[Samba] Samba4 and Google Apps Password Sync
Hi there! I'm trying to sync password changes made in Samba4 to Google Apps. Has anyone manage to to this? Thank you -- Best regards Johan Johansson Director Phone: 0704-745209 Email: johan@ jo...@capishe.sebaboons.se -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smb2 vs. NT1
hi All, We have a glusterfs cluster with 5 nodes on Ubuntu 12.04 amd64. We use this smb.conf: [global] socket options = IPTOS_THROUGHPUT TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=131072 SO_RCVBUF=131072 read raw = yes server string = %h write raw = yes #oplocks = yes max xmit = 131072 dead time = 15 getwd cache = yes use sendfile=yes block size = 131072 load printers = no aio read size = 16384 aio write size = 16384 aio write behind = /*.*/ wins support = no local master = no wins server = 192.168.3.7 veto files = /.AppleDouble/ delete veto files = yes hide dot files = yes printing = BSD max protocol = SMB2 min protocol = SMB2 [projects] path = /W/Projects browseable = yes public = yes guest ok = yes read only = no force user = user force group = user The speed is fine with this configuration, around 100Mbyte/s. If I change protocol to NT1, the speed drops to around 50Mbyte/s. This is from man page: NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS. SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and newer. The Samba implementation of SMB2 is currently marked experimental! Why is it still experimental? What does it mean exactly? Is there anything I should avoid it, like file corruption or so? Why NT1 is _much_ slower then SMB2? Thank you, tamas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] posixAccount objectClass
Hi there was a thread Samba 4, Winbind RFC2307 at 26.12.2012 on this list which covers that issue, including a patch from andrew and another fix I provided Regrads Hansjörg -- Dr. Hansjörg Maurer itsystems Deutschland AG Linprunstraße 10 80335 München Tel: +49-89-52 04 68-41 Fax: +49-89-52 04 68-59 E-Mail: hansjoerg.mau...@itsd.de mailto:hansjoerg.mau...@itsd.de mailto:hansjoerg.mau...@itsd.de mailto:hansjoerg.mau...@itsd.de Web:http://www.itsd.de http://www.itsd.de http://www.itsd.de/ http://www.itsd.de/%3E ; Amtsgericht München HRB 132146 USt-IdNr. DE 812991301 Steuer-Nr. 143/100/81575 Aufsichtsratsvorsitzender: Stefan Adam Vorstand: Dr. Michael Krocka Dr. Hansjörg Maurer -Ursprüngliche Nachricht- Von:Andreas Gaiser/L i...@multifake.net mailto:i...@multifake.net Gesendet: Sam 23 Februar 2013 18:52 An: Samba Mailing List samba@lists.samba.org mailto:samba@lists.samba.org Betreff: Re: [Samba] posixAccount objectClass Hi Thomas, greeting to all readers, Is there something I miss or is this to be considered a bug? If this is the problem I am thinking of, I originally noticed it in 4.0.0. I believe Andrew provided a patch, however I don't need this in my production environment and only stumbled onto the issue while testing something else, so I don't know if what I'm referring to was fixed in later releases. I'll see if I can find the thread and bug shortly. I remember a thread which was about winbind ignoring objects without posixAccount/posixGroup OCs. The conclusion was to change winbind to not ignore them. But, actually, shouldn't S4 in DC mode really add them? Or is ADUC the culprit here? I didn't check out yet how recent Samba 3.6 winbind behaves as a member here. When I tried against 4.0.0 I ended up using Wireshark to analyse LDAP traffic and figured RFC2307 attrs weren't returned by the LDAP server although requested by winbind, whereas they WERE returned to Apache Directory Studio at the same time - logged in as administra...@sub.domain.tld mailto:administra...@sub.domain.tld ; a permission issue I guess. Is this a known issue? I blamed it to poor provisioning (without RFC2307 in the beginning) that day. Will try again this part later this weekend. At the moment, I'm working on a script that adds Unix Attributes automatically to all relevant users (i.e. all that winbind shows on a member. Btw. I would love to have a way to filter them, because most groups I won't ever need and they're gonna make things look complicated on the Unix side. Does anybody know anything about this?). Andreas -- Andreas Gaiser, Berlin, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba http://www.itsd.de/files/2913/5783/3549/mailfooter.gif itsystems Deutschland AG Sorglos und leise. So geht IT. http://www.itsd.de Kontakt: i...@itsd.de mailto:i...@itsd.de | F: +49 89 520468 40 | Linprunstr. 10 | 80335 München Amtsgericht München HRB 132146 | USt-IdNr. DE 812991301 | Steuer-Nr. 143/100/81575 i Aufsichtsratsvorsitzender: Stefan Adam | Vorstand: Dr. Hansjörg Maurer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SOLVED] replace Windows 2003 dc
Hi Peter, I am unable to demote windows DC, i get always error when demoting windows AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things. Raise forest level, keep at 2003, add samba to nameservers,etc... What i can see is that if i create a new samba4 as primary root domain and then add windows AD i have no problems. But my objective is to migrate current windows domain to samba4 and not the opposite. On Sat, Feb 23, 2013 at 8:49 PM, Peter Beck pe...@datentraeger.li wrote: Hi guys, I did some more testing: --- Scenario 1: Server 2003 with Forest Operation Level 'Windows 2000' and domain operation Level 'Windows 2000 mixed' (which seems to be the default when setting up Server 2003): After joining Samba4 to the domain I was unable to raise the level. Samba-tool just had an error, when trying to showing the levels: ERROR: Could not retrieve the actual domain, forest level and/or lowest DC function level! And on the Windows DC the only change that was possible was to raise up the domain operating level to Windows 2000 native. No other changes were possible [cannot raise ...because this domain includes domain controllers that are not running the appropriate version of Windows] I also got issues with replicate: samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local ERROR(class 'samba.drs_utils.drsException'): DsReplicaSync failed - drsException: DsReplicaSync failed (8440, 'WERR_DS_DRA_BAD_NC') File /usr/lib/python2.7/dist-packages/samba/netcmd/drs.py, line 331, in run drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,source_dsa_guid, NC, req_options) File /usr/lib/python2.7/dist-packages/samba/drs_utils.py, line 83, in sendDsReplicaSync raise drsException(DsReplicaSync failed %s % estr) with option --local: samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local --local Partition[dc=domaindnszones,dc=adlab,dc=local] objects[26] linked_values[0] the same behaviour with forestdnszones. --- Scenario 2: Then the same setup again, but _before_ joining Samba, the Domain and Forest level were raised up to 2003. After joining the samba server, the levels were shown without issues: samba-tool was able to list the levels: Domain and forest function level for domain 'DC=adlab,DC=local' Forest function level: (Windows) 2003 Domain function level: (Windows) 2003 Lowest function level of a DC: (Windows) 2003 Also replicating seems (after restart of samba) to work successfull (with all its options like full-sync, local,etc): samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local Replicate from lab03 to lab07 was successful. samba-tool drs replicate lab07 lab03 dc=forestdnszones,dc=adlab,dc=local Replicate from lab03 to lab07 was successful. I was able do demote the Windows server like the times before. My conclusion is to ensure the forest and domain operating levels _before_ joining the Samba server to the domain and do not hurry with replacing to ensure the replication was done completely prevents from lots of issues and headache... I think the next test will be with Server 2008... Regards Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Cumprimentos, Sérgio Machado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] dns zone type (primary,ad integrated)
hi guys, is there a possibility to change dns zone options with samba-tool ? if I create a zone with samba-tool on the Windows Dc, I need to set --client-version=w2k, otherwise the command fails. But with that option I get a primary zone (not ad integrated) on the Windows server. I know it's possible to change that manually, but if there is an option to fix that with samba-tool, i would prefer samba-tool to manage. The same command (without --client-version) against the samba-server works and creates an Active-Directory-integrated zone. Is this by design ? Or in other words: does it matter if the zone is created on the samba server ? as it is ad-integrated it gets replicated anyway, or am I wrong ? I am using samba-internal dns. Regards Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SOLVED] replace Windows 2003 dc
