Re: [Samba] [SOLVED] replace Windows 2003 dc

[Peter Beck]

Dustin C. Hatch  quatschte am Fri, Feb 22, 2013 at 
05:58:51PM -0600:
> On 2/22/2013 15:22, Peter Beck wrote:
> >Dustin C. Hatch  quatschte am Fri, Feb 22, 2013 at 
> >12:31:05PM -0600:
> My samba server works perfectly fine for all AD DC roles (including
> Kerberos) except DNS. In my real and test environments, the forest
> and domain functional levels are 2008 R2.

I've just tried again, but still with 2003 functional levels and it was
working again, after removing the windows domain I was able to add new
users, change password policies, remove and change dns records.

This time I installed Exchange 2003 on the Windows DC first (just to
check if there are issues if Exchange is running on the dc. Exchange did 
not start after demoting the dc, btw). In productive environments we do
not install Exchange, it was just to test if there are issues with 
replicating the schema or dcpromo fails while demoting..

after removing the windows dc I also rebooted the Samba server and tried
to get a kerberos ticket, which was working as expected.

> Same as mine, as defined in the wiki article.

did you change your resolv.conf to the samba dc after removing the
windows domain controller ? Silly question, but sometimes little things
like that are the solution...

> I don't see a list of values for this property in smb.conf(5); where
> did you find this setting?
> >server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, 
> >ntp_signd, kcc, dnsupdate, smb, dns
> According to smb.conf(5), this is the default value for `server
> services`, less s3fs and plus smb. I don't think either of these
> would matter in this case.

the only value i have changed was adding +dns to the server services.
the provision command was "samba-tool domain join adlab.local DC
-Uadministrator%password --realm=$hostname.$realm --use-ntvfs

--use-ntvfs because I am running debian wheezy
 
> > dns forwarder = 8.8.8.8
> Again, this only affects queries outside the AD domain, so it
> shouldn't matter. I do have it set, though.

I know, just posted the complete config

> Yes, that adds the NS records to the domain, and I've tried that.
> Since the Samba server is a DNS server, this should be done
> automatically anyway. In any case, it doesn't help.

nameserver records for the samba dc are not automatically created in my
test environments, I always have to add them manually.

> >after adding these records / checking other dns records (_ldap._tcp,
> >_kerberos etc) I've just did
> >
> These also should be added automatically if the Samba server is to
> be a DNS server, but adding them manually doesn't help either.

Yes, they are automatically added, but for me it's more safe to check
before removing the windows domain controller ;-)

> >samba-tool drs replicate   dc=adlab,dc=local --local
> This works fine
> 
> >samba-tool drs replicate   
> >dc=forestdnszones,dc=adlab,dc=local --local
> >samba-tool drs replicate   
> >dc=domaindnszones,dc=adlab,dc=local --local
> These both fail because there is no outbound connection from the
> Samba server to the Windows server for these directory partitions.
> Adding them manually with repadmin works temporarily, but the KCC
> eventually removes them.

Never had issues like yours (at least - I can't remember). On the
Windows dc in "active directory sites and services" it takes about 15
minutes until the replication is visible, but replicating from samba was
never an issue on my machine.

> >if everything is well (which was the case each time I've tested it), i
> >moved the fsmo roles with samba-tool fsmo transfer --role=
> >
> Since Samba 4.0.3, which has a fix for the timeout problem, I have
> had no trouble moving the FSMO roles around. Regardless, until the
> DomainDnsZones and ForestDnsZones are replicated correctly, I cannot
> demote the Windows DC.

When demoting the Windows DC I get the message, that this DC holds the
last replica for DomainDnsZones and ForestDnsZones, I've just checked
remove them (otherwise dcpromo will cancel). So far everything still
seems to work. I think this is because Windows still has the DNS server
installed (?).

I use the debian package version from wheezy, which holds an older version,
4.0.0~beta2+dfsg1-3.1. transferring seems to be a "cosmetic issue"
because even if there is a timeout message if you check 15 minutes later
all roles are transferred correct.

Peter
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smb.conf getting changed?

[Nico Kadel-Garcia]

On Fri, Feb 22, 2013 at 7:17 PM, jimc  wrote:
> Hi!
>
> I got my first Samba 4 system up and running. {No applause, just throw
> money. Paper please, coins hurt}
>
> It is just a home network of about a dozen or so boxes.
>
> I have noticed that when I do a testparm, the result is not the same as the
> file I created.
>
> I'm fairly certain it isn't anything to worry about; I'm just trying to
> learn.
>
> Thanks!
>
> -jimc

That's right. I presonally don't use the standard "smb.conf", I run it
through "testparm -s -v" and use *that*. his way, I et all the default
values recorded, as well as the manually configured ones, and all the
extraneous whitespace and commenting and null formatting gets tossed
out, as well.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] NXDOMAIN dual-stacked, Samba4/Samba 3 AD setup

[Michael Mol]

On my network, I'm finding that if I run

host saffron

on any machine on my network, I see saffron's IPv4 address, but not
its IPv6 address. This is true regardless of which joined machine I
run. I'd like to figure out how to fix this...

For any other machine on the network,

host $hostname

shows both that machine's IPv4 and IPv6 addresses. (With the odd
exception of Wash's proto41 tunnel addresses)

(I'm not presently using Samba/AD for *anything* except DNS
management; that's its biggest draw for me right now. I'll move on to
testing account management and file sharing later. Right now, though,
it's looking extremely promising for dynamic DNS management in a
dual-stacked environment!)

Here's a basic overview of my network so far:

Kaylee:
* Gentoo.
* Running Samba 4.0.3.
** AD Domain controller.
* One NIC
** One IPv4 address
** One IPv6 address
* Resolv.conf:
# Generated by net-scripts for interface eth0
domain firefly.michael.mol.name
nameserver (kaylee's IPv4 address)
nameserver 8.8.8.8

Wash:
* Debian
* Network router
* Running Samba 3.5.6~dfsg-3squeeze9
** Domain member
* Running bind9 9.7.3.dfsg-1~squeeze8
** Forwards home zone to Kaylee
** Forwards another domain's zone to relevant server on another network
* Three NICs
** "wan"
*** One IPv4 address
** "wifilan"
*** One IPv4 address
*** One IPv6 address
** "wiredlan"
*** One IPv4 address
*** One IPv6 address
* One proto41 tunnel tunneling IPv6 over IPv4 from tunnelbroker.net
** One IPv6 address
* Resolv.conf:
domain firefly.michael.mol.name
search firefly.michael.mol.name
nameserver (Kaylee's IPv4 address)
nameserver 127.0.0.1

Saffron:
* Gentoo
* Running Samba 3.6.12
** Domain member
* One NIC
** One IPv4 address
** One IPv6 address
* One TSP tunnel tunneling IPv6 over IPv4 from freenet6.
** One IPv6 address
* resolv.conf:
# Generated by NetworkManager
domain firefly.michael.mol.name
search firefly.michael.mol.name
nameserver (Kaylee's IPv4 address)
nameserver (Kaylee's IPv6 address)

--
:wq
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smb.conf getting changed?

[jimc]

Hi!

I got my first Samba 4 system up and running. {No applause, just throw 
money. Paper please, coins hurt}


It is just a home network of about a dozen or so boxes.

I have noticed that when I do a testparm, the result is not the same as 
the file I created.


I'm fairly certain it isn't anything to worry about; I'm just trying to 
learn.


Thanks!

-jimc

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Dustin C. Hatch]

On 2/22/2013 15:22, Peter Beck wrote:

Dustin C. Hatch  quatschte am Fri, Feb 22, 2013 at 
12:31:05PM -0600:

On 2/22/2013 11:13, Sérgio Henrique wrote:

I guess the comunication beetween MS AD and Samba4 is by kerberos, i have
copied the /opt/samba/private/krb5.conf to /etc after joined to domain

I have installed a windows server at 2003 forest level as PDC then
installed samba4.0.3
join domain but everytime i am getting problems with forest and domain dns
zones...


