[Samba] wins: no nmblookup on 192.168.1.255 but 192.168.1.2
Hi, here is a client computer and a server computer (Debian Wheezy, armel, samba Version 3.6.6, IP address: 192.168.1.2, Name: xyz). Problem: wins doesn't answer nmblookups by the client on the broadcast address: client$ nmblookup -S xyz querying xyz on 192.168.1.255 name_query failed to find name xyz Why is that so? How to fix this? When I specify the the server IP I do get an answer: client$ nmblookup -U 192.168.1.2 -S xyz querying xyz on 192.168.1.2 192.168.1.2 xyz00 Looking up status of 192.168.1.2 XYZ 00 - H ACTIVE XYZ 03 - H ACTIVE XYZ 20 - H ACTIVE ..__MSBROWSE__. 01 - GROUP H ACTIVE TEST1d - H ACTIVE TEST1e - GROUP H ACTIVE TEST00 - GROUP H ACTIVE MAC Address = 00-00-00-00-00-00 I also get an answer if I do nmblookup on the server: xyz# nmblookup -S XYZ added interface eth0 ip=192.168.1.2 bcast=192.168.1.255 netmask=255.255.255.0 querying XYZ on 192.168.1.255 Got a positive name query response from 192.168.1.2 ( 192.168.1.2 ) 192.168.1.2 XYZ00 Looking up status of 192.168.1.2 XYZ 00 - H ACTIVE XYZ 03 - H ACTIVE XYZ 20 - H ACTIVE ..__MSBROWSE__. 01 - GROUP H ACTIVE TEST1d - H ACTIVE TEST1e - GROUP H ACTIVE TEST00 - GROUP H ACTIVE MAC Address = 00-00-00-00-00-00 Below is netstat, smb.conf, log.nmbd, log.smbd. Please let me know if you need more information or want me to test something. Thanks for you help, Rik xyz# netstat -nap | grep [sn]mbd tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN 18632/smbd tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN 18632/smbd udp0 0 192.168.1.255:137 0.0.0.0:* 18628/nmbd udp0 0 192.168.1.2:137 0.0.0.0:* 18628/nmbd udp0 0 0.0.0.0:137 0.0.0.0:* 18628/nmbd udp0 0 192.168.1.255:138 0.0.0.0:* 18628/nmbd udp0 0 192.168.1.2:138 0.0.0.0:* 18628/nmbd udp0 0 0.0.0.0:138 0.0.0.0:* 18628/nmbd unix 2 [ ACC ] STREAM LISTENING 3402118628/nmbd /var/run/samba/unexpected unix 2 [ ] DGRAM3403318632/smbd xyz# cat /etc/smb.conf [global] workgroup = TEST netbios name = XYZ wins support = yes log file = /var/log/samba/log.%m log level = 2 max log size = 1000 [upload] guest ok = yes guest account = blafoo browseable = yes writeable = yes path = /home/test/uploads comment = test upload guest only = yes public = yes available = yes force group = blafoo force user = blafoo xyz# cat /var/log/samba/log.nmbd [2012/10/14 10:18:14, 0] nmbd/nmbd.c:861(main) nmbd version 3.6.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2012/10/14 10:18:14, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2012/10/14 10:18:14, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2012/10/14 10:18:14, 2] param/loadparm.c:4985(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2012/10/14 10:18:14, 2] nmbd/nmbd.c:894(main) Becoming a daemon. [2012/10/14 10:18:14, 0] nmbd/asyncdns.c:157(start_async_dns) started asyncdns process 18630 [2012/10/14 10:18:14, 2] lib/interface.c:341(add_interface) added interface eth0 ip=192.168.1.2 bcast=192.168.1.255 netmask=255.255.255.0 [2012/10/14 10:18:14, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:192.168.1.2 Broadcast address:192.168.1.255 Subnet mask:255.255.255.0 [2012/10/14 10:18:14, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:UNICAST_SUBNET Broadcast address:192.168.1.2 Subnet mask:192.168.1.2 [2012/10/14 10:18:14, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2012/10/14 10:18:14, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2012/10/14 10:18:14, 2] nmbd/nmbd_lmhosts.c:43(load_lmhosts_file) load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory [2012/10/14 10:18:18, 2] nmbd/nmbd_elections.c:109(check_for_master_browser_fail) check_for_master_browser_fail: Forcing election on workgroup TEST subnet
Re: [Samba] file sharing issue in samba4
Hi On Oct 10, 2012, at 1:32 PM, Repute Infosystems i...@reputeinfosystems.com wrote: Hello, I understand that you people are too much busy. but still I want to give it try with hope of miracle. my question is, I have installed samba 4 PDC on ubuntu. and in this domain we will have windows7,mac etc as client. and ubuntu will be centralized file server. so, I am facing problem is samba is not giving any respect to acl file level permission. if share is read only and I give explicit permission of read/write to any file through acl its not working. if I keep share in write mode and then explicitly give just readonly permission to any file, it is not stopping samba to let user edit file. Which version of samba 4 are you using ?Basically you should be using the rc2 of samba 4.0 This version share the same engine as samba3 for the files server but it heavily relies on acl support so your file system must be mounted with acl and xattr. Also providing configuration file + network traces will help. it was working this way in samba3. we have tried to find out everywhere, the solution of this problem but we failed. finally I thought to leave an email. I believe this is very commonly asked question and now proper answer anywhere. please help thanks Ankur Chotai www.reputeinfosystems.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hello, I understand that you people are too much busy. but still I want to give it try with hope of miracle. my question is, I have installed samba 4 PDC on ubuntu. and in this domain we will have windows7,mac etc as client. and ubuntu will be centralized file server. so, I am facing problem is samba is not giving any respect to acl file level permission. if share is read only and I give explicit permission of read/write to any file through acl its not working. if I keep share in write mode and then explicitly give just readonly permission to any file, it is not stopping samba to let user edit file. it was working this way in samba3. we have tried to find out everywhere, the solution of this problem but we failed. finally I thought to leave an email. I believe this is very commonly asked question and now proper answer anywhere. please help thanks Ankur Chotai www.reputeinfosystems.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Change DNS method?