Sérgio Henrique ser...@gmail.com quatschte am Mon, Feb 25, 2013 at 10:27:17AM +: Hi Peter, I am unable to demote windows DC, i get always error when demoting windows AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things. Raise forest level, keep at 2003, add samba to nameservers,etc... Hi Sérgio, do you get this message: http://tinypic.com/view.php?pic=140itd4s=6 ? This message is also shown in my test environment each time I run dcpromo to demote the Windows server. As far as I have seen it's no issue, if the replication is up to date. I had issues if the operation levels were lower than 2003 and Samba was already joined to the domain. Then the only change that was possible for me was to raise to Windows 2000 native, but not 2003 anymore. What I am doing after joining Samba to the domain: * check the operation levels (before joining) * check all the SRV records (usually added automatically) * create a reverse zone if not already there * add ns record for samba to all zones * drink some coffee to ensure everything gets replicated * check everything again, drink some more coffee * again ;-) * disable GC on the win server, running dcpromo but I am still testing the whole migration, no long term experience, most of the time I reset my virtual machine and try again to ensure it still works... What i can see is that if i create a new samba4 as primary root domain and then add windows AD i have no problems. But my objective is to migrate current windows domain to samba4 and not the opposite. I am sure that is working very good, but the problem is, our customers usually already have a working Windows environment (I think a lot of us have exactly this problem) and we need to takeover these domainsand do not want to create everything from scratch ;-) Regards Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SOLVED] replace Windows 2003 dc
Hi Peter, I am using 2008R2 domain, i get always the following message: http://tinypic.com/r/a1e8y/6 Thank you in advanced On Mon, Feb 25, 2013 at 11:14 AM, Peter Beck pe...@datentraeger.li wrote: Sérgio Henrique ser...@gmail.com quatschte am Mon, Feb 25, 2013 at 10:27:17AM +: Hi Peter, I am unable to demote windows DC, i get always error when demoting windows AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things. Raise forest level, keep at 2003, add samba to nameservers,etc... Hi Sérgio, do you get this message: http://tinypic.com/view.php?pic=140itd4s=6 ? This message is also shown in my test environment each time I run dcpromo to demote the Windows server. As far as I have seen it's no issue, if the replication is up to date. I had issues if the operation levels were lower than 2003 and Samba was already joined to the domain. Then the only change that was possible for me was to raise to Windows 2000 native, but not 2003 anymore. What I am doing after joining Samba to the domain: * check the operation levels (before joining) * check all the SRV records (usually added automatically) * create a reverse zone if not already there * add ns record for samba to all zones * drink some coffee to ensure everything gets replicated * check everything again, drink some more coffee * again ;-) * disable GC on the win server, running dcpromo but I am still testing the whole migration, no long term experience, most of the time I reset my virtual machine and try again to ensure it still works... What i can see is that if i create a new samba4 as primary root domain and then add windows AD i have no problems. But my objective is to migrate current windows domain to samba4 and not the opposite. I am sure that is working very good, but the problem is, our customers usually already have a working Windows environment (I think a lot of us have exactly this problem) and we need to takeover these domainsand do not want to create everything from scratch ;-) Regards Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Cumprimentos, Sérgio Machado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 - smbd; can't parse the PAC: NT_STATUS_BUFFER_TOO_SMALL error but only for a single domain user (Server 2008 R2 domain, Server 2008 functional level forest).
Hello, We're having a problem with Samba 4 joined to a Server 2008 R2 domain (at Server 2008 functional level across the forest). The interesting thing is that this only affects a single user - all other accounts work without problems. When accessing our main server using that account, smbd always reports can't parse the PAC: NT_STATUS_BUFFER_TOO_SMALL. This has come from ../auth/kerberos/kerberos_pac.c:149(kerberos_decode_pac), trying to use NDR to pull a blob from the Kerberos ticket (that's reported as ndr_pull_error(11): Pull bytes 34 (../librpc/ndr/ndr_string.c:591)). I can't see any reason for the error affecting this one specific user. As the Kerberos PAC is mainly concerned with information such as supplemental groups, I've altered the group membership for the user. I've removed the user from all groups. I've even completely deleted and re-created the user (so a different SID, in case there was any corrupted cached information anywhere). Nothing makes any difference - that one user consistently gets this error, and no others do. I've even tried changing the Kerberos encryption types in case that had any effect (was it the result of a decryption problem?) but again, no difference. It's not a client problem either, as I've tried accessing the Samba shares from various different platforms (even including an embedded Linux based network media player - Dune HD Max - I happened to have on the network) - everything attempting to access as that user causes exactly the same problem. As this is happening in a call to the NDR_PULL_NEED_BYTES() macro, I modified that slightly to print out a bit more information. That resulted in ndr_pull_error(11): Pull bytes 34, data_size=88, offset=58, unlikely(34)=1 (../librpc/ndr/ndr_string.c:591), so it's quite right - pulling 34 bytes from 88 of data at an offset of 58 will exceed the size of the contents in the data buffer. So the question is either why is it trying to pull 34 bytes from offset 58 of 88 data bytes (is that number 34 correct or has that been mis-decoded?), why is the existing offset 58 (has something caused this to be set too far into the data buffer already?) or why is the data size 88 bytes (has this been decoded incorrectly somehow and should there be more?). At this point, my knowledge of the internals of Samba and Kerberos stopped me and I felt I had to ask people who know somewhat more than me - that would be the readers of this list! Incidentally, this used to work. We've been running Samba 4 for quite a while; we're not using its' AD server facilities, but found it considerably easier to get the version 4 codebase to compile up and run on this server (running OpenSolaris) - the version 3 codebase gets very fiddly to persuade to work with the OpenSolaris LDAP and Kerberos whereas the version 4 correctly figures it all out for itself very nicely thank you . We also periodically update the code as we have (since first moving to version 4) experienced occasional core-dumps. They don't cause a major problem, they're just a minor inconvenience, but it would be nice to lose that inconvenience and I trust the Samba developers to have beta code that's vastly more stable than most vendor's release code, so I don't mind periodically updating the code straight from the current source snapshot (via git). This user used not to have any problems, then about (from memory) 3 months ago a code update caused this problem. Unfortunately I don't know the precise version numbers at which it was working and at which it broke - pity as that would doubtless make it considerably easier to work out what might have caused the problem :-(. In poking around with Google, I did find a single reference to a change in which the submitter said they had found exactly this error, again on just a single account, but unfortunately I can't locate the post again (despite searching my Chrome history). As I recall, the code change was committed anyway as it was just a single account which had experienced the problem and the change author didn't consider it to be significant. There's obviously a whole lot more information I could attach; smb.conf file, full debug traces, the fact that wbinfo -u/wbinfo -g etc. all work correctly, . but there didn't seem any point attaching any of that unless it would actually be useful. What might be useful info. is that smbd -V reports Version 4.1.0pre1-GIT-3e5acc1; testparm is happy, as is net ads testjoin (and net rpc testjoin, for that matter). I'm not at all averse to going into the source code and adding debug code to dig this problem out - with over 30 years 'C' experience (including working as a kernel/system developer on mainstream Unix) I'm quite happy to dive in and add code to the source tree, if that would contribute any useful information. So can anyone suggest any way forward to resolve this please? It would appear that something is incorrectly being decoded somewhere, so it's
Re: [Samba] Samba 4 - smbd; can't parse the PAC: NT_STATUS_BUFFER_TOO_SMALL error but only for a single domain user (Server 2008 R2 domain, Server 2008 functional level forest).