I have the same issue. I've tried countless times to add a Samba DC
to my (test) AD environment, but every time, it fails to add and
outbound connection for the DomainDnsZones and ForestDnsZones
directory partitions. In addition, the Samba server is not listed as
a name server for either the root zone or the _msdcs zone.


yes, the basic setup is like it's written down in the Wiki pages at
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC.


This is the document I've been following to try to get this working as well.


I get kerberos tickets without any issue. I think the domain forest
level is also important to raise up to 2003 (I can remember I also had
issues earlier and then I've just raised the domain operation level).
The forest operation level was something I've changed later...
After raising up the operation level I always reboot the Windows Dc. Not
sure if that is really needed...

I for one will in future raise both levels up to 2003 _before_ I start
deploying samba.

My samba server works perfectly fine for all AD DC roles (including 
Kerberos) except DNS. In my real and test environments, the forest and 
domain functional levels are 2008 R2.



my krb.conf looks like this:

[libdefaults]
default_realm = ADLAB.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true


Same as mine, as defined in the wiki article.


and this is my smb.conf, not sure if allow dns updates is need or not.

# Global parameters
[global]
server role = active directory domain controller
workgroup = ADLAB
realm = adlab.local
netbios name = LAB07
passdb backend = samba4
I don't see `samba4` as an option for `passdb backend` in smb.conf(5). 
Values listed are "smbpasswd" "tdbsam" (default) and "ldapsam".



dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver, winreg, srvsvc
I don't see a list of values for this property in smb.conf(5); where did 
you find this setting?



server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, 
ntp_signd, kcc, dnsupdate, smb, dns
According to smb.conf(5), this is the default value for `server 
services`, less s3fs and plus smb. I don't think either of these would 
matter in this case.



dns recursive queries = yes
This only affects DNS queries for names outside the AD domain, so its 
value wouldn't matter



allow dns updates = true
The default value, according to smb.conf(5) is `secure only`, the same 
as the Windows default, which should be fine.



 dns forwarder = 8.8.8.8
Again, this only affects queries outside the AD domain, so it shouldn't 
matter. I do have it set, though.




[netlogon]
path = /var/lib/samba/sysvol/adlab.local/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No


These are the same for me as well.


The samba server is not configured as nameserver by default. you can at
it either on windows if you right click the zone and add it to the
"nameserver" tab or if you use samba-tool dns add. I prefer the second
one. to add it for example to the zone "adlab.local" you can use
samba-tool dns add  adlab.local adlab.local NS 
.adlab.local
this will add an ns record for the zone "adlab.local" which looks like
the existing entry for the windows dns "(same as parent folder)" and it
will also automatically add the sambaserver into the "nameserver" tab of
the zone.

Yes, that adds the NS records to the domain, and I've tried that. Since 
the Samba server is a DNS server, this should be done automatically 
anyway. In any case, it doesn't help.



after adding these records / checking other dns records (_ldap._tcp,
_kerberos etc) I've just did

These also should be added automatically if the Samba server is to be a 
DNS server, but adding them manually doesn't help either.



samba-tool drs replicate   dc=adlab,dc=local --local

This works fine


samba-tool drs replicate   
dc=forestdnszones,dc=adlab,dc=local --local
samba-tool drs replicate   
dc=domaindnszones,dc=adlab,dc=local --local
These both fail because there is no outbound connection from the Samba 
server to the Windows server for these directory partitions. Adding them 
manually with repadmin works temporarily, but the KCC eventually removes 
them.




if everything is well (which was the case each time I've tested it), i
moved the fsmo roles with samba-tool fs

Re: [Samba] Roaming Profile synchronization errors on new samba

[Zane Zakraisek]

I too have been experiencing the same issues with my Samba server and
Windows 8. I am currently running Samba 4.0.3. My Windows 7 client's
profiles are synchronizing, but I am receiving that same error on my
Windows 8 machines. The user has full permissions over their roaming
profile directory, so I'm not too sure what the issue is.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4.0 as a file server

[Andrew Bartlett]

On Wed, 2013-02-20 at 12:53 +, Sebastian Arcus wrote:

> 
> Thanks Andrew. Will do. Just for my own understanding - is it still 
> possible to run Samba 4 as (just) a workgroup? If yes - does one just 
> specify security=user in smb.conf and still uses the "samba" binary - or 
> the "smbd" binary has to be started/used for workgroup operation? Or the 
> smbd binary is actually still the Samba 3.x series and is not 
> technically part of Samba 4 although it compiles out of the same download?
> 
> Sorry if I'm asking what might be really basic stuff to others.

The WHATSNEW says:

# For pure file server work, the binaries users would expect from that
# series (smbd, nmbd, winbindd, smbpasswd) continue to be available.

With the exception of the deprecated security=server and security=share
being removed, operation of these binaries, and the services these
provide remains unchanged.

Andrew Bartlett
-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType

[Andrew Bartlett]

On Fri, 2013-02-22 at 13:12 +, Dominic Evans wrote:
> On 22 February 2013 11:48, Andrew Bartlett  wrote:
> > Indeed, if the domain originally came from windows, then
> > upgradeprovision should NOT be run.  Indeed, I would have hoped that the
> > tool would detect this and would not attempt an upgrade, but clearly
> > this fails.
> 
> Ah. It might be worth adding something in the release notes to make
> this clear. I imagine a lot of new Samba4 users have migrated from
> Windows Server DCs and similarly may not have realised that
> upgradeprovision isn't a generic version-to-version migration step.

We said:

- samba_upgradeprovision should not be run when upgrading to this
release
  from a recent release.  No important database format changes have
  been made since alpha16.

> > A backup was made before the upgradeprovision process, and I hope you
> > tool your own backup.  Please revert to one of these backups, file a bug
> > along these lines and do not use this tool until I can add more safety
> > checks.
> 
> I did take my own backup beforehand. However, my domain does appear to
> be running perfectly fine at the moment. I've not had any issues from
> users. We did initially lose some manually added DNS entries, but
> these were easy to add back in. The rest of the DNS was re-populated
> by the computers themselves anyway. We don't really use the domain for
> anything much beyond allowing users to logon to any machine in the
> network with their individual username+password, and allowing
> Administrators full remote access to the machines as well. So I'm
> happy to just continue with it in the current state and see how it
> goes.

My current investigations indicate that this tool is NOT safe to use
as-is.  

I can't make any warranty about the continued operation of the domain in
these conditions.  It will be significantly easier to support you with
future issues if this is not part of your domain's history.

samba_upgradeprovision is an amazingly powerful tool, and it has been a
critical part of the support required to keep our earliest sites online
as Samba 4.0 matured though the early alpha releases.  We just need to
tame it to be a much more tested and targeted tool that makes much less
sweeping assumptions about what changes it should make, now that we know
the small number of changes that need to be made from Samba 4.0.0 (and
that domains imported from Windows are in fact already fully correct).  

Thanks,

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Peter Beck]

Dustin C. Hatch  quatschte am Fri, Feb 22, 2013 at 
12:31:05PM -0600:
> On 2/22/2013 11:13, Sérgio Henrique wrote:
> >I guess the comunication beetween MS AD and Samba4 is by kerberos, i have
> >copied the /opt/samba/private/krb5.conf to /etc after joined to domain
> >
> >I have installed a windows server at 2003 forest level as PDC then
> >installed samba4.0.3
> >join domain but everytime i am getting problems with forest and domain dns
> >zones...
> >
> I have the same issue. I've tried countless times to add a Samba DC
> to my (test) AD environment, but every time, it fails to add and
> outbound connection for the DomainDnsZones and ForestDnsZones
> directory partitions. In addition, the Samba server is not listed as
> a name server for either the root zone or the _msdcs zone.

yes, the basic setup is like it's written down in the Wiki pages at
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC.

I get kerberos tickets without any issue. I think the domain forest
level is also important to raise up to 2003 (I can remember I also had
issues earlier and then I've just raised the domain operation level).
The forest operation level was something I've changed later...
After raising up the operation level I always reboot the Windows Dc. Not
sure if that is really needed...

I for one will in future raise both levels up to 2003 _before_ I start
deploying samba.

my krb.conf looks like this:

[libdefaults]
default_realm = ADLAB.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true

and this is my smb.conf, not sure if allow dns updates is need or not.

