[Samba] Samba4 is it possible to change the IP of a DC?
Hi I need to change the IP of a DC from 192.168.1.6 to 192.168.1.8 I did so and restarted bind but on running samba_dnsupdate I get errors: samba_dnsupdate --verbose IPs: ['fe80::212:f0ff:fe06:9cda%eth1', '192.168.1.8'] Looking for DNS entry A polop.site 192.168.1.8 as polop.site. Failed to find matching DNS entry A polop.site 192.168.1.8 Looking for DNS entry A sam4dc.polop.site 192.168.1.8 as sam4dc.polop.site. Failed to find matching DNS entry A sam4dc.polop.site 192.168.1.8 Looking for DNS entry A gc._msdcs.polop.site 192.168.1.8 as gc._msdcs.polop.site. Failed to find matching DNS entry A gc._msdcs.polop.site 192.168.1.8 Kerberos fails: Traceback (most recent call last): File /usr/local/samba/sbin/samba_dnsupdate, line 485, in module get_credentials(lp) File /usr/local/samba/sbin/samba_dnsupdate, line 120, in get_credentials creds.get_named_ccache(lp, ccachename) RuntimeError: kinit for SAM4DC$@POLOP.SITE failed (Cannot contact any KDC for requested realm) Is it possible to change the IP? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Best way to add samba4 to existing domain
First both Samba4 dcs must know each other by dns. Do not provision the second samba4 as you want it to be in replication mode. Do not start samba on your new DC!! Then on your new DC: bin/net vampire your.realm. -Uadministrator --realm=your.realm If this is successful. Start samba on your new DC. Go on your 1st DC you setup. Now type: bin/ldbsearch -H /usr/local/samba/private/sam.ldb objectclass=ntdsdsa objectguid --cross-ncs EX result: # record 1 dn: CN=NTDS Settings,CN=NODE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur ation,DC=tuebingen,DC=tst,DC=loc objectGUID: 365d2a9f-bfe6-462d-965e-8622bfefc190 # record 2 dn: CN=NTDS Settings,CN=NODE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur ation,DC=tuebingen,DC=tst,DC=loc objectGUID: d6160c39-0810-4026-aa24-91c91797d892 Do not forget to update your dns settings after all. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Caleb O'Connell Gesendet: Dienstag, 7. August 2012 15:10 An: samba@lists.samba.org Betreff: [Samba] Best way to add samba4 to existing domain I have Samba4 running, and it had a win2k3 server joined to it. This is working great. I'd like to add another Ubuntu 12.04 server with samba4 beta5. What's the best join method? Do I provision the server as a member, then join using samba-tools domain join domain When I do it looks like it doesn't replicate the directory, just forwards? Should I provision as a DC with the same settings and then do the join? This fails with a IO_TIMEOUT sort of error. Is there another method that I just haven't discovered yet? Thanks in advance for all the great help. Caleb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote: steve wrote: On 07/08/12 16:15, Jonathan Buzzard wrote: On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: Uh? wide links seems a bad idea to me... At least from a security perspective. Why a single home directory? We have a single NFS share containing folders for the two domains and inside those a folder for each home. We are trying to migrate away from that, preferring a '[homes]' share where users will place the data they want to have available on every PC. This way even Firefox should work... Hi Diego We have home directories like: home2/staff home2/students/7a home2/students/7b Winbind allows only one template homedir and all user home folders must reside there (or tell me otherwise). The only way we can have what we want is: 1. use nss-ldapd and store the true uinixHomeDirectory in AD 2. winbind. We have a symlink in template homedir to the real data. For that we need wide links. 3. Use winbind to store the true unixHomeDirectory in AD. Hi If I store unixHomeDirectory in AD, winbind seems to ignore it. As far as it's concerned, all home directories have to be in template homedir. How would I use winbind to store it? This is why we tend toward 1. nss-ldapd pulls all of rfc2307 from AD. winbind seems to recognise only uidNumber and gidNumber. It doesn't sem to give you any control over login shell and unixHomeDirectory. Everyone has the same shell and homedir. Well it's read only, winbind pulls the information from the AD, but take out your template homedir/shell lines from smb.conf and do something like winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind enum users = yes winbind enum groups = yes Note you can get nested groups this way, something I don't think nss-ldapd provides. It does work I have it in production for over 1500 users right now with some 900 active SMB sessions. Hi Jonathan Is that with Samba3 or 4? I just tried it with Samba4 with unixHomeDirectory in AD. I removed template homedir =, created the user directory and gave it the correct permissions, but logging in, winbind tries to create the directory: su steve2 Creating directory ''. Unable to create and initialize directory ''. su: Permission denied Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
Hey Steve, I knew the error Can't initialize directory with the auto-create method of pam+winbind for home directories as well, but I think my setup is a little bit different than yours... My setup looks like this: - 50 linux-server - 5 AD secondary DC's (Active Directory w2k8 R2) - 1 Master-DC (Active Directory w2k8 R2) The linux-server were setup with RHEL 5 (nearly half of all). Approx. 15 server were setup with Oracle Linux 6.2 (nearly the same like RHEL). Do you use the same Linux-Version for your clients (e.g. servers)? If so just try to put the same pam-lines (/etc/pam.d/system-auth) into the file password-auth file (/etc/pam.d/password-auth). These are my files: -- /etc/pam.d/system-auth -- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_krb5.so use_first_pass auth sufficient pam_smb_auth.so use_first_pass nolocal auth sufficient pam_winbind.so use_first_pass require_membership_of=g-gr-eo-it-io-dc,g-gr-eo-it-ao auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid 500 quiet account sufficient pam_krb5.so account sufficient pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so session required pam_mkhomedir.so skel=/etc/skel umask=0077 -- /etc/pam.d/password-auth -- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_krb5.so use_first_pass auth sufficient pam_smb_auth.so use_first_pass nolocal auth sufficient pam_winbind.so use_first_pass require_membership_of=g-gr-eo-it-io-dc,g-gr-eo-it-ao auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid 500 quiet account sufficient pam_krb5.so account sufficient pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so session required pam_mkhomedir.so skel=/etc/skel umask=0077 And my smb.conf looks like this: # GLOBAL PARAMETERS [global] workgroup = MY-WORKGROUP realm = MY-DOMAIN.LCL password server = * preferred master = no server string = YOUR File-Server security = ads encrypt passwords = yes local master = no log level = 1 log file = /var/log/samba/%m max log size = 50 #printcap name = cups #printcap = cups printcap = /dev/null winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = \\ winbind refresh tickets = yes winbind offline logon = true winbind trusted domains only = no #winbind trusted domains only = yes map untrusted to domain = Yes allow trusted domains = yes obey pam restrictions = no idmap backend = tdb idmap uid = 1-60 idmap gid = 1-60 #idmap config EOS : tdb #idmap config EOS : 1-10 #idmap config DFD : tdb #idmap config DFD : 11-20 #idmap config * : backend = tdb #idmap config * : range = 1-60 passdb backend = tdbsam ;template primary group = domain users #template shell = /bin/false template shell = /bin/bash winbind nss info = rfc2307 client use spnego = yes client ntlmv2 auth = yes restrict anonymous = 2 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [homes] comment = Heimatverzeichnisse valid users = %S path = /home/DOMAIN/ read only = yes browseable = no #verstecke nicht-lesbare Verzeichnisse hide unreadable = yes #verstecke nicht-schreibbare Dateien u. Ordner hide unwriteable files = yes create mask = 0700 directory mask = 0700 When you login to one of my linux box with a user called schlegels, the home directory will be created like this: /home/DOMAIN/schlegels Oddjobd is not working for me... I don't know exactly if my setup is the same like yours, because I'm not able to read the whole conversation (too many things to do). Cheers and good luck, Steven 2012/8/8 steve st...@steve-ss.com: On 08/08/2012 12:35 AM, Jonathan Buzzard wrote: steve wrote: On 07/08/12 16:15, Jonathan Buzzard wrote: On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il
Re: [Samba] winbind: uid range is ignored
On 08/08/12 08:49, steve wrote: On 08/08/2012 12:35 AM, Jonathan Buzzard wrote: steve wrote: On 07/08/12 16:15, Jonathan Buzzard wrote: On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: Uh? wide links seems a bad idea to me... At least from a security perspective. Why a single home directory? We have a single NFS share containing folders for the two domains and inside those a folder for each home. We are trying to migrate away from that, preferring a '[homes]' share where users will place the data they want to have available on every PC. This way even Firefox should work... Hi Diego We have home directories like: home2/staff home2/students/7a home2/students/7b Winbind allows only one template homedir and all user home folders must reside there (or tell me otherwise). The only way we can have what we want is: 1. use nss-ldapd and store the true uinixHomeDirectory in AD 2. winbind. We have a symlink in template homedir to the real data. For that we need wide links. 3. Use winbind to store the true unixHomeDirectory in AD. Hi If I store unixHomeDirectory in AD, winbind seems to ignore it. As far as it's concerned, all home directories have to be in template homedir. How would I use winbind to store it? This is why we tend toward 1. nss-ldapd pulls all of rfc2307 from AD. winbind seems to recognise only uidNumber and gidNumber. It doesn't sem to give you any control over login shell and unixHomeDirectory. Everyone has the same shell and homedir. Well it's read only, winbind pulls the information from the AD, but take out your template homedir/shell lines from smb.conf and do something like winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind enum users = yes winbind enum groups = yes Note you can get nested groups this way, something I don't think nss-ldapd provides. It does work I have it in production for over 1500 users right now with some 900 active SMB sessions. Hi Jonathan Is that with Samba3 or 4? Do you think it is likely that I would have a production file server system in place with over 900 active SMB connections using an Alpha release piece of software? I don't even use 3.6 yet because it is showing too many issues in testing. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Best way to add samba4 to existing domain