Hi You might try getting a packet capture. By the way, what's common between the user before you deleted the account and the one you created later, besides the username? The password? Can you replicate this in a test environment? If you can replicate this in a test environment and you know more or less when the problem started, perhaps you could use git bisect to find exactly when it happened. e.g. roll back samba to a version from 3 months ago. If it works there, tell git bisect that that is the last good version you know of. Then tell it that your current version is bad and let it choose the versions for you to compile and test. You keep telling it that the version you've just tested is either good or bad and it will eventually tell you which commit broke it. Then you can post that information to the list. (I suspect samba-technical would be a better list for this sort of thing.) Also, I'm pretty sure Samba should never core dump, so you might want to post stack traces etc. when that happens. On 25 February 2013 13:51, Tris Mabbs tm-samba201...@firstgrade.co.uk wrote: Hello, We're having a problem with Samba 4 joined to a Server 2008 R2 domain (at Server 2008 functional level across the forest). The interesting thing is that this only affects a single user - all other accounts work without problems. When accessing our main server using that account, smbd always reports can't parse the PAC: NT_STATUS_BUFFER_TOO_SMALL. This has come from ../auth/kerberos/kerberos_pac.c:149(kerberos_decode_pac), trying to use NDR to pull a blob from the Kerberos ticket (that's reported as ndr_pull_error(11): Pull bytes 34 (../librpc/ndr/ndr_string.c:591)). I can't see any reason for the error affecting this one specific user. As the Kerberos PAC is mainly concerned with information such as supplemental groups, I've altered the group membership for the user. I've removed the user from all groups. I've even completely deleted and re-created the user (so a different SID, in case there was any corrupted cached information anywhere). Nothing makes any difference - that one user consistently gets this error, and no others do. I've even tried changing the Kerberos encryption types in case that had any effect (was it the result of a decryption problem?) but again, no difference. It's not a client problem either, as I've tried accessing the Samba shares from various different platforms (even including an embedded Linux based network media player - Dune HD Max - I happened to have on the network) - everything attempting to access as that user causes exactly the same problem. As this is happening in a call to the NDR_PULL_NEED_BYTES() macro, I modified that slightly to print out a bit more information. That resulted in ndr_pull_error(11): Pull bytes 34, data_size=88, offset=58, unlikely(34)=1 (../librpc/ndr/ndr_string.c:591), so it's quite right - pulling 34 bytes from 88 of data at an offset of 58 will exceed the size of the contents in the data buffer. So the question is either why is it trying to pull 34 bytes from offset 58 of 88 data bytes (is that number 34 correct or has that been mis-decoded?), why is the existing offset 58 (has something caused this to be set too far into the data buffer already?) or why is the data size 88 bytes (has this been decoded incorrectly somehow and should there be more?). At this point, my knowledge of the internals of Samba and Kerberos stopped me and I felt I had to ask people who know somewhat more than me - that would be the readers of this list! Incidentally, this used to work. We've been running Samba 4 for quite a while; we're not using its' AD server facilities, but found it considerably easier to get the version 4 codebase to compile up and run on this server (running OpenSolaris) - the version 3 codebase gets very fiddly to persuade to work with the OpenSolaris LDAP and Kerberos whereas the version 4 correctly figures it all out for itself very nicely thank you . We also periodically update the code as we have (since first moving to version 4) experienced occasional core-dumps. They don't cause a major problem, they're just a minor inconvenience, but it would be nice to lose that inconvenience and I trust the Samba developers to have beta code that's vastly more stable than most vendor's release code, so I don't mind periodically updating the code straight from the current source snapshot (via git). This user used not to have any problems, then about (from memory) 3 months ago a code update caused this problem. Unfortunately I don't know the precise version numbers at which it was working and at which it broke - pity as that would doubtless make it considerably easier to work out what might have caused the problem :-(. In poking around with Google, I did find a single reference to a change in which the submitter said they had found exactly this error, again on just a single
[Samba] how to dynamic update or refresh vfs_fn_pointers and ntvfs_ops stacks
When review vfs plugin architecture, the vfs hander or ntvfs hander is initial by tree connect, but when dynamic change the the share configure, how to change or update the already constructed handler . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 - smbd; can't parse the PAC: NT_STATUS_BUFFER_TOO_SMALL error but only for a single domain user (Server 2008 R2 domain, Server 2008 functional level forest).