# Global parameters
[global]
server role = active directory domain controller
workgroup = ADLAB
realm = adlab.local
netbios name = LAB07
passdb backend = samba4
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver, winreg, srvsvc
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, 
ntp_signd, kcc, dnsupdate, smb, dns
dns recursive queries = yes
allow dns updates = true
dns forwarder = 8.8.8.8

[netlogon]
path = /var/lib/samba/sysvol/adlab.local/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No

The samba server is not configured as nameserver by default. you can at
it either on windows if you right click the zone and add it to the
"nameserver" tab or if you use samba-tool dns add. I prefer the second
one. to add it for example to the zone "adlab.local" you can use
samba-tool dns add  adlab.local adlab.local NS 
.adlab.local
this will add an ns record for the zone "adlab.local" which looks like
the existing entry for the windows dns "(same as parent folder)" and it
will also automatically add the sambaserver into the "nameserver" tab of
the zone. 

after adding these records / checking other dns records (_ldap._tcp,
_kerberos etc) I've just did

samba-tool drs replicate   dc=adlab,dc=local --local
samba-tool drs replicate   
dc=forestdnszones,dc=adlab,dc=local --local
samba-tool drs replicate   
dc=domaindnszones,dc=adlab,dc=local --local

if everything is well (which was the case each time I've tested it), i
moved the fsmo roles with samba-tool fsmo transfer --role=

But as I mentioned before - I am also still testing at the moment ;-)
hope that helps

Regards
Peter
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] LDAP recommendations please

[ray klassen]

Touche. Although my goal is replication, not proxying.



- Original Message -
From: Adam Tauno Williams 
To: samba@lists.samba.org
Cc: 
Sent: Thursday, 21 February 2013, 11:59
Subject: Re: [Samba] LDAP recommendations please

On Thu, 2013-02-21 at 16:36 +, ray klassen wrote:
> Actually I was hoping to use the new internal LDAP as the master.
> I notice that 
> http://www.windowsitpro.com/content1/topic/integrate-active-directory-and-openldap-98449/catpath/ldap
> has an article on using slapd as a proxy to Active Directory.
> This one loks even better. Never used 389Server but there's a first time for 
> everything
> http://www.linuxmail.info/ad-fds-sync-howto/
> (I did google this before I asked the question, but I was searching for 
> samba4 ldap, not active directory ldap. 
> I hope samba4 AD is that similar that I can pull similar stunts to the ones 
> described)
> Upgrading to AD requires that you use our internal LDAP backend.
> https://wiki.samba.org/index.php/Samba4/FAQ

stop with the googling, and just look at the docs.
  
  The wiki has an "openLDAP proxy to AD" section.


-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Dustin C. Hatch]

On 2/22/2013 11:13, Sérgio Henrique wrote:

I guess the comunication beetween MS AD and Samba4 is by kerberos, i have
copied the /opt/samba/private/krb5.conf to /etc after joined to domain

I have installed a windows server at 2003 forest level as PDC then
installed samba4.0.3
join domain but everytime i am getting problems with forest and domain dns
zones...


I have the same issue. I've tried countless times to add a Samba DC to 
my (test) AD environment, but every time, it fails to add and outbound 
connection for the DomainDnsZones and ForestDnsZones directory 
partitions. In addition, the Samba server is not listed as a name server 
for either the root zone or the _msdcs zone.


--
♫Dustin
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] RPM building tools for Samba 4.0.3 on RHEL 6 published bye me on Github

[Nico Kadel-Garcia]

On Fri, Feb 22, 2013 at 12:40 PM, Diego Remolina
 wrote:
> I think a lot of your work was probably prior to RHEL 6.4, but have you
> tried looking at their new SRPM for samba 4.0.0 and adapting it to 4.0.3?

Unfortunately somewhere between 4.0.0 and 4.0.3. they introduced now
related package dependencies on  libtalloc, libtdb, libtevent,
iniparser, and krb5. So the RHEL 6.4 inlcudes krb5-1.10, which
eliminates one problem, but doesn't resolve the others. That's why I
put updates for those as well up at https://github.com/nkadel/ and
into the Samba repository building tools at
https://github.com/nkadel/samba4repo/.

Since building with "mock" relies on CentOS, or Scientific Linux or a
local RHEL yum repo, to have the updated packages, it's going to be a
while before the new RHEL 6.4 packages are broadly available anyway.
I'll yank them from github.com if and as they become available as part
of 6.4 releases.

> http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba4-4.0.0-55.el6.rc4.src.rpm
>
> They have also posted the new SRPMS for the libtdb and libtalloc and other
> software that may be required:
>
> http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtalloc-2.0.7-2.el6.src.rpm
> http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtdb-1.2.10-1.el6.src.rpm
> http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtevent-0.9.8-8.el6.src.rpm

Those are new enough for Samba 4.0.0, not for Samba 4.0.3.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Possible bug in Samba 4 - no Recycle VFS object

[Jeremy Allison]

On Fri, Feb 22, 2013 at 10:01:11AM +, Sebastian Arcus wrote:

> Hi Jeremy. Thanks for the reply. Would that mean that it is not
> possible to use the recycle bin in the ADS domain mode?

It's nothing to do with the ADS domain mode, it's to
do with what fileserver backend you're using.

smbd == yes
ntvfs == no.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

I guess the comunication beetween MS AD and Samba4 is by kerberos, i have
copied the /opt/samba/private/krb5.conf to /etc after joined to domain

I have installed a windows server at 2003 forest level as PDC then
installed samba4.0.3
join domain but everytime i am getting problems with forest and domain dns
zones...


# Global parameters
[global]
workgroup = LISBOA
realm = lisboa.ad.root
netbios name = DC2
server role = active directory domain controller
allow dns updates = true

[netlogon]
path = /opt/samba/var/locks/sysvol/lisboa.ad.root/scripts
read only = No

[sysvol]
path = /opt/samba/var/locks/sysvol
read only = No

Thank you in advanced,
Best Regards,


On Fri, Feb 22, 2013 at 4:56 PM, Friedrich Locke
wrote:

> Are you using kerberos to authenticate ?
>
> On Fri, Feb 22, 2013 at 7:10 AM, Sérgio Henrique  wrote:
> > Awesome i will try to replicate in my test environment.
> >
> >
> > On Fri, Feb 22, 2013 at 2:23 AM, Peter Beck 
> wrote:
> >
> >> Hi guys,
> >>
> >> weehoo! Samba4 rocks ! Great work!
> >>
> >> if someone is interested - I finally managed to replace a Windows DC
> >> successfully.
> >> (at least i hope so ;-)
> >>
> >> this is what I have done:
> >>
> >> * Windows DC: Domain and Forest Operation Level = 2003
> >> * Reboot Windows DC (always a good idea on Windows ;-)
> >> * joining the Samba Domain Controller to the existing 2003 domain
> >> * adding a Reverse zone for my network in DNS (on Windows)
> >> * replicating forestdnszones, domaindnszones
> >> * on the Windows DC i've changed the nameserver for each zone to the
> samba
> >>   domain controller (which automatically added an NS-record to dns)
> >> * samba_dnsupdate --all-names --verbose
> >> * removing the Global Catalog on the Windows DC (including reboot ;-)
> >> * transferring all fsmo roles to the samba dc (what's the differnce to
> >>   seizing ? for me transfer seems to work more reliable..)
> >> * demote the windows server
> >>
> >> Now I am able to add or remove records in dns (with samba tool and on
> >> Windows with the MMC-Snapin) and it looks very good.
> >>
> >> Now I think I just need to do some "cleaning" (removing dns entries for
> >> the replaced windows dc, etc).
> >>
> >> Regards
> >> Peter
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> >
> > --
> > Cumprimentos,
> > Sérgio Machado
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Authenticate via MIT Kerberos?

[Dann Bohn]

I'm in the process of setting up a samba file server, and I'd like to 
set it up so users can authenticate with their Kerberos realm 
credentials. It seems that every article I read wants me to bind the 
thing to a domain, and authenticate that way. The only problem with that 
is user accounts aren't domain accounts, they are "shadow" Kerberos 
realm accounts (forgive me, I'm not a windows admin) when I bind samba 
to our AD, those shadow accounts don't work, but real domain accounts 
do. Users don't have real domain accounts.