On 8 August 2012 08:02, Daniel Müller muel...@tropenklinik.de wrote: First both Samba4 dcs must know each other by dns. Do not provision the second samba4 as you want it to be in replication mode. Do not start samba on your new DC!! Then on your new DC: bin/net vampire your.realm. -Uadministrator --realm=your.realm net vampire was the old way. Now you should use samba-tool domain join. If this is successful. Start samba on your new DC. Go on your 1st DC you setup. Now type: bin/ldbsearch -H /usr/local/samba/private/sam.ldb objectclass=ntdsdsa objectguid --cross-ncs EX result: # record 1 dn: CN=NTDS Settings,CN=NODE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur ation,DC=tuebingen,DC=tst,DC=loc objectGUID: 365d2a9f-bfe6-462d-965e-8622bfefc190 # record 2 dn: CN=NTDS Settings,CN=NODE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur ation,DC=tuebingen,DC=tst,DC=loc objectGUID: d6160c39-0810-4026-aa24-91c91797d892 Do not forget to update your dns settings after all. Good Luck Daniel -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CIFS proxy with samba4
Hi. Yesterday i compiled samba4 (beta6) to try the CIFS proxy functionnality. Here is my smb.conf: # Global parameters [global] workgroup = myworkgroup realm = mysociety.fr netbios name = LINBUNTU ;server role = active directory domain controller server role = member server passdb backend = samba4 [netlogon] path = /usr/local/samba/var/locks/sysvol/inist.fr/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [homes] comment = Home Directories browseable = no read only = no create mask = 0744 create mode = 0744 directory mask = 0755 directory mode = 0755 [seeida] ntvfs handler = cifs cifs:server = ida cifs:share = see cifs:domain = mydomain cifs:user = user cifs:password = password But when i start samba (/usr/local/samba/sbin/samba) it does not work In my logs file (log.smbd) I can see this warning: [2012/08/08 10:05:37.546915, 0] ../source3/param/loadparm.c:2340(service_ok) WARNING: No path in service seeida - making it unavailable! Same kind of messages when I run testparm: WARNING: No path in service seeida - making it unavailable! NOTE: Service seeida is flagged unavailable. Any ideas? Thanks in advance for your help. Ced T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] password change problem and no logon servers available
Hi, we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly) and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend and manage the users, groups and computer by using the smbldap-tools. Currently we are experiencing the following problems: 1. changing the passwords takes longer than 30 seconds - That's bad because we are using a gigabit ethernet network! 2. sometimes windows tells us that the user can't change their passwords at the current point of time 3. sometimes windows foces the users to change their passwords (we never told samba to do it!) 4. sometimes windows tells us that there are no logon server available! Are there any known bugs regarding to these problems? Do you need further information to investigate this problem? Florian Scholz [global] #!!! Authentifizierung des PDC in der Domäne workgroup = ASTA netbios name = samba domain logons = yes domain master = yes local master = yes server string = %h PDC (%v) comment = %h PDC (%v) #!!! Sichere, dass der PDC aufjedenfall von den Rechnern als praerer PDC verwend et wird. preferred master = yes os level = 20 #!!! Zeitsynchronisation (Synchronisiere die Computerzeit mit dem SAMBA-PDC) time server = yes #!!! Einschränkung des Netzwerkzugriffs interfaces = 192.168.100.253 bind interfaces only = yes #!!! Authentifizierung von Benutzern und Rechnern gegen den PDC security = user #!!! Folgende zwei Einstellungen stehen in Konflikt zueinander obey pam restrictions = yes encrypt passwords = yes admin users = root,admin #!!! Konfiguration des LDAP-Zugriffs passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=asta,dc=lan ldap machine suffix = ou=Computers ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap admin dn = cn=admin,dc=asta,dc=lan ldap passwd sync = yes ldap idmap suffix = ou=Idmap ldap ssl = no ldap delete dn = no ldap passwd sync = yes # Die IDMAP-Einstellungen sollten mit denen in Krefeld übereinstimmen, so dass SAMBA funktioniert. # Zweck der IDMAP-Einstellungen ist die Darstellung der Windows-SIDs als UNIX-ID s idmap uid = 1-2 idmap gid = 1-2 #!!! UNIX-Passwörter ändern unix password sync = yes passwd program = /usr/bin/passwd %u #!!! Default-Einstellungen für neue SAMBA-Benutzer template shell = /bin/false template homedir = /home/%U #!!! Windows-Anmeldung logon drive = h: logon script = netlogon.bat #!!! Tuning und systemspezifische Einstellungen #socket options = TCP_NODELAY # #kernel oplocks = no #posix locking = no socket options = TCP_NODELAY kernel oplocks = yes posix locking = yes # kernel oplocks = yes # #WINS-Namen nicht via DNS auflF6sen # dns proxy = no #Tuning aus Blog getwd cache = yes lpq cache = 30 oplocks = yes #!!! Debug-Logging #log level = 2 auth:3 smb:3 #log file = /var/log/samba/%U.log #max log size = 1000 #!!! Sonstiges hide files = /desktop.ini/profile.V2/$RECYCLE.BIN/ #!!! Zur Authentifizierung benoetigte Shares [netlogon] comment = Network Logon Service path = /home/samba/netlogon browseable = no public = yes [profiles] comment = User Profiles create mask = 0700 directory mask = 0700 writeable = yes browsable = no [homes] comment = Home Directory %U create mask = 0755 directory mask = 0755 writeable = yes browsable = no #!!! Das AStA-Share aus Krefeld [asta] comment = asta path = /home/samba/asta/ browsable = yes writeable = yes hide unreadable = yes hide special files = yes create mask = 0775 directory mask = 0775 #!!! Die Home-Verzeichnisse ausoenchengladbach [gladbach] comment = asta path = /mnt/mg browsable = yes writeable = yes hide unreadable = yes hide special files = yes create mask = 0775 directory mask = 0775 [backup] comment = asta path = /home/samba/backup browsable = yes writeable = yes hide unreadable = yes hide special files = yes create mask = 0775 directory mask = 0775 guest ok = yes guest only = yes guest
[Samba] getent group not working
Hi Ubuntu 12.04 LTS client with 3.6.3 joined to the Samba4 AD domain. smb.conf winbind enum users = Yes winbind enum groups = Yes idmap config *:backend=tdb idmap config *:range=1-1 idmap config ALTEA:backend=ad idmap config ALTEA:range=2-4000 getent passwd and wbinfo -u returns all AD users correctly wbinfo -g returns all AD groups correctly getent group fails. Only local groups are returned. getent group works OK on the Samba4 DC. I have disabled firewalls at both ends and torn down apparmor at both ends. Any ideas anyone? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group not working
On 08/08/12 11:59, steve wrote: Hi Ubuntu 12.04 LTS client with 3.6.3 joined to the Samba4 AD domain. smb.conf winbind enum users = Yes winbind enum groups = Yes idmap config *:backend=tdb idmap config *:range=1-1 idmap config ALTEA:backend=ad idmap config ALTEA:range=2-4000 getent passwd and wbinfo -u returns all AD users correctly wbinfo -g returns all AD groups correctly getent group fails. Only local groups are returned. getent group works OK on the Samba4 DC. I have disabled firewalls at both ends and torn down apparmor at both ends. Any ideas anyone? Cheers, Steve Hi, I am also getting this on Xubuntu 12.04 against a Samba 4 domain, but 'getent group linuxusers' does return the following info, linuxusers:x:312: and you can create dirs and files and chgrp them to the domain group. My smb.conf idmap config * : backend = tdb idmap config * : range = 1100-2000 idmap config HOME : backend = ad idmap config HOME : range = 300-310 idmap config HOME : schema_mode = rfc2307 I do not understand why 'getent group' only returns local groups when 'getent group linuxusers' does returns the info. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 3.0.9-3.0.37 Deleting files not working
Hello, we were using Samba 3.0.9 on Solaris 10 x86 and Sparc in a productive environment and upgraded to 3.0.37 to fix a security vulnerability. Now we experience problems in some circumstances when we try to delete a file from a share mounted by a Windows Client. The share is named ZENTRAL. This is the share entry: [ZENTRAL] comment=Ablage ZENTRAL path=/daten/ablagen/ZENTRAL case sensitive=no create mask=0770 valid users=@ZENTRAL write list=@ZENTRAL force group=ZENTRAL These are the unix rights: drwxrwx--- 2 root other512 Aug 8 11:15 . drwxrwx--x 35 rootZENTRAL 2048 Aug 8 10:26 .. (This is the share root directory: /daten/ablagen/ZENTRAL) -rwxrwxrwx 1 user1 ZENTRAL0 Aug 8 11:15 neu.txt user1 belongs to the groups other and ZENTRAL and is able to delete this file Using a unix shell and navigate to the directory but he is not able to delete it using the samba share. He gets a permission denied. This behaviour is new. With 3.0.9 it is possible to delete this file. When i chgrp the directory . to ZENTRAL everything works as expected with 3.0.37 too. The problem only exists, when the . directory does not have the same group as the share. If needed, here is our global section. Some of these entries could be plain wrong respectively not needed, but we are not able to change them easily because of company guidelines. [global] os level=65 password level=1 security=user encrypt passwords=yes smb passwd file=/usr/local/samba/private/smbpasswd workgroup=ourgroup guest account=nobody max log size=30 share modes=yes locking=yes strict locking=yes lock directory=/var/adm/samba/locks ; max log size = 5000 log level=1 log file=/var/adm/samba/smb.log pid directory=/var/run server string=%h force directory mode=0770 browseable=no follow symlinks=no preserve case=no short preserve case=no case sensitive=no oplocks=no level2 oplocks=no wins support=yes The question is: Is this a bug or feature? If feature, then what is the intention behind this feature, as the user has delete rights for this file using unix and so should have this rights using samba too i think. Is there a conf parameter that we can set to get back the old behaviour? With kind regards, Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password change problem and no logon servers available
we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly) and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend and manage the users, groups and computer by using the smbldap-tools. Currently we are experiencing the following problems: 1. changing the passwords takes longer than 30 seconds - That's bad because we are using a gigabit ethernet network! 2. sometimes windows tells us that the user can't change their passwords at the current point of time 3. sometimes windows foces the users to change their passwords (we never told samba to do it!) 4. sometimes windows tells us that there are no logon server available! Are there any known bugs regarding to these problems? Do you need further information to investigate this problem? I do not have any of these bugs on my samba3 based network at work. I believe my PDC and BDCs are samba-3.5.X and I am using the last released openldap 2.3.X release on all 3 ldap servers. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] access my created share in smb.conf Only by Ip
Hello samba4 beta5 *s4-ad - samba server Host name test.s4.com - domain name* *Dns Server - Samba Internal DNS server , Bind 9.9.1-P2* win xp have access to default share such as sysvol by dns name (\\test.s4.com \sysvol) but if created a share in smb.conf Only access by IP such as : \\test.s4.com\myshare - no access ! \\192.168.1.6\myshare - access If using *s4-ad.test.s4.com* my share accessible !!! \\test.s4.com\myshare - no access ! \\*s4-ad*.s4.com http://test.s4.com\myshare - access ! \\test.s4.com\sysvol - access ! \\*s4-ad* http://test.s4.com. http://test.s4.comtest.s4.com\sysvol - access ! Note: In *\\test.s4.com* seen all the shared directory, but not accessible in *samba alpha17* no need type *s4-ad* what happened ? This is Bug in samba4 beta 5 ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4(git) user log on to workstation not work
This is Bug in samba4 ? On Tue, Aug 7, 2012 at 11:40 AM, Mohammad Ebrahim Abravi lamp@gmail.com wrote: Hi * admin pak - select an OU - right click on a user name - properties - account - Log On to - checked (the following computer) - add (Xpclone4 )* *In samba4 beta5 Not work* and user not able to login from all computer !!! * Note : On samba 4.0.11 this setting work* why ? thanks On Tue, Mar 13, 2012 at 1:50 PM, Mohammad Ebrahim Abravi lamp@gmail.com wrote: Active NetBios over TCP/Ip on client and work On Tue, Mar 13, 2012 at 11:08 AM, Mohammad Ebrahim Abravi lamp@gmail.com wrote: Downgrade To samba 4.0.11 ? On Sun, Mar 11, 2012 at 1:29 PM, Mohammad Ebrahim Abravi lamp@gmail.com wrote: site9 is computer name On Sun, Mar 11, 2012 at 1:22 PM, Matthias Dieter Wallnöfer m...@samba.org wrote: This setting seems only to work with computer names, not sites. Mohammad Ebrahim Abravi schrieb: *This Error: Your account is configured to prevent you from using this computer.* On Wed, Mar 7, 2012 at 11:36 AM, Mohammad Ebrahim Abravi lamp@gmail.com wrote: admin pak - select an OU - right click on a user name - properties - account - Log On to - checked (the following computer) - add (site9 ) On Wed, Mar 7, 2012 at 10:58 AM, Mohammad Ebrahim Abravi lamp@gmail.com wrote: Hi set the following setting on samba 4 but user can not login to site9 !, what? user - properties - account - Log On to - checked (the following computer) - add (site9 ) * * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group not working
On 08/08/12 12:38, Rowland Penny wrote: On 08/08/12 11:59, steve wrote: Hi Ubuntu 12.04 LTS client with 3.6.3 joined to the Samba4 AD domain. smb.conf winbind enum users = Yes winbind enum groups = Yes idmap config *:backend=tdb idmap config *:range=1-1 idmap config ALTEA:backend=ad idmap config ALTEA:range=2-4000 getent passwd and wbinfo -u returns all AD users correctly wbinfo -g returns all AD groups correctly getent group fails. Only local groups are returned. getent group works OK on the Samba4 DC. I have disabled firewalls at both ends and torn down apparmor at both ends. Any ideas anyone? Cheers, Steve Hi, I am also getting this on Xubuntu 12.04 against a Samba 4 domain, but 'getent group linuxusers' does return the following info, linuxusers:x:312: and you can create dirs and files and chgrp them to the domain group. My smb.conf idmap config * : backend = tdb idmap config * : range = 1100-2000 idmap config HOME : backend = ad idmap config HOME : range = 300-310 idmap config HOME : schema_mode = rfc2307 I do not understand why 'getent group' only returns local groups when 'getent group linuxusers' does returns the info. Rowland More info, with 'winbind use default domain = yes' in smb.conf on the client, 'getent group linuxusers' returns the info. Remove 'winbind use default domain = yes' from smb.conf and restart nmbd,smbd winbind, 'getent group linuxusers' now returns nothing, put the line back restart the daemons and the info comes back. Why does one line in smb.conf make such a big difference? Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to build vfs_zfsacl module on Linux platform?
Solaris OS has ZFS as primary filesystem, that has own implementation of ACL (NFS v4 ACL). Samba uses zfsacl and acl_xattr modules for converting NT ACL to ZFS ACL and extended attributes of file in this OS. ZfsOnLinux team ported ZFS as a number of kernel-linked modules to Linux OS, so ZFS on Linux supports NFS ACL, deduplication, compresson and other features of Solaris ZFS v.28. But NFS ACL is not compatible with POSIX ACL, the one type of ACL Samba can use on Linux platform. Acl_xattr and acl_tdb modules cannot solve problem, because it's required a filesytem with POSIX ACL support for storing generic ACL attrbutes. So, can I build vfs_zfsacl module on Linux, or building required Solaris-specific header files? Debian 6 Squeeze x64 Linux 3.4-generic ZfsOnLinux v.0.6.0-rc9 Samba 3.6.6 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password change problem and no logon servers available
Is this a single domain controller environment (1 PDC) or do you also have one or more BDC's? Are you using WINS? that should help clients find domain controllers. Is there is difference between XP and Windows 7 clients? As you probably know, you can login to a windows machine with cached credentials even if it is not connected to the network. I found with Windows 7 machines sometimes you may have logged into the computer with your network account, the domain controller was not reached, you get authenticated with cached credentials and you don't know there is an issue until you try changing your password. This is more likely to happen with laptops that may get disconnected and reconnected from the network with out doing a complete shutdown 1st. pdbedit -Lv username should show you if the X flag is set for the user- if the X flag is set the user's password should never expire even if the domain policy sets a max password age. If you have an ldap browser, look at the top level sambaDomainObject. There may be a sambamaxpwdage (n seconds) param. On 08/08/12 06:12, Florian Scholz wrote: Hi, we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly) and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend and manage the users, groups and computer by using the smbldap-tools. Currently we are experiencing the following problems: 1. changing the passwords takes longer than 30 seconds - That's bad because we are using a gigabit ethernet network! 2. sometimes windows tells us that the user can't change their passwords at the current point of time 3. sometimes windows foces the users to change their passwords (we never told samba to do it!) 4. sometimes windows tells us that there are no logon server available! Are there any known bugs regarding to these problems? Do you need further information to investigate this problem? Florian Scholz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Best way to add samba4 to existing domain
The command I used on the new DC that I wanted to join to the existing domain was. samba-tool domain join domain DC -Uadministrator --realm=realm name This seems to have worked like a charm. Since I didn't yet have DNS setup on the new server, I added the servers to my hosts file. The process to get everything replicated to all servers took a little while, but now I have three servers (Two samba4 and one win2k3) all in the domain as Domain Controllers. First both Samba4 dcs must know each other by dns. Do not provision the second samba4 as you want it to be in replication mode. Do not start samba on your new DC!! Then on your new DC: bin/net vampire your.realm. -Uadministrator --realm=your.realm If this is successful. Start samba on your new DC. Go on your 1st DC you setup. Now type: bin/ldbsearch -H /usr/local/samba/private/sam.ldb objectclass=ntdsdsa objectguid --cross-ncs EX result: # record 1 dn: CN=NTDS Settings,CN=NODE1,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configur ation,DC=tuebingen,DC=tst,DC=loc objectGUID: 365d2a9f-bfe6-462d-965e-8622bfefc190 # record 2 dn: CN=NTDS Settings,CN=NODE2,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configur ation,DC=tuebingen,DC=tst,DC=loc objectGUID: d6160c39-0810-4026-aa24-91c91797d892 Do not forget to update your dns settings after all. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Caleb O'Connell Gesendet: Dienstag, 7. August 2012 15:10 An: samba@lists.samba.org Betreff: [Samba] Best way to add samba4 to existing domain I have Samba4 running, and it had a win2k3 server joined to it. This is working great. I'd like to add another Ubuntu 12.04 server with samba4 beta5. What's the best join method? Do I provision the server as a member, then join using samba-tools domain join domain When I do it looks like it doesn't replicate the directory, just forwards? Should I provision as a DC with the same settings and then do the join? This fails with a IO_TIMEOUT sort of error. Is there another method that I just haven't discovered yet? Thanks in advance for all the great help. Caleb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group not working
On 08/08/12 13:36, Rowland Penny wrote: [SNIP] More info, with 'winbind use default domain = yes' in smb.conf on the client, 'getent group linuxusers' returns the info. Remove 'winbind use default domain = yes' from smb.conf and restart nmbd,smbd winbind, 'getent group linuxusers' now returns nothing, put the line back restart the daemons and the info comes back. Why does one line in smb.conf make such a big difference? Remove it and do a 'getent group HOME\\linuxusers' and see if that works. Should explain why you need the user default domain in there. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group not working
On 08/08/12 14:45, Jonathan Buzzard wrote: On 08/08/12 13:36, Rowland Penny wrote: [SNIP] More info, with 'winbind use default domain = yes' in smb.conf on the client, 'getent group linuxusers' returns the info. Remove 'winbind use default domain = yes' from smb.conf and restart nmbd,smbd winbind, 'getent group linuxusers' now returns nothing, put the line back restart the daemons and the info comes back. Why does one line in smb.conf make such a big difference? Remove it and do a 'getent group HOME\\linuxusers' and see if that works. Should explain why you need the user default domain in there. JAB. ok, I removed the line and ran 'getent group HOME\\linuxusers' This returned 'HOME\linuxusers:x:312:', this is just the same as before but with the domain name stuck on the front, 'getent group' still returns nothing. So as I see it, with ''winbind use default domain = yes' in smb.conf, you do not need to give the domain name, but without it you do. I still do not see why 'getent group' does not return anything but local groups. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permisson Denied ao accces home dir
Hello, I make a samba server + ldap. I create some users and get login in mydomain with success. After login I can't write in paste user.But is denied. #some users created brasil:x:1012:513:Brasil Telhados:/dev/null:/bin/false atleticomg:x:1013:513:Clube Atletico MG:/home/atleticomg:/bin/bash #groups crated informatica:*:1001:atleticomg,natalia,faria marketing:*:1002:faria,natalia,rodrigo,rodrigofaria,brasil,atleticomg #permissions root@debian-ldap:~# ls -las /home/atleticomg/ total 8 4 drwxr-xr-x 2 atleticomg users 4096 Ago 8 09:55 . 4 drwxr-xr-x 7 root root 4096 Ago 8 10:28 .. #my smb.conf [global] workgroup = DEFENSORIABH netbios name = DEFENSORIABH server string = %h server obey pam restrictions = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon drive = H: domain logons = Yes os level = 100 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=defensoria,dc=net ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=people ldap suffix = dc=defensoria,dc=net ldap ssl = no ldap user suffix = ou=people panic action = /usr/share/samba/panic-action %d idmap backend = ldap:ldap://ldap.defensoria.net idmap uid = 1-2 idmap gid = 1-2 admin users = root [homes] comment = Home Directories valid users = %S create mask = 0640 directory mask = 0750 browseable = No [netlogon] comment = Users profiles path = /home/samba/profiles create mask = 0600 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No Any ideia ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.0.9-3.0.37 Deleting files not working
zfs or ufs? On 08/08/12 08:01, ing...@gmx.net wrote: Hello, we were using Samba 3.0.9 on Solaris 10 x86 and Sparc in a productive environment and upgraded to 3.0.37 to fix a security vulnerability. Now we experience problems in some circumstances when we try to delete a file from a share mounted by a Windows Client. The share is named ZENTRAL. This is the share entry: [ZENTRAL] comment=Ablage ZENTRAL path=/daten/ablagen/ZENTRAL case sensitive=no create mask=0770 valid users=@ZENTRAL write list=@ZENTRAL force group=ZENTRAL These are the unix rights: drwxrwx--- 2 root other512 Aug 8 11:15 . drwxrwx--x 35 rootZENTRAL 2048 Aug 8 10:26 .. (This is the share root directory: /daten/ablagen/ZENTRAL) -rwxrwxrwx 1 user1 ZENTRAL0 Aug 8 11:15 neu.txt user1 belongs to the groups other and ZENTRAL and is able to delete this file Using a unix shell and navigate to the directory but he is not able to delete it using the samba share. He gets a permission denied. This behaviour is new. With 3.0.9 it is possible to delete this file. When i chgrp the directory . to ZENTRAL everything works as expected with 3.0.37 too. The problem only exists, when the . directory does not have the same group as the share. If needed, here is our global section. Some of these entries could be plain wrong respectively not needed, but we are not able to change them easily because of company guidelines. [global] os level=65 password level=1 security=user encrypt passwords=yes smb passwd file=/usr/local/samba/private/smbpasswd workgroup=ourgroup guest account=nobody max log size=30 share modes=yes locking=yes strict locking=yes lock directory=/var/adm/samba/locks ; max log size = 5000 log level=1 log file=/var/adm/samba/smb.log pid directory=/var/run server string=%h force directory mode=0770 browseable=no follow symlinks=no preserve case=no short preserve case=no case sensitive=no oplocks=no level2 oplocks=no wins support=yes The question is: Is this a bug or feature? If feature, then what is the intention behind this feature, as the user has delete rights for this file using unix and so should have this rights using samba too i think. Is there a conf parameter that we can set to get back the old behaviour? With kind regards, Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group not working
On 08/08/12 16:13, Rowland Penny wrote: On 08/08/12 14:45, Jonathan Buzzard wrote: On 08/08/12 13:36, Rowland Penny wrote: [SNIP] Remove it and do a 'getent group HOME\\linuxusers' and see if that works. Should explain why you need the user default domain in there. JAB. ok, I removed the line and ran 'getent group HOME\\linuxusers' This returned 'HOME\linuxusers:x:312:', this is just the same as before but with the domain name stuck on the front, 'getent group' still returns nothing. So as I see it, with ''winbind use default domain = yes' in smb.conf, you do not need to give the domain name, but without it you do. I still do not see why 'getent group' does not return anything but local groups. Rowland OK getent passwd works as does wbinfo -u/-g getent passwd doesn't My workgroup is ALTEA I create a group staff2 with posixGroup and gidNumber of 21114 This works: getent group ALTEA\\staff2 ALTEA\staff2:x:21114: Back on the Samba4 DC at debug 3 the getent group command gives around 50 of these: ldb: ldb: dnAttributes extended match not supported yet getent group (without specifying a WORKGROUP\\group) returns only local groups. Unfortunately the question remains the same. Why does getent group return only local users? Is this just Ubuntu 12.04 with Samba 3.6.3? Can anyone confirm that it works on other distros? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 08/08/12 10:40, Jonathan Buzzard wrote: On 08/08/12 08:49, steve wrote: On 08/08/2012 12:35 AM, Jonathan Buzzard wrote: steve wrote: On 07/08/12 16:15, Jonathan Buzzard wrote: On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: Uh? wide links seems a bad idea to me... At least from a security perspective. Why a single home directory? We have a single NFS share containing folders for the two domains and inside those a folder for each home. We are trying to migrate away from that, preferring a '[homes]' share where users will place the data they want to have available on every PC. This way even Firefox should work... Hi Diego We have home directories like: home2/staff home2/students/7a home2/students/7b Winbind allows only one template homedir and all user home folders must reside there (or tell me otherwise). The only way we can have what we want is: 1. use nss-ldapd and store the true uinixHomeDirectory in AD 2. winbind. We have a symlink in template homedir to the real data. For that we need wide links. 3. Use winbind to store the true unixHomeDirectory in AD. Hi If I store unixHomeDirectory in AD, winbind seems to ignore it. As far as it's concerned, all home directories have to be in template homedir. How would I use winbind to store it? This is why we tend toward 1. nss-ldapd pulls all of rfc2307 from AD. winbind seems to recognise only uidNumber and gidNumber. It doesn't sem to give you any control over login shell and unixHomeDirectory. Everyone has the same shell and homedir. Well it's read only, winbind pulls the information from the AD, but take out your template homedir/shell lines from smb.conf and do something like winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind enum users = yes winbind enum groups = yes Thanks Jonathan I got it working. It needed a schema_mode line: idmap config MYDOMAIN:schema_mode = rfc2307 I can now finally remove wide links = Yes :-) nss-winbind seems slow. You can see the results of getent passwd appearing one at a time. With nss-ldapd, the second time you do a getent, it's instantaneous. Is there perhaps a cache I'm missing for winbind? (I have nscd turned off) Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 08/08/12 16:41, steve wrote: On 08/08/12 10:40, Jonathan Buzzard wrote: On 08/08/12 08:49, steve wrote: On 08/08/2012 12:35 AM, Jonathan Buzzard wrote: steve wrote: On 07/08/12 16:15, Jonathan Buzzard wrote: On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: Uh? wide links seems a bad idea to me... At least from a security perspective. Why a single home directory? We have a single NFS share containing folders for the two domains and inside those a folder for each home. We are trying to migrate away from that, preferring a '[homes]' share where users will place the data they want to have available on every PC. This way even Firefox should work... Hi Diego We have home directories like: home2/staff home2/students/7a home2/students/7b Winbind allows only one template homedir and all user home folders must reside there (or tell me otherwise). The only way we can have what we want is: 1. use nss-ldapd and store the true uinixHomeDirectory in AD 2. winbind. We have a symlink in template homedir to the real data. For that we need wide links. 3. Use winbind to store the true unixHomeDirectory in AD. Hi If I store unixHomeDirectory in AD, winbind seems to ignore it. As far as it's concerned, all home directories have to be in template homedir. How would I use winbind to store it? This is why we tend toward 1. nss-ldapd pulls all of rfc2307 from AD. winbind seems to recognise only uidNumber and gidNumber. It doesn't sem to give you any control over login shell and unixHomeDirectory. Everyone has the same shell and homedir. Well it's read only, winbind pulls the information from the AD, but take out your template homedir/shell lines from smb.conf and do something like winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind enum users = yes winbind enum groups = yes Thanks Jonathan I got it working. It needed a schema_mode line: idmap config MYDOMAIN:schema_mode = rfc2307 I can now finally remove wide links = Yes :-) nss-winbind seems slow. You can see the results of getent passwd appearing one at a time. With nss-ldapd, the second time you do a getent, it's instantaneous. Is there perhaps a cache I'm missing for winbind? (I have nscd turned off) Noting that nscd and winbind don't work properly together, the settings I use are idmap cache time = 604800 idmap negative cache time = 20 winbind cache time = 600 Performance seems good to me, especially once cached. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group not working
On 08/08/12 15:13, Rowland Penny wrote: On 08/08/12 14:45, Jonathan Buzzard wrote: On 08/08/12 13:36, Rowland Penny wrote: [SNIP] More info, with 'winbind use default domain = yes' in smb.conf on the client, 'getent group linuxusers' returns the info. Remove 'winbind use default domain = yes' from smb.conf and restart nmbd,smbd winbind, 'getent group linuxusers' now returns nothing, put the line back restart the daemons and the info comes back. Why does one line in smb.conf make such a big difference? Remove it and do a 'getent group HOME\\linuxusers' and see if that works. Should explain why you need the user default domain in there. JAB. ok, I removed the line and ran 'getent group HOME\\linuxusers' This returned 'HOME\linuxusers:x:312:', this is just the same as before but with the domain name stuck on the front, 'getent group' still returns nothing. So as I see it, with ''winbind use default domain = yes' in smb.conf, you do not need to give the domain name, but without it you do. I still do not see why 'getent group' does not return anything but local groups. You did make sure to nuke any DB's that Samba might have created locally when switching between the two? JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password change problem and no logon servers available
1. Only one PDC per subnetwork (physically another town) 2. I don't know if I'm using WINS but I don't think so. 3. Yes, there are some registry settings you have to apply to Windows 7 to make it compatible with SAMBA 3.6 4. Yes but I don't get the temporary session message :) 5. The X-flag isn't set. # ASTA, asta.lan dn: sambaDomainName=ASTA,dc=asta,dc=lan objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: ASTA sambaSID: S-1-5-21-3963991337-2686100338-2601203207 sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaLogonToChgPwd: 0 sambaMinPwdAge: 0 sambaForceLogoff: -1 sambaMinPwdLength: 4 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 gidNumber: 1049 sambaNextRid: 1028 uidNumber: 1209 2012/8/8 Gaiseric Vandal gaiseric.van...@gmail.com Is this a single domain controller environment (1 PDC) or do you also have one or more BDC's? Are you using WINS? that should help clients find domain controllers. Is there is difference between XP and Windows 7 clients? As you probably know, you can login to a windows machine with cached credentials even if it is not connected to the network. I found with Windows 7 machines sometimes you may have logged into the computer with your network account, the domain controller was not reached, you get authenticated with cached credentials and you don't know there is an issue until you try changing your password. This is more likely to happen with laptops that may get disconnected and reconnected from the network with out doing a complete shutdown 1st. pdbedit -Lv username should show you if the X flag is set for the user- if the X flag is set the user's password should never expire even if the domain policy sets a max password age. If you have an ldap browser, look at the top level sambaDomainObject. There may be a sambamaxpwdage (n seconds) param. On 08/08/12 06:12, Florian Scholz wrote: Hi, we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly) and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend and manage the users, groups and computer by using the smbldap-tools. Currently we are experiencing the following problems: 1. changing the passwords takes longer than 30 seconds - That's bad because we are using a gigabit ethernet network! 2. sometimes windows tells us that the user can't change their passwords at the current point of time 3. sometimes windows foces the users to change their passwords (we never told samba to do it!) 4. sometimes windows tells us that there are no logon server available! Are there any known bugs regarding to these problems? Do you need further information to investigate this problem? Florian Scholz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permisson Denied ao accces home dir
Hello, Just put the parametr writable = yes in section home. Thanks ! Rodrigo Faria De: rodrigo tavares rodrigofar...@yahoo.com.br Para: samba@lists.samba.org samba@lists.samba.org Enviadas: Quarta-feira, 8 de Agosto de 2012 11:15 Assunto: [Samba] Permisson Denied ao accces home dir Hello, I make a samba server + ldap. I create some users and get login in mydomain with success. After login I can't write in paste user.But is denied. #some users created brasil:x:1012:513:Brasil Telhados:/dev/null:/bin/false atleticomg:x:1013:513:Clube Atletico MG:/home/atleticomg:/bin/bash #groups crated informatica:*:1001:atleticomg,natalia,faria marketing:*:1002:faria,natalia,rodrigo,rodrigofaria,brasil,atleticomg #permissions root@debian-ldap:~# ls -las /home/atleticomg/ total 8 4 drwxr-xr-x 2 atleticomg users 4096 Ago 8 09:55 . 4 drwxr-xr-x 7 root root 4096 Ago 8 10:28 .. #my smb.conf [global] workgroup = DEFENSORIABH netbios name = DEFENSORIABH server string = %h server obey pam restrictions = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon drive = H: domain logons = Yes os level = 100 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=defensoria,dc=net ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=people ldap suffix = dc=defensoria,dc=net ldap ssl = no ldap user suffix = ou=people panic action = /usr/share/samba/panic-action %d idmap backend = ldap:ldap://ldap.defensoria.net idmap uid = 1-2 idmap gid = 1-2 admin users = root [homes] comment = Home Directories valid users = %S create mask = 0640 directory mask = 0750 browseable = No [netlogon] comment = Users profiles path = /home/samba/profiles create mask = 0600 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No Any ideia ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password change problem and no logon servers available
3. If you were able to join domain and log in to your PC, then your registry settings should not be an issue. I meant do you have this problem with XP and Win 7 or only Win 7? On 08/08/12 12:05, Florian Scholz wrote: 1. Only one PDC per subnetwork (physically another town) 2. I don't know if I'm using WINS but I don't think so. 3. Yes, there are some registry settings you have to apply to Windows 7 to make it compatible with SAMBA 3.6 4. Yes but I don't get the temporary session message :) 5. The X-flag isn't set. # ASTA, asta.lan dn: sambaDomainName=ASTA,dc=asta,dc=lan objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: ASTA sambaSID: S-1-5-21-3963991337-2686100338-2601203207 sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaLogonToChgPwd: 0 sambaMinPwdAge: 0 sambaForceLogoff: -1 sambaMinPwdLength: 4 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 gidNumber: 1049 sambaNextRid: 1028 uidNumber: 1209 2012/8/8 Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com Is this a single domain controller environment (1 PDC) or do you also have one or more BDC's? Are you using WINS? that should help clients find domain controllers. Is there is difference between XP and Windows 7 clients? As you probably know, you can login to a windows machine with cached credentials even if it is not connected to the network. I found with Windows 7 machines sometimes you may have logged into the computer with your network account, the domain controller was not reached, you get authenticated with cached credentials and you don't know there is an issue until you try changing your password. This is more likely to happen with laptops that may get disconnected and reconnected from the network with out doing a complete shutdown 1st. pdbedit -Lv username should show you if the X flag is set for the user- if the X flag is set the user's password should never expire even if the domain policy sets a max password age. If you have an ldap browser, look at the top level sambaDomainObject. There may be a sambamaxpwdage (n seconds) param. On 08/08/12 06:12, Florian Scholz wrote: Hi, we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly) and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend and manage the users, groups and computer by using the smbldap-tools. Currently we are experiencing the following problems: 1. changing the passwords takes longer than 30 seconds - That's bad because we are using a gigabit ethernet network! 2. sometimes windows tells us that the user can't change their passwords at the current point of time 3. sometimes windows foces the users to change their passwords (we never told samba to do it!) 4. sometimes windows tells us that there are no logon server available! Are there any known bugs regarding to these problems? Do you need further information to investigate this problem? Florian Scholz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group not working
On 08/08/12 16:58, Jonathan Buzzard wrote: On 08/08/12 15:13, Rowland Penny wrote: On 08/08/12 14:45, Jonathan Buzzard wrote: On 08/08/12 13:36, Rowland Penny wrote: [SNIP] More info, with 'winbind use default domain = yes' in smb.conf on the client, 'getent group linuxusers' returns the info. Remove 'winbind use default domain = yes' from smb.conf and restart nmbd,smbd winbind, 'getent group linuxusers' now returns nothing, put the line back restart the daemons and the info comes back. Why does one line in smb.conf make such a big difference? Remove it and do a 'getent group HOME\\linuxusers' and see if that works. Should explain why you need the user default domain in there. JAB. ok, I removed the line and ran 'getent group HOME\\linuxusers' This returned 'HOME\linuxusers:x:312:', this is just the same as before but with the domain name stuck on the front, 'getent group' still returns nothing. So as I see it, with ''winbind use default domain = yes' in smb.conf, you do not need to give the domain name, but without it you do. I still do not see why 'getent group' does not return anything but local groups. You did make sure to nuke any DB's that Samba might have created locally when switching between the two? JAB. Well no I didn't, but I have now, and it did not make any difference, exactly the same set of results. Why does 'getent group' on the samba4 server return all the users (local domain) and 'getent group' from 3.6.3 on the client only return local users? Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pslist.exe like utility for Linux?
Sorry for the off-topic post, but I figured this would be a good audience. I'm looking for a linux utility that could display the process list of a remote Windows machine much like pslist.exe does. Is anyone aware of such a beast? I suppose I could try running pslist.exe under wine, but I'd like to avoid that if possible. TIA, Orion -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On Wed, Aug 08, 2012 at 09:40:02AM +0100, Jonathan Buzzard wrote: Do you think it is likely that I would have a production file server system in place with over 900 active SMB connections using an Alpha release piece of software? I don't even use 3.6 yet because it is showing too many issues in testing. Don't forget to log bugs against 3.6.x if you are seeing problems in test ! That's the only way we'll get to know about them and fix them. Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Entrys in LDAP is not saving about the gecos
Hello ! I create one user with command: smbldap-useradd -a xbox -c Game XBOX -S Sell games -d /home/xbox -s /bin/false Then I type: smbldap-passwd xbox #define password ldap user smbpasswd -a xbox # create user samba So. I can to make login in my domain. I check atributtes gecos is: SystemUser. After I log in domain, in the top menu windows show:System User. I changed this value gecos, but each login the gecos show System User. It´s no changed never. This command in line 2, not define gecos, give default with System user. If i change the value gecos in LDAP before te fist login, the gecos is with value correct. Any sugesstion ? Thanks. Rodrigo Faria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password change problem and no logon servers available
I would look at the windows event log. It may be of help. Also nbtstat -a should show you the IP addresses for the domain , DC's and master browser. I found with both Samba and NT4 domains that using WINS helped- it shouldn't cause new problems at least. On 08/08/12 12:17, Florian Scholz wrote: I'm not using XP anymore.. and I meant that I applied the http://wiki.samba.org/index.php/Windows7 stuff before adding the computers to the domain 2012/8/8 Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com 3. If you were able to join domain and log in to your PC, then your registry settings should not be an issue. I meant do you have this problem with XP and Win 7 or only Win 7? On 08/08/12 12:05, Florian Scholz wrote: 1. Only one PDC per subnetwork (physically another town) 2. I don't know if I'm using WINS but I don't think so. 3. Yes, there are some registry settings you have to apply to Windows 7 to make it compatible with SAMBA 3.6 4. Yes but I don't get the temporary session message :) 5. The X-flag isn't set. # ASTA, asta.lan dn: sambaDomainName=ASTA,dc=asta,dc=lan objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: ASTA sambaSID: S-1-5-21-3963991337-2686100338-2601203207 sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaLogonToChgPwd: 0 sambaMinPwdAge: 0 sambaForceLogoff: -1 sambaMinPwdLength: 4 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 gidNumber: 1049 sambaNextRid: 1028 uidNumber: 1209 2012/8/8 Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com Is this a single domain controller environment (1 PDC) or do you also have one or more BDC's? Are you using WINS? that should help clients find domain controllers. Is there is difference between XP and Windows 7 clients? As you probably know, you can login to a windows machine with cached credentials even if it is not connected to the network. I found with Windows 7 machines sometimes you may have logged into the computer with your network account, the domain controller was not reached, you get authenticated with cached credentials and you don't know there is an issue until you try changing your password. This is more likely to happen with laptops that may get disconnected and reconnected from the network with out doing a complete shutdown 1st. pdbedit -Lv username should show you if the X flag is set for the user- if the X flag is set the user's password should never expire even if the domain policy sets a max password age. If you have an ldap browser, look at the top level sambaDomainObject. There may be a sambamaxpwdage (n seconds) param. On 08/08/12 06:12, Florian Scholz wrote: Hi, we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly) and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend and manage the users, groups and computer by using the smbldap-tools. Currently we are experiencing the following problems: 1. changing the passwords takes longer than 30 seconds - That's bad because we are using a gigabit ethernet network! 2. sometimes windows tells us that the user can't change their passwords at the current point of time 3. sometimes windows foces the users to change their passwords (we never told samba to do it!) 4. sometimes windows tells us that there are no logon server available! Are there any known bugs regarding to these problems? Do you need further information to investigate this problem? Florian Scholz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 08/08/2012 05:57 PM, Jonathan Buzzard wrote: On 08/08/12 16:41, steve wrote: On 08/08/12 10:40, Jonathan Buzzard wrote: On 08/08/12 08:49, steve wrote: On 08/08/2012 12:35 AM, Jonathan Buzzard wrote: steve wrote: On 07/08/12 16:15, Jonathan Buzzard wrote: On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: nss-winbind seems slow. You can see the results of getent passwd appearing one at a time. With nss-ldapd, the second time you do a getent, it's instantaneous. Is there perhaps a cache I'm missing for winbind? (I have nscd turned off) Noting that nscd and winbind don't work properly together, the settings I use are idmap cache time = 604800 idmap negative cache time = 20 winbind cache time = 600 Performance seems good to me, especially once cached. Much better. After e.g. 4 or 5 getent's it speeds up considerably. Presumably getent populates the cache? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group not working
On 08/08/2012 05:58 PM, Jonathan Buzzard wrote: On 08/08/12 15:13, Rowland Penny wrote: On 08/08/12 14:45, Jonathan Buzzard wrote: On 08/08/12 13:36, Rowland Penny wrote: [SNIP] More info, with 'winbind use default domain = yes' in smb.conf on the client, 'getent group linuxusers' returns the info. Remove 'winbind use default domain = yes' from smb.conf and restart nmbd,smbd winbind, 'getent group linuxusers' now returns nothing, put the line back restart the daemons and the info comes back. Why does one line in smb.conf make such a big difference? Remove it and do a 'getent group HOME\\linuxusers' and see if that works. Should explain why you need the user default domain in there. JAB. ok, I removed the line and ran 'getent group HOME\\linuxusers' This returned 'HOME\linuxusers:x:312:', this is just the same as before but with the domain name stuck on the front, 'getent group' still returns nothing. So as I see it, with ''winbind use default domain = yes' in smb.conf, you do not need to give the domain name, but without it you do. I still do not see why 'getent group' does not return anything but local groups. You did make sure to nuke any DB's that Samba might have created locally when switching between the two? Hi I just physically removed /var/lib/samba and /var/cache/samba and did apt-get purge samba winbind samba-common. Then reinstalled over bare metal. _Still_ only local groups from getent group. It works fine. We can login and files are shown as being owned by e.g. WORKGROUP\steve WORKGROUP\domain users It would just be nice to be able to see the groups listed by getent group. That's all. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smb panic
Hi all, Misc Info: PDC: Ubuntu 12.10 (Quantal) Samba 3.6.6 File server: Ubuntu 10.04.4 LTS Sama 3.4.7 Winbindd on the file server panics every few days. It seems to correspond to times when the PDC is restarted. Nothing outstanding appears in the file server client log on the PDC. Here is a few lines of the log from the file server winbindd log: [2012/08/06 13:00:01, 1] winbindd/winbindd_util.c:303(trustdom_recv) Could not receive trustdoms [2012/08/06 13:00:01, 0] lib/fault.c:46(fault_report) === [2012/08/06 13:00:01, 0] lib/fault.c:47(fault_report) INTERNAL ERROR: Signal 11 in pid 25796 (3.4.7) Please read the Trouble-Shooting section of the Samba3-HOWTO [2012/08/06 13:00:01, 0] lib/fault.c:49(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2012/08/06 13:00:01, 0] lib/fault.c:50(fault_report) === [2012/08/06 13:00:01, 0] lib/util.c:1480(smb_panic) PANIC (pid 25796): internal error [2012/08/06 13:00:01, 0] lib/util.c:1584(log_stack_trace) BACKTRACE: 10 stack frames: #0 /usr/sbin/winbindd(log_stack_trace+0x2d) [0x3a1c4d] #1 /usr/sbin/winbindd(smb_panic+0x2d) [0x3a1d6d] #2 /usr/sbin/winbindd(+0x12f2ae) [0x38f2ae] #3 [0xd0b400] #4 /usr/sbin/winbindd(winbindd_getpwent+0x3b2) [0x2d71a2] #5 /usr/sbin/winbindd(+0x73d82) [0x2d3d82] #6 /usr/sbin/winbindd(+0x74a48) [0x2d4a48] #7 /usr/sbin/winbindd(main+0x1000) [0x2d5fd0] #8 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0x86cbd6] #9 /usr/sbin/winbindd(+0x73151) [0x2d3151] [2012/08/06 13:00:01, 0] lib/util.c:1485(smb_panic) smb_panic(): calling panic action [/usr/share/samba/panic-action 25796] Cannot access memory at address 0x89fffa3e //25796: No such file or directory. No stack. [2012/08/06 13:01:20, 0] winbindd/winbindd.c:1258(main) winbindd version 3.4.7 started. Any thoughts on what direction to walk it to troubleshoot this? Kind Regards, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
Am 07.08.2012 13:16, schrieb Moray Henderson: From: J. Echter [mailto:j.ech...@echter-kuechen-elektro.de] Sent: 05 August 2012 20:30 Am 01.08.2012 09:17, schrieb Jürgen Echter: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hi, i resolved this ones by setting smb ports = 139 in smb.conf but i still have this ones: Aug 5 20:55:18 bacula smbd[20419]: [2012/08/05 20:55:18, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Aug 5 20:55:18 bacula smbd[20419]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client SERVER machine account SERVER$ these are only from successfully joined windows 7 machines. the ldap entry, exported as ldif, looks like this for this account: uid=server$,ou=computers,dc=workgroup,dc=local dn: uid=server$,ou=computers,dc=workgroup,dc=local cn: server$ description: Computer gecos: Computer gidnumber: 515 homedirectory: /dev/null loginshell: /bin/false objectclass: posixAccount objectclass: account objectclass: sambaSamAccount sambaacctflags: [W ] sambakickofftime: 2147483647 sambalogofftime: 2147483647 sambalogontime: 0 sambantpassword: 951640BFE27F4C16E7670E096C8121FA sambaprimarygroupsid: S-1-5-21-3842863818-2180709222-141296495-515 sambapwdcanchange: 0 sambapwdlastset: 1344165203 sambapwdmustchange: 2147483647 sambasid: S-1-5-21-3842863818-2180709222-141296495-3458 uid: server$ uidnumber: 1229 anyone with some hints? :) thanks juergen We use tdbsam rather than ldapsam, but get similar errors when the machine name is in lower case in the Linux password database and upper case in the Samba password database. In our case changing the machine's Linux account name to upper case cleared several log file errors including netlogon_creds_server_check. Moray. “To err is human; to purr, feline.” Hi Moray, i just checked and there is no upper-/lowercase issues. Only Win 7 boxes produce this message. I have for example server2$ in my ldap and the machine is called SERVER2. Thanks for helping juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.3.4 - Win7 Latency with MS Office files
Folks, I am running a 3.3.4 version of Samba ( stand alone) on Solaris 10 configured to auth against LDAP for user auth and have recently, after migrating a variety of user desktops to Win7 and MS Office 2010, began seeing an increased latency in opening files. ie previous 3 times are now 30-45 Users were previously running WinXP and using MS office 2007. Question: Is an upgrade to the latest stable 3.x Ver likely to resolve this OR am I also missing some more stringent security settings I need to address b/c of Win7 ? Any ideas or clues appreciated. -john -- John Goubeaux Systems Administrator Gevirtz Graduate School of Education UC Santa Barbara Education 4203C 805 893-8190 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Suspicious activity on domain
Yes thanks, that was it! On 23/07/12 01:48 PM, Michael Wood wrote: Just a guess. The user's virus scanner decided to scan your server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba won't honour group permissions on my share directory
Hi, I have a share set up in smb.conf as follows .. security = user guest account = ftp .. [incoming] comment = Incoming files path = /var/local/share/incoming public = yes guest ok = yes read only = no browseable = yes .. the permissions on the shared directory are set recursively as follows - drwxrwxr-- root ftp incoming If I try and write to the share from an anonymous windows login, I get a warning that I do not have the required permissions. Looking at the permissions tab on Windows I see that the unix group 'ftp' only has read privileges. My understanding was that because the guest account is a member of the 'ftp' group it would get write privileges. Evidently this is not the case. If I set the permissions on 'var/local/share/incoming' to world writable then this gets round the problem, but I'd still like to know why using group permissions does'nt seem to work. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba is failing to save to samba share
Hi, We have a bunch of software that use tmp file - rename tmp file to original file name to save changes append to an existing one. how it's happen 1. open modify the original file 2. save file - the software create tmp file 3. want to rename tmp file to original name - the software raise an error message 4. delete tmp files without any saving Samba version running is 3.5.6 packaged by Debian stable version. I've attached log file in which we can see the full transaction from open to close apps and saving error. What have seen so far is this following error: [2012/08/08 14:24:00.595122, 5] smbd/open.c:1684(open_file_ntcreate) open_file_ntcreate: attributes missmatch for file 06. Informatique/test/480E.tmp (24 0) (0100770, 0760) [2012/08/08 14:24:00.595132, 5] smbd/files.c:497(file_free) freed files structure 4787 (0 used) [2012/08/08 14:24:00.595132, 3] smbd/error.c:80(error_packet_set) error packet at smbd/error.c(160) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED I've also attached the output of tertparm any help are welcome babatoko -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems connecting win7 client to new Samba PDC
Hey, I'm running the latest Ubuntu 12.04 Samba 3.6.3, I just want a simple PDC for authentication. Client is win7 32 bit with latest updates. The client can join the domain, but I can't log in with any users, it gives me The User Profile Service service failed the logon. User profile cannot be loaded. Looking at the log, I've found this: [2012/08/08 17:08:39.747592, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CLIENTPC machine account CLIENTPC$ Any ideas on what the problem is? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 51dd39b selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest via b7b4879 s3-torture: Extend pdbtest to also run an authentication unit-test via de2d813 build: Remove pdbtest from the autoconf build from 528d3fe libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 51dd39b2cf800ccf89cc1ae5ce6fe1ce2edff9c3 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 8 16:02:29 2012 +1000 selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest This test covers s3dc as well. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 8 09:57:14 CEST 2012 on sn-devel-104 commit b7b48793501915ecf5cb52b3044fd2f902987802 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 8 15:22:03 2012 +1000 s3-torture: Extend pdbtest to also run an authentication unit-test This tests both the builtin auth_sam against passdb directly and the configured auth module. Andrew Bartlett commit de2d813898bcfc530d13753a57ac8356b7c7bf0e Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 8 15:53:36 2012 +1000 build: Remove pdbtest from the autoconf build pdbtest is internal test utility that is not installed. It is only run from the full (waf) make test, and does not need to be built in the autoconf build. Removing it from the autoconf build makes it easier to expand this test to depend on more parts of Samba. Andrew Bartlett --- Summary of changes: source3/Makefile.in | 13 +- source3/torture/pdbtest.c | 117 - source3/wscript_build |4 +- source4/selftest/tests.py |2 +- 4 files changed, 121 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index e42c1b5..2635cfa 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -223,7 +223,7 @@ BIN_PROGS3 = bin/smbpasswd bin/rpcclient bin/smbcacls \ TORTURE_PROGS = bin/smbtorture bin/msgtest \ bin/masktest bin/locktest \ bin/locktest2 bin/nsstest bin/vfstest \ - bin/pdbtest $(TALLOCTORT) bin/replacetort \ + $(TALLOCTORT) bin/replacetort \ $(TDBTORTURE) $(PTHREADPOOLTEST) \ bin/smbconftort bin/vlp @@ -1323,11 +1323,6 @@ LOCKTEST_OBJ = torture/locktest.o $(PARAM_OBJ) $(LOCKING_OBJ) $(KRBCLIENT_OBJ) \ NSSTEST_OBJ = ../nsswitch/nsstest.o ../lib/util/setid.o $(LIBSAMBAUTIL_OBJ) -PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(SMBLDAP_OBJ) $(POPT_LIB_OBJ) \ - $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) - VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ) \ torture/vfstest_chain.o @@ -2073,12 +2068,6 @@ bin/nsstest: $(BINARY_PREREQS) $(NSSTEST_OBJ) $(LIBTALLOC) @$(CC) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \ $(LIBTALLOC_LIBS) -bin/pdbtest: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) - @echo Linking $@ - @$(CC) -o $@ $(PDBTEST_OBJ) $(LDFLAGS) $(DYNEXP) \ - $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \ - $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) - bin/vfstest: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @$(CC) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(AVAHI_LIBS) \ diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c index 821f39b..d0d529e 100644 --- a/source3/torture/pdbtest.c +++ b/source3/torture/pdbtest.c @@ -4,6 +4,7 @@ Copyright (C) Wilco Baan Hofman 2006 Copyright (C) Jelmer Vernooij 2006 + Copyright (C) Andrew Bartlett 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,6 +28,10 @@ #include ../librpc/gen_ndr/drsblobs.h #include ../librpc/gen_ndr/ndr_drsblobs.h #include ../libcli/security/dom_sid.h +#include ../libcli/auth/libcli_auth.h +#include ../auth/common_auth.h +#include lib/tsocket/tsocket.h +#include include/auth.h #define TRUST_DOM trustdom #define TRUST_PWD trustpwd1232 @@ -38,6 +43,7 @@ static bool samu_correct(struct samu *s1, struct samu *s2) uint32 s1_len, s2_len; const char *s1_buf, *s2_buf; const uint8 *d1_buf, *d2_buf; + const struct dom_sid *s1_sid, *s2_sid; /* Check Unix username */ s1_buf = pdb_get_username(s1); @@
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1c76e99 s3:smb2_server: s/i/idx in smbd_smb2_request_pending_queue() via 83d2620 s3:smb2_server: make use of SMBD_SMB2_OUT_HDR_PTR() in smbd_smb2_request_pending_queue() via 0067de2 s3:smb2_server: remove useless variable 'i' via 63d92a1 s3:smb2_server: rewrite dup_smb2_vec3() using SMBD_SMB2_*_IOV_OFS and helper variables via fc8e3bd s3:smb2_server: make use of SMBD_SMB2_* macros in smbd_smb2_request_done_ex() via 97b5aaa s3:smb2_server: make use of SMBD_SMB2_* macros in smbd_smb2_request_verify_sizes() via 05ae95a s3:smb2_server: use the common buffer layout for smbd_smb2_request_pending* via 644eab3 s3:smb2_read: use SMBD_SMB2_NUM_IOV_PER_REQ when checking for sendfile() support via 2b9dd90 s3:smb2_read: fix indentation in schedule_smb2_sendfile_read() via 9f51d61 s3:smb2_server: don't try to update req-in.vector[0] in smbd_smb2_request_pending_queue() from 51dd39b selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1c76e99ae42f5ae0ca3f95832964739fb4e92584 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 09:15:17 2012 +0200 s3:smb2_server: s/i/idx in smbd_smb2_request_pending_queue() metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Aug 8 17:32:26 CEST 2012 on sn-devel-104 commit 83d262088bf6d826209ebad839059a7b2ebc45d0 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 09:13:17 2012 +0200 s3:smb2_server: make use of SMBD_SMB2_OUT_HDR_PTR() in smbd_smb2_request_pending_queue() metze commit 0067de20749d3cba7374ba494fd00a1ac71bbd95 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 09:12:31 2012 +0200 s3:smb2_server: remove useless variable 'i' metze commit 63d92a192d83878e114febf78b8d71b81b5f8f4f Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 08:32:40 2012 +0200 s3:smb2_server: rewrite dup_smb2_vec3() using SMBD_SMB2_*_IOV_OFS and helper variables metze commit fc8e3bd569c379f3fd20104f2dbd1c62c0f78c26 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 08:05:55 2012 +0200 s3:smb2_server: make use of SMBD_SMB2_* macros in smbd_smb2_request_done_ex() metze commit 97b5aaa6482b880840ed88e884a254c4da47768e Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 08:05:55 2012 +0200 s3:smb2_server: make use of SMBD_SMB2_* macros in smbd_smb2_request_verify_sizes() metze commit 05ae95a0d59e0cf5ef1eb92b244c1fd86589f19e Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:40:51 2012 +0200 s3:smb2_server: use the common buffer layout for smbd_smb2_request_pending* metze commit 644eab32af2ad9926e665642ffd212d0472b3d19 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:17:33 2012 +0200 s3:smb2_read: use SMBD_SMB2_NUM_IOV_PER_REQ when checking for sendfile() support metze commit 2b9dd9049e76b170e0c8fe5e2534770e8beacd28 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:16:35 2012 +0200 s3:smb2_read: fix indentation in schedule_smb2_sendfile_read() metze commit 9f51d610d2d14f2b0ac532019e42bd18b8a05d81 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 12:50:22 2012 +0200 s3:smb2_server: don't try to update req-in.vector[0] in smbd_smb2_request_pending_queue() req-in.vector[0] is reserved for the transport and might be removed in future. This is currently always { NULL, 0 }, as it's not used, by our transport layer code. The SMB2 layer should never touch this! metze --- Summary of changes: source3/smbd/smb2_read.c | 16 ++-- source3/smbd/smb2_server.c | 213 --- 2 files changed, 127 insertions(+), 102 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c index ba352f7..150bdb8 100644 --- a/source3/smbd/smb2_read.c +++ b/source3/smbd/smb2_read.c @@ -275,14 +275,14 @@ static NTSTATUS schedule_smb2_sendfile_read(struct smbd_smb2_request *smb2req, */ if (!lp__use_sendfile(SNUM(fsp-conn)) || - smb2req-do_signing || - smb2req-in.vector_count != 4 || - (fsp-base_fsp != NULL) || - (fsp-wcp != NULL) || - (!S_ISREG(fsp-fsp_name-st.st_ex_mode)) || - (state-in_offset = fsp-fsp_name-st.st_ex_size) || - (fsp-fsp_name-st.st_ex_size state-in_offset + - state-in_length)) { + smb2req-do_signing || + smb2req-in.vector_count
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 47c5900 s3:nmbd: log a failure in get_domain_master_name_node_status_success() as level 1 via a3ccdaf s3:nmbd: don't log get_domain_master_name_node_status_fail at level 0 from 1c76e99 s3:smb2_server: s/i/idx in smbd_smb2_request_pending_queue() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 47c5900040604fb768d7ad54072f94fb69597e24 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 18:21:16 2012 +0200 s3:nmbd: log a failure in get_domain_master_name_node_status_success() as level 1 metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Aug 8 20:14:29 CEST 2012 on sn-devel-104 commit a3ccdafd1b1f58b79b0ddd97a3e3473d365d853e Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 18:16:30 2012 +0200 s3:nmbd: don't log get_domain_master_name_node_status_fail at level 0 metze --- Summary of changes: source3/nmbd/nmbd_browsesync.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c index c6ded58..e009cf9 100644 --- a/source3/nmbd/nmbd_browsesync.c +++ b/source3/nmbd/nmbd_browsesync.c @@ -471,7 +471,7 @@ static void get_domain_master_name_node_status_success(struct subnet_record *sub break; } } - } else if( DEBUGLVL( 0 ) ) { + } else if( DEBUGLVL( 1 ) ) { dbgtext( get_domain_master_name_node_status_success:\n ); dbgtext( Failed to find a WORKGROUP0x1b name in reply from IP ); dbgtext( %s.\n, inet_ntoa(from_ip) ); @@ -485,7 +485,7 @@ static void get_domain_master_name_node_status_success(struct subnet_record *sub static void get_domain_master_name_node_status_fail(struct subnet_record *subrec, struct response_record *rrec) { - if( DEBUGLVL( 0 ) ) { + if( DEBUGLVL( 2 ) ) { dbgtext( get_domain_master_name_node_status_fail:\n ); dbgtext( Doing a node status request to the domain master browser ); dbgtext( at IP %s failed.\n, inet_ntoa(rrec-packet-ip) ); -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.13-249-gfc18188
The branch, master has been updated via fc18188b7b63eb0dafbc47e3abf80e306e1dfc31 (commit) via e7dc10da3ced54ea9d719ad167ee42dcca8dce75 (commit) via a0c30c820fd47d4f8620dc060c825be10754f5d1 (commit) via f586e8a2911fc6e7f6698f516653145d8fd45dad (commit) via cc9d96f4248e45ea99c5f00db1526426ac26fbc2 (commit) via 9119a568c2b4601318f7751f537dca2f92a7230b (commit) from c29a943f9bbcfecb861e71d007c7698a53dc8773 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit fc18188b7b63eb0dafbc47e3abf80e306e1dfc31 Author: Martin Schwenke mar...@meltin.net Date: Fri Jul 6 20:43:46 2012 +1000 recoverd: All inactive nodes should yield recovery master role Not just stopped nodes. In reality, this means that banned nodes will also yield, since nodes in the other inactive states won't be running a daemon. This seems sensible since if another node notices that an inactive node is the recovery master then it will force an election anyway. Signed-off-by: Martin Schwenke mar...@meltin.net commit e7dc10da3ced54ea9d719ad167ee42dcca8dce75 Author: Martin Schwenke mar...@meltin.net Date: Fri Jul 6 20:36:48 2012 +1000 recoverd: An inactive node should not force recovery master elections An inactive node can't become the recovery master. So if an inactive node notices that the recovery master is inactive, it shouldn't force an election for recovery master and nominate itself as a candidate. This can cause the recovery master to flip-flop between nodes when all nodes are inactive. If there is actually an active node then it will trigger the election. This is fairly cosmetic but is a step along the way towards ironing out weirdness when all nodes are stopped. Also, fix a related comment. Signed-off-by: Martin Schwenke mar...@meltin.net commit a0c30c820fd47d4f8620dc060c825be10754f5d1 Author: Martin Schwenke mar...@meltin.net Date: Tue Jul 3 10:30:29 2012 +1000 recoverd: main_loop() should not verify local IPs if node is stopped Doing these checks is pointless and potentially causes unnecessary log messages. Signed-off-by: Martin Schwenke mar...@meltin.net commit f586e8a2911fc6e7f6698f516653145d8fd45dad Author: Martin Schwenke mar...@meltin.net Date: Tue Jul 3 10:15:25 2012 +1000 recoverd: verify_local_ip_allocation() should dup ifaces before early return If CTDB starts in STOPPED state then it thinks it is in the middle of a recovery. rec-ifaces is also NULL and an early exit further down (that checks to see if a recovery is in process) means that it stays that way. However, each time this function is entered the need for a takeover run is re-flagged. The takeover run never happens due to the the early exit, causing a couple of unneeded messages to be logged each time. This is avoided by moving the code that sets rec-ifaces so that it is executed earlier and, in this case, in the middle of a recovery. Signed-off-by: Martin Schwenke mar...@meltin.net commit cc9d96f4248e45ea99c5f00db1526426ac26fbc2 Author: Martin Schwenke mar...@meltin.net Date: Mon Jul 2 17:26:04 2012 +1000 recoverd: Update a log message that has bit-rotted This message used to be correct because the ipreallocated event only handled updating the NAT gateway. However, that has changed so the message needs to be updated. Signed-off-by: Martin Schwenke mar...@meltin.net commit 9119a568c2b4601318f7751f537dca2f92a7230b Author: Martin Schwenke mar...@meltin.net Date: Fri Jun 22 14:01:02 2012 +1000 recoverd: Fix bogus info in message about changed flags Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: server/ctdb_recoverd.c | 25 + server/ctdb_takeover.c | 11 --- 2 files changed, 25 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c index 7b7435c..02ce69f 100644 --- a/server/ctdb_recoverd.c +++ b/server/ctdb_recoverd.c @@ -2484,7 +2484,7 @@ static void monitor_handler(struct ctdb_context *ctdb, uint64_t srvid, } if (nodemap-nodes[i].flags != c-new_flags) { - DEBUG(DEBUG_NOTICE,(Node %u has changed flags - now 0x%x was 0x%x\n, c-pnn, c-new_flags, c-old_flags)); + DEBUG(DEBUG_NOTICE,(Node %u has changed flags - now 0x%x was 0x%x\n, c-pnn, c-new_flags, nodemap-nodes[i].flags)); } disabled_flag_changed = (nodemap-nodes[i].flags ^ c-new_flags) NODE_FLAGS_DISABLED; @@ -2791,6 +2791,9 @@ static int verify_local_ip_allocation(struct ctdb_context *ctdb, struct ctdb_rec
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1a1f01e s4-dsdb: Change talloc parent via 1727556 s4-dsdb: Remove ldb_sequence_type argument from partition_primary_sequence_number via 6ec963e s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdb via 6a648b7 s4-dsdb: Reduce calls to the ldb layer by reloading less often from 47c5900 s3:nmbd: log a failure in get_domain_master_name_node_status_success() as level 1 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1a1f01ee7a754f2ee4f385fba6cb55d82518 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 12:23:58 2012 +1000 s4-dsdb: Change talloc parent This matches the rest of the function. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 06:26:36 CEST 2012 on sn-devel-104 commit 17275561a062b0453f9d2547ecebd6dff08aaa24 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 12:23:13 2012 +1000 s4-dsdb: Remove ldb_sequence_type argument from partition_primary_sequence_number We always want LDB_SEQ_HIGHEST_SEQ here. Andrew Bartlett commit 6ec963eef7c00315b2d941951602825a89fabb6e Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 12:20:37 2012 +1000 s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdb This simple operation does not need to be encased in generic ldb extended operations. Andrew Bartlett commit 6a648b727f50e33a4c66a77e3980d7c0c2adcb49 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 10:21:38 2012 +1000 s4-dsdb: Reduce calls to the ldb layer by reloading less often We do not need to reload the partition list to get the global sequence number, as that number is stored in the metadata.tdb, not the ldb files. Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/ldb_modules/partition.c | 184 source4/dsdb/samdb/ldb_modules/partition_init.c|8 +- .../dsdb/samdb/ldb_modules/partition_metadata.c| 57 +-- 3 files changed, 82 insertions(+), 167 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index d4f020f..4a9216b 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -985,7 +985,7 @@ static int partition_del_trans(struct ldb_module *module) } int partition_primary_sequence_number(struct ldb_module *module, TALLOC_CTX *mem_ctx, - enum ldb_sequence_type type, uint64_t *seq_number, + uint64_t *seq_number, struct ldb_request *parent) { int ret; @@ -997,7 +997,7 @@ int partition_primary_sequence_number(struct ldb_module *module, TALLOC_CTX *mem if (tseq == NULL) { return ldb_oom(ldb_module_get_ctx(module)); } - tseq-type = type; + tseq-type = LDB_SEQ_HIGHEST_SEQ; ret = dsdb_module_extended(module, tseq, res, LDB_EXTENDED_SEQUENCE_NUMBER, @@ -1027,115 +1027,73 @@ int partition_primary_sequence_number(struct ldb_module *module, TALLOC_CTX *mem * Older version of sequence number as sum of sequence numbers for each partition */ int partition_sequence_number_from_partitions(struct ldb_module *module, - struct ldb_request *req, - struct ldb_extended **ext) + uint64_t *seqr) { int ret; unsigned int i; uint64_t seq_number = 0; struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module), struct partition_private_data); - struct ldb_seqnum_request *seq; - struct ldb_seqnum_result *seqr; - struct ldb_request *treq; - struct ldb_seqnum_request *tseq; - struct ldb_seqnum_result *tseqr; - struct ldb_result *res; - struct dsdb_partition *p; - p = find_partition(data, NULL, req); - if (p != NULL) { - /* the caller specified what partition they want the -* sequence number operation on - just pass it on -*/ - return ldb_next_request(p-module, req); + ret = partition_primary_sequence_number(module, data, seq_number, NULL); + if (ret != LDB_SUCCESS) { + return ret; } - - seq = talloc_get_type(req-op.extended.data, struct ldb_seqnum_request); - - switch (seq-type) { - case