Hiya Michael, Many thanks for the quick and helpful response. Yes, I can certainly try a packet capture; I think I'll go with your other suggestion first though, that of using git bisect to track down the problematic version. I'm sorry, that should have occurred to me . Once I've identified the problematic version, I can post that information and then start capturing packets if necessary. Who knows - finding where the break occurred might make someone such as yourself slap your forehead in a Homer Simpson like way (Doh!) and say Of *course*, that's what will have done it . :-). It's not in a test environment; we don't run one here (the development work we do doesn't require a separate test network), so this is on our production network. However I have considerable freedom in taking servers out of service so long as it's not during the most active times, so I'm quite happy to bounce versions around (and perform any other tests required). As for what was common between the original and the re-created user - the username. That's it. I didn't even bother setting up the description information. However I also tried renaming the account and the problem still occurred, so I'm not at all sure exactly what is causing it. I did originally set the password to be the same, but have since reset it several times (to varying lengths; I know that shouldn't affect this sort of problem but by then I was running out of ideas .). You're also quite correct in that Samba shouldn't core dump. However I think I'll get to the bottom of this problem and then perhaps start a separate thread on that, rather than obfuscating this one with multiple problems. So thanks for the thought - I'll raise a new problem for that once this has been sorted. I can't take that server down just at the moment - middle of the working day here. However I'll see whether I can switch versions around until I can find the problem hopefully later on this-evening. Once again, many thanks for the most helpful suggestions. Watch this space for the responses. Tris. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SOLVED] replace Windows 2003 dc
Well i am guessing that the problem may be on the fsMORoleOwner.. http://support.microsoft.com/kb/949257 ... On Mon, Feb 25, 2013 at 11:37 AM, Sérgio Henrique ser...@gmail.com wrote: Hi Peter, I am using 2008R2 domain, i get always the following message: http://tinypic.com/r/a1e8y/6 Thank you in advanced On Mon, Feb 25, 2013 at 11:14 AM, Peter Beck pe...@datentraeger.liwrote: Sérgio Henrique ser...@gmail.com quatschte am Mon, Feb 25, 2013 at 10:27:17AM +: Hi Peter, I am unable to demote windows DC, i get always error when demoting windows AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things. Raise forest level, keep at 2003, add samba to nameservers,etc... Hi Sérgio, do you get this message: http://tinypic.com/view.php?pic=140itd4s=6 ? This message is also shown in my test environment each time I run dcpromo to demote the Windows server. As far as I have seen it's no issue, if the replication is up to date. I had issues if the operation levels were lower than 2003 and Samba was already joined to the domain. Then the only change that was possible for me was to raise to Windows 2000 native, but not 2003 anymore. What I am doing after joining Samba to the domain: * check the operation levels (before joining) * check all the SRV records (usually added automatically) * create a reverse zone if not already there * add ns record for samba to all zones * drink some coffee to ensure everything gets replicated * check everything again, drink some more coffee * again ;-) * disable GC on the win server, running dcpromo but I am still testing the whole migration, no long term experience, most of the time I reset my virtual machine and try again to ensure it still works... What i can see is that if i create a new samba4 as primary root domain and then add windows AD i have no problems. But my objective is to migrate current windows domain to samba4 and not the opposite. I am sure that is working very good, but the problem is, our customers usually already have a working Windows environment (I think a lot of us have exactly this problem) and we need to takeover these domainsand do not want to create everything from scratch ;-) Regards Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Cumprimentos, Sérgio Machado -- Cumprimentos, Sérgio Machado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 as a classic DC
From: Mario Codeniera mario.codeni...@gmail.com Date: Mon, 25 Feb 2013 17:07:49 +1300 I just curious if it is possible to make Samba4 as a classic domain controller behaving as a Samba3 DC? I successfully migrated all the data from Samba3, but because trust relationship is not yet supported I want to retain as DC hoping it is still supported, isn't it? As far as I examined, smbd/nmbd of Samba4 can act as a classic domain controller. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba + nfs locking doesn't work
this is the case: serverA [ CentOs 5.6 kernel 2.6.18-238.12.1.el5.centos.plus, Samba ver. 3.5.21 ] serverB [ CentOS 5.6 kernel 2.6.18-348.1.1.el5.centos.plus, Samba ver. 3.6.6-0.129.el5 ] clientA [ WindowsXP ] clientB [ WindowsXP ] The serverA shares via Samba the resource [test] [global] workgroup = DMIT netbios name = SAMBA server string = DMIT domain server interfaces = eth0 smb ports = 445 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd passdb backend = smbpasswd username map = /etc/samba/smbusers log file = /var/log/samba/pc/%m.log time server = Yes logon script = logon.bat logon path = logon drive = M: logon home = \\%L\%U domain logons = yes os level = 33 preferred master = yes domain master = yes local master = yes printjob username = %M\%U hide dot files = No[netlogon] path = /etc/samba/netlogon ; max protocol = smb2 [test] comment = test path = /test read only = no writable = yes create mode = 0775 force create mode = 0775 directory mode = 02775 force directory mode = 02775 public = no oplocks = no il serverB monta tramite client nfs la risorsa /test (mount serverA:/test /test) Queta e' il semplicissimo file di configurazione smb.conf di serverB: [global] workgroup = DMIT domain master = no domain logons = no encrypt passwords = yes security = server password server = serverA interfaces = eth0 smb ports = 445 [test] comment = test path = /test read only = no writable = yes create mode = 0775 force create mode = 0775 directory mode = 02775 force directory mode = 02775 public = no oplocks = no Now on the clientA I open an excel2003 file from \\serverA\test and on clientB i open the same file but from \\serverB\test (consider that test is the same directory mounter from serverA via nfs) This is what happens: 1) I can open without problem the file on clientA from \\serverA\test, instead I have problem to open the the same file from \\serverB\test (after 5min later it goes in timeout) 2) If I add posix locking = no on serverA and on serverB both excel2003 files open without the locking mechanism. 3) I tried various combinations changing kernel oplocks, oplocks, level2 oplocks, posix locking, locking, strict locking, nt acl support but nothing changed. 4) I tried to open the same file from the same serverA (from clientA and from clientB) without nfs and now the locking works well (both from \\serverA\test) The strange thing is that on my company newtwork there are many old samba servers (samba 2.3) and they works well within nfs. The proper way to use samba like a cluser is DFS insead of NFS, but now I can not consider a migration or an upgrade to all the newtork, so the best way at the moment is to use nfs, like the prevoiis sysadmin did. Have you had experience about this strange case? Are there known bugs regarding the new samba versions + nfs ? -- Vincenzo De Sanctis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross-subnet browsing with LMBs + remote browse sync + samba4WINS
From: vagy v...@freemail.gr Date: Sun, 24 Feb 2013 18:28:03 +0200 On Sun, 24 Feb 2013 17:36:56 +0200, TAKAHASHI Motonobu mo...@monyo.com wrote: From: vagy v...@freemail.gr Date: Sun, 24 Feb 2013 13:34:37 +0200 i am about to implement cross subnet browsing/sharing and I was wondering if the following configuration would do it, so i would like your opinion: 1. There are two subnets separated by a simple router (no firewalls) 2. Each subnet will have a mixture of Win7/WinXP and Linux hosts. 3. Each subnet will have its own Samba3 LMB (but not DMB) and its own samba4WINS server. Each client host in each subnet will be DHCP configured with their respective WINS server. The LMB will also be configured to use the samba4WINS server. 4. The two samba3 LMB servers will remote browse sync with each other. Thats how the browse lists will be exchanged. 5. The two samba4WINS servers will replicate with each other. Thats how the host names will be exchanged. Do you think that will turn out to be a working configuration? As far as I examined, remote browse sync did not work as I expected. Sample smb.conf that I examined the behavior is: - [global] workgroup = SAMBAxx domain master = yes wins support = yes remote browse sync = x.x.x.x - Samba has to be WINS server and DMB. I don't have much experience with these settings myself. Nevertheless, i think domain master = yes and remote browse sync shouldn't be used together. The smb.conf above is the only one which works well as far as I examined. domain master = yes is needed because remote browse sync = yes uses master browser announcement to search another peer. Of course, I think this implementation is a bit curious... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SOLVED] replace Windows 2003 dc