I've obtained a service keytab, and modified the smb.conf following 
multiple articles online, and get 'could not look up dcs for domain 
"REALM"' and  (the value in my realm field). The realm isn't a real 
host. it's an MIT realm. My system is kerborized, and the values in 
krb5.conf work for system-auth.


Thanks in advance,
Dann

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Friedrich Locke]

Are you using kerberos to authenticate ?

On Fri, Feb 22, 2013 at 7:10 AM, Sérgio Henrique  wrote:
> Awesome i will try to replicate in my test environment.
>
>
> On Fri, Feb 22, 2013 at 2:23 AM, Peter Beck  wrote:
>
>> Hi guys,
>>
>> weehoo! Samba4 rocks ! Great work!
>>
>> if someone is interested - I finally managed to replace a Windows DC
>> successfully.
>> (at least i hope so ;-)
>>
>> this is what I have done:
>>
>> * Windows DC: Domain and Forest Operation Level = 2003
>> * Reboot Windows DC (always a good idea on Windows ;-)
>> * joining the Samba Domain Controller to the existing 2003 domain
>> * adding a Reverse zone for my network in DNS (on Windows)
>> * replicating forestdnszones, domaindnszones
>> * on the Windows DC i've changed the nameserver for each zone to the samba
>>   domain controller (which automatically added an NS-record to dns)
>> * samba_dnsupdate --all-names --verbose
>> * removing the Global Catalog on the Windows DC (including reboot ;-)
>> * transferring all fsmo roles to the samba dc (what's the differnce to
>>   seizing ? for me transfer seems to work more reliable..)
>> * demote the windows server
>>
>> Now I am able to add or remove records in dns (with samba tool and on
>> Windows with the MMC-Snapin) and it looks very good.
>>
>> Now I think I just need to do some "cleaning" (removing dns entries for
>> the replaced windows dc, etc).
>>
>> Regards
>> Peter
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> Cumprimentos,
> Sérgio Machado
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

I Peter i had just one problem i am unable to replicate ForestDns and
DomainDns zones!? How do you manage to do that?
also dns recursive queries = yes its being ignored...

Thank you in advanced.


On Fri, Feb 22, 2013 at 1:55 PM, Peter Beck  wrote:

> Federico Nan  quatschte am Fri, Feb 22, 2013 at
> 08:36:56AM -0300:
> > Wouw!
> >
> > And how do you handle the GPO and sysvol volumes? Did you copy them to
> the
> > samba sysvol?
> >
> > I扉e been trying and it always fails in the fsmo transferring. Did you do
> > this on the Windows MMC?
>
> Hi Federico,
>
> It was just a very basic test with a "naked" Windows 2003 DC and I did
> not test GPO/Sysvol transfers (only checked adding a GPO to the samba dc
> after removing the Windows DC, which was working perfect)
>
> If transferred the fsmo rules with samba-tool. fsmo seize did not work
> on my machine, there were always errors (can't remember excatly at the
> moment), transfer had a timeout the first try, but the second run was
> successful. I've also tried it with ntdsutil from Windows, exact the
> same behaviour (first try - timeout) so i think this is "normal".
> From what I have seen it's also working with samba-tool the first time,
> even when there is a timeout message (I've used --role=all). After one
> run I left the computer to get some coffee and when I came back and checked
> the roles I could see that every role was now transferred...
>
> The only thing I'm unsure is with dcpromo when demoting the Windows DC -
> I always get a message with "holds the last replication of Application
> Directory Partitions" - usually ForestDNS and DomainDNS partitions.
> I've just selected "delete them" and so far there was no issue.
>
> But as mentioned, I'm also doing this in a little test environment and
> have often switched back to an earlier snapshot to try again...no long
> term experience.. ;-) I'm still testing...
>
> Regards
> Peter
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to join domain, apparent DNS problem

[Thomas Simmons]

I think he's seeing this with both S4 and WS2003 as a DC, so I don't know
that setting up the domain again will solve the problem. Provisioning a
domain on WS2003 (or S4 TBH) is a very simple process. It's hard to say
with such little info, but I'm guessing it's a client network configuration
- is the DC's IP configured for the primary DNS server?


On Fri, Feb 22, 2013 at 11:13 AM, Federico Nan wrote:

> Maybe you can try to do a setup domain again.
>
>
> 2013/2/22 Lee Allen 
>
> > That also fails:
> >
> > lal...@oi.allenlan.net:~$ host -t SRV _ldap._tcp.allenlan.net.
> > Host _ldap._tcp.allenlan.net. not found: 3(NXDOMAIN)
> >
> > lal...@oi.allenlan.net:~$ host -t SRV _ldap._tcp.dc._msdcs.allenlan.net.
> > Host _ldap._tcp.dc._msdcs.ALLENLAN.NET. not found: 3(NXDOMAIN)
> >
> > I can manually add these records, but according to the MS documentation,
> I
> > shouldn't need to.
> >
> > Lee Allen
> >
> >
> >
> > On Feb 22, 2013 6:40 AM, "Federico Nan"  wrote:
> >
> >> You can try to find your record doing: (taking from the official how-to)
> >>
> >> host -t SRV _ldap._tcp.samdom.example.com.
> >>
> >>
> >>
> >>
> >> 2013/2/22 Lee Allen 
> >>
> >>> This isn't exactly a Samba problem, but I am hoping the experts here
> can
> >>> help me.
> >>>
> >>> I have been trying to get my OpenIndiana system to join a Samba4 domain
> >>> and
> >>> I was running into multiple problems. So I decided to test against a
> true
> >>> Windows Server (2003) domain, to see if there is something wrong with
> my
> >>> client-side setup.
> >>>
> >>> Attempting to join the WS2003 AD domain also fails.  Snooping the
> network
> >>> traffic reveals this:
> >>>
> >>> client: DNS query _ldap._tcp.dc._msdcs.ALLENLAN.NET: type SRV, class
> IN
> >>> DC: no such server
> >>>
> >>> I found this MS link:
> >>> http://technet.microsoft.com/en-us/library/cc961719.aspx
> >>>
> >>> Which says, in part:
> >>>
> >>> "_ldap._tcp.dc._msdcs.DnsDomainName
> >>> Allows a client to locate a domain controller (dc) of the domain named
> by
> >>> DnsDomainName . All Windows 2000 Server based domain controllers
> register
> >>> this SRV record."
> >>>
> >>> I am very new to Active Directory setup.  So it is quite likely I have
> >>> made
> >>> a basic configuration error on the WS2003 AD setup.  But true Windows
> >>> clients can join the domain successfully.
> >>>
> >>> Any ideas?
> >>>
> >>> Does Samba4 automatically put this SRV record into its internal DNS
> >>> server?
> >>>
> >>> Thank you.
> >>>
> >>> Lee Allen
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/options/samba
> >>>
> >>
> >>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to join domain, apparent DNS problem

[Lee Allen]

I did quite a bit more research on this.  Everything I read says an AD DNS
should automatically set up those entries.  I found a few trouble-shooting
documents that suggested checking them, but nothing indicating why they
might be wrong, and what to do about it.

I agree that tearing down the domain and re-building it from scratch is the
right approach.

In the meantime, I returned to my Samba4 project, and found an error I had
made on the client side.  5 minutes later my openindiana system
successfully joined my Samba4 domain.  So at the moment I don't have any
real interest in pursuing the Windows Server issue.

Thanks for your help.

