[Samba] S4: Linux clients do not have DNS records

[steve]

samba 4.0.6 DC
Hi
Linux clients joined to the domain do not have dns entries on the DC but 
still work OK. Here is a query for a machine called pinoso:


samba-tool dns query hh16 hh3.site pinoso A
Password for [administra...@hh3.site]:
ERROR(runtime): uncaught exception - (9714, 
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
  File 
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", 
line 175, in _run

return self.run(*args, **kwargs)
  File 
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dns.py", 
line 974, in run


If we change the dns of the client, it still works just fine although 
the DC seems to have no record for it. Worrying. . .


Should Linux clients have dns records on the DC? I can't see how they 
would work if they don't. Are they stored elsewhere?

Thanks,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Using Windows­­­­ ACL on a samba3 share

[?icro MEGAS]

Unfortunately it didn't help either. The strange thing is that when I open the 
"security" tab for a directory on the windows client, I only see the SID 
numbers of users. The groups are displayed well with names, but the usernames 
are not displayed, I only see the SIDs. Seems that samba somehow doesnt know 
how to map or whatever. How can I fix that? Any help is appreciated.

Lucas.

Чтв 09 Май 2013 02:29:51 +0400, Miguel Medalha  написал:

> I am using samba 3.5.6. I have another though maybe this problem occurs due 
> to my OpenLDAP service? My /etc/openldap/slapd.conf is using:

>

> [...]

> access to dn.base=""

>  by * read

>

> access to dn.base="cn=Subschema"

>  by * read

>

> access to attrs=userPassword,userPKCS12

>  by self write

>  by * auth

>

> access to attrs=shadowLastChange

>  by self write

>  by * read

>

> access to *

>  by * read

>

> [...]

>

You could start by disabling those lines and see if the problem disappears.

If not, you should probably revise the entire configuration. The "Samba 

by Example" book, downloadable from the Samba homepage, contains a very 

good step by step guide to configuring a Samba/LDAP system. It's on 

chapter 5.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] log level and testparm lies

[Andrew Bartlett]

On Thu, 2013-05-09 at 03:22 +0200, Thomas Bork wrote:
> Am 08.05.2013 11:18, schrieb Karolin Seeger:
> 
> > Major enhancements in Samba 3.6.15 include:
> 
> How is the 'log level' in 3.6.15 defined?

> But now:
> referencetest26 # testparm -vs 2>/dev/null | grep 'log level'
>  log level = 2
> referencetest26 # grep 'log level' /etc/smb.conf
> referencetest26 # grep 'debug level' /etc/smb.conf
>   debug level = 0
> referencetest26 # grep 'debuglevel' /etc/smb.conf
> referencetest26 #
> 
> 2 != 0
> 
> Here is my question:
> Where is 'log level = 2' defined? Not in my smb.conf...
> Can somebody shed some light on this?

The issue is that testparm forces the log level to ensure the warnings
are output. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [PATCH] Re: fsmo _role_seize _issue

[Andrew Bartlett]

On Mon, 2013-05-06 at 10:29 +0530, mur...@nbtechnology.in wrote:
> Hi
> 
> I have been trying to replace my win 2003 DC with samba4 ADC , but i am 
> getting the following error when i run
> samba-tool fsmo seize --role=all for all the 5 roles. I found that it 
> is listed in Samba-Bugzilla – Bug 9461
> as on 28/1/2013.Is there any patch been released after that or is there 
> any patch which is planned for release.Any workaround to overcome this
> 
> 
> [root@server1# samba-tool fsmo seize --role=schema
> Attempting transfer...
> FSMO transfer of 'schema' role successful
> ERROR: Failed to initiate role seize of 'schema' role: objectclass: 
> modify
> message must have elements/attributes!

G'Day Murali,

The attached patch should fix this for you.  As you might notice, the
FSMO role transfer is successful, but we then error out.  

If I can get an ack from you that this solves your problem, and an ack
from a team member on the patch, I can get this fixed in master and
eventually into 4.0.6.

Thanks!