Is it possible to change from the internal name server to BIND once you've provisioned a domain? I set mine up with the internal since it seemed easier, but then discovered the only way for my DHCP clients to update their names in DNS is via BIND, so I'd rather use that instead. Thanks in advance for any advice! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change DNS method?
Am Sun, 14 Oct 2012 15:02:32 + schrieb Steve: Is it possible to change from the internal name server to BIND once you've provisioned a domain? I set mine up with the internal since it seemed easier, but then discovered the only way for my DHCP clients to update their names in DNS is via BIND, so I'd rather use that instead. Thanks in advance for any advice! just some hints - use it on your own risk and take a backup before. * command: samba_upgradedns --dns-backend=BIND9_DLZ --migrate=no * add server services = -dns to the smb.conf [global] section * configure bind9 like described in private/named.txt * restart samba bind - Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 118, Issue 15
Pessoal, bom dia! Estarei de férias no período de 05/10 a 28/10, retornando no dia 29/10/2012. Na minha ausência as dúvidas poderão ser resolvidas pela seguinte equipe: Ricardo: Coordenação da equipe TI, e-mails e servidores – AMP e Inpacom - (011) 3616-1417 Igor: Gemma - AMP e Inpacom - (011) 3616-1438 Luciano e Vagner: Ginjo/ Silbra - Todos os sistemas - (011) 3659-3096 Robson: Indisa - Todos os sistemas - (019) 3765-6000 Essa é uma resposta automática. Até mais. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How can I show only the shares that user have access to in SAMBA
Dear All, For the issue i am having to display shares only to users having access i did come across a article but just wondering what exactly it means access based share enum (S) If this parameter is yes for a service, then the share hosted by the service will only be visible to users who have read or write access to the share during share enumeration (for example net view \\sambaserver). This has parallels to access based enumeration, the main difference being that only share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights. Default: access based share enum = no I apprecite if someone could clarify it with example - my smb.conf is --- [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes access based share enum = Yes want only the users of localgrp to see the share and no others appreciate your kind help regards simon --- On Sat, 10/13/12, simon ben guy200...@yahoo.com wrote: From: simon ben guy200...@yahoo.com Subject: [Samba] How can I show only the shares that user have access to in SAMBA To: samba@lists.samba.org Date: Saturday, October 13, 2012, 1:58 PM Dear All, As I have a issue to display only those shares the users have access too.. i am really trying to find a solution and came across a post http://serverfault.com/questions/144339/hiding-samba-share-from-browse-list-for-unauthorised-users its about the include statement this would exactly achieve my purpose but when I did that as I could put browseable = no in my kmplan section of my smb.conf file and browseable = yes in the include file testparm says Can't find include file /etc/samba/%G.conf i did try with other variables like u or U but its the same Appreciate your help regards simon --- On Thu, 10/11/12, simon ben guy200...@yahoo.com wrote: From: simon ben guy200...@yahoo.com Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: Björn JACKE b...@sernet.de Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 1:04 PM Dear Bjorn, Indeed so grateful for your quick reply I was indeed using earlier samba actually I just installed it using yum. now I did upgrade samba to recent one samba 3.6.8 and after running the testparm command displayed no errors but still I was not able to achieve my goal as christian mentioned in his reply i do think his mistaken cause there are many guys whos post i see and they have solved it by adding just his 2 below command in their smb.conf file hide unreadable = Yes hide unwriteable files = Yes Is there anything I could look into as I mentioned before I have used webmin to create both local and samba users whos user names are the same and so also groups here below my smb.conf [global] workgroup = MYGROUP server string = Samba Server Version %v disable spoolss = Yes domain master = No idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes access based share enum = Yes also here below are the permissions of /opt/network/testplan directory drwxrws--T 3 root localgrp 4096 Oct 10 19:39 testplan Actually every things works fine what I mean is if I log in as a user who belongs to localgrp I can read/write the kmplan share which is perfect but when i log in as user who does not belong to localgrp i can see the kmplan share although i cannot access it. as christian said i can hide the share but even for valid users the share is hidden n i obviously dont want to hide the share for valid users regards simon --- On Thu, 10/11/12, Björn JACKE b...@sernet.de wrote: From: Björn JACKE b...@sernet.de Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: simon ben guy200...@yahoo.com Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 2:10 AM On 2012-10-11 at 01:22 -0700 simon ben sent off: but when I do a testparm it gives a error --- [root@kmshare samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: access based share enum Ignoring unknown parameter access based share enum then your
Re: [Samba] file sharing issue in samba4
Hello Ankur, I have understood that in Samba4 the file-daemon runs as root, and access control is handled by Samba, not by the permissions on the filesystem. Therefor, it is also not needed to have a local Unix user for every Samba user. Downside is that you will have to change the tools you use for setting permissions. I currently don't have access to a Samba 4 server, but after searching a bit it seams the samba-tool ntacl command is for this purpose. Best regards, Gerben -Original Message- From: samba-boun...@lists.samba.org on behalf of m...@matws.net Sent: Sat 13-10-2012 5:38 To: i...@reputeinfosystems.com Cc: samba@lists.samba.org Subject: Re: [Samba] file sharing issue in samba4 Hi On Oct 10, 2012, at 1:32 PM, Repute Infosystems i...@reputeinfosystems.com wrote: Hello, I understand that you people are too much busy. but still I want to give it try with hope of miracle. my question is, I have installed samba 4 PDC on ubuntu. and in this domain we will have windows7,mac etc as client. and ubuntu will be centralized file server. so, I am facing problem is samba is not giving any respect to acl file level permission. if share is read only and I give explicit permission of read/write to any file through acl its not working. if I keep share in write mode and then explicitly give just readonly permission to any file, it is not stopping samba to let user edit file. Which version of samba 4 are you using ?Basically you should be using the rc2 of samba 4.0 This version share the same engine as samba3 for the files server but it heavily relies on acl support so your file system must be mounted with acl and xattr. Also providing configuration file + network traces will help. it was working this way in samba3. we have tried to find out everywhere, the solution of this problem but we failed. finally I thought to leave an email. I believe this is very commonly asked question and now proper answer anywhere. please help thanks Ankur Chotai www.reputeinfosystems.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hello, I understand that you people are too much busy. but still I want to give it try with hope of miracle. my question is, I have installed samba 4 PDC on ubuntu. and in this domain we will have windows7,mac etc as client. and ubuntu will be centralized file server. so, I am facing problem is samba is not giving any respect to acl file level permission. if share is read only and I give explicit permission of read/write to any file through acl its not working. if I keep share in write mode and then explicitly give just readonly permission to any file, it is not stopping samba to let user edit file. it was working this way in samba3. we have tried to find out everywhere, the solution of this problem but we failed. finally I thought to leave an email. I believe this is very commonly asked question and now proper answer anywhere. please help thanks Ankur Chotai www.reputeinfosystems.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Getting user list for each group
Hello Oguz, Perhaps you can use a tool specific to your user/group back-end. For LDAP there is ldapsearch, for the default Samba back-end there is pdbedit. Regarding your authentication question, I have little experience in using Squid as a (regular) proxy. I do however have experience with NTLM + Apache, and it has always been slow and slightly unreliable. An alternative is Kerberos. Dependent on your network setup it can be somewhat complex to configure, but once you've got it working it performs really well. Best regards, Gerben -Original Message- From: samba-boun...@lists.samba.org on behalf of Oguz Yilmaz Sent: Sat 13-10-2012 10:14 To: samba@lists.samba.org Subject: [Samba] Getting user list for each group I use Winbind auth for squid-dansguardian ntlm authentication purpose. I need matching users/group for filtering in squid/dansguardian. getent group is used for finding users for groups except for group Domain Users. getent passwd is used for finding all users and specifically users for group Domain Users (over group ID). This requires enumeration option(winbind enum users, winbind enum groups) enabled in smb.conf. For thousands of users this may block many system functions puts wait even for tcpdump and ssh logins. So, I want to disable enum options end stop using getent. Are there any way to get user list for each group with wbinfo or any other other tools? What may be the best practice for the aim in paragraph 1? Thank you and Best Regards, -- Oguz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question about printing
Hello Schorsch, Yes, this is possible. You should not have to activate the Administrator account for this, nor use it. Windows UAC (User Account Control) is there for a good reason. Most modern desktop oriented Linux distributions, such as OpenSuSE or Ubuntu, have GUI's for configuring network printers, they differ between distributions. In Ubuntu is a printer configuration tool that should auto-detect your printer if I'm correct, if not, maybe installing Bonjour on the Windows PC will be handy ( http://support.apple.com/kb/DL999?viewlocale=en_EN ). In OpenSuSE there are 2 printer tools. The one from Yast works better, but you'll have to open ports for Samba in the firewall first. You should not have to mess with Samba or Cups configuration manually, assumed you're on a regular desktop distro. Best regards, Gerben -Original Message- From: samba-boun...@lists.samba.org on behalf of Schorsch Sent: Sat 13-10-2012 8:39 To: samba@lists.samba.org Subject: [Samba] Question about printing Hello all, is it possible to print from a linux box to a printer, shared on a windows 7 box? In Windows 7 the Administrator account is deactivated without a password in default. Have i to enable the account? Have i to set a password? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change DNS method?
On Sun, 2012-10-14 at 15:02 +, Steve wrote: Is it possible to change from the internal name server to BIND once you've provisioned a domain? I set mine up with the internal since it seemed easier, but then discovered the only way for my DHCP clients to update their names in DNS is via BIND, so I'd rather use that instead. I'm not sure it will work anyway, but you are welcome to try. I think we would need some more code to correctly accept TKEY requests in the same way the internal DNS server accepts unauthenticated requests (write them 'as system'). If you are able to help with the bind9 DLZ side of things, then certainly, this might be practical. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file sharing issue in samba4
On Sun, 2012-10-14 at 23:01 +0200, Germ van Ek wrote: Hello Ankur, I have understood that in Samba4 the file-daemon runs as root, and access control is handled by Samba, not by the permissions on the filesystem. This is incorrect. The default file server (smbd) changes to each connected user and uses (essentially, only) the file system permissions. Even the non-default file server (ntvfs) still changes to the connected user. Therefor, it is also not needed to have a local Unix user for every Samba user. This is also incorrect, however when we are an AD DC, we will allocate uid/gid number in idmap.ldb and store the user accounts in sam.ldb. You will need to use nss_winbind to have these show up in nsswitch (eg getent passwd etc). Downside is that you will have to change the tools you use for setting permissions. I currently don't have access to a Samba 4 server, but after searching a bit it seams the samba-tool ntacl command is for this purpose. This tool will allow you to set a specific NT ACL for cases where setting that is required. This isn't often for normal file server tasks, even on the DC. Setting the posix permissions on normal file shares should work fine. You may be thinking of the override behaviour we had in the 'ntvfs' file server, allowing an NT ACL stored in an xattr to override the posix file permissions. This only applies if both 1) and NT ACL is set and 2) you are using the non-default file server. I hope this clarifies things. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change DNS method?
On 10/14/2012 03:17 PM, Andrew Bartlett wrote: On Sun, 2012-10-14 at 15:02 +, Steve wrote: Is it possible to change from the internal name server to BIND once you've provisioned a domain? I set mine up with the internal since it seemed easier, but then discovered the only way for my DHCP clients to update their names in DNS is via BIND, so I'd rather use that instead. I'm not sure it will work anyway, but you are welcome to try. I think we would need some more code to correctly accept TKEY requests in the same way the internal DNS server accepts unauthenticated requests (write them 'as system'). Which kind of updates the internal is able to handle tsig only ? Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re-replicate LDAP
I currently have 10 domain controllers (all Samba 4rc1), and I would like to reset one of them. I would like to completely clear out their LDAP database, and force it to get a fresh copy replicated from one of the other 9 DC's out there. What would be the proper way of doing this with Samba 4? I know in Windows, you can demote a DC, and then promote it, and it will recover any data, but am unsure of how to replicate that procedure with S4. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
Am 15.10.2012 01:50, schrieb Kristofer: I currently have 10 domain controllers (all Samba 4rc1), and I would like to reset one of them. I would like to completely clear out their LDAP database, and force it to get a fresh copy replicated from one of the other 9 DC's out there. What would be the proper way of doing this with Samba 4? I know in Windows, you can demote a DC, and then promote it, and it will recover any data, but am unsure of how to replicate that procedure with S4. Hello Kristofer, I guess you can achieve the same with: samba-tool domain demote -Uadministrator afterwards you can join the DC again. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