Lee Allen

On Fri, Feb 22, 2013 at 11:13 AM, Federico Nan wrote:

> Maybe you can try to do a setup domain again.
>
>
> 2013/2/22 Lee Allen 
>
>> That also fails:
>>
>> lal...@oi.allenlan.net:~$ host -t SRV _ldap._tcp.allenlan.net.
>> Host _ldap._tcp.allenlan.net. not found: 3(NXDOMAIN)
>>
>> lal...@oi.allenlan.net:~$ host -t SRV _ldap._tcp.dc._msdcs.allenlan.net.
>> Host _ldap._tcp.dc._msdcs.ALLENLAN.NET. not found: 3(NXDOMAIN)
>>
>> I can manually add these records, but according to the MS documentation,
>> I shouldn't need to.
>>
>> Lee Allen
>>
>>
>>
>> On Feb 22, 2013 6:40 AM, "Federico Nan"  wrote:
>>
>>> You can try to find your record doing: (taking from the official how-to)
>>>
>>> host -t SRV _ldap._tcp.samdom.example.com.
>>>
>>>
>>>
>>>
>>> 2013/2/22 Lee Allen 
>>>
 This isn't exactly a Samba problem, but I am hoping the experts here can
 help me.

 I have been trying to get my OpenIndiana system to join a Samba4 domain
 and
 I was running into multiple problems. So I decided to test against a
 true
 Windows Server (2003) domain, to see if there is something wrong with my
 client-side setup.

 Attempting to join the WS2003 AD domain also fails.  Snooping the
 network
 traffic reveals this:

 client: DNS query _ldap._tcp.dc._msdcs.ALLENLAN.NET: type SRV, class IN
 DC: no such server

 I found this MS link:
 http://technet.microsoft.com/en-us/library/cc961719.aspx

 Which says, in part:

 "_ldap._tcp.dc._msdcs.DnsDomainName
 Allows a client to locate a domain controller (dc) of the domain named
 by
 DnsDomainName . All Windows 2000 Server based domain controllers
 register
 this SRV record."

 I am very new to Active Directory setup.  So it is quite likely I have
 made
 a basic configuration error on the WS2003 AD setup.  But true Windows
 clients can join the domain successfully.

 Any ideas?

 Does Samba4 automatically put this SRV record into its internal DNS
 server?

 Thank you.

 Lee Allen
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

>>>
>>>
>


-- 
*Lee Allen*
email: l...@leecallen.com
bus: (716) 773-2729
home: (716) 773-2326
cell: (716) 880-0854
fax: (716) 408-8844
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4 and freeradius

[Kinglok, Fong]

Hi,

My goal is to make use of samba 4 and freeradius to authenticate user to use 
wifi network (WPA2 enterprise).

The setup is to setup Samba 4.0.3 in machine A and setup freeradius in machine 
B.

By reading: 
Document A: http://wiki.samba.org/index.php/Samba4/beyond
Document B: 
https://wiki.samba.org/index.php/Samba4/HOWTO/Virtual_Private_Network
Document C: 
http://www.linuxgfx.co.uk/karoshi/documentation/wiki/index.php?title=Samba4_Testing

The testing to bind the samba 4 server from machine B shows successfully:
ldapsearch -x -W -h file.sambadom.org -b "ou=accounting,dc=sambadom,dc=org" -D 
"cn=ldapuser,cn=users,dc=sambadom,dc=org" "(cn=peter)"

Also, ldap module of freeradius is configured as follows (ldap part in 
sites-enabled/default and inner-tunnel is configured also.)

/usr/local/freeradius/etc/raddb/modules/ldap 
=
ldap {
server = "file.sambadom.org"
password = "asecurepassword"
identity = "cn=ldapuser,cn=users,dc=samba4,dc=yauoi,dc=org"
basedn = "ou=accounting,dc=sambadom,dc=org"
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
ldap_connections_number = 5
max_uses = 0
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
keepalive {
idle = 60
probes = 3
interval = 3
}
}
=

When I try authentication test in machine B,
eapol_test -c ./peap-mschapv2.conf -s testing123

peap-mschapv2.conf

network={
ssid="amazonforest"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="peter"
#anonymous_identity="anonymous"
password="asecurepassword"
phase2="autheap=MSCHAPV2"

#
#  Uncomment the following to perform server certificate validation.
ca_cert="/usr/local/freeradius/etc/raddb/certs/ca.der"
}


The result is failed.


Is there anything I did wrongly?

Kinglok, Fong


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to join domain, apparent DNS problem

[Federico Nan]

Maybe you can try to do a setup domain again.


2013/2/22 Lee Allen 

> That also fails:
>
> lal...@oi.allenlan.net:~$ host -t SRV _ldap._tcp.allenlan.net.
> Host _ldap._tcp.allenlan.net. not found: 3(NXDOMAIN)
>
> lal...@oi.allenlan.net:~$ host -t SRV _ldap._tcp.dc._msdcs.allenlan.net.
> Host _ldap._tcp.dc._msdcs.ALLENLAN.NET. not found: 3(NXDOMAIN)
>
> I can manually add these records, but according to the MS documentation, I
> shouldn't need to.
>
> Lee Allen
>
>
>
> On Feb 22, 2013 6:40 AM, "Federico Nan"  wrote:
>
>> You can try to find your record doing: (taking from the official how-to)
>>
>> host -t SRV _ldap._tcp.samdom.example.com.
>>
>>
>>
>>
>> 2013/2/22 Lee Allen 
>>
>>> This isn't exactly a Samba problem, but I am hoping the experts here can
>>> help me.
>>>
>>> I have been trying to get my OpenIndiana system to join a Samba4 domain
>>> and
>>> I was running into multiple problems. So I decided to test against a true
>>> Windows Server (2003) domain, to see if there is something wrong with my
>>> client-side setup.
>>>
>>> Attempting to join the WS2003 AD domain also fails.  Snooping the network
>>> traffic reveals this:
>>>
>>> client: DNS query _ldap._tcp.dc._msdcs.ALLENLAN.NET: type SRV, class IN
>>> DC: no such server
>>>
>>> I found this MS link:
>>> http://technet.microsoft.com/en-us/library/cc961719.aspx
>>>
>>> Which says, in part:
>>>
>>> "_ldap._tcp.dc._msdcs.DnsDomainName
>>> Allows a client to locate a domain controller (dc) of the domain named by
>>> DnsDomainName . All Windows 2000 Server based domain controllers register
>>> this SRV record."
>>>
>>> I am very new to Active Directory setup.  So it is quite likely I have
>>> made
>>> a basic configuration error on the WS2003 AD setup.  But true Windows
>>> clients can join the domain successfully.
>>>
>>> Any ideas?
>>>
>>> Does Samba4 automatically put this SRV record into its internal DNS
>>> server?
>>>
>>> Thank you.
>>>
>>> Lee Allen
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Possible bug in Samba 4 - no Recycle VFS object

[Ricky Nance]

Hi Sebastian,
If you run ps ax | grep smbd while samba is running and see running smbd
processes, then most (probably all even) vfs objects should run (including
recycle).

Ricky
On Feb 22, 2013 4:01 AM, "Sebastian Arcus"  wrote:

> On 21/02/13 23:26, Jeremy Allison wrote:
>
>> On Thu, Feb 21, 2013 at 07:24:26PM +, Sebastian Arcus wrote:
>>
>>> Just a quick check here before I file a bug report. I've just
>>> checked if I can use the recycle VFS object in Samba 4 like I do in
>>> Samba 3 - and it seems that is not implemented yet. Should I file it
>>> as a bug report - or Samba 4 supports/will support this
>>> functionality in some other way?
>>>
>>
>> The vfs recycle module works in the same way in Samba4
>> that it worked in previous versions of Samba. It doesn't
>> work with the ntvfs file server backend, but that isn't
>> recommended anyway.
>>
>>  Hi Jeremy. Thanks for the reply. Would that mean that it is not possible
> to use the recycle bin in the ADS domain mode?
>
> Sebastian
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Question marks, asterisks, colons in filenames

[Ray]

Am 2013-02-22 08:36, schrieb Günter Kukkukk:

Am Freitag, 22. Februar 2013, 05:09:58 schrieb Günter Kukkukk:

Am Freitag, 22. Februar 2013, 04:18:33 schrieb Günter Kukkukk:
> Am Montag, 18. Februar 2013, 20:16:15 schrieb Ray:
> > Hi,
> >
> > I suppose this question must have been posted a hundred times, 
but

> > Google brings up nothing useful:
> >
> > Consider "The Wall" from Pink Floyd in an MP3 collection. 
There's "In
> > The Flesh.mp3" and "In The Flesh?.mp3" as tracks. Or, another 
example
> > in an MP3 collection: There's a Band called "Stellar", but 
there's
> > also a band called "Stellar*". Naming files like this is no 
problem in