Solved. I have sucessfully migrated a windows 2008R2 domain to samba4 and then create a new samba domain as a replica. A lot of steps i had to introduce. 1- Working on DNS add samba dc to forest and domain dns _ldap values change DNS SOA to samba4 and add samba4 as NS 2- Working on fsmo run script fixfsmo.vbs samba-tool transfer all roles run adsedit and change samba dc fsMORoleOwner to samba dc working on Global Catalog remove windows domain as GC reboot working on DC removal force windows dcpromo removal working on DNS to remove old values delete old dns windows dc values, kerberos, NS ... etc working on cleaning old DC values from AD run adsedit bind credencials to samba dc remove old DC remove old Default-First-Site-Name DC reference remove dns and AD roles left on windows DC Join samba4 replica and thats it. windows DC replicate do samba4 dc2 and new samba4 added as a replica dc4 root@dc4:~# /opt/samba/bin/samba-tool drs showrepl Default-First-Site-Name\DC4 DSA Options: 0x0001 DSA object GUID: c5581b86-4ce8-44bc-a55e-3b89db29f553 DSA invocationId: b76275bb-267b-4b79-a4ae-7deba1a13709 INBOUND NEIGHBORS CN=Configuration,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:48 2013 CET DC=DomainDnsZones,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:48 2013 CET CN=Schema,CN=Configuration,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:48 2013 CET DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:49 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:49 2013 CET DC=ForestDnsZones,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:48 2013 CET OUTBOUND NEIGHBORS CN=Configuration,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) KCC CONNECTION OBJECTS Connection -- Connection name: d7dde7b1-46eb-4d8f-869b-b84922b6588c Enabled: TRUE Server DNS name : DC2.lisboa.local Server DN name : CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lisboa,DC=local TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! On Mon, Feb 25, 2013 at 1:56 PM, Sérgio Henrique ser...@gmail.com wrote: Well i am guessing that the problem may be on the fsMORoleOwner.. http://support.microsoft.com/kb/949257 ... On Mon, Feb 25, 2013 at 11:37 AM, Sérgio Henrique ser...@gmail.comwrote: Hi Peter, I am using 2008R2
Re: [Samba] samba + nfs locking doesn't work
is CTDB the solution? 2013/2/25 Vincenzo De Sanctis vincenzo.desanc...@gmail.com: this is the case: serverA [ CentOs 5.6 kernel 2.6.18-238.12.1.el5.centos.plus, Samba ver. 3.5.21 ] serverB [ CentOS 5.6 kernel 2.6.18-348.1.1.el5.centos.plus, Samba ver. 3.6.6-0.129.el5 ] clientA [ WindowsXP ] clientB [ WindowsXP ] The serverA shares via Samba the resource [test] [global] workgroup = DMIT netbios name = SAMBA server string = DMIT domain server interfaces = eth0 smb ports = 445 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd passdb backend = smbpasswd username map = /etc/samba/smbusers log file = /var/log/samba/pc/%m.log time server = Yes logon script = logon.bat logon path = logon drive = M: logon home = \\%L\%U domain logons = yes os level = 33 preferred master = yes domain master = yes local master = yes printjob username = %M\%U hide dot files = No[netlogon] path = /etc/samba/netlogon ; max protocol = smb2 [test] comment = test path = /test read only = no writable = yes create mode = 0775 force create mode = 0775 directory mode = 02775 force directory mode = 02775 public = no oplocks = no the serverB mounts through nfs the /test resource (mount serverA:/test /test) This is a very simple serverB smb.conf configuration: [global] workgroup = DMIT domain master = no domain logons = no encrypt passwords = yes security = server password server = serverA interfaces = eth0 smb ports = 445 [test] comment = test path = /test read only = no writable = yes create mode = 0775 force create mode = 0775 directory mode = 02775 force directory mode = 02775 public = no oplocks = no Now on the clientA I open an excel2003 file from \\serverA\test and on clientB i open the same file but from \\serverB\test (consider that test is the same directory mounter from serverA via nfs) This is what happens: 1) I can open without problem the file on clientA from \\serverA\test, instead I have problem to open the the same file from \\serverB\test (after 5min later it goes in timeout) 2) If I add posix locking = no on serverA and on serverB both excel2003 files open without the locking mechanism. 3) I tried various combinations changing kernel oplocks, oplocks, level2 oplocks, posix locking, locking, strict locking, nt acl support but nothing changed. 4) I tried to open the same file from the same serverA (from clientA and from clientB) without nfs and now the locking works well (both from \\serverA\test) The strange thing is that on my company newtwork there are many old samba servers (samba 2.3) and they works well within nfs. The proper way to use samba like a cluser is DFS insead of NFS, but now I can not consider a migration or an upgrade to all the newtork, so the best way at the moment is to use nfs, like the prevoiis sysadmin did. Have you had experience about this strange case? Are there known bugs regarding the new samba versions + nfs ? -- Vincenzo De Sanctis -- Vincenzo De Sanctis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb2 vs. NT1
On Mon, Feb 25, 2013 at 09:38:51AM +0100, Papp Tamas wrote: hi All, We have a glusterfs cluster with 5 nodes on Ubuntu 12.04 amd64. We use this smb.conf: [global] socket options = IPTOS_THROUGHPUT TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=131072 SO_RCVBUF=131072 Remove the above line. It's pure voodoo. Don't second guess the kernel w.r.t. socket options. read raw = yes server string = %h write raw = yes #oplocks = yes max xmit = 131072 dead time = 15 getwd cache = yes use sendfile=yes block size = 131072 load printers = no aio read size = 16384 aio write size = 16384 aio write behind = /*.*/ wins support = no local master = no wins server = 192.168.3.7 veto files = /.AppleDouble/ delete veto files = yes hide dot files = yes printing = BSD max protocol = SMB2 min protocol = SMB2 [projects] path = /W/Projects browseable = yes public = yes guest ok = yes read only = no force user = user force group = user The speed is fine with this configuration, around 100Mbyte/s. If I change protocol to NT1, the speed drops to around 50Mbyte/s. That will be due to the async requests that the Windows SMB2 redirector uses much more than the SMB1 redirector. This is from man page: NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS. SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and newer. The Samba implementation of SMB2 is currently marked experimental! SMB2 in Samba is fully supported from Samba 3.6.0 onwards. It was experimental (read, didn't really work :-) in 3.5.x and below. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Share permission problem
I have a samba 3.5.6 joined to my samba AD. I set this share: [Nodo$] path = /media/almacen/Admin/Windows/ read only = yes valid users = @EPEPM + epepm_nodo From Windows XP only users from this group epepm_nodo are allowed. But when I try from Windows 7 any user is granted access to this share. Any help will be really appreciated. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb2 vs. NT1
On 02/25/2013 07:29 PM, Jeremy Allison wrote: On Mon, Feb 25, 2013 at 09:38:51AM +0100, Papp Tamas wrote: hi All, We have a glusterfs cluster with 5 nodes on Ubuntu 12.04 amd64. We use this smb.conf: [global] socket options = IPTOS_THROUGHPUT TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=131072 SO_RCVBUF=131072 Remove the above line. It's pure voodoo. Don't second guess the kernel w.r.t. socket options. It seems, you're right. However in this case the documentation in default smb.conf is wrong. # Most people will find that this option gives better performance. # See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html # for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 # socket options = TCP_NODELAY Now this is the config: [global] read raw = yes server string = %h write raw = yes max xmit = 131072 dead time = 15 getwd cache = yes use sendfile=yes block size = 131072 load printers = no wins support = no local master = no wins server = 192.168.3.7 veto files = /.AppleDouble/ delete veto files = yes hide dot files = yes printing = BSD max protocol = SMB2 min protocol = SMB2 [projects] path = /W/Projects browseable = yes public = yes guest ok = yes read only = no force user = user force group = user And it's much better now:) That will be due to the async requests that the Windows SMB2 redirector uses much more than the SMB1 redirector. This is from man page: NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS. SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and newer. The Samba implementation of SMB2 is currently marked experimental! SMB2 in Samba is fully supported from Samba 3.6.0 onwards. It was experimental (read, didn't really work :-) in 3.5.x and below. OK, thanks for the answer and thanks so much for the tuning tips. Every single samba tuning guide starts with that options! Cheers, tamas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba AD DC with BIND DNS on separate server
Hello Folks, I see from the documentation that it is possible to use BIND9 as a drop-in replacement for the internal SAMBA4 DNS service... However, I would like to know if I can keep the BIND9 DNS server on a seperate server from de one that SAMBA4 is running on (AD DC). If this is possible, how would one go about achieving this? I've got an existing DNS infrastructure that I do not necessarily change in a big way... Thank You! -- Luc Lalonde, analyste - Département de génie informatique: École polytechnique de Montréal (514) 340-4711 x5049 luc.lalo...@polymtl.ca - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC with BIND DNS on separate server
LL I see from the documentation that it is possible to use BIND9 as LL a drop-in replacement for the internal SAMBA4 DNS service... LL However, I would like to know if I can keep the BIND9 DNS server LL on a seperate server from de one that SAMBA4 is running on (AD DC). LL If this is possible, how would one go about achieving this? LL I've got an existing DNS infrastructure that I do not necessarily change in a big way... LL Thank You! A thought. How about creating your domain as a subdomain of your current DNS domain. Something like samba.some-domain.com - where some-domain.com is the main domain you've got in BIND9. Then, delegate only that subdomain to Samba4 and have the Samba server forward queries for anything outside samba.some-domain.com to the BIND9 server. This gives you most of what you want: Not having to change the BIND9 server, as well as leave the internal namesever in Samba4. [They're both happy and all works fine (I think)] I know that doesn't answer your direct question, but perhaps it offers a fuller view of what the options that might work are. -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross-subnet browsing with LMBs + remote browse sync + samba4WINS
On Mon, 25 Feb 2013 09:06:50 +0200, Daniel Müller muel...@tropenklinik.de wrote: NO, you do not need remote browse sync if you have samba4wins working. And you need only following to make it work in your LMB smb.conf wins server = your.samba4wins.host If your smaba4wins is on the same host as your LMB, put this is your samba4wins Samba4wins.conf: bind interfaces only=yes interfaces=your.samba4wins.ip (suggestion use a virt ip not used by samba) ntpd:disable_broadcast=yes wins server=your.samba4wins.ip In your windows clients network configuration set wins1 your first samba4wins and wins2 the second samba4wins. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von TAKAHASHI Motonobu Gesendet: Sonntag, 24. Februar 2013 16:37 An: v...@freemail.gr Cc: samba@lists.samba.org Betreff: Re: [Samba] Cross-subnet browsing with LMBs + remote browse sync + samba4WINS From: vagy v...@freemail.gr Date: Sun, 24 Feb 2013 13:34:37 +0200 i am about to implement cross subnet browsing/sharing and I was wondering if the following configuration would do it, so i would like your opinion: 1. There are two subnets separated by a simple router (no firewalls) 2. Each subnet will have a mixture of Win7/WinXP and Linux hosts. 3. Each subnet will have its own Samba3 LMB (but not DMB) and its own samba4WINS server. Each client host in each subnet will be DHCP configured with their respective WINS server. The LMB will also be configured to use the samba4WINS server. 4. The two samba3 LMB servers will remote browse sync with each other. Thats how the browse lists will be exchanged. 5. The two samba4WINS servers will replicate with each other. Thats how the host names will be exchanged. Do you think that will turn out to be a working configuration? As far as I examined, remote browse sync did not work as I expected. Sample smb.conf that I examined the behavior is: - [global] workgroup = SAMBAxx domain master = yes wins support = yes remote browse sync = x.x.x.x - Samba has to be WINS server and DMB. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi Daniel, do you mean that since there is gonna be a samba4WINS in each subnet, the browse lists from each subnet will get exchanged between the two samba4WINS, so there is no need for the two LMBs (my 4. point) to remote browse sync between them? I had the impression that WINS servers just map NETBIOS names to IP addresses and that WINS clients just resolve names through them, at least according to http://technet.microsoft.com/en-us/library/cc775524(v=ws.10).aspx , there is no mention there about the browse lists. Can you please elaborate? Cheers, - vagy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross-subnet browsing with LMBs + remote browse sync + samba4WINS
On Mon, 25 Feb 2013 17:40:32 +0200, TAKAHASHI Motonobu mo...@monyo.com wrote: From: vagy v...@freemail.gr Date: Sun, 24 Feb 2013 18:28:03 +0200 On Sun, 24 Feb 2013 17:36:56 +0200, TAKAHASHI Motonobu mo...@monyo.com wrote: From: vagy v...@freemail.gr Date: Sun, 24 Feb 2013 13:34:37 +0200 i am about to implement cross subnet browsing/sharing and I was wondering if the following configuration would do it, so i would like your opinion: 1. There are two subnets separated by a simple router (no firewalls) 2. Each subnet will have a mixture of Win7/WinXP and Linux hosts. 3. Each subnet will have its own Samba3 LMB (but not DMB) and its own samba4WINS server. Each client host in each subnet will be DHCP configured with their respective WINS server. The LMB will also be configured to use the samba4WINS server. 4. The two samba3 LMB servers will remote browse sync with each other. Thats how the browse lists will be exchanged. 5. The two samba4WINS servers will replicate with each other. Thats how the host names will be exchanged. Do you think that will turn out to be a working configuration? As far as I examined, remote browse sync did not work as I expected. Sample smb.conf that I examined the behavior is: - [global] workgroup = SAMBAxx domain master = yes wins support = yes remote browse sync = x.x.x.x - Samba has to be WINS server and DMB. I don't have much experience with these settings myself. Nevertheless, i think domain master = yes and remote browse sync shouldn't be used together. The smb.conf above is the only one which works well as far as I examined. domain master = yes is needed because remote browse sync = yes uses master browser announcement to search another peer. Of course, I think this implementation is a bit curious... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu Hi Takahashi, looking the SAMBA docs[1] i realized that remote browse sync means that an LMB will sync its browse list with another LMB. Thus this trick will allow two LMBs to find out the lists of each other. There is no DMB mentioned in this process. Btw how did you examine it? Did you setup a test lab that implements the setup as i described it? Cheers, -vagy [1] http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html (search for Use of the Remote Browse Sync Parameter) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Print Support Samba4
Hey all, One of that last pieces to be put in place before my site goes live on Samba4 as AD is printer support. Now I've seen https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Step_13:_Setup_a_Printer_share and at one point had Group Policy that was deploying a printer on CUPS using AD authentication/Samba shares. However, we found out that when Windows machines printed to this printer, it was bypassing CUPS, i.e. jobs weren't in CUPS logs, and in fact, CUPS could be off and it would still print. Since it appeared these machines were printing directly to the printer, we are worried about what happens when a bad/large job is sent and the printer becomes unresponsive -- without the machines going through CUPS we fear we won't be able to manage/maintain the printer. So to anyone who has said up printers with Samba4, what method/route did you elect? Additionally, a pointer to documentation (I haven't found anything great) would be most appreciated. Thanks much, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4, DHCP and Bind
Hi All,
I'm trying to integrate Samba 4 DHCPD and Bind 9.9 into a complete solution.
I'm using the BIND/Samba 4 DLZ plugin.
DHCP by itself works and hands out IP addresses.
What I would like to have happen is the following:
- PC is joined to the Samba 4 domain (this works)
- PC gets an IP via DHCPD
- DHCP or the PC registers the IP in BIND
Network PC's should resolve cleanly when pinging pc01.office.local
My logs are full of messges aalong the lines of:
Feb 25 14:36:24 knottypine named[22655]: samba_dlz: starting transaction on
zone office.local
Feb 25 14:36:24 knottypine named[22655]: client 192.168.65.101#57781:
update 'office.local/IN' denied
Feb 25 14:36:24 knottypine named[22655]: samba_dlz: cancelling transaction
on zone office.local
Clearly I'm missing something but not sure what exactly.
Thanks for any suggestions you might have.
For reference... here are my various config files:
==
smb.conf
---
# Global parameters
[global]
server role = active directory domain controller
workgroup = OFFICE
interfaces = eth0
bind interfaces only = yes
realm = office.local
netbios name = KNOTTYPINE
passdb backend = samba4
idmap_ldb:use rfc2307 = yes
allow dns updates = True
[netlogon]
path = /usr/local/samba/var/locks/sysvol/office.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[IPC$]
path = /tmp
read only = No
[Data]
path = /u0/sambashares/data
read only = no
==
ddns-update-style ad-hoc;
allow unknown-clients;
subnet 192.168.65.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.65.1;
option subnet-mask 255.255.255.0;
option domain-name office.local;
option domain-name-servers 192.168.65.2;
option netbios-name-servers 192.168.65.2;
option netbios-node-type 2;
default-lease-time 21600;
max-lease-time 43200;
allow unknown-clients;
range 192.168.65.100 192.168.65.150;
}
==
//
// sample BIND configuration file
//
acl mynet {
192.168.65.0/24;
127.0.0.1;
};
options {
listen-on { 127.0.0.1; 192.168.65.0/24; };
allow-query { 192.168.65.0/24; localhost; };
allow-recursion { 192.168.65.0/24; localhost; };
tkey-gssapi-keytab /usr/local/samba/private/dns.keytab;
forwarders {8.8.8.8;};
};
// Where the localhost hostname is defined
zone localhost IN {
type master;
file /etc/namedb/zone.localhost;
allow-update { none; };
};
// Where the 127.0.0.0 network is defined
zone 0.0.127.in-addr.arpa IN {
type master;
file /etc/namedb/revp.127.0.0;
allow-update { none; };
};
zone 65.168.192.in-addr.arpa {
type master;
file /etc/namedb/192.168.65.0.rev;
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
include /usr/local/samba/private/named.conf;
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross-subnet browsing with LMBs + remote browse sync + samba4WINS
From: vagy v...@freemail.gr Date: Mon, 25 Feb 2013 23:20:31 +0200 On Mon, 25 Feb 2013 17:40:32 +0200, TAKAHASHI Motonobu mo...@monyo.com wrote: looking the SAMBA docs[1] i realized that remote browse sync means that an LMB will sync its browse list with another LMB. Thus this trick will allow two LMBs to find out the lists of each other. There is no DMB mentioned in this process. At first I believed that was true... Btw how did you examine it? Did you setup a test lab that implements the setup as i described it? - Setup 2 subnets connected via a router - Setup 2 Samba box in each subnet, each smb.conf is like - [global] workgroup = SAMBAxx domain master = yes wins support = yes remote browse sync = x.x.x.x -- - x.x.x.x means the IP address of another peer. - SAMBAxx means the unique workgroup name (for example SAMBA01 and SAMBA02) Then, each Samba box exchanges its browse list. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] dns zone type (primary,ad integrated)
Hi Peter, On Mon, Feb 25, 2013 at 9:53 PM, Peter Beck pe...@datentraeger.li wrote: hi guys, is there a possibility to change dns zone options with samba-tool ? if I create a zone with samba-tool on the Windows Dc, I need to set --client-version=w2k, otherwise the command fails. But with that option I get a primary zone (not ad integrated) on the Windows server. I know it's possible to change that manually, but if there is an option to fix that with samba-tool, i would prefer samba-tool to manage. What windows version are you running on windows DC? Depending on the windows version you will have to choose the --client-version. The same command (without --client-version) against the samba-server works and creates an Active-Directory-integrated zone. Is this by design ? The default method for creating DNS zone for samba4 is in AD (using DNS partitions). Also Samba can understand various --client-version levels. Or in other words: does it matter if the zone is created on the samba server ? as it is ad-integrated it gets replicated anyway, or am I wrong ? I am using samba-internal dns. Samba-tool dns command is used to manipulate DNS zones in AD and those zones will be replicated to other DCs. Regards Peter Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 MX Record Entry
Hi Vijay, On Mon, Feb 18, 2013 at 5:23 PM, Vijay Thakur sapat...@gmail.com wrote: Hi Samba Experts, I want to configure my Zimbra server with samba4 DNS Server and authentication. When i am trying to add MX record for my E-mail server (zimbra), i getting the below mentioned error: [root@sso bin]# ./samba-tool dns add dc loop.os zimbra MX 'zimbra.loop.os 10' ERROR(runtime): uncaught exception - (-1073741772, 'NT_STATUS_OBJECT_NAME_NOT_FOUND') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 1042, in run dns_conn = dns_connect(server, self.lp, self.creds) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 37, in dns_connect dns_conn = dnsserver.dnsserver(binding_str, lp, creds) Is there something wrong with my Samba4 AD DC setup. Kindly help me. Do you really want to add MX record for zimbra.loop.os pointing to itself? Usually you would add MX record for the domain (e.g. loop.os) and point to zimbra.loop.os. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross-subnet browsing with LMBs + remote browse sync + samba4WINS
On Tue, 26 Feb 2013 02:15:33 +0200, TAKAHASHI Motonobu mo...@monyo.com wrote: From: vagy v...@freemail.gr Date: Mon, 25 Feb 2013 23:20:31 +0200 On Mon, 25 Feb 2013 17:40:32 +0200, TAKAHASHI Motonobu mo...@monyo.com wrote: looking the SAMBA docs[1] i realized that remote browse sync means that an LMB will sync its browse list with another LMB. Thus this trick will allow two LMBs to find out the lists of each other. There is no DMB mentioned in this process. At first I believed that was true... Btw how did you examine it? Did you setup a test lab that implements the setup as i described it? - Setup 2 subnets connected via a router - Setup 2 Samba box in each subnet, each smb.conf is like - [global] workgroup = SAMBAxx domain master = yes wins support = yes remote browse sync = x.x.x.x -- - x.x.x.x means the IP address of another peer. - SAMBAxx means the unique workgroup name (for example SAMBA01 and SAMBA02) Then, each Samba box exchanges its browse list. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu Hi Takahashi, thats very interesting and is a fallback scenario in case samba4WINS doesn't work. Maybe the need for a DMB comes from the fact that you used two different workgroups? What if workgroup=SAME in both smb.conf? Cheers, - vagy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via b76501d build/autoconf: put ld check variable in quotes via 1f1fedd build/autoconf: fix check for GNU ld version from e28ec90 smbd: fix initial large PAC sess setup response http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit b76501dbf14bcba0eba7b5420b191caf237f0b35 Author: Björn Jacke b...@sernet.de Date: Wed Feb 20 17:06:49 2013 +0100 build/autoconf: put ld check variable in quotes Signed-off-by: Bjoern Jacke b...@sernet.de Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit ac9620b942d6d51a1c35c4177c3f241351fc1ebd) The last 2 patches address bug #7825 (need to fix GNU ld version detection with old gcc releases). commit 1f1feddc6f414a91859b0dae77b34953b479d47e Author: Björn Jacke b...@sernet.de Date: Tue Feb 19 15:30:34 2013 +0100 build/autoconf: fix check for GNU ld version we need to look for the version once in the stdout and once in the stderr output. Some version of ld output to stdout, some output to stderr. redirecting stderr to stdout messes the output up in our case, that's why we have to do two runs. See also bug #7825. Signed-off-by: Bjoern Jacke b...@sernet.de Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Bj�rn Jacke b...@sernet.de Autobuild-Date(master): Tue Feb 19 20:56:12 CET 2013 on sn-devel-104 (cherry picked from commit ff8ba0628f6f13a5be1df94e5ac2e83008b7c69c) --- Summary of changes: source3/configure.in |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 458ea39..86da83d 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -231,7 +231,11 @@ dnl Certain versions of GNU ld the default is not to have the dnl --allow-shlib-undefined flag defined. This causes a stackload of dnl warnings when building modules. if test $ac_cv_prog_gnu_ld = yes; then - ac_cv_gnu_ld_version=`$CC -Wl,-v /dev/null 21 /dev/null | grep GNU ld` + ac_cv_gnu_ld_version=`$CC -Wl,-v /dev/null 2 /dev/null /dev/null | grep GNU ld` + # we need to make a 2nd (separate!) check on the output of stderr, see bug #7825: + if test -z $ac_cv_gnu_ld_version ; then + ac_cv_gnu_ld_version=`$CC -Wl,-v /dev/null 21 /dev/null /dev/null | grep GNU ld` + fi AC_MSG_CHECKING(GNU ld release date) changequote(,)dnl ac_cv_gnu_ld_date=`echo $ac_cv_gnu_ld_version | sed -n 's,^.*\([2-9][0-9][0-9][0-9]\)[-]*\([01][0-9]\)[-]*\([0-3][0-9]\).*$,\1\2\3,p'` -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 0dc05cc build/autoconf: put ld check variable in quotes via 3e2980d build/autoconf: fix check for GNU ld version from 97c3b5d waf: Fix correct linking of libreplace with cmdline-credentials. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 0dc05cc3a4d83429d9ba80ad4f548edccf5575b8 Author: Björn Jacke b...@sernet.de Date: Wed Feb 20 17:06:49 2013 +0100 build/autoconf: put ld check variable in quotes Signed-off-by: Bjoern Jacke b...@sernet.de Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit ac9620b942d6d51a1c35c4177c3f241351fc1ebd) The last 2 patches address bug #7825 - need to fix GNU ld version detection with old gcc releases. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Feb 25 12:54:32 CET 2013 on sn-devel-104 commit 3e2980d5d1251967126154ed4d4b5183829ff818 Author: Björn Jacke b...@sernet.de Date: Tue Feb 19 15:30:34 2013 +0100 build/autoconf: fix check for GNU ld version we need to look for the version once in the stdout and once in the stderr output. Some version of ld output to stdout, some output to stderr. redirecting stderr to stdout messes the output up in our case, that's why we have to do two runs. See also bug #7825. Signed-off-by: Bjoern Jacke b...@sernet.de Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Bj�rn Jacke b...@sernet.de Autobuild-Date(master): Tue Feb 19 20:56:12 CET 2013 on sn-devel-104 (cherry picked from commit ff8ba0628f6f13a5be1df94e5ac2e83008b7c69c) --- Summary of changes: source3/configure.in |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index a4e0763..df5422b 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -227,7 +227,11 @@ dnl Certain versions of GNU ld the default is not to have the dnl --allow-shlib-undefined flag defined. This causes a stackload of dnl warnings when building modules. if test $ac_cv_prog_gnu_ld = yes; then - ac_cv_gnu_ld_version=`$CC -Wl,-v /dev/null 21 /dev/null | grep GNU ld` + ac_cv_gnu_ld_version=`$CC -Wl,-v /dev/null 2 /dev/null /dev/null | grep GNU ld` + # we need to make a 2nd (separate!) check on the output of stderr, see bug #7825: + if test -z $ac_cv_gnu_ld_version ; then + ac_cv_gnu_ld_version=`$CC -Wl,-v /dev/null 21 /dev/null /dev/null | grep GNU ld` + fi AC_MSG_CHECKING(GNU ld release date) changequote(,)dnl ac_cv_gnu_ld_date=`echo $ac_cv_gnu_ld_version | sed -n 's,^.*\([2-9][0-9][0-9][0-9]\)[-]*\([01][0-9]\)[-]*\([0-3][0-9]\).*$,\1\2\3,p'` -- Samba Shared Repository