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org

>From acad20714833c22efbd4f0ae6d6bb3ea449bc314 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett 
Date: Thu, 9 May 2013 15:16:55 +1200
Subject: [PATCH] python-samba-tool fsmo: Do not give an error on a successful
 role transfer

---
 python/samba/netcmd/fsmo.py | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
index c938c91..02721f9 100644
--- a/python/samba/netcmd/fsmo.py
+++ b/python/samba/netcmd/fsmo.py
@@ -124,22 +124,22 @@ all=all of the above"""),
 self.message("Attempting transfer...")
 try:
 transfer_role(self.outf, role, samdb)
+self.outf.write("FSMO seize was not required, as transfer of '%s' role was successful\n" % role)
+return
 except CommandError:
 #transfer failed, use the big axe...
 self.message("Transfer unsuccessful, seizing...")
-m["fSMORoleOwner"]= ldb.MessageElement(
-serviceName, ldb.FLAG_MOD_REPLACE,
-"fSMORoleOwner")
 else:
 self.message("Will not attempt transfer, seizing...")
-m["fSMORoleOwner"]= ldb.MessageElement(
-serviceName, ldb.FLAG_MOD_REPLACE,
-"fSMORoleOwner")
+
+m["fSMORoleOwner"]= ldb.MessageElement(
+serviceName, ldb.FLAG_MOD_REPLACE,
+"fSMORoleOwner")
 try:
 samdb.modify(m)
 except LdbError, (num, msg):
 raise CommandError("Failed to initiate role seize of '%s' role: %s" % (role, msg))
-self.outf.write("FSMO transfer of '%s' role successful\n" % role)
+self.outf.write("FSMO seize of '%s' role successful\n" % role)
 
 def run(self, force=None, H=None, role=None,
 credopts=None, sambaopts=None, versionopts=None):
-- 
1.7.11.7

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Is nss_winbind required?

[Andrew Bartlett]

On Wed, 2013-05-08 at 15:23 +0100, Alex Matthews wrote:
> Hi all,
> 
> Is it a necessity to use the winbind nss module?
> I have run a few tests and having it enabled creates a massive 
> bottleneck. It's not nss_winbind itself that is the bottleneck but 
> something in the background (I'm guessing uid/rid->username code).
> If I disable winbind in nsswitch.conf what impact will it have? Will the 
> system continue to work?

> Please note this last test shows that it is not the nss_winbind module 
> that it slow it is something 'behind the scenes'.
> Also note that this is not just applicable to the sysvolreset (it was 
> just a convenient method of testing). Copying a directory consisting of 
> many small files (eg a windows roaming profile) can be excruciatingly 
> slow! 50s+ for a 50mb folder!
> I am sure that it is not a network or drive limitation, copying the 
> folder locally and via NFS happen very quickly and copying the same 
> folder from a standalone S3 install on the same hardware is 'fast' also.

The issue is that the winbind in the Samba 4.0 AD DC is incredibly
inefficient.  It is required for the [homes] share to work, but we try
to avoid needing it for other things.  

I understand this is incredibly frustrating, but what this highlights is
that we really, really need to start on the project to replace it with
running the winbindd code from source3.  The challenge is that this is a
lot of work, which will cause disruption in other parts of the system as
we generalise stuff and add the plugins we need to hook into the AD DC. 

I'm increasingly of the view that this will need to be a priority soon,
but it's still hard to get stuck into this stuff. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [Announce] Samba 3.6.15 Available for Download

[Thomas Bork]

Am 08.05.2013 11:18, schrieb Karolin Seeger:


Major enhancements in Samba 3.6.15 include:


How is the 'log level' in 3.6.15 defined?


From
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LOGLEVEL

[...]
Default: log level = 0

And:
debuglevel

This parameter is a synonym for log level.


In 3.5.x I had in some scripts following definition:
debuglevel=`testparm -vs 2>/dev/null | grep 'log level =' | cut -d' ' -f4`


This was always the same as my own definition

debug level = x

in smb.conf in 3.5.x.


But now:
referencetest26 # testparm -vs 2>/dev/null | grep 'log level'
log level = 2
referencetest26 # grep 'log level' /etc/smb.conf
referencetest26 # grep 'debug level' /etc/smb.conf
 debug level = 0
referencetest26 # grep 'debuglevel' /etc/smb.conf
referencetest26 #

2 != 0

Here is my question:
Where is 'log level = 2' defined? Not in my smb.conf...
Can somebody shed some light on this?

--
der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Using Windows­­­ ACL on a samba3 share

[?icro MEGAS]

Hello again,

I am using samba 3.5.6. I have another though maybe this problem occurs due to 
my OpenLDAP service? My /etc/openldap/slapd.conf is using:

[...]
access to dn.base=""
by * read

access to dn.base="cn=Subschema"
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

access to *
by * read

[...]

Could that be the problem because slapd is denying any kind of access to the 
samba or nsswitch process??? If so, how should I modify these lines to allow it?

Regards,
Lucas.



"net groupmap list" outputs all my groups and the mappings look fine. All the 
displayed groups are mapped correctly.

So I tried also this command "net usersidlist" but this gives me following 
error:

# net usersidlist
[2013/05/08 23:57:30.799662, 0] utils/net_rpc.c:4591(net_usersidlist)
Could not get the user/sid list

#

Thanks for your assistance,
Lucas.

Чтв 09 Май 2013 01:41:51 +0400, Miguel Medalha  написал:

> The log file always says: 
> 
> [2013/05/08 21:57:21.630413, 0] 
> smbd/posix_acls.c:1755(create_canon_ace_lists) 
> create_canon_ace_lists: unable to map SID 
> S-1-5-21-1062190697-4189521229-2202214947-3776 to uid or gid. 
> 

Did you map the unix groups to Windows groups? 

For example: net groupmap add ntgroup="Domain Admins" unixgroup=root type=d 

net groupmap add ntgroup="Domain Admins" unixgroup=root type=d

What is the output of the "net groupmap list" command? 

Чтв 09 Май 2013 01:41:51 +0400, Miguel Medalha  написал:

> The log file always says:

>

> [2013/05/08 21:57:21.630413, 0] 

> smbd/posix_acls.c:1755(create_canon_ace_lists)

> create_canon_ace_lists: unable to map SID 

> S-1-5-21-1062190697-4189521229-2202214947-3776 to uid or gid.

>

Did you map the unix groups to Windows groups?

For example: net groupmap add ntgroup="Domain Admins" unixgroup=root type=d

net groupmap add ntgroup="Domain Admins"  unixgroup=root type=d

What is the output of the "net groupmap list" command?

By the way, which version of Samba are you using? (I ask this because 

your log contains a message also caused by a bug in an old version of Samba)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 & Delegation

[Marc Muehlfeld]

Hello Andreas,

Am 08.05.2013 20:08, schrieb Andreas Krupp:

Thx a lot for the quick reply.
I will try to upgrade or possibly reinstall my Samba4 Instance.
At the moment the  command returns me: 4.1.Opre1-GIT-5f2edd1
I guess that is not really right version or the latest release.
I tried your command to reset the ACLs but that command is not part of my 
dbcheck. I tried  and could not find your command in the list either. So I am 
starting to think that my problems maybe come from the entire version.

I will set up a VM, reinstall centos + samba4 and see if that works better :)


The '--reset-well-known-acls' option was introduced in 4.0.5 (this is 
the latest version).


Maybe someone else on the list can say if you can switch from your git 
version to 4.0.5.



Regards,
Marc


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SAMBA implementation for DOS ?

[ray klassen]

Memory usage is the reason (imho) that Novell was king in the dos era. The 
lanman client was just too huge even running on NETBEUI. Add to that a TCP/IP 
stack and in DOS terms you have a 200 to 300 K behemoth. 

I just googled "linux clipper compiler". Have you tried 'Clip?' Looks like it 
might fill the bill and then you wouldn't be stuck with the limitations of DOS




- Original Message -
From: czezz 
To: samba@lists.samba.org; Neal Murphy ; 
sa...@jubileegroup.co.uk; Marc Muehlfeld 
Cc: 
Sent: Wednesday, 8 May 2013, 0:50
Subject: Re: [Samba] SAMBA implementation for DOS ?

Hi,
thank you all for answers.
 
@Ged and Neal,
yes - I considered using DOSBox and/or DOSEMU. This is solution that I will 
keep away from.
The true is that with DOSBox I dont even need to care about network 
configuration and there is enough memory to run required application.
The thing is that my Clipper/dBase application is located on Linux server and 
shared with SAMBA.
8 nodes (PCs/workstations) are connected to that share. If I use DOSbox, then 
DOSbox node will always overwrite its changes over dBase/database. Which will 
erase changes done by other nodes. 
 
VirtualBox: as I have written - I have 8 nodes (PCs/workstations). Each of them 
needs to communicate to Linux/Samba server where application is shared. DOS 
must have samba client. VB wont help that way.
However I do my tests with FreeDOS inside of VirtualBox.
 
@Marc - yes, Im playing around that.
So far, on the FreeDOS I have managed to get 485KB of free conventional memory. 
Application I need to run requires little bit above 500KB.
MS Client take most of it... nightmare :(
 
One last chance might be NFS client for DOS...
But I was just hoping that there is some old/discontinued Samba project for DOS.
 
BR,
czezz
Dnia 8 maja 2013 0:18 Neal Murphy  napisał(a):
On Tuesday, May 07, 2013 05:57:13 PM G.W. Haywood wrote:
> Hi there,
> 
> On Tue, 7 May 2013 czezz wrote:
> > I use FreeDOS with MS Client to map a network drive. However MS
> > Client is a memory hog and prevents me to run all applications I
> > need. Therefore I would like to ask here is there SAMBA
> > implementation for DOS ?
> 
> Have you considered using DOSBox on a Linux machine? Then you can do
> whatever you want with drives, mapping, NAS, or whatever. I use it a
> lot for an old application that I wrote over twenty years ago, it does
> everything that I need.
> 
> Alternatively you could try VirtualBox, which will let you do similar
> things with drives but I don't know how flexible it is.
To extend this concept a little, mayhap czezz could run each DOS app in a 
separate VM or separate DOSBox. Then he wouldn't need to worry about RAM.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Building 3.6.12

[Gaiseric Vandal]

Had you posted about this last month?

For active directory support you will need to compile OpenLDAP. The ldap 
functionality in Solaris is NOT openldap.   I would that you will need 
to specify the path to the kerberos directory. Solaris 9 and Solaris 10 
have kerberos installed by default.  Not sure about Solaris 8 -  it used 
to be part of the SEAM tool kit?  If kerberos is not installed you 
will need to either download it from Sun/Oracle or compile from source.



--with-ads=yes \
--with-ldap=yes \
--with-krb5=/usr



Also make sure winbind and nsswitch support  is enabled. . You may 
want to uninstall the samba 3.0.x packages to avoid confusing on which 
winbind/nsswitch libraries are being used.



I would also make sure that your Solaris 8 server is configured to use 
the Windows AD PDC as the DNS  master.I did not configure my systems 
as AD members BUT I did configure trusts with AD servers.   Need to 
make sure the samba server can locate the AD server.  Doesn't hurt 
to make sure all servers are using the same WINS server-  although it 
shouldn't be relevant with AD.




You may also want to setup a  Solaris 10 test machine as well. Assuming 
you get Samba 3.6.x compile on Solaris 8, and you can't get it to join 
the AD domain, you will want some way to determine if the problem is 
with the samba config or if the problem is with the samba compile.   
If the identical config works on Solaris 10 but not Solaris 8, then you 
know you have a problem with the compile.Solaris 10 will be 
diagnostic tool, not the production system.




On 05/08/13 08:52, Shaw, Kevin wrote:

All,

I'm trying to build Samba 3.6.12 on Solaris 8 sparc using studio 12. Is this 
the correct forum to ask questions?

This is my first build so any tips/tricks are appreciated.

What are the prerequisites to get samba to compile so that it will join an AD 
domain?

TIA,
-Kevin


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Is nss_winbind required?

[Alex Matthews]

Hi all,

Is it a necessity to use the winbind nss module?
I have run a few tests and having it enabled creates a massive 
bottleneck. It's not nss_winbind itself that is the bottleneck but 
something in the background (I'm guessing uid/rid->username code).
If I disable winbind in nsswitch.conf what impact will it have? Will the 
system continue to work?


eg:

#nss_winbind enabled on group and passwd
time samba-tool ntacl sysvolreset

real3m58.240s
user2m54.760s
sys 0m27.030s

#nss_winbind disabled
time samba-tool ntacl sysvolreset

real0m46.940s
user0m35.057s
sys 0m6.350s

#nss_winbind enabled on only group
time samba-tool ntacl sysvolreset

real0m46.668s
user0m34.790s
sys 0m6.263s

#nss_winbind enabled on only passwd
time samba-tool ntacl sysvolreset

real4m7.639s
user2m56.987s
sys 0m26.923s

#nss_winbind enabled on group and passwd with enum groups and users disabled
time samba-tool ntacl sysvolreset

real4m1.464s
user2m55.350s
sys 0m26.660s

#nss_winbind disabled and *nss-pam-ldap* enabled on passwd, shadow and group
time samba-tool ntacl sysvolreset

real3m57.029s
user3m0.913s
sys 0m30.570s



Please note this last test shows that it is not the nss_winbind module 
that it slow it is something 'behind the scenes'.
Also note that this is not just applicable to the sysvolreset (it was 
just a convenient method of testing). Copying a directory consisting of 
many small files (eg a windows roaming profile) can be excruciatingly 
slow! 50s+ for a 50mb folder!
I am sure that it is not a network or drive limitation, copying the 
folder locally and via NFS happen very quickly and copying the same 
folder from a standalone S3 install on the same hardware is 'fast' also.


Thanks,

Alex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Building 3.6.12

[Novosielski, Ryan]

My first tip is a strong "get off Solaris 8." It has been unsupported for a 
long time and you're not likely to be in a good place to get help from others 
either.



- Original Message -
From: Shaw, Kevin [mailto:kevin.s...@xerox.com]
Sent: Wednesday, May 08, 2013 08:52 AM
To: samba@lists.samba.org 
Subject: [Samba] Building 3.6.12

All,

I'm trying to build Samba 3.6.12 on Solaris 8 sparc using studio 12. Is this 
the correct forum to ask questions?

This is my first build so any tips/tricks are appreciated.

What are the prerequisites to get samba to compile so that it will join an AD 
domain?

TIA,
-Kevin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Building 3.6.12

[Shaw, Kevin]

I can patch Solaris 10 to get Samba 3.6.12 and takes about 5 mins to complete. 
I know moving off Solaris 8 would be the best path to take however it's not my 
decision to make...

-Kevin

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Using Windows ACL on a samba3 share

[miguelmedalha]

From the Samba HOWTO:


«
The net command can be used to obtain the currently supported  
capabilities for rights and privileges using this method:


root#  net rpc rights list -U root%not24get
 SeMachineAccountPrivilege  Add machines to domain
  SePrintOperatorPrivilege  Manage printers
   SeAddUsersPrivilege  Add users and groups to the domain
 SeRemoteShutdownPrivilege  Force shutdown from a remote system
   SeDiskOperatorPrivilege  Manage disk shares
 SeBackupPrivilege  Back up files and directories
SeRestorePrivilege  Restore files and directories
  SeTakeOwnershipPrivilege  Take ownership of files or other objects

Machine account privilege is necessary to permit a Windows NT4 or  
later network client to be added to the domain. *The disk operator  
privilege is necessary to permit the user to manage share ACLs and  
file and directory ACLs for objects not owned by the user.*

»

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2601333

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Building 3.6.12

[Shaw, Kevin]

All,

I'm trying to build Samba 3.6.12 on Solaris 8 sparc using studio 12. Is this 
the correct forum to ask questions?

This is my first build so any tips/tricks are appreciated.

What are the prerequisites to get samba to compile so that it will join an AD 
domain?

TIA,
-Kevin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] many smbd processes when sync'ing sysvol

[Alex Matthews]

For reference, my smbd.conf is as follows:

# Global parameters
[global]
workgroup = SMC
realm = internal.stmaryscollege.co.uk
netbios name = XEN-ARCH-AD-01
server role = active directory domain controller
printcap name = /etc/printcap
load printers = no
dns forwarder = 192.168.0.30
#DNS handled by BIND
server services = -dns

log level = 1
max log size = 10240
log file = /var/log/samba/samba.log.%d
debug uid = yes
debug timestamp = yes
allow dns updates = secure
nsupdate command = /usr/bin/nsupdate -g
spn update command = /usr/sbin/samba_spnupdate

idmap_ldb:use rfc2307 = yes
winbind nss info = rfc2307

#Small file tuning
read raw = no
level2 oplocks = true



On 08/05/2013 10:10, Andrew Bartlett wrote:

On Tue, 2013-05-07 at 21:55 +0100, Alex Matthews wrote:

Hi there,

I have three S4 servers running as AD DCs.
In order to keep the sysvol share in sync I'm using crontab to run the
following command:

/usr/bin/rsync -PavAX --delete root@:/var/lib/samba/sysvol/
/var/lib/samba/sysvol/

However everytime this command is run a couple of extra smbd processes
are started on the  (between 2 and 5 processes) which never
exit and just sit there taking up resources. So, quite quickly I had a
system with over 500 smbd processes and no free memory which very
abruptly fell over and stopped serving genuine clients.

Has anyone else come across this issue/know what is causing it?

I have taken some level 10 logs of the smbd processes that get formed.
However I don't have access to them from my current location. I will
email them in tomorrow from work.

My best guess is that the winbind part of samba's AD DC is making a
connection, but never closing it.

Andrew Bartlett



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Succes for Günter Kukkukk [PATCH] Fix internal DNS dyn. updates, seen as: ; TSIG error with server: tsig verify failure

[Tim Vangehugten]

I just wanted to report that after using the patch from Günter Kukkukk
( 0001-Fix-internal-DNS-dyn.-update-seen-as-TSIG-error-with.patch ) for 2
weeks I haven't seen any errors in samba 4.0.5.
Anyway thank you for the patch.

Best regards
Tim Vangehugten
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Using Windows ACL on a samba3 share

[?icro MEGAS]

Hello folks,

I have some directories within a samba 3.x share which I want to give 
granulated security settings for various users and groups. I could use of 
course "setfacl" and POSIX ACLs to accomplish that, but some of these ACL 
should be also able to be set by some users. These users of course has no 
access to my linux host where samba3 is running, so they only can do that by 
right-clicking the directory/file and set the permissions through Windows 
explorer. Unfortunately this doesn't work in our case. My filesystem where the 
samba3 shares reside on is mounted with acl and xattr and I have double-checked 
that. Posix ACLs work fine. But as soon as the owner of a directory or file 
tries to add some other users with access on it, the change is not applied 
after clicking on the button "Apply". It looks like the windows client cannot 
set these security settings. My share looks like that:

[share1]
  path = /disk01/share1
admin users =  "@Domain Admins"
  read only = No
  create mask = 0775
  directory mask = 0775
  nt acl support = yes
  vfs objects = acl_xattr
  invalid users = @restricted

the command "mount" shows:

[...]
/dev/xvdb1 on /disk01 type ext4 (rw,acl,user_xattr)
[...]

What am I doing wrong, why this doesn't work? Any help appreciated.

Thanks in advance,
Lucas.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Announce] Samba 3.6.15 Available for Download

[Karolin Seeger]

==
"Without freedom of choice there is no
 creativity. The body dies."

 James T. Kirk
==


Release Announcements
=

This is is the latest stable release of Samba 3.6.

Major enhancements in Samba 3.6.15 include:

o  Fix crash bug in Winbind (bug #9854).


Changes since 3.6.14:
-

o   Andrew Bartlett 
* BUG 9746: Fix "guest ok", "force user" and "force group" for guest users.


o   David Disseldorp 
* BUG 9830: Fix panic in nt_printer_publish_ads.


o   Volker Lendecke 
* BUG 9854: Fix crash bug in Winbind.


o   Andreas Schneider 
* BUG 9817: Fix 'map untrusted to domain' with NTLMv2.


##
Reporting bugs & Development Discussion
###

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba corresponding product in the project's Bugzilla
database (https://bugzilla.samba.org/).


==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==



Download Details


The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/ftp/history/samba-3.6.15.html

Binary packages will be made available on a volunteer basis from

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Provisioning command line args for DNS forwarder

[Andrew Bartlett]

On Tue, 2013-05-07 at 08:41 +0100, John wrote:
> Hello, I'm trying to script an installation and can't find the 
> command-line argument to "samba-tool domain provision" to specify the 
> DNS forwarder. I have tried "samba-tool domain provision --help" but I 
> couldn't see such an option there. Does that mean there isn't one ?
> 
> I also tried to use the "samba-tool --option=option" construct 
> (described on 'man samba-tool') to set the dns forwarder after the 
> provision but I can't work out how to constuct the parameter.
> 
> I'd appreciate a nudge in the right direction...

I noticed the same.  Perhaps I dissuaded Kai from adding to our already
very long list of options, but I'm now convinced we should add it.

Care to prepare a git formatted patch?

Kai: 

Any comments?

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ntp and samba4

[Andrew Bartlett]

On Tue, 2013-05-07 at 15:43 -0400, Michael Mol wrote:
> On 05/07/2013 03:25 PM, Andrew Bartlett wrote:
> > On Mon, 2013-05-06 at 17:15 +0200, Michael De Groote wrote:
> >> Hi all
> >>
> >> Recently i noticed that upon starting the samba4 'samba' daemon, that it
> >> changes the group ownership of the socket for ntpd to *staff*
> >>
> >> $ls -l /usr/local/samba/var/lib/ntp_signd/
> >> total 0
> >> srwxrwxrwx 1 root *staff* 0 May  6 16:35 socket
> >>
> >>
> >> The documentation says it needs to be *ntp*
> >>
> >> (FYI: i'm running this on debian wheezy)
> >>
> >> I have just added ntp to group staff, but that seems like a workaround...
> > 
> > I don't know why this is happening.  I've examined the code, and it does
> > not change the group ID, it only creates the directory, forcing the uid.
> > 
> > Indeed, the same code is using for the winbind privileged pipe, which is
> > likewise deliberately designed so that you can set the group to a
> > specific group for use by squid et al.  In this case the group is meant
> > to be 'ntp' to allow only NTP access to the pipe.
> 
> Could this be a namespace overlap? Perhaps the directory has the correct
> GID, but when Samba spins up the lookup for GID->name goes through it,
> and something samba is attached to already has a mapping for that GID.
> 
> (I find it very odd to see asterisks around the group name in ls's
> output, too...)

Samba never sets the GID explicitly, but should be gid 0 at this point,
so should be creating gid 0 files.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] many smbd processes when sync'ing sysvol

[Andrew Bartlett]

On Tue, 2013-05-07 at 21:55 +0100, Alex Matthews wrote:
> Hi there,
> 
> I have three S4 servers running as AD DCs.
> In order to keep the sysvol share in sync I'm using crontab to run the 
> following command:
> 
> /usr/bin/rsync -PavAX --delete root@:/var/lib/samba/sysvol/ 
> /var/lib/samba/sysvol/
> 
> However everytime this command is run a couple of extra smbd processes 
> are started on the  (between 2 and 5 processes) which never 
> exit and just sit there taking up resources. So, quite quickly I had a 
> system with over 500 smbd processes and no free memory which very 
> abruptly fell over and stopped serving genuine clients.
> 
> Has anyone else come across this issue/know what is causing it?
> 
> I have taken some level 10 logs of the smbd processes that get formed. 
> However I don't have access to them from my current location. I will 
> email them in tomorrow from work.

My best guess is that the winbind part of samba's AD DC is making a
connection, but never closing it. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] many smbd processes when sync'ing sysvol

[Alex Matthews]

On 08/05/2013 00:43, Michael Mol wrote:



On May 7, 2013 4:56 PM, "Alex Matthews" > wrote:

>
> Hi there,
>
> I have three S4 servers running as AD DCs.
> In order to keep the sysvol share in sync I'm using crontab to run 
the following command:

>
> /usr/bin/rsync -PavAX --delete 
root@:/var/lib/samba/sysvol/ /var/lib/samba/sysvol/

>
> However everytime this command is run a couple of extra smbd 
processes are started on the  (between 2 and 5 processes) 
which never exit and just sit there taking up resources. So, quite 
quickly I had a system with over 500 smbd processes and no free memory 
which very abruptly fell over and stopped serving genuine clients.

>
> Has anyone else come across this issue/know what is causing it?
>
> I have taken some level 10 logs of the smbd processes that get 
formed. However I don't have access to them from my current location. 
I will email them in tomorrow from work.

>
> Thanks,
>
> Alex
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

Are you sure those are separate processes, and not simply threads?

(Apologies for brief response; sending from phone.)


Hi Michael!

They show up in `ps aux` as separate smbd processes. They also generate 
their own log files when I set the log file output names based on PIDs.


Thanks,

Alex
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 on hosted root server

[Carsten Laun-De Lellis]

Hi list 

I am trying to install Samba4 on a hosted server but haven't been
successful yet. 

Environment: 

Hosted Server with official .net domain. OS is Ubuntu 12.04 LTS Server
64-bit. DNS for domain is registred with provider's name servers. 

Installed Samba with Bind backend following the how-to on
http://www.matrix44.net/cms/notes/gnulinux/samba-4-ad-domain-with-ubuntu-12-04
[1] . 

When I tried to join the domain I got an error message that SRV
_ldap._tcp.dc.msdcs.official.domain not found. No DC can't be located. 

I checked if name service is working properly on the server itself: 

> host -t SRV _ldap._tcp.dc.msdcs.official.domain 

_ldap._tcp.dc.msdcs.official.domain has SRV record 0 0 389
rv1325.official.domain. 

>host -t SRV _kerberos._udp.official.domain 

_kerberos._udp.official.domain has SRV record 0 0 88
rv1325.official.domain. 

>host -t SRV _ldap._tcp.official.domain 

_ldap._tcp.official.domain has SRV record 0 100 389
rv1325.official.domain. 

Everything looks fine 

I tried the same from another linux server with: 

>host -t SRV _ldap._tcp.dc.msdcs.official.domain [server-ip] 

Also everything works fine. I've got the same replys. 

But whenever I try to join the domain it doesn't work. 

I would appreciate any help and ideas. 
-- 

Regards,

Carsten Laun-De Lellis

Hauptstrasse 13
D-67705 Trippstadt

Phone: +49 6306 992140
Fax: +49 6306 992142
Mobile: +49 151 27530865
email: carsten.delel...@delellis.net

http://www.linkedin.com/in/carstenlaundelellis [2] 

Links:
--
[1]
http://www.matrix44.net/cms/notes/gnulinux/samba-4-ad-domain-with-ubuntu-12-04
[2] http://www.linkedin.com/in/carstenlaundelellis
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SAMBA implementation for DOS ?

[Volker Lendecke]

On Wed, May 08, 2013 at 09:50:30AM +0200, czezz wrote:
> Hi,
> thank you all for answers.
>  
> @Ged and Neal,
> yes - I considered using DOSBox and/or DOSEMU. This is solution that I will 
> keep away from.
> The true is that with DOSBox I dont even need to care about network 
> configuration and there is enough memory to run required application.
> The thing is that my Clipper/dBase application is located on Linux server and 
> shared with SAMBA.
> 8 nodes (PCs/workstations) are connected to that share. If I use DOSbox, then 
> DOSbox node will always overwrite its changes over dBase/database. Which will 
> erase changes done by other nodes. 
>  
> VirtualBox: as I have written - I have 8 nodes (PCs/workstations). Each of 
> them needs to communicate to Linux/Samba server where application is shared. 
> DOS must have samba client. VB wont help that way.
> However I do my tests with FreeDOS inside of VirtualBox.
>  
> @Marc - yes, Im playing around that.
> So far, on the FreeDOS I have managed to get 485KB of free conventional 
> memory. Application I need to run requires little bit above 500KB.
> MS Client take most of it... nightmare :(
>  
> One last chance might be NFS client for DOS...
> But I was just hoping that there is some old/discontinued Samba project for 
> DOS.

Is mars_nwe still alive? The Novell client uses less memory
than the MSClient thingy.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SAMBA implementation for DOS ?

[czezz]

Hi,
thank you all for answers.
 
@Ged and Neal,
yes - I considered using DOSBox and/or DOSEMU. This is solution that I will 
keep away from.
The true is that with DOSBox I dont even need to care about network 
configuration and there is enough memory to run required application.
The thing is that my Clipper/dBase application is located on Linux server and 
shared with SAMBA.
8 nodes (PCs/workstations) are connected to that share. If I use DOSbox, then 
DOSbox node will always overwrite its changes over dBase/database. Which will 
erase changes done by other nodes. 
 
VirtualBox: as I have written - I have 8 nodes (PCs/workstations). Each of them 
needs to communicate to Linux/Samba server where application is shared. DOS 
must have samba client. VB wont help that way.
However I do my tests with FreeDOS inside of VirtualBox.
 
@Marc - yes, Im playing around that.
So far, on the FreeDOS I have managed to get 485KB of free conventional memory. 
Application I need to run requires little bit above 500KB.
MS Client take most of it... nightmare :(
 
One last chance might be NFS client for DOS...
But I was just hoping that there is some old/discontinued Samba project for DOS.
 
BR,
czezz
Dnia 8 maja 2013 0:18 Neal Murphy  napisał(a):
On Tuesday, May 07, 2013 05:57:13 PM G.W. Haywood wrote:
> Hi there,
> 
> On Tue, 7 May 2013 czezz wrote:
> > I use FreeDOS with MS Client to map a network drive. However MS
> > Client is a memory hog and prevents me to run all applications I
> > need. Therefore I would like to ask here is there SAMBA
> > implementation for DOS ?
> 
> Have you considered using DOSBox on a Linux machine? Then you can do
> whatever you want with drives, mapping, NAS, or whatever. I use it a
> lot for an old application that I wrote over twenty years ago, it does
> everything that I need.
> 
> Alternatively you could try VirtualBox, which will let you do similar
> things with drives but I don't know how flexible it is.
To extend this concept a little, mayhap czezz could run each DOS app in a 
separate VM or separate DOSBox. Then he wouldn't need to worry about RAM.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba