
structures wb_lookupsids returns to be allocated. Do that despite
we have nothing to look up.
---
Summary of changes:
source3/winbindd/wb_lookupsids.c | 16 ++--
1 files changed, 10 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
index e896860..b050bd0 100644
--- a/source3/winbindd/wb_lookupsids.c
+++ b/source3/winbindd/wb_lookupsids.c
@@ -123,11 +123,6 @@ struct tevent_req *wb_lookupsids_send(TALLOC_CTX *mem_ctx,
state-sids = sids;
state-num_sids = num_sids;
- if (num_sids == 0) {
- tevent_req_done(req);
- return tevent_req_post(req, ev);
- }
-
state-single_sids = talloc_array(state, uint32_t, num_sids);
if (tevent_req_nomem(state-single_sids, req)) {
return tevent_req_post(req, ev);
@@ -153,6 +148,11 @@ struct tevent_req *wb_lookupsids_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ if (num_sids == 0) {
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+
for (i=0; inum_sids; i++) {
struct wb_lookupsids_domain *d;
@@ -645,7 +645,11 @@ NTSTATUS wb_lookupsids_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
* if not we have a bug in the code!
*
*/
- SMB_ASSERT(state-res_names-count == state-num_sids);
+ if (state-res_names-count != state-num_sids) {
+ DEBUG(0, (res_names-count = %d, expected %d\n,
+ state-res_names-count, state-num_sids));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
/*
* Not strictly needed, but it might make debugging in the callers
--
Samba Shared Repository