> > Linux.
> >
> > Now I had the idea of using my files on other computers such as 
Macs
> > and Windows-boxes, but both Systems have trouble with the 
characters

> > mentioned above.
> >
> > My question is how Samba can help me to map these characters to
> > something else so that the files become usable on the 
Windows/Mac side
> > *without destroying the readability of the filenames entorely*. 
Hashing
> > into 8.3 random character sequences with "mangled names = yes" 
is not

> > really an option.
> >
> > What is the successor of the removed "mangled map" option? I did 
not

> > find anything in the current man page of smb.conf (5).
> >
> > I'm running Samba 3.5.10, which is the latest in CentOS 6.3.
> >
> > Surely there must be some elegant way to fix this? I don't want 
to

> > rename all my files at the Linux end.
> >
> > Any help would be very appreciated.
> >
> > Cheers,
> > Raimund
>
> Hi Raimund,
> I guess you were the one to whom i was talking on IRC some days 
ago.
> I assured you to have a look at the source of VFS vfs_catia.c, 
because

> we were not able to get it working and it caught my inetrest, too.
>
> Also there is nearly NO info on the web about the usage of this
> re-written vfs module - the samba man page is useless (only old
> usage info)
>
> I now found the bug in vfs_catia.c and will push a fix soon.
> See http://pastie.org/6313997
> how it is working. One can specify translations for all
> invalid windows characters \ / : * ? " < > | and even more ones.
>
> I hope this is the one you were looking for.  :-)
>
> Cheers, Günter

sorry, just a follow up.
I now used more invalid characters and also tried it with windows.
Linux and samba:
http://pastie.org/6314301

Windows screenshot:
http://picpaste.com/pics/vfs_catia-pcvuDc44.1361505596.JPG

Cheers, Günter


sorry, another follow-up...

I've posted a patch to

https://lists.samba.org/archive/samba-technical/2013-February/090653.html


Until i've updated the manual page for vfs_catia, use the following 
in smb.conf:


Note - "vfs objects = catia" can be used in both the [global] and any 
other

[share] section.
Due to performance penalties i would not recommend to use it in 
[global],

but that's up to the user.

Sample configuration:

[someshare]
vfs objects = catia
# mapping is done:
#   hex unix char : hex windows char
#   comma is used to separate char mappings
#   The following will map all invalid windows filename chars:
#   "\ / : * ? " < > |"
#   (plus the blank char, not always allowed with legacy clients)
catia:mappings =

0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6,0x20:0xb1
#
#   Unix chars:
#   0x22:  "
#   0x2a:  *
#   0x2f:  /
#   0x3a:  :
#   0x3c:  <
#   0x3e:  >
#   0x3f:  ?
#   0x5c:  \
#   0x7c:  |
#   0x20:  blank char
#   Windows chars (not listed here) !

I hope this explains the usage.  :-)


This is exactly what I was looking for! Wonderful! Thanks so much!

Do I presume right that this is not part of the official Samba code? 
Will this patch work with Samba v3.5.10 or will I need a newer release?


Cheers,
Raimund

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Peter Beck]

Federico Nan  quatschte am Fri, Feb 22, 2013 at 
08:36:56AM -0300:
> Wouw!
> 
> And how do you handle the GPO and sysvol volumes? Did you copy them to the
> samba sysvol?
> 
> I´ve been trying and it always fails in the fsmo transferring. Did you do
> this on the Windows MMC?

Hi Federico,

It was just a very basic test with a "naked" Windows 2003 DC and I did
not test GPO/Sysvol transfers (only checked adding a GPO to the samba dc
after removing the Windows DC, which was working perfect)

If transferred the fsmo rules with samba-tool. fsmo seize did not work
on my machine, there were always errors (can't remember excatly at the
moment), transfer had a timeout the first try, but the second run was
successful. I've also tried it with ntdsutil from Windows, exact the
same behaviour (first try - timeout) so i think this is "normal".
>From what I have seen it's also working with samba-tool the first time,
even when there is a timeout message (I've used --role=all). After one
run I left the computer to get some coffee and when I came back and checked 
the roles I could see that every role was now transferred...

The only thing I'm unsure is with dcpromo when demoting the Windows DC -
I always get a message with "holds the last replication of Application
Directory Partitions" - usually ForestDNS and DomainDNS partitions.
I've just selected "delete them" and so far there was no issue.

But as mentioned, I'm also doing this in a little test environment and
have often switched back to an earlier snapshot to try again...no long
term experience.. ;-) I'm still testing...

Regards
Peter
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to join domain, apparent DNS problem

[Lee Allen]

That also fails:

lal...@oi.allenlan.net:~$ host -t SRV _ldap._tcp.allenlan.net.
Host _ldap._tcp.allenlan.net. not found: 3(NXDOMAIN)

lal...@oi.allenlan.net:~$ host -t SRV _ldap._tcp.dc._msdcs.allenlan.net.
Host _ldap._tcp.dc._msdcs.ALLENLAN.NET. not found: 3(NXDOMAIN)

I can manually add these records, but according to the MS documentation, I
shouldn't need to.

Lee Allen


On Feb 22, 2013 6:40 AM, "Federico Nan"  wrote:

> You can try to find your record doing: (taking from the official how-to)
>
> host -t SRV _ldap._tcp.samdom.example.com.
>
>
>
>
> 2013/2/22 Lee Allen 
>
>> This isn't exactly a Samba problem, but I am hoping the experts here can
>> help me.
>>
>> I have been trying to get my OpenIndiana system to join a Samba4 domain
>> and
>> I was running into multiple problems. So I decided to test against a true
>> Windows Server (2003) domain, to see if there is something wrong with my
>> client-side setup.
>>
>> Attempting to join the WS2003 AD domain also fails.  Snooping the network
>> traffic reveals this:
>>
>> client: DNS query _ldap._tcp.dc._msdcs.ALLENLAN.NET: type SRV, class IN
>> DC: no such server
>>
>> I found this MS link:
>> http://technet.microsoft.com/en-us/library/cc961719.aspx
>>
>> Which says, in part:
>>
>> "_ldap._tcp.dc._msdcs.DnsDomainName
>> Allows a client to locate a domain controller (dc) of the domain named by
>> DnsDomainName . All Windows 2000 Server based domain controllers register
>> this SRV record."
>>
>> I am very new to Active Directory setup.  So it is quite likely I have
>> made
>> a basic configuration error on the WS2003 AD setup.  But true Windows
>> clients can join the domain successfully.
>>
>> Any ideas?
>>
>> Does Samba4 automatically put this SRV record into its internal DNS
>> server?
>>
>> Thank you.
>>
>> Lee Allen
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Destroyed my samba4 domain

[Mario Giammarco]

Andrew Bartlett  samba.org> writes:

> 
> On Fri, 2013-02-22 at 09:30 +, Mario Giammarco wrote:

> > Sorry I checked better: it is 4.0.3.zentyal.
> 
> At this point due to other commitments I can't help you much more.
> Perhaps be in contact with Zentyal to understand more how your package
> is built.
> 
> Once you work that out, the appropriate one of --use-s3fs or --use-ntvfs
> arguments to 'samba-tool ntacl sysvolreset' would seem to be the fix you
> need, but I can't be sure with so little information.
> 
In their forums there is not enough help.
Anyway I thank you, but if you have some samba4 specific documentation and a
list of all commands with manpages (I have looked at samba web site and
 it seems
to me that most documentation is for samba3) please tell me.

Thanks again,
Mario



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType

[Dominic Evans]

On 22 February 2013 11:48, Andrew Bartlett  wrote:
> Indeed, if the domain originally came from windows, then
> upgradeprovision should NOT be run.  Indeed, I would have hoped that the
> tool would detect this and would not attempt an upgrade, but clearly
> this fails.

Ah. It might be worth adding something in the release notes to make
this clear. I imagine a lot of new Samba4 users have migrated from
Windows Server DCs and similarly may not have realised that
upgradeprovision isn't a generic version-to-version migration step.

> A backup was made before the upgradeprovision process, and I hope you
> tool your own backup.  Please revert to one of these backups, file a bug
> along these lines and do not use this tool until I can add more safety
> checks.

I did take my own backup beforehand. However, my domain does appear to
be running perfectly fine at the moment. I've not had any issues from
users. We did initially lose some manually added DNS entries, but
these were easy to add back in. The rest of the DNS was re-populated
by the computers themselves anyway. We don't really use the domain for
anything much beyond allowing users to logon to any machine in the
network with their individual username+password, and allowing
Administrators full remote access to the machines as well. So I'm
happy to just continue with it in the current state and see how it
goes.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Destroyed my samba4 domain

[Andrew Bartlett]

On Fri, 2013-02-22 at 09:30 +, Mario Giammarco wrote:
> Mario Giammarco  gmail.com> writes:
> 
> >
> > Thanks for hint, now I see that in ppa there is samba 4.0.3. I was pretty 
> > sure
> > that I have samba 4.0.3 but apparently ubuntu refused to upgrade it and I 
> > have
> > 4.0.0.alpha!!
> > 
> 
> Sorry I checked better: it is 4.0.3.zentyal.

At this point due to other commitments I can't help you much more.
Perhaps be in contact with Zentyal to understand more how your package
is built.

Once you work that out, the appropriate one of --use-s3fs or --use-ntvfs
arguments to 'samba-tool ntacl sysvolreset' would seem to be the fix you
need, but I can't be sure with so little information.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Roaming Profile synchronization errors on new samba server

[Diego Remolina]

I must add, that from the Windows client, if I go to the directories 
where the eventvwr says there is a failure creating the folders, I can 
create the folders just fine manually, so it is not really a permissions 
issue, at least not when trying to use explorer to create the folders, 
however during the process of copying files back when login off, the 
folder creation seems to fail.


Any ideas? I would really appreciate help, I am stuck at this point.

Diego

On 02/21/2013 03:28 PM, Diego Remolina wrote:

Hi,

I am running an old CentOS 4 server with samba 3.4.9 and am trying to
move to a new server running Centos 6 and the latest stock samba
3.5.10-125.

Upon trying to switch over to the new server, I noticed that accessing
shares and copying files worked perfectly fine, however upon login off,
the roaming profile fails with error message:

Your roaming profile was not completely synchronized. See the event log
for details or contact administrator.

Further inspection of the event viewer shows several entries like:

-
Windows cannot copy file \\?\C:\Users\dijuremo\Favorites\Links to
location \\?\UNC\p3file\Users\dijuremo\.winprofile.V2\Favorites\Links.
This error may be caused by network problems or insufficient security
rights.

DETAIL - The parameter is incorrect.
-

The client logs show messages such as:

-
[2013/02/21 15:03:09.737537, 2] smbd/open.c:2508(open_directory)
open_directory: unable to create
dijuremo/.winprofile.V2/Favorites/Links. Error was
NT_STATUS_OBJECT_NAME_COLLISION
-

I have tried upgrading to 3.6.9 using the SRPM from RHEL 6.4 and also
even build the latest 3.6.12 sources from samba.org with the spec file
from redhat and the problem seems to persist.

I have deleted the profile totally from both server and workstation to
try and get a new profile and the problem persist. The problem occurs on
both Windows 7 and 8 clients, but most of the testing I have done with
Windows 8.

I would appreciate if I can get some help with this. I can upload log
files or open a bugzilla if appropriate.

Thanks,

Diego


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType

[Andrew Bartlett]

On Wed, 2013-02-20 at 09:09 -0800, Gregory Sloop wrote:
> 
> DE> Originally I had a Win 2003 DC. I added a samba 4.0.0 DC to the
> DE> domain, allow full replication to take place and then transferred all
> DE> the roles to the samba 4.0.0 dc. Finally I removed the Windows DC from
> DE> the domain.
> 
> DE> Everything has been working well. Today I upgraded from samba 4.0.0 to
> DE> 4.0.3 and ran samba_upgradeprovision --full. Initially this was
> DE> failing in update_present throwing an exception when attempting to
> DE> modify msDS-NcType and msDS-SupportedEncryptionTypes attributes which
> DE> didn't exist. I was able to get the upgradeprovision to run to
> DE> completion by removing these from the deltas
> 
> DE> i.e.,
> DE> delta.remove('msDS-SupportedEncryptionTypes')
> DE> delta.remove('msDS-NcType')
> 
> DE> Everything seems to be up-and-running again at 4.0.3, so it went well.
> DE> However, if these attributes are missing - a) shouldn't I get these
> DE> attributes added? b) why don't these show up as missing attributes on
> DE> the samba-tool dbcheck?
> 
> I can't help you at all, but over the last week or so, Andrew Bartlett
> has mentioned, IIRC, that the upgradeprovision should not be run to
> upgrade a 4.0.x box to 4.0.3.
> 
> Essentially, as I understand it, the code is only working properly for
> alpha version upgrades, and it was too dangerous to recommend for use
> for a production version [4.0.x].
> 
> Hopefully someone else will chime in here that knows more than I.
> 
> Just thought if you hadn't seen those messages - that might explain
> the source of the problems you have.

Indeed, if the domain originally came from windows, then
upgradeprovision should NOT be run.  Indeed, I would have hoped that the
tool would detect this and would not attempt an upgrade, but clearly
this fails.

A backup was made before the upgradeprovision process, and I hope you
tool your own backup.  Please revert to one of these backups, file a bug
along these lines and do not use this tool until I can add more safety
checks. 

Andrew Bartlett
-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Upgrade from 4.0.0 to 4.0.3 creates unfixable errors with dbcheck

[Andrew Bartlett]

On Thu, 2013-02-21 at 13:11 +, Chris Lewis wrote:
> Hello,
> 
> Today I tried to upgrade from samba 4.0.0 to 4.0.3 on my test environment.
> 
> I patched the source with the diffs patch-4.0.0-4.0.1.diffs, 
> patch-4.0.1-4.0.2.diffs, patch-4.0.2-4.0.3.diffs , then make, make install.
> 
> # samba-tool dbcheck
> Checking 807 objects
> 
> Not fixing nTSecurityDescriptor on CN=Performance Monitor 
> Users,CN=Builtin,DC=inview,DC=local  <--- all errors were 
> same for each object
> 
> 
> Checked 807 objects (805 errors)
> 
> Tried
> 
> # samba-tool dbcheck --fix
> 
>   (fix all.)
> 
> Checked 807 objects (763 errors)
> 
> now
> 
> # samba-tool dbcheck
> 
> Not fixing nTSecurityDescriptor on CN=Performance Monitor 
> Users,CN=Builtin,DC=inview,DC=local  <--- all errors were 
> same for each object
> 
> Checked 807 objects (650 errors)
> 
> Fixing again has no further effect on the number of errors.
> 
> It should be noted that before the upgrade dbcheck found no errors
> 
> 
> So what has changed between the versions  to cause this and how can I 
> fix these errors?

Please file a bug.  Clearly our heuristic to detect when we need to
rewrite these is faulty. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to join domain, apparent DNS problem

[Federico Nan]

You can try to find your record doing: (taking from the official how-to)

host -t SRV _ldap._tcp.samdom.example.com.




2013/2/22 Lee Allen 

> This isn't exactly a Samba problem, but I am hoping the experts here can
> help me.
>
> I have been trying to get my OpenIndiana system to join a Samba4 domain and
> I was running into multiple problems. So I decided to test against a true
> Windows Server (2003) domain, to see if there is something wrong with my
> client-side setup.
>
> Attempting to join the WS2003 AD domain also fails.  Snooping the network
> traffic reveals this:
>
> client: DNS query _ldap._tcp.dc._msdcs.ALLENLAN.NET: type SRV, class IN
> DC: no such server
>
> I found this MS link:
> http://technet.microsoft.com/en-us/library/cc961719.aspx
>
> Which says, in part:
>
> "_ldap._tcp.dc._msdcs.DnsDomainName
> Allows a client to locate a domain controller (dc) of the domain named by
> DnsDomainName . All Windows 2000 Server based domain controllers register
> this SRV record."
>
> I am very new to Active Directory setup.  So it is quite likely I have made
> a basic configuration error on the WS2003 AD setup.  But true Windows
> clients can join the domain successfully.
>
> Any ideas?
>
> Does Samba4 automatically put this SRV record into its internal DNS server?
>
> Thank you.
>
> Lee Allen
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Federico Nan]

Wouw!

And how do you handle the GPO and sysvol volumes? Did you copy them to the
samba sysvol?

I´ve been trying and it always fails in the fsmo transferring. Did you do
this on the Windows MMC?


2013/2/22 Sérgio Henrique 

> Awesome i will try to replicate in my test environment.
>
>
> On Fri, Feb 22, 2013 at 2:23 AM, Peter Beck  wrote:
>
> > Hi guys,
> >
> > weehoo! Samba4 rocks ! Great work!
> >
> > if someone is interested - I finally managed to replace a Windows DC
> > successfully.
> > (at least i hope so ;-)
> >
> > this is what I have done:
> >
> > * Windows DC: Domain and Forest Operation Level = 2003
> > * Reboot Windows DC (always a good idea on Windows ;-)
> > * joining the Samba Domain Controller to the existing 2003 domain
> > * adding a Reverse zone for my network in DNS (on Windows)
> > * replicating forestdnszones, domaindnszones
> > * on the Windows DC i've changed the nameserver for each zone to the
> samba
> >   domain controller (which automatically added an NS-record to dns)
> > * samba_dnsupdate --all-names --verbose
> > * removing the Global Catalog on the Windows DC (including reboot ;-)
> > * transferring all fsmo roles to the samba dc (what's the differnce to
> >   seizing ? for me transfer seems to work more reliable..)
> > * demote the windows server
> >
> > Now I am able to add or remove records in dns (with samba tool and on
> > Windows with the MMC-Snapin) and it looks very good.
> >
> > Now I think I just need to do some "cleaning" (removing dns entries for
> > the replaced windows dc, etc).
> >
> > Regards
> > Peter
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
>
> --
> Cumprimentos,
> Sérgio Machado
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Unable to join domain, apparent DNS problem

[Lee Allen]

This isn't exactly a Samba problem, but I am hoping the experts here can
help me.

I have been trying to get my OpenIndiana system to join a Samba4 domain and
I was running into multiple problems. So I decided to test against a true
Windows Server (2003) domain, to see if there is something wrong with my
client-side setup.

Attempting to join the WS2003 AD domain also fails.  Snooping the network
traffic reveals this:

client: DNS query _ldap._tcp.dc._msdcs.ALLENLAN.NET: type SRV, class IN
DC: no such server

I found this MS link:
http://technet.microsoft.com/en-us/library/cc961719.aspx

Which says, in part:

"_ldap._tcp.dc._msdcs.DnsDomainName
Allows a client to locate a domain controller (dc) of the domain named by
DnsDomainName . All Windows 2000 Server based domain controllers register
this SRV record."

I am very new to Active Directory setup.  So it is quite likely I have made
a basic configuration error on the WS2003 AD setup.  But true Windows
clients can join the domain successfully.

Any ideas?

Does Samba4 automatically put this SRV record into its internal DNS server?

Thank you.

Lee Allen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

Awesome i will try to replicate in my test environment.


On Fri, Feb 22, 2013 at 2:23 AM, Peter Beck  wrote:

> Hi guys,
>
> weehoo! Samba4 rocks ! Great work!
>
> if someone is interested - I finally managed to replace a Windows DC
> successfully.
> (at least i hope so ;-)
>
> this is what I have done:
>
> * Windows DC: Domain and Forest Operation Level = 2003
> * Reboot Windows DC (always a good idea on Windows ;-)
> * joining the Samba Domain Controller to the existing 2003 domain
> * adding a Reverse zone for my network in DNS (on Windows)
> * replicating forestdnszones, domaindnszones
> * on the Windows DC i've changed the nameserver for each zone to the samba
>   domain controller (which automatically added an NS-record to dns)
> * samba_dnsupdate --all-names --verbose
> * removing the Global Catalog on the Windows DC (including reboot ;-)
> * transferring all fsmo roles to the samba dc (what's the differnce to
>   seizing ? for me transfer seems to work more reliable..)
> * demote the windows server
>
> Now I am able to add or remove records in dns (with samba tool and on
> Windows with the MMC-Snapin) and it looks very good.
>
> Now I think I just need to do some "cleaning" (removing dns entries for
> the replaced windows dc, etc).
>
> Regards
> Peter
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Possible bug in Samba 4 - no Recycle VFS object

[Sebastian Arcus]

On 21/02/13 23:26, Jeremy Allison wrote:

On Thu, Feb 21, 2013 at 07:24:26PM +, Sebastian Arcus wrote:

Just a quick check here before I file a bug report. I've just
checked if I can use the recycle VFS object in Samba 4 like I do in
Samba 3 - and it seems that is not implemented yet. Should I file it
as a bug report - or Samba 4 supports/will support this
functionality in some other way?


The vfs recycle module works in the same way in Samba4
that it worked in previous versions of Samba. It doesn't
work with the ntvfs file server backend, but that isn't
recommended anyway.

Hi Jeremy. Thanks for the reply. Would that mean that it is not possible 
to use the recycle bin in the ADS domain mode?


Sebastian

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Destroyed my samba4 domain

[Mario Giammarco]

Mario Giammarco  gmail.com> writes:

>
> Thanks for hint, now I see that in ppa there is samba 4.0.3. I was pretty sure
> that I have samba 4.0.3 but apparently ubuntu refused to upgrade it and I have
> 4.0.0.alpha!!
> 

Sorry I checked better: it is 4.0.3.zentyal.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Destroyed my samba4 domain

[Mario Giammarco]

Andrew Bartlett  samba.org> writes:


> There is no --fix option to samba-tool gpo aclcheck.  What does
> 'samba-tool ntacl sysvolcheck' give?
> 
Sorry wrong cut&paste I mean: 
 samba-tool dbcheck --fix

The command you tell me give this result: 

lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[scriptmario]"
Processing section "[print$]"
Processing section "[printers]"
ldb_wrap open of idmap.ldb
ERROR(): uncaught exception - (2, 'No such file or
directory')
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line
175, in _run
return self.run(*args, **kwargs)
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line
245, in run
lp)
  File "/opt/samba4/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1686, in checksysvolacl
direct_db_access)
  File "/opt/samba4/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1637, in check_gpos_acl
domainsid, direct_db_access)
  File "/opt/samba4/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1584, in check_dir_acl
fsacl = getntacl(lp, path, direct_db_access=direct_db_access)
  File "/opt/samba4/lib/python2.7/site-packages/samba/ntacls.py", line 73, in
getntacl
xattr.XATTR_NTACL_NAME)


> 
> What about the options to fix the permissions as given by the AD tools?
> 

I will search which AD tool give me this option.

> > I forgot to say that I have two domain controllers based on zentyal.
> 
> Is this based on Samba 4.0.3, or if not, which version is it based on?
> 
Thanks for hint, now I see that in ppa there is samba 4.0.3. I was pretty sure
that I have samba 4.0.3 but apparently ubuntu refused to upgrade it and I have
4.0.0.alpha!!

> Which file server are you using?
> 
How can I discover it?

Thanks you very much for pointing me in the right direction.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC not in network environment (Windows 7/8)

[Jörg Nissen]

Something weird...

I connected one notbook to another samba (v3.5.5) network. Logged in as
a local user on the notebook and guess what. The complete network 
environment is shown. 
The main difference between these two networks, apart form the version
number of smbd, is that the working network is based on ldap while the
not working network is based on tdb.

Another small difference in smb.conf:

3.5.5:  name resolve order = bcast lmhosts host
3.6.12: name resolve order = wins bcast lmhosts hosts


Going to check if it has any impact if I remove "wins" from 
"name resolve order".

And another small difference:

In v3.5.5 computers are members of "Domain Users" while v3.6.12 
lists them in "Domain Computers". Also going to check if this makes 
any difference.

The last thing I will check is if it makes any difference when 
I login to a local account on my client.

Will keep you updated.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba