[Samba] samba 3.6.3 server - windows printer driver dialog opening delays
Hi all, since upgrading Samba from a 3.5.X to 3.6.X I am facing some problems with shared printers. Opening a printer driver dialog, to change some settings for a printer from a Win XP machine, takes very long. This is the case for all shared printers. I am using Ubuntu Precise (12.04) In the logs sometimes these error messages appear: [2012/08/15 08:17:49.862966, 0] rpc_server/spoolss/srv_spoolss_nt.c:1748(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\NOVALX09 [2012/08/15 08:23:24.888305, 0] libads/kerberos.c:941(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: rename of /var/run/samba/smb_tmp_krb5.Hdb7um to /var/run/samba/smb_krb5/k rb5.conf.NOVA failed. Errno Permission denied NOVALX09 is actually not a printer but the server hosting the print queues. Printing itself does work without any problems. here the relevant stuff from my smb.conf: [global] load printers = yes printing = cups printcap name = cups [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes print ok = Yes guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no write list = +"NOVA\Domain-Admins" Does anybody know what could be the cause of this, and how to resolve it ? Thank you for your kind help. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
2012-08-14 23:15 keltezéssel, steve írta: On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hi Geza, hi everyone OK, conclusion. I have a single box with s4 DC. The same same box with a Vbox guest running S3.6, and NFS. The S4 DC becomes a NFS client when I mount the shares from the Vbox guest on it. I create users and their home directories on the DC. Files are served from the S3 Vbox guest. The DC has no shares apart from [global], [netlogon] and [sysvol]. The s3 guest carries all the shares I would normally add after the 3 default DC shares. Instead of using the hostname of the DC when I mount shares on remote clients, I use the hostname of the S3 Guest. How am I doing so far? Cheers, Steve Hi, IMHO what you've written could be a short HOWTO for using Samba4 in a network (maybe just without virtualbox part ;-) ). If this is more than a test setup I would recommend using Xen or KVM for virtualisation (My production boxes run on top of Xen for about 6 years, and at home I use KVM (for running test setups) (was easier to set up on a Desktop machine), (used Virtualbox before (didn't have hardware support for KVM))). Hi, Hi Geza, hi everyone Thanks. Praise indeed coming from a dev of your status:) Please do not overestimate the occasional patches I've submitted. I'd still like to see s3fs cope with file serving on the DC itself, as it's sooo much easier to setup. What is wrong with Vbox? Is Xen any smaller or faster? Both smaller and faster (http://www.phoronix.com/scan.php?page=article&item=ubuntu_1110_xenkvm&num=1), and unlike vbox both kvm and xen provide a way to boot your virtual machine at the boot of the host. Our DC has only 2GB RAM. Running a VM on top of is already asking a lot of it. Also we have rpm's for host and guest out of the box on openSUSE. Can you take snapshots on Xen like on Vbox and roll back when you screw up? On the NFS side of affairs I see it is impossible to create a group rw NFS4 share from a 0022 umask. The NFS devs seem unwilling or unable to do anything about it. Meanwhile the NFS3 Kerberos backport works well enough. Any ideas? A separate partition with a 0002 umask. Can I do that on the same disk? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
On Tue, 2012-08-14 at 23:22 -0300, Mauricio Perez wrote: > Hi everybody I'm trying to build a fileserver with samba. And I had it > ok when users where authenticating via samba, but I changed the > authentication method to OpenLDAP, and for some strange reason users can > not access the shares anymore... it is giving me this error: > "create_connection_server_info failed: NT_STATUS_ACCESS_DENIED". > I have chacked the permission in the SO and is 777 for the hole share > estructure. > I have tried to use "username =" but it enters any user, not only the > permited ones. > The LDAP server is authenticating right, I know because I use him as a base > for my DC's. > The server with that problem is not my PDC. It is just a fileserver. > > I've read that it is because I'm using "valid users = " is that right? I've > tried to use "valid users" whit "write list" but it had no effect. I don't > know what to do any more. > > thank's in advance. If anyone can help me, I will be very grateful > > Here is my smb.conf > > [global] > # Autenticação --- > workgroup = > netbios name = > security = DOMAIN > password server = > dos charset = ISO8859-1 > unix charset = UTF-8 > winbind uid = 1-2 > winbind gid = 1-2 > winbind use default domain = yes This is not how you connect Samba to OpenLDAP. This is how you connect Samba to Samba classic (eg 3.x) domain. Perhaps you need to join the domain using 'net rpc join'? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
Hi everybody I'm trying to build a fileserver with samba. And I had it ok when users where authenticating via samba, but I changed the authentication method to OpenLDAP, and for some strange reason users can not access the shares anymore... it is giving me this error: "create_connection_server_info failed: NT_STATUS_ACCESS_DENIED". I have chacked the permission in the SO and is 777 for the hole share estructure. I have tried to use "username =" but it enters any user, not only the permited ones. The LDAP server is authenticating right, I know because I use him as a base for my DC's. The server with that problem is not my PDC. It is just a fileserver. I've read that it is because I'm using "valid users = " is that right? I've tried to use "valid users" whit "write list" but it had no effect. I don't know what to do any more. thank's in advance. If anyone can help me, I will be very grateful Here is my smb.conf [global] # Autenticação --- workgroup = netbios name = security = DOMAIN password server = dos charset = ISO8859-1 unix charset = UTF-8 winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes # - Recycle - recycle: keeptree = Yes recycle:maxsize = 0 recycle:touch = True recycle:exclude = *.tmp,*.log,*.obj,~*.*,*.bak,*.iso,*.temp,*.o,~$* recycle:repository = /opt/FNMA/lixeira/%U recycle:noversions = *.doc|*.xls|*.ppt|*.dwg|*.dxf|*.txt recycle:exclude_dir = tmp, cache recycle:versions = Yes # Audit - full_audit:priority = notice full_audit:prefix = %m|%I|%u|%S full_audit:facility = local5 full_audit:success = rename rmdir unlink open write full_audit:failure = none # Log log level = 1 log file = /var/log/samba/%m.log syslog = 0 max log size = 1000 # --- Misc - veto files = /*.mp3/*.ogg/autorun.inf/autorun.vbs/autorun.bat/autorun.wsh/autorun.bin/autorun.reg/autorun.txt/AUTORUN.BMK/copy.exe/host.exe/*.tmp/*.temp/~$*/ dns proxy = no load printers = no hide dot files = yes # Compartilhamentos --- [FNMA] vfs objects = recycle, full_audit path = /opt/FNMA write list = comment = Todos arquivos do FNMA valid users = create mode = 0770 directory mode = 775 #vfs object = recycle, full_audit [DIRETORIA] vfs objects = recycle, full_audit browseable = yes writeable = yes path = /opt/FNMA/Diretoria force user = root comment = Arquivos da Diretoria valid users = @dir write list = @dir create mode = 770 public = yes directory mode = 775 [CINF] force user = root comment = Coordenadoria de Informatica browseable = no valid users = @gead-cinf write list = @gead-cinf writeable = yes create mode = 770 path = /opt/FNMA/GEAD/CINF directory mode = 775 #vfs objects = recycle, full_audit [CCON] vfs objects = recycle, full_audit writeable = yes path = /opt/FNMA/GEAD/CCON force user = root comment = Coordenadoria de Contratos e Convenios valid users = @gead-ccon,@gead write list = @gead-ccon,@gead public = yes create mode = 770 directory mode = 775 [CFIN] vfs objects = recycle, full_audit writeable = yes path = /opt/FNMA/GEAD/CFIN force user = root comment = Coordenadoria de Financas valid users = @gead-cfin,@gead write list = @gead-cfin,@gead create mode = 770 directory mode = 775 [COAD] vfs objects = recycle, full_audit writeable = yes path = /opt/FNMA/GEAD/COAD comment = Coordenadoria Administrativa valid users = @gead-coad, @gead, @gead-cdoc write list = @gead-coad, @gead, @gead-cdoc create mode = 770 directory mode = 775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hi Geza, hi everyone OK, conclusion. I have a single box with s4 DC. The same same box with a Vbox guest running S3.6, and NFS. The S4 DC becomes a NFS client when I mount the shares from the Vbox guest on it. I create users and their home directories on the DC. Files are served from the S3 Vbox guest. The DC has no shares apart from [global], [netlogon] and [sysvol]. The s3 guest carries all the shares I would normally add after the 3 default DC shares. Instead of using the hostname of the DC when I mount shares on remote clients, I use the hostname of the S3 Guest. How am I doing so far? Cheers, Steve Hi, IMHO what you've written could be a short HOWTO for using Samba4 in a network (maybe just without virtualbox part ;-) ). If this is more than a test setup I would recommend using Xen or KVM for virtualisation (My production boxes run on top of Xen for about 6 years, and at home I use KVM (for running test setups) (was easier to set up on a Desktop machine), (used Virtualbox before (didn't have hardware support for KVM))). Hi Geza, hi everyone Thanks. Praise indeed coming from a dev of your status:) I'd still like to see s3fs cope with file serving on the DC itself, as it's sooo much easier to setup. What is wrong with Vbox? Is Xen any smaller or faster? Our DC has only 2GB RAM. Running a VM on top of is already asking a lot of it. Also we have rpm's for host and guest out of the box on openSUSE. Can you take snapshots on Xen like on Vbox and roll back when you screw up? On the NFS side of affairs I see it is impossible to create a group rw NFS4 share from a 0022 umask. The NFS devs seem unwilling or unable to do anything about it. Meanwhile the NFS3 Kerberos backport works well enough. Any ideas? A separate partition with a 0002 umask. Can I do that on the same disk? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Strange issue with deleting files on shares
Hi All, I am migrating one of the servers I have to administer and I came across this issue. It is going to be a little bit complicated to describe, but I'll do my best. First the configurations: OLD SERVER: CentOS release 5.3 (Final), kernel 2.6.18-128.el5, samba version 3.0.33-3.7.el5 CURRENT SERVER: Ubuntu 12.04 LTS, kernel 3.2.0-29-generic, samba version 3.6.3 CLIENTS: Mix of Windows XP SP3 and fullly updated Windows 7 If anything else about the configuration will be necessary, just let me know. What we need, is a samba share that is fully writable, but with undeletable files. With undeletable directories exactly, files on the other hand, must be deletable (because of the way MS Word edits files) . So far it works very well, but my suspicion is, that the behavior we have now between the server and the clients isn't configurable. The directory which is the root of the share is owned by root and has the sticky bit on. So do all the subdirs and when some client creates new dir, this is achieved by a cron script (for a small amount of time, the directory is owned by the original creator and without the sticky bit set, but that is ok), that changes the owner to root and sets the sticky bit on each directory not owned by root. Filesystem rights are set to rwxrwxrwx (chmod 1777 is used in the cron script) so everybody can write everywhere. When some client (they of course connect as other users than root) deletes a directory an error screen appears, the directory doesn't get deleted and so does NOTHING inside of that directory. By nothing I mean also the files, owned by the user who wanted to delete the directory. If I do this from a linux box (connect as the same user as from windows, same rights, same server, same files, same everything, just connecting from linux) the deleting is applied recursively, meaning that samba traverses all subdirs of the directory I wanted to delete and in each of these subdirs (and their subdirs and so on) deletes files owned by me. And here is where the problem comes... On the new server, this linux-specific behavior applies also to windows clients. If I delete some directory, which has the sticky bit set and is owned by root I do see an error about permissions but all files owned by me in all of the subdirs of this directory get deleted. And that is something that is not allowed to happen. So, my question is, am I missing something and is this somehow configurable? Or did the deleting operation in samba source code changed so much, that this "bug" we are happily using has been fixed and the recursive deleting is how it should correctly be done? And if so, are there any suggestions how to achieve the behavior we have now, except for staying with the old version of samba? Thank you all for your help and I apologize for my English. Cheers, Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samber server in openvz container - venet oder veth0?
schreibt: >Did you set in your registry: > > >[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] > >"DomainCompatibilityMode"=dword:0001 >"DNSNameResolutionRequired"=dword: yes. it is set > >Which version of samba do you use? >With samba4 you do not use any wins anymore. 3.5.6 > > > >--- >EDV Daniel Müller > >Leitung EDV >Tropenklinik Paul-Lechler-Krankenhaus >Paul-Lechler-Str. 24 >72076 Tübingen > >Tel.: 07071/206-463, Fax: 07071/206-499 >eMail: muel...@tropenklinik.de >Internet: www.tropenklinik.de >--- > >-Ursprüngliche Nachricht- >Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] >Im Auftrag von Birgit Berger (UV Wien) >Gesendet: Dienstag, 14. August 2012 15:12 >An: nka...@gmail.com >Cc: samba@lists.samba.org >Betreff: Re: [Samba] samber server in openvz container - venet oder veth0? > >Nico Kadel-Garcia schreibt: >>On Fri, Aug 10, 2012 at 2:44 PM, Birgit Berger (UV Wien) >> wrote: >>> sorry, to bother you again. >>> >>> I cannot join win7 or winXP clients to my samba domain sever located >>> on >>a >>> debian server in a VE (openvz) unless I set up the server and clients >>> to use WINS. But the recommendation is not to use WINS. openvz >>> natively >>uses >>> venet. venet makes broadcasting impossible. >>> >>> I guess DNS is sufficient for name<->IP resolution but not for >>> NetBios name<->IP resolution (it doesn' know name types and maybe >>> that's why it cannot find DMB and logon server?) and that's why my >>> win7 and winXP clients cannot join the domain. >> >>Why don't the netbios names match the DNS names? Is your VPN not >>setting your default domain names? > >the computer names are exactly the same as the names registered in DNS. >e.g. >>hostname >PC5 > >the entry in DNS ist PC5.oeh.univie.ac.at > >so it should work. but it doesn't. windows 7 and windows xp computers >cannot join the domain. (unless i set a WINS server in the tcp/ip >settings on each client. Then they can join the domain and machine >accounts are >created.) Without WINS server set in the tcp/ip settings on each client I >get the error message (see below), when I try to join the domain in >Computer->Eigenschaften->Einstellungen ändern->Ändern->Domäne (where I >type the domain name)->OK > >(The error message in win XP is exactly the same as the one in windows 7) > >Why does it necessarily ask for a WINS server? it should be possible >without WINS server, shouldn't it? Or do I have to use WINS server when I >user samba in a VE (openvz) with venet? And why DNS isn't enough for >joining client machines to the domain? > > >dcdiag.txt: > >Der Domänenname "OEH" ist möglicherweise ein NetBIOS-Domänenname. >Sollte dies der Fall sein, stellen Sie sicher, dass der Name bei WINS >registriert ist. > >Wenn Sie sicher sind, dass es sich nicht um einen NetBIOS-Domänennamen >handelt, können folgende Informationen bei der Behandlung von Problemen >mit der DNS-Konfiguration behilflich sein: > >Der folgende Fehler ist beim Abfragen von DNS über den Ressourceneintrag >der Dienstidentifizierung (SRV) aufgetreten, der zur Suche eines Active >Directory-Domänencontrollers für die Domäne "OEH" verwendet wird: > >Fehler: "Der DNS-Name ist nicht vorhanden." >(Fehlercode 0x232B RCODE_NAME_ERROR) > >Es handelt sich um die Abfrage des Dienstidentifizierungseintrags (SRV) >für _ldap._tcp.dc._msdcs.OEH. > >Häufigste Fehlerursachen: > >- Die zum Ermitteln eines Active Directory-Domänencontrollers (AD DC) >erforderlichen DNS-SRV-Einträge wurden nicht in DNS registriert. Diese >Einträge werden automatisch bei einem DNS-Server registriert, wenn ein >Active Directory-Domänencontroller einer Domäne hinzugefügt wird. Die >Einträge werden vom Active Directory-Domänencontroller zu festgelegten >Intervallen aktualisiert. Dieser Computer wurde zum Verwenden von >DNS-Servern mit den folgenden IP-Adressen konfiguriert: > >131.130.1.12 >131.130.1.11 > >- Mindestens eine der folgenden Zonen enthalten keine Delegierung zu >dieser untergeordneten Zone: > >OEH >. (die Stammzone) >== > > > >> >> >> >>> So given my virtual server setup with openvz, do you rather suggest >>> to >>use >>> WINS or to set up veth so I can use normal broadcasting? >>> Or are there other ways to do name resolution with a samba server >>> installed in a VE container which I oversaw. >>> >>> I'm a newbie and netbios name resolution is hard to understand. so I >>would >>> be very happy to get any suggestions from people already using samba >>> server in an open vz container do you guys use venet or veth or >>> do >>you >>> just activate WINS? >>> >>> birgit >>> >>> >>> >>> >>> >>> === >>> >>> thank you Johannes. no, I don't really need WINS but it was the only >>way I >>> could join clients to the domain so far. so I activated it.
Re: [Samba] samber server in openvz container - venet oder veth0?
Did you set in your registry: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] "DomainCompatibilityMode"=dword:0001 "DNSNameResolutionRequired"=dword: Which version of samba do you use? With samba4 you do not use any wins anymore. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Birgit Berger (UV Wien) Gesendet: Dienstag, 14. August 2012 15:12 An: nka...@gmail.com Cc: samba@lists.samba.org Betreff: Re: [Samba] samber server in openvz container - venet oder veth0? Nico Kadel-Garcia schreibt: >On Fri, Aug 10, 2012 at 2:44 PM, Birgit Berger (UV Wien) > wrote: >> sorry, to bother you again. >> >> I cannot join win7 or winXP clients to my samba domain sever located >> on >a >> debian server in a VE (openvz) unless I set up the server and clients >> to use WINS. But the recommendation is not to use WINS. openvz >> natively >uses >> venet. venet makes broadcasting impossible. >> >> I guess DNS is sufficient for name<->IP resolution but not for >> NetBios name<->IP resolution (it doesn' know name types and maybe >> that's why it cannot find DMB and logon server?) and that's why my >> win7 and winXP clients cannot join the domain. > >Why don't the netbios names match the DNS names? Is your VPN not >setting your default domain names? the computer names are exactly the same as the names registered in DNS. e.g. >hostname PC5 the entry in DNS ist PC5.oeh.univie.ac.at so it should work. but it doesn't. windows 7 and windows xp computers cannot join the domain. (unless i set a WINS server in the tcp/ip settings on each client. Then they can join the domain and machine accounts are created.) Without WINS server set in the tcp/ip settings on each client I get the error message (see below), when I try to join the domain in Computer->Eigenschaften->Einstellungen ändern->Ändern->Domäne (where I type the domain name)->OK (The error message in win XP is exactly the same as the one in windows 7) Why does it necessarily ask for a WINS server? it should be possible without WINS server, shouldn't it? Or do I have to use WINS server when I user samba in a VE (openvz) with venet? And why DNS isn't enough for joining client machines to the domain? dcdiag.txt: Der Domänenname "OEH" ist möglicherweise ein NetBIOS-Domänenname. Sollte dies der Fall sein, stellen Sie sicher, dass der Name bei WINS registriert ist. Wenn Sie sicher sind, dass es sich nicht um einen NetBIOS-Domänennamen handelt, können folgende Informationen bei der Behandlung von Problemen mit der DNS-Konfiguration behilflich sein: Der folgende Fehler ist beim Abfragen von DNS über den Ressourceneintrag der Dienstidentifizierung (SRV) aufgetreten, der zur Suche eines Active Directory-Domänencontrollers für die Domäne "OEH" verwendet wird: Fehler: "Der DNS-Name ist nicht vorhanden." (Fehlercode 0x232B RCODE_NAME_ERROR) Es handelt sich um die Abfrage des Dienstidentifizierungseintrags (SRV) für _ldap._tcp.dc._msdcs.OEH. Häufigste Fehlerursachen: - Die zum Ermitteln eines Active Directory-Domänencontrollers (AD DC) erforderlichen DNS-SRV-Einträge wurden nicht in DNS registriert. Diese Einträge werden automatisch bei einem DNS-Server registriert, wenn ein Active Directory-Domänencontroller einer Domäne hinzugefügt wird. Die Einträge werden vom Active Directory-Domänencontroller zu festgelegten Intervallen aktualisiert. Dieser Computer wurde zum Verwenden von DNS-Servern mit den folgenden IP-Adressen konfiguriert: 131.130.1.12 131.130.1.11 - Mindestens eine der folgenden Zonen enthalten keine Delegierung zu dieser untergeordneten Zone: OEH . (die Stammzone) == > > > >> So given my virtual server setup with openvz, do you rather suggest >> to >use >> WINS or to set up veth so I can use normal broadcasting? >> Or are there other ways to do name resolution with a samba server >> installed in a VE container which I oversaw. >> >> I'm a newbie and netbios name resolution is hard to understand. so I >would >> be very happy to get any suggestions from people already using samba >> server in an open vz container do you guys use venet or veth or >> do >you >> just activate WINS? >> >> birgit >> >> >> >> >> >> === >> >> thank you Johannes. no, I don't really need WINS but it was the only >way I >> could join clients to the domain so far. so I activated it. DNS >> should >be >> available and working too. >> >> /etc/nsswitch.conf looks like this: >> hosts: files dns >> >> Can I use venet with samba or should I change
Re: [Samba] samber server in openvz container - venet oder veth0?
Nico Kadel-Garcia schreibt: >On Fri, Aug 10, 2012 at 2:44 PM, Birgit Berger (UV Wien) > wrote: >> sorry, to bother you again. >> >> I cannot join win7 or winXP clients to my samba domain sever located on >a >> debian server in a VE (openvz) unless I set up the server and clients to >> use WINS. But the recommendation is not to use WINS. openvz natively >uses >> venet. venet makes broadcasting impossible. >> >> I guess DNS is sufficient for name<->IP resolution but not for NetBios >> name<->IP resolution (it doesn' know name types and maybe that's why it >> cannot find DMB and logon server?) and that's why my win7 and winXP >> clients cannot join the domain. > >Why don't the netbios names match the DNS names? Is your VPN not >setting your default domain names? the computer names are exactly the same as the names registered in DNS. e.g. >hostname PC5 the entry in DNS ist PC5.oeh.univie.ac.at so it should work. but it doesn't. windows 7 and windows xp computers cannot join the domain. (unless i set a WINS server in the tcp/ip settings on each client. Then they can join the domain and machine accounts are created.) Without WINS server set in the tcp/ip settings on each client I get the error message (see below), when I try to join the domain in Computer->Eigenschaften->Einstellungen ändern->Ändern->Domäne (where I type the domain name)->OK (The error message in win XP is exactly the same as the one in windows 7) Why does it necessarily ask for a WINS server? it should be possible without WINS server, shouldn't it? Or do I have to use WINS server when I user samba in a VE (openvz) with venet? And why DNS isn't enough for joining client machines to the domain? dcdiag.txt: Der Domänenname "OEH" ist möglicherweise ein NetBIOS-Domänenname. Sollte dies der Fall sein, stellen Sie sicher, dass der Name bei WINS registriert ist. Wenn Sie sicher sind, dass es sich nicht um einen NetBIOS-Domänennamen handelt, können folgende Informationen bei der Behandlung von Problemen mit der DNS-Konfiguration behilflich sein: Der folgende Fehler ist beim Abfragen von DNS über den Ressourceneintrag der Dienstidentifizierung (SRV) aufgetreten, der zur Suche eines Active Directory-Domänencontrollers für die Domäne "OEH" verwendet wird: Fehler: "Der DNS-Name ist nicht vorhanden." (Fehlercode 0x232B RCODE_NAME_ERROR) Es handelt sich um die Abfrage des Dienstidentifizierungseintrags (SRV) für _ldap._tcp.dc._msdcs.OEH. Häufigste Fehlerursachen: - Die zum Ermitteln eines Active Directory-Domänencontrollers (AD DC) erforderlichen DNS-SRV-Einträge wurden nicht in DNS registriert. Diese Einträge werden automatisch bei einem DNS-Server registriert, wenn ein Active Directory-Domänencontroller einer Domäne hinzugefügt wird. Die Einträge werden vom Active Directory-Domänencontroller zu festgelegten Intervallen aktualisiert. Dieser Computer wurde zum Verwenden von DNS-Servern mit den folgenden IP-Adressen konfiguriert: 131.130.1.12 131.130.1.11 - Mindestens eine der folgenden Zonen enthalten keine Delegierung zu dieser untergeordneten Zone: OEH . (die Stammzone) == > > > >> So given my virtual server setup with openvz, do you rather suggest to >use >> WINS or to set up veth so I can use normal broadcasting? >> Or are there other ways to do name resolution with a samba server >> installed in a VE container which I oversaw. >> >> I'm a newbie and netbios name resolution is hard to understand. so I >would >> be very happy to get any suggestions from people already using samba >> server in an open vz container do you guys use venet or veth or do >you >> just activate WINS? >> >> birgit >> >> >> >> >> >> === >> >> thank you Johannes. no, I don't really need WINS but it was the only >way I >> could join clients to the domain so far. so I activated it. DNS should >be >> available and working too. >> >> /etc/nsswitch.conf looks like this: >> hosts: files dns >> >> Can I use venet with samba or should I change to veth? >> >> regards, birgit >> >> >> >> Johannes Truschnigg schreibt: >>>Hi Birgit, >>> >>>On Tue, Aug 07, 2012 at 01:38:32PM +0200, Birgit Berger (UV Wien) wrote: I'm new to the list. hopefully my question is correctly placed here... I'd installed my samba server 3.5.6 on debian squeeze in a openvz container that uses venet. I'd love to keep it that way but I'm not >sure if that is ok. Do you use samba server with venet or do I have to >change to veth? I already read >http://wiki.openvz.org/Differences_between_venet_and_veth and I don't want to intall shorewall in every container (VE). Also >venet seems easier to administrate and is faster. I read >>>http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html and nmblookup (chapters 4,5,6 and 10) doesn't work. This is because of venet, I suppose. Because with venet broadcasting doesn't work. But