Re: [Samba] Security = ADS and uidnumbers
On Thu, 2013-06-06 at 10:19 +0100, Jonathan Buzzard wrote: So given the OP wants consistent UID's on presumably his Samba file server running a 3.6.x variant of Samba how does sssd help? Hi sssd is an alternative to using winbind to extract information from AD. It may help the OP to try it instead of winbind. Here are a few of the advantages we have found. - sssd is supported: if you have a problem, it will be resolved one day to the next. - It has only one branch which gives the same results with the same configuration for both samba and smbd. - It does not need entries in smb.conf At the moment, winbind seems to be under development. I'm sure that once it is finished, it will be just as good as sssd at extracting consistent information from AD. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Microsoft Hyper-V over SMB 3.0
On Fri, 7 Jun 2013 12:24:29 +0800 Chunbo Song massf...@gmail.com wrote: We have a project about Microsoft Hyper-V by using our storage. We want to use Samba to share our storage to Hyper-V. And we know from Microsoft homepage hyper-v(windows 2012) only support smb3.0 protocol, but right now the newest version of Samba don’t’ fully support SMB3.0 protocol. I tried the version of Samba4.0.6, Samba3.6.9, but both failed to create virtual hosts using Hyper-V. So,is it possibly to use Samba to share our storage to Hyper-V? Any suggestion for us? What error are you seeing? I did a quick test on my local Samba 4.0 + Hyper-V 2012 setup and see an access denied error, which appears to be due the following ACL issue: - Hyper-V connects using the machine account (machine$) - Hyper-V connects using the login account (admin) - admin creates VM container directory (vmdir) - admin sets security descriptor on vmdir: owner=admin group=domain admins acl[0]: machine$(inherit only)=0x001f01ff acl[1]: machine$=0x0012008f acl[n]... - machine$ attempts to open a non-existing vmdir\Virtual Machines path, which fails at realpath() with EPERM. The ACL on the parent does not allow machine$ execute permission, so realpath() is unabled to traverse. This step would succeed on Windows, as the Bypass traverse checking user right is granted by default. Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4+bind on centos
Hi all I've given up on the idea that I can make a script to import our domain-zone into samba internal dns with samba-tool as it gets really messy with subdomains. Instead I'm now trying to get samba4 to let bind handle the domain-zone as well als dynamic updates and such. The problem is that once I've started named and samba4 after provisioning, I try to test dynamic updates and it oopses with the message: root@puppettest01 var]# samba_dnsupdate --verbose --all-names IPs: ['192.168.0.1'] Traceback (most recent call last): File /usr/sbin/samba_dnsupdate, line 506, in module get_credentials(lp) File /usr/sbin/samba_dnsupdate, line 119, in get_credentials creds.get_named_ccache(lp, ccachename) RuntimeError: kinit for PUPPETTEST01$@NIEUWLAND.NL failed (Cannot contact any KDC for requested realm) When looking at the debug output of bind, it doesn't seem to have loaded the DLZ module from samba4. I tried this: named -g -c /etc/bind/named.conf -u named -d3 21 |grep -i dlz 07-Jun-2013 14:18:24.514 built with '--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-stub=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= -DDIG_SIGCHASE' 07-Jun-2013 14:18:24.516 Registering DLZ_dlopen driver 07-Jun-2013 14:18:24.516 Registering SDLZ driver 'dlopen' 07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen' The packages samba4 (using git master from 2 days ago) and bind are self-compiled on another centos 6.4 machine. As you can see, the options '--with-gssapi=yes' and '--with-dlopen=yes' are set (this is 9.8.2 from the source rpm) I followed the instructions on how to include /var/lib/samba4/private/named.conf and named.txt, however, that didn't work as advertised (cannot read /var/lib/samba4/private/named.conf, though it was readable by user named???), so I included the stuff in ...private/named.conf literally in the /etc/bind/named.conf (as you can see, the named.conf location is nonstandard, this is handled in /etc/sysconfig/named). samba4 was provisioned for NIEUWLAND.NL as dc and BIND9_DLZ I figure the problem lies in not loading the dlopen driver, which should probably look like: 03-Jun-2013 14:38:43.370 Loading 'AD DNS Zone' using driver dlopen 03-Jun-2013 14:38:43.371 Loading SDLZ driver. 03-Jun-2013 14:38:47.233 samba_dlz: started for DN DC=intranet01,DC=hom 03-Jun-2013 14:38:47.234 SDLZ driver loaded successfully. 03-Jun-2013 14:38:47.234 DLZ driver loaded successfully. 03-Jun-2013 14:38:47.235 samba_dlz: starting configure 03-Jun-2013 14:38:47.275 zone 200.168.192.in-addr.arpa/NONE: number of nodes in database: 0 03-Jun-2013 14:38:47.278 zone 200.168.192.in-addr.arpa/NONE: loaded; checking validity 03-Jun-2013 14:38:47.281 zone_settimer: zone 200.168.192.in-addr.arpa/NONE: enter 03-Jun-2013 14:38:47.282 samba_dlz: configured writeable zone '200.168.192.in-addr.arpa' 03-Jun-2013 14:38:47.284 zone intranet01.hom/NONE: number of nodes in database: 0 03-Jun-2013 14:38:47.286 zone intranet01.hom/NONE: loaded; checking validity (I saw this in another mail to this list, but there bind was compiled from original sources and version 9.9.3) I wonder which steps would be most likely to let bind load the driver for dlz? Should I suspect all the patches redhat includes in their source rpm? or is it a configuration issue? Cheers Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4+bind on centos
On Fri, Jun 7, 2013 at 5:45 AM, NOC n...@nieuwland.nl wrote: '--disable-isc-spnego' '--disable-isc-spnego' it will not work with this in the BIND build, see my previous thread on the mailing list, I just spent roughly 200 man hours working out samba 4 bind DLZ dynamic updates on centos 6.4 myself and finally got it to work after removing that from the bind build, changing --with-gssapi=yes to (i believe it was --with-gssapi=/usr/include/GSSAPI) and adding the with dlopen flag as well, with these 3 things done bind DLZ work, without these 3 things done exactly this way it will not. 'gssapi yes' did not work for me, and you can NOT have disable-isp-spnegu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4+bind on centos
Hello NOC, you didn't provide any configuration so I'm just guessing using my new crystal ball. Fri, Jun 07, 2013 at 02:45:09PM +0200, NOC napsal(a): Hi all root@puppettest01 var]# samba_dnsupdate --verbose --all-names IPs: ['192.168.0.1'] Traceback (most recent call last): File /usr/sbin/samba_dnsupdate, line 506, in module get_credentials(lp) File /usr/sbin/samba_dnsupdate, line 119, in get_credentials creds.get_named_ccache(lp, ccachename) RuntimeError: kinit for PUPPETTEST01$@NIEUWLAND.NL failed (Cannot contact any KDC for requested realm) You have configured kerberos to look for KDC using DNS and DNS server is not running. When looking at the debug output of bind, it doesn't seem to have loaded the DLZ module from samba4. I tried this: named -g -c /etc/bind/named.conf -u named -d3 21 |grep -i dlz 07-Jun-2013 14:18:24.514 built with '--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-stub=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= -DDIG_SIGCHASE' 07-Jun-2013 14:18:24.516 Registering DLZ_dlopen driver 07-Jun-2013 14:18:24.516 Registering SDLZ driver 'dlopen' 07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen' The packages samba4 (using git master from 2 days ago) and bind are self-compiled on another centos 6.4 machine. As you can see, the options '--with-gssapi=yes' and '--with-dlopen=yes' are set (this is 9.8.2 from the source rpm) I followed the instructions on how to include /var/lib/samba4/private/named.conf and named.txt, however, that didn't work as advertised (cannot read /var/lib/samba4/private/named.conf, though it was readable by user named???), so I included the stuff in ...private/named.conf literally in the /etc/bind/named.conf (as you can see, the named.conf location is nonstandard, this is handled in /etc/sysconfig/named). What about selinux? Also giving us only grep of logs are useless. There should be very interesting lines below: 07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen' samba4 was provisioned for NIEUWLAND.NL as dc and BIND9_DLZ I wonder which steps would be most likely to let bind load the driver for dlz? Should I suspect all the patches redhat includes in their source rpm? or is it a configuration issue? This part is working with plain CentOS named for me. The problem mentioned with --disable-isc-spnego is only with Windows client updates to the dns. Please give us the named.conf (at least the part you copied from samba) and also the named output from /var/log/messages during startup (no debug is needed usually). Best regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4+bind on centos
On 06/07/2013 03:38 PM, Ludek Finstrle wrote: Hello NOC, you didn't provide any configuration so I'm just guessing using my new crystal ball. Hi Ludek can you tell in your crystal ball whether I'll succeed getting this to work? ;-) The parts I added to my config: # This configures dynamically loadable zones (DLZ) from AD schema # Uncomment only single database line, depending on your BIND version # dlz AD DNS Zone { # For BIND 9.8.0 database dlopen /usr/lib64/samba4/modules/bind9/dlz_bind91.so -d 3; # For BIND 9.9.0 # database dlopen /usr/lib64/samba4/modules/bind9/dlz_bind9_9.so; }; options { ... #samba4 key for dyn.updates tkey-gssapi-keytab /var/lib/samba4/private/dns.keytab; } Fri, Jun 07, 2013 at 02:45:09PM +0200, NOC napsal(a): Hi all root@puppettest01 var]# samba_dnsupdate --verbose --all-names IPs: ['192.168.0.1'] Traceback (most recent call last): File /usr/sbin/samba_dnsupdate, line 506, in module get_credentials(lp) File /usr/sbin/samba_dnsupdate, line 119, in get_credentials creds.get_named_ccache(lp, ccachename) RuntimeError: kinit for PUPPETTEST01$@NIEUWLAND.NL failed (Cannot contact any KDC for requested realm) You have configured kerberos to look for KDC using DNS and DNS server is not running. Yes, that's why I figured it was a problem with bind. When looking at the debug output of bind, it doesn't seem to have loaded the DLZ module from samba4. I tried this: named -g -c /etc/bind/named.conf -u named -d3 21 |grep -i dlz 07-Jun-2013 14:18:24.514 built with '--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-stub=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= -DDIG_SIGCHASE' 07-Jun-2013 14:18:24.516 Registering DLZ_dlopen driver 07-Jun-2013 14:18:24.516 Registering SDLZ driver 'dlopen' 07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen' With the freshly compiled bind I now get this output: named -g -c /etc/bind/named.conf -u named -d3 21 |grep -i dlz 07-Jun-2013 15:52:04.484 built with '--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= -DDIG_SIGCHASE' 07-Jun-2013 15:52:04.486 Registering DLZ_dlopen driver 07-Jun-2013 15:52:04.486 Registering SDLZ driver 'dlopen' 07-Jun-2013 15:52:04.486 Registering DLZ driver 'dlopen' med.conf location is nonstandard, this is handled in /etc/sysconfig/named). What about selinux? selinux is set to permissive Also giving us only grep of logs are useless. There should be very interesting lines below: 07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen' like what? I figured getting a line with the dlz driver loading was the first step, that isn't happening... samba4 was provisioned for NIEUWLAND.NL as dc and BIND9_DLZ I wonder which steps would be most likely to let bind load the driver for dlz? Should I suspect all the patches redhat includes in their source rpm? or is it a configuration issue? This part is working with plain CentOS named for me. The problem mentioned with --disable-isc-spnego is only with Windows client updates to the dns. Ok, that will happen when we take it in production, so I'll still need to remove it for testing as well. Please give us the named.conf (at least the part you copied from samba) and also the named output from /var/log/messages during startup (no debug is needed usually). named.conf (attached) (I reduced it a bit) /var/log/messages: Jun 7 16:11:59 puppettest01
Re: [Samba] Problem with AD users and groups
I'd double check on the samba server it self if you can connect to it using smbclient... `smbclient //localhost/sysvol -Uadministrator` if that fails try `smbclient //localhost/sysvol -d5 -Uadministrator` and paste the output in your reply. If it succeeds then you can pretty much bet on a connectivity issue... by the way, why isn't samba listening on port 88 in your last mail? It might be worth it to try a `killall samba sleep 5 samba -i -M single -d3` and look for any error messages ... anyway those are just a couple of my suggestions. Ricky On Thu, Jun 6, 2013 at 8:30 PM, Marcelo Ruriani systemad...@helpinghandsofgreenup.org wrote: On 6/6/13 5:15 PM, Marc Muehlfeld wrote: Hello Marcelo, Am 06.06.2013 22:47, schrieb Marcelo Ruriani: It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. * IP connection between the hosts is fine? (ping each other) * Do you use the internal DNS or Bind DLZ? * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make sure, that nothing else is listening on this port and prevent the correct DNS to start up. * Can you check: https://wiki.samba.org/index.** php/Samba_AD_DC_HOWTO#Testing_**DNShttps://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS Regards, Marc Dear List Mark, Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135 (and UDP 53) smbd is listening on TCP port 139, 445 The clients ping the server (ip and domain name) fine and the server pings the clients fine. My followup question will appear after this reply. Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] chmod g+s not working over cifs
Hi I've had this problem since 3.0.9 an I've now reproduced it on 4.0.6, 4.0.7 git and 4.1.0 pre1 Summary: if I chmod g+s a shared folder, the file created therein are not group owned. Here is the original post from March which didn't get a reply: Version 4.0.5-GIT-9ec44d4 Single DC and fileserver running the samba binary. Hi I have a share called shared: [shared] path = /home/shared read only = No I set the ACL: setfacl -R -m g:staff:rw,d:g:staff:rw /home/shared This is what it looks like: getfacl shared # file: shared # owner: root # group: staff # flags: -s- user::rwx group::rwx group:staff:rw- mask::rwx other::--- default:user::rwx default:group::rwx default:group:staff:rw- default:mask::rwx default:other::--- The file listing looks OK: drwxrws---+ 3 root staff 4096 Mar 29 10:05 shared Problem: Files created from Linux cifs mounted or W7 clients are group 'Domain users', the primary group of the user, not 'staff' as the g+s should give. Files created in the share on the DC are correctly assigned to group 'staff'. Question: How do I get files created in the share 'shared' to be group owned by group 'staff'? Cheers, Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with AD users and groups
On 6/7/13 10:51 AM, Ricky Nance wrote: I'd double check on the samba server it self if you can connect to it using smbclient... `smbclient //localhost/sysvol -Uadministrator` if that fails try `smbclient //localhost/sysvol -d5 -Uadministrator` and paste the output in your reply. If it succeeds then you can pretty much bet on a connectivity issue... by the way, why isn't samba listening on port 88 in your last mail? It might be worth it to try a `killall samba sleep 5 samba -i -M single -d3` and look for any error messages ... anyway those are just a couple of my suggestions. Ricky On Thu, Jun 6, 2013 at 8:30 PM, Marcelo Ruriani systemad...@helpinghandsofgreenup.org mailto:systemad...@helpinghandsofgreenup.org wrote: On 6/6/13 5:15 PM, Marc Muehlfeld wrote: Hello Marcelo, Am 06.06.2013 22:47, schrieb Marcelo Ruriani: It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. * IP connection between the hosts is fine? (ping each other) * Do you use the internal DNS or Bind DLZ? * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make sure, that nothing else is listening on this port and prevent the correct DNS to start up. * Can you check: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS Regards, Marc Dear List Mark, Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135 (and UDP 53) smbd is listening on TCP port 139, 445 The clients ping the server (ip and domain name) fine and the server pings the clients fine. My followup question will appear after this reply. Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba To list, Mark, Ricky, I must admit I am unsure why it isn't listening on port 88! I will do that kill all samba thing later and reply if that does the trick. On the tests you asked me to do, this is my output of terminal: (I apologize for formatting) root@ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -U%administrator Domain=[AD.HHG.COM] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-94f11e9] tree connect failed: NT_STATUS_ACCESS_DENIED root@ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -d5 -U%administrator INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 params.c:pm_process() - Processing configuration file /usr/local/samba/etc/smb.conf Processing section [global] doing parameter workgroup = AD.HHG.COM doing parameter realm = HHG.COM doing parameter netbios name = AD doing parameter server role = active directory domain controller doing parameter dns forwarder = 192.168.1.1 pm_process() returned Yes added interface eth0 ip=fe80::222:19ff:fe95:7f31%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth0 ip=192.168.1.10 bcast=192.168.1.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=AD Client started (version 4.1.0pre1-GIT-94f11e9). Opening cache file at /usr/local/samba/var/lock/gencache.tdb Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb sitename_fetch: No stored sitename for HHG.COM name localhost#20 found. Connecting to ::1 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 173200 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 session request ok Domain=[AD.HHG.COM] OS=[Unix] Server=[Samba
Re: [Samba] Problem with AD users and groups
Re provisioning will wipe out your entire samba DB, so I would try to avoid that if at all possible, figure out if something else is listening on port 88, stop it, and restart samba (its the kerberos stuff). The smbclient command isn't all that helpful (sometimes it is, sometimes not), so you may try it with a higher debug level (-d10) but don't paste that here as it will get quite lengthy, use a pastebin and give us the link if you don't mind (if you think its more helpful that is). Good luck, Ricky On Fri, Jun 7, 2013 at 12:56 PM, Marcelo Ruriani systemad...@helpinghandsofgreenup.org wrote: On 6/7/13 10:51 AM, Ricky Nance wrote: I'd double check on the samba server it self if you can connect to it using smbclient... `smbclient //localhost/sysvol -Uadministrator` if that fails try `smbclient //localhost/sysvol -d5 -Uadministrator` and paste the output in your reply. If it succeeds then you can pretty much bet on a connectivity issue... by the way, why isn't samba listening on port 88 in your last mail? It might be worth it to try a `killall samba sleep 5 samba -i -M single -d3` and look for any error messages ... anyway those are just a couple of my suggestions. Ricky On Thu, Jun 6, 2013 at 8:30 PM, Marcelo Ruriani systemad...@helpinghandsofgreenup.org wrote: On 6/6/13 5:15 PM, Marc Muehlfeld wrote: Hello Marcelo, Am 06.06.2013 22:47, schrieb Marcelo Ruriani: It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. * IP connection between the hosts is fine? (ping each other) * Do you use the internal DNS or Bind DLZ? * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make sure, that nothing else is listening on this port and prevent the correct DNS to start up. * Can you check: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS Regards, Marc Dear List Mark, Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135 (and UDP 53) smbd is listening on TCP port 139, 445 The clients ping the server (ip and domain name) fine and the server pings the clients fine. My followup question will appear after this reply. Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba To list, Mark, Ricky, I must admit I am unsure why it isn't listening on port 88! I will do that kill all samba thing later and reply if that does the trick. On the tests you asked me to do, this is my output of terminal: (I apologize for formatting) root@ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -U%administrator Domain=[AD.HHG.COM] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-94f11e9] tree connect failed: NT_STATUS_ACCESS_DENIED root@ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -d5 -U%administrator INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 params.c:pm_process() - Processing configuration file /usr/local/samba/etc/smb.conf Processing section [global] doing parameter workgroup = AD.HHG.COM doing parameter realm = HHG.COM doing parameter netbios name = AD doing parameter server role = active directory domain controller doing parameter dns forwarder = 192.168.1.1 pm_process() returned Yes added interface eth0 ip=fe80::222:19ff:fe95:7f31%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth0 ip=192.168.1.10 bcast=192.168.1.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=AD Client started (version 4.1.0pre1-GIT-94f11e9). Opening cache file at /usr/local/samba/var/lock/gencache.tdb Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb sitename_fetch: No stored sitename for HHG.COM name localhost#20 found. Connecting to ::1 at port 445 Socket
Re: [Samba] Problem with AD users and groups
Hello Marcelo, Am 07.06.2013 16:51, schrieb Ricky Nance: by the way, why isn't samba listening on port 88 in your last mail? * Can you check, if something else is listening on the kerberos port 88: # netstat -taunp | grep :88 * Please also show us the [global] part of your smb.conf. Expecially the server services = line. Maybe kdc is disabled. * Does the log say anything, why kdc doesn't listen on :88? My questions are if the worst were if I had to re-provision, would the re-provision be enough? OR Woul d I have to do the entire compile, make, install procedure? Thanks. How big is your installation? If it's not very small or a test environment, I think I would continue searching for the problem, instead of setup everything again. As it sounds like your Samba AD was working before, did anything changed on your DC since the last restart of Samba? Maybe required packages have been removed, a new compiled Samba version was installed, etc. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon homes with Samba4 DC
hmm, Ive changed it to [home] but that doesnt change anything :( Ive created the homedir manually, does not help. Here are my logs: http://pastebin.com/J7ij9P4Z client log: http://pastebin.com/vHV9CZiu [2013/06/07 21:14:00.778318, 3] ../source3/smbd/password.c:138(register_homes_share) No home directory defined for user 'MYDOM\PC$' Why a homedirectory for a Computer ? [2013/06/07 21:14:00.779581, 3] ../source3/smbd/service.c:612(make_connection_snum) Connect path is '/tmp' for service [IPC$] Why defining /tmp as share ? [2013/06/07 21:14:02.996959, 3] ../source3/smbd/password.c:138(register_homes_share) No home directory defined for user 'MYDOM\hpeter' Why not ? Should Samba create that for me ? this is at log level 3 Ive seen nothing that reports why homedirs for user does not work and there is nothing in it about the netlogon scripts :( Attached a picture on how the profiles are configured in AD ls -al /usr/local/samba/var/locks/sysvol/mydom.de/scripts total 20 drwxrwx---+ 2 root 300 4096 Jun 1 20:57 . drwxrwx---+ 4 root 300 4096 Jun 1 15:27 .. -rwxrwxrwx+ 1 root root 29 Jun 1 20:57 hpeter.bat Regards 2013/6/4 Daniel Müller muel...@tropenklinik.de Of course: # Global parameters [global] workgroup = TPLECHLER realm = tplechler.kkh netbios name = LINUX2 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes log level= 5 allow dns updates = signed [netlogon] path = /usr/local/samba/var/locks/sysvol/tplechler.kkh/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [home] path = /home/windows/users --- Look at it, it is home--and working!!! read only = No EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: spamv...@googlemail.com [mailto:spamv...@googlemail.com] Gesendet: Montag, 3. Juni 2013 20:54 An: muel...@tropenklinik.de Betreff: Re: [Samba] netlogon homes with Samba4 DC Hi Daniel, are you sure ? the included manpages say: There are three special sections, [global], [homes] and [printers], which are described under.. Ill try to change that and see 2013/6/3 Daniel Müller muel...@tropenklinik.de It is not homes anymore within samba4 it calls home. You need to set the rights for your netlogon from your adm windows client or within ads tool in your user profile --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Gurdon Gesendet: Sonntag, 2. Juni 2013 01:02 An: spamv...@gmail.com Cc: samba@lists.samba.org Betreff: Re: [Samba] netlogon homes with Samba4 DC Hi, 1) Windows 7 logs should say something about your netlogon script. 2) I think you have to create the home directories via RSAT or make a pam script and login with the newly created user. I would suggest the second option, since as I discovered when you make your home directories with RSAT you will have getfacl and winbind problems. Well, if you try to use getfacl on a RSAT made directory samba's winbind part dies. 2013-06-01 22:38 keltezéssel, spamv...@googlemail.com írta: hi all, ive setup Samba4 as DC on Ubuntu Server LTS and have two problems right now: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Ive added to [netlogon] preexec = echo %u is in %G /tmp/netlogon to see if netlogon is executed, and its not. Client PC is a new installed Windows 7 Pro. And Ive added \\SMB4SRV\netlogon\userf00.bat via M$ AD Tools to the User. Roaming Prifiles are also enabled and working. 2) homes smb.conf [homes] comment = Home Directories path = /home/HOME/%S valid users = %S read only = No browseable = Yes Home directorys are not created. Im happy with every hint to the right direction Hans -- Kind regards: Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL
[Samba] %S Macro seems broken in default service
I am having trouble with the %S Macro being expanded to an unexpected value. We have a section of disk where each directory under that directory is to be it's own share. This looks like: /export/ /export/share1 /export/share2 . . /export/shareN Rather than listing each share uniquely in the smb.conf, we put this in the global section: default service = export along with all of our defaults and settings. Then we have the export service the default service refers to: [export] path = /export/%S writeable = yes browseable = no On previous samba versions (3.4.7 is one that I checked), it works fine. Now on 4.0.5 and 4.0.6 on Fedora 18, it no longer works. Before -- if a user asked for \\server\share1, %S would be set to share1 and Samba would look for /export/share1. Now, it appears that %S contains export since the logs give errors that it cannot find the path /export/export. It's almost like the requested service is being changed to export (like you would want default service to do), but the name that the user supplied is also being overwritten, so that I can't see what share the user wanted. Does anyone know if this is intentional, or a bug? I don't see any references to others having the problem, so I'm wondering if I've missed something in the transition to 4.0 that needs to be done. Note that IF I list each share in the smb.conf file as [share1] path = /export/share1 writeable = yes browsable = no then everything works fine, so I think it's just the macro expansion that is giving me fits. Thanks for any help, -Ty -- -===- Ty Boyack NREL Senior IT Engineer ty.boy...@colostate.edu (970) 491-1186 -===- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.0.6 Ubuntu Package Available
Hello everyone- Just a quick little blurb to anyone interested: I've spend some time packaging Samba4 for Ubuntu 12.04 and I believe it is finally ready. A couple of notes about the package: - it is compiled from the 4.0.6 tarball available from Samba - it has packages for amd64 and i386* class machines - it requires various other non-stable class packages - it uses the file system hierarchy - BIND9_DLZ as a dns-backend has issues with replication between DCs due to a TKEY error that I have not figured out* * - it contains 2 totally unofficial, handcrafted patches -- very briefly one fixed an issue with environment variable substitution and the the other adds some flexibility to samba_dnsupdate to skip IP addresses If anyone wants to give it a try, all the necessary packages are available from here: ppa:xespackages/samba4 Though if you are not going to use bind, you can omit the bind9-upstart package. I'm going to be testing with it before it goes live at my place; however, any feedback -- either on the package itself or on the functionality of the resulting Samba install -- is greatly appreciated. A huge shout-out to the Samba Team for developing this software . A personal shout-out to Jelmer for his help in packaging matters . Have a good one, Mike Ray *I've only tested amd64 versions **these issues were also present for me in the source tarball so I am unsure as to whether or not this is a package issue or a Samba bug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] %S Macro seems broken in default service
On Fri, 2013-06-07 at 14:37 -0600, Ty! Boyack wrote: Does anyone know if this is intentional, or a bug? I don't see any references to others having the problem, so I'm wondering if I've missed something in the transition to 4.0 that needs to be done. It's a bit of both. See https://bugzilla.samba.org/show_bug.cgi?id=8935 That is, it wasn't anticipated that folks would use %S in this way, and the change avoids clients being able to consume memory as we re-interpret the service for each incoming name. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
On Fri, 2013-06-07 at 16:10 -0500, Mike Ray wrote: Hello everyone- Just a quick little blurb to anyone interested: I've spend some time packaging Samba4 for Ubuntu 12.04 and I believe it is finally ready. A couple of notes about the package: - it is compiled from the 4.0.6 tarball available from Samba - it has packages for amd64 and i386* class machines - it requires various other non-stable class packages - it uses the file system hierarchy - BIND9_DLZ as a dns-backend has issues with replication between DCs due to a TKEY error that I have not figured out* * - it contains 2 totally unofficial, handcrafted patches -- very briefly one fixed an issue with environment variable substitution and the the other adds some flexibility to samba_dnsupdate to skip IP addresses If anyone wants to give it a try, all the necessary packages are available from here: ppa:xespackages/samba4 Though if you are not going to use bind, you can omit the bind9-upstart package. I'm going to be testing with it before it goes live at my place; however, any feedback -- either on the package itself or on the functionality of the resulting Samba install -- is greatly appreciated. A huge shout-out to the Samba Team for developing this software . A personal shout-out to Jelmer for his help in packaging matters . Just wondering, are you basing it around the Debian experimental packages I've been working with the debian packaging team on? http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=shortlog;h=refs/heads/samba_4.0 git://anonscm.debian.org/pkg-samba/samba.git (The reason I ask is that we need help finishing the work, and I'm trying to avoid double-work and get a finished package ready for everyone). Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon homes with Samba4 DC
On Mon, 2013-06-03 at 08:33 +0200, Daniel Müller wrote: It is not homes anymore within samba4 it calls home. Huh? We haven't (intentionally) changed anything of the sort. What may have changed is practices around ADUC creating home directories, which won't work if you use the magic [homes] (because you can't make the home directory for the share to link to). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with AD users and groups
Hello Marcelo, Am 07.06.2013 03:30, schrieb Marcelo Ruriani: Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Can you run # samba_dnsupdate --verbose|grep Failed nsupdate Entries that aren't found, can't be updated by that command, but let you know which are missing, like the SRV for _ldap._tcp.samdom.example.com: # samba_dnsupdate --verbose|grep Failed nsupdate Failed nsupdate: SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 : [Errno 2] No such file or directory Then add the missing entries manually again: # samba-tool dns add localhost samdom.example.com _ldap._tcp.samdom.example.com SRV dc1.samdom.example.com 389 0 100 Here's my test environment zone. There you can see the values for the SRV records you have to re-add. http://cpaste.org/1914/ ! Create a backup of your samba directory before you do that ! After you have added the records, they should be resolvable again, of course. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] %S Macro seems broken in default service
That's great info -- thanks. I will start following that bug report with great interest. I can see where the issue is and how this could be a serious problem. It will be good to see how it is fixed. One suggestion that I'll make both here and over there (I don't know if you have any pull on this), is that this feature is documented in the 4.0 man pages. In smb.conf(5) it says: Also note that the apparent service name will be changed to equal that of the requested service, this is very useful as it allows you to use macros like %S to make a wildcard service. I'd like to see the feature available again (maybe with an understanding of risk that it can entail), but if not then that description should probably be struck from the documentation. Thanks for the spot-on tip of where the bug is and the issues surrounding it! -Ty! On 06/07/2013 04:02 PM, Andrew Bartlett wrote: On Fri, 2013-06-07 at 14:37 -0600, Ty! Boyack wrote: Does anyone know if this is intentional, or a bug? I don't see any references to others having the problem, so I'm wondering if I've missed something in the transition to 4.0 that needs to be done. It's a bit of both. See https://bugzilla.samba.org/show_bug.cgi?id=8935 That is, it wasn't anticipated that folks would use %S in this way, and the change avoids clients being able to consume memory as we re-interpret the service for each incoming name. Andrew Bartlett -- -===- Ty Boyack NREL Senior IT Engineer ty.boy...@colostate.edu (970) 491-1186 -===- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
On Fri, 2013-06-07 at 17:44 -0500, Andrew Martin wrote: - Original Message - From: Andrew Bartlett abart...@samba.org To: Mike Ray m...@xes-inc.com Cc: samba@lists.samba.org Sent: Friday, June 7, 2013 5:07:12 PM Subject: Re: [Samba] Samba 4.0.6 Ubuntu Package Available On Fri, 2013-06-07 at 16:10 -0500, Mike Ray wrote: Hello everyone- Just a quick little blurb to anyone interested: I've spend some time packaging Samba4 for Ubuntu 12.04 and I believe it is finally ready. A couple of notes about the package: - it is compiled from the 4.0.6 tarball available from Samba - it has packages for amd64 and i386* class machines - it requires various other non-stable class packages - it uses the file system hierarchy - BIND9_DLZ as a dns-backend has issues with replication between DCs due to a TKEY error that I have not figured out* * - it contains 2 totally unofficial, handcrafted patches -- very briefly one fixed an issue with environment variable substitution and the the other adds some flexibility to samba_dnsupdate to skip IP addresses If anyone wants to give it a try, all the necessary packages are available from here: ppa:xespackages/samba4 Though if you are not going to use bind, you can omit the bind9-upstart package. I'm going to be testing with it before it goes live at my place; however, any feedback -- either on the package itself or on the functionality of the resulting Samba install -- is greatly appreciated. A huge shout-out to the Samba Team for developing this software . A personal shout-out to Jelmer for his help in packaging matters . Just wondering, are you basing it around the Debian experimental packages I've been working with the debian packaging team on? http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=shortlog;h=refs/heads/samba_4.0 git://anonscm.debian.org/pkg-samba/samba.git (The reason I ask is that we need help finishing the work, and I'm trying to avoid double-work and get a finished package ready for everyone). Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Andrew, We (Mike Ray and I) started with the samba4_4.0.3+dfsg1-0.1.debian.tar.gz from Debian Experimental here (probably more outdated than the git repo you linked): http://packages.debian.org/experimental/samba4 We then updated debian/rules - removing things that appeared to no longer be necessary and working to get the package to build, install, and run successfully. Yes, there has been significant work since then. I'm sorry to hear you have had to duplicate that. Your assistance with the new package for jesse would be most valuable. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Certificates stop working after password change
On Thu, 2013-06-06 at 20:41 +, Joaquin Cabrera wrote: Hi, We found the following problem when working with personal certificates. We have a system in java using certificates at the time of signing, the certificates stop working when the user performs a password change. Customers are connected to the domain Samba4, mainly are pc with windows 7 or vista. This error does not happen with certificates if the equipment is in a workgroup. We also found that if the user change back to the previous password can sign correctly. Reinstall Cetificates whenever the user changes their password is not an option, because we want to implement a policy requiring change passwords every three months. The samba versión is 4.0.3 That is very odd. X.509 certificates presented to our KDC for PK-INIT are not checked against a password in any way - it is entirely up to the validity of the certificate. Can you show the error shown on the KDC when the certificate is rejected? Or are you referring to some other certificate system? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
- Original Message - From: Andrew Bartlett abart...@samba.org To: Mike Ray m...@xes-inc.com Cc: samba@lists.samba.org Sent: Friday, June 7, 2013 5:07:12 PM Subject: Re: [Samba] Samba 4.0.6 Ubuntu Package Available On Fri, 2013-06-07 at 16:10 -0500, Mike Ray wrote: Hello everyone- Just a quick little blurb to anyone interested: I've spend some time packaging Samba4 for Ubuntu 12.04 and I believe it is finally ready. A couple of notes about the package: - it is compiled from the 4.0.6 tarball available from Samba - it has packages for amd64 and i386* class machines - it requires various other non-stable class packages - it uses the file system hierarchy - BIND9_DLZ as a dns-backend has issues with replication between DCs due to a TKEY error that I have not figured out* * - it contains 2 totally unofficial, handcrafted patches -- very briefly one fixed an issue with environment variable substitution and the the other adds some flexibility to samba_dnsupdate to skip IP addresses If anyone wants to give it a try, all the necessary packages are available from here: ppa:xespackages/samba4 Though if you are not going to use bind, you can omit the bind9-upstart package. I'm going to be testing with it before it goes live at my place; however, any feedback -- either on the package itself or on the functionality of the resulting Samba install -- is greatly appreciated. A huge shout-out to the Samba Team for developing this software . A personal shout-out to Jelmer for his help in packaging matters . Just wondering, are you basing it around the Debian experimental packages I've been working with the debian packaging team on? http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=shortlog;h=refs/heads/samba_4.0 git://anonscm.debian.org/pkg-samba/samba.git (The reason I ask is that we need help finishing the work, and I'm trying to avoid double-work and get a finished package ready for everyone). Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Andrew, We (Mike Ray and I) started with the samba4_4.0.3+dfsg1-0.1.debian.tar.gz from Debian Experimental here (probably more outdated than the git repo you linked): http://packages.debian.org/experimental/samba4 We then updated debian/rules - removing things that appeared to no longer be necessary and working to get the package to build, install, and run successfully. Thanks, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 update - login issues
On Wed, 2013-06-05 at 23:49 -0500, Kristofer Pettijohn wrote: I updated all 14 of our Domain Controllers to 4.0.6, and now I am having random authentication issues. What version did you upgrade from? Our radius server uses ntlm_auth to authenticate users. Every morning at 3AM since the update, ntlm_auth fails to authenticate. If I restart Samba 4 on the domain controller that the radius server connects to, then authentication works again. In addition, I am running Samba 3.5.10-125.el6 with winbind on all of our file servers. Users randomly become unable to authenticate and connect to file shares. If I restart Samba 4 on the domain controller closest to the file server, they are able to authenticate again. Simply restarting winbind doesn't resolve it. I need to restart the samba daemons on the domain controller. What might be causing this? I would need logs and network traces to investigate this further. Could it be a kerberos ticket expiring? Does it still happen if you upgrade a test member server to 3.6 or 4.0 (so we can narrow down the issue)? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-06-07-1341/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-06-07-1341/samba3.stderr http://git.samba.org/autobuild.flakey/2013-06-07-1341/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-06-07-1341/samba.stderr http://git.samba.org/autobuild.flakey/2013-06-07-1341/samba.stdout The top commit at the time of the failure was: commit 56055f788cd9cec0256e79d0db0b53885d7a18b0 Author: Volker Lendecke v...@samba.org Date: Tue Jun 4 12:29:32 2013 +0200 Revert dbwrap: dbwrap_fetch_locked_timeout(). This reverts commit f6eb187fdab6b8088bb065e418fe604c4eba7751. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Rusty Russell ru...@rustcorp.com.au Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Thu Jun 6 14:26:26 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3cd640d tdb: Fix typos. via d273bdf Add repack command to tdbtool documentation. from 56055f7 Revert dbwrap: dbwrap_fetch_locked_timeout(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3cd640dc5dee24b244f13c17b80675000d39c8ce Author: Ralph Wuerthner ralph.wuerth...@de.ibm.com Date: Thu Jul 12 11:18:46 2012 +0200 tdb: Fix typos. Reviewed-by: Christian Ambach a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Fri Jun 7 15:18:47 CEST 2013 on sn-devel-104 commit d273bdf18c7693792d395f3ad89a128941d15cf0 Author: Ralph Wuerthner ralph.wuerth...@de.ibm.com Date: Thu Jul 12 11:08:04 2012 +0200 Add repack command to tdbtool documentation. The original commit 'Add repack command to tdbtool.' only added the documentation to docs-xml/manpages-3/tdbtool.8.xml and forgot about lib/tdb/manpages/tdbtool.8.xml . Reviewed-by: Christian Ambach a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org --- Summary of changes: lib/tdb/man/tdbbackup.8.xml |4 ++-- lib/tdb/man/tdbtool.8.xml | 10 +- 2 files changed, 11 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tdb/man/tdbbackup.8.xml b/lib/tdb/man/tdbbackup.8.xml index c15cc14..f24202e 100644 --- a/lib/tdb/man/tdbbackup.8.xml +++ b/lib/tdb/man/tdbbackup.8.xml @@ -54,7 +54,7 @@ varlistentry term-s suffix/term listitempara - The command-s/command option allows the adminisistrator to specify a file + The command-s/command option allows the administrator to specify a file backup extension. This way it is possible to keep a history of tdb backup files by using a new suffix for each backup. /para /listitem @@ -63,7 +63,7 @@ varlistentry term-v/term listitempara - The command-v/command will check the database for damages (currupt data) + The command-v/command will check the database for damages (corrupt data) which if detected causes the backup to be restored. /para/listitem /varlistentry diff --git a/lib/tdb/man/tdbtool.8.xml b/lib/tdb/man/tdbtool.8.xml index bc5c001..ddca04c 100644 --- a/lib/tdb/man/tdbtool.8.xml +++ b/lib/tdb/man/tdbtool.8.xml @@ -201,6 +201,14 @@ varlistentry term + optionrepack/option + /term + listitemparaRepack a database using a temporary file to remove fragmentation. + /para/listitem + /varlistentry + + varlistentry + term optionquit/option /term listitemparaExit commandtdbtool/command. @@ -220,7 +228,7 @@ refsect1 titleVERSION/title - paraThis man page is correct for version 3.0.25 of the Samba suite./para + paraThis man page is correct for version 3.6 of the Samba suite./para /refsect1 refsect1 -- Samba Shared Repository