Re: [Samba] problem over vpn
Using openvpn in bridge mode and you are up and running! No cisco would serve the same job. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von David González Herrera - [DGHVoIP] Gesendet: Dienstag, 25. Juni 2013 17:23 An: Roberto Scattini Cc: samba@lists.samba.org Betreff: Re: [Samba] problem over vpn On 6/25/2013 10:12 AM, Roberto Scattini wrote: hi david, On Tue, Jun 25, 2013 at 12:06 PM, David González Herrera - [DGHVoIP] i...@dghvoip.com wrote: On 6/25/2013 9:58 AM, Roberto Scattini wrote: hi all, i have a Samba version 3.2.5 server running in a debian 5.0.8 (a little old, i know...). the network setup is: -one local office using samba -one remote office (we call it cberg) using samba remotely over a vpn (linksys-cisco) Here's you problem don't use cisco. -another remote office (we call it colon) using samba remotely over a vpn (linksys-cisco) Another problem ok, that's beyond my possibilities... :-( No problem that was just a practical joke, just make sure that the interfaces samba listens on do include your VPN interface if you're using routing on the VPN and that port forward is properly configured and the router advertises the VPN routes to client computers. I would recommend using wireshark to capture the packets and verify proper routing, also make sure that samba is starting after the VPN link is up so it's listening on the proper interface. i do have the traffic capture on both ends, where i can upload them? Well, I wouldn't know what to do with the capture because I'm no expert reading that but there's lots of gurus here so they might guide you further. Cheers. thanks -- David Gonzalez DGHVoIP USA: MOBILE: +1.646.559.6200 COL: +57.1.382.6718 COL: +57.4.247.0985 URL: www.dghvoip.com Skype: davidgonzalezh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] script on user add
Hi all! How to set up execution of my script on user adding in AD Samba 4? -- С уважением, Фомкин Владимир Андреевич ICQ:220967838 Skype:vladimir.fomkin http://vaf.net.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Interesting slow Samba read and write problem - GnuCash
Interesting, but now reached the stage where I have to resolve it! Many things have been checked and experimented with but nothing really has provided the right answer. The high points! - Two Samba servers joined with an OpenVPN link over Internet. Worst case bandwidth about 384Kbps. - A WXP client on one of the servers LANs trying to access data on the server at the other end of the link - The data is a compressed GnuCash XML file around 180KB - Reading or writing this data file (from within the app) takes around 3-5 minutes. (There are some extra things that GnuCash does of course) - If instead of a GnuCash data file I try to read or write an Excel data (220KB) file it takes maybe 10 seconds. Large file movements (hundreds of MB even) work fine. - If I mount the remote server share as NFS on the local server (with sync/intr, tcp and udp etc) and access that as as local share, the GnuCash read time is maybe 10 seconds, but the write time is about 30 seconds. (I didn't try to tune this. No doubt that could be a viable workaround, but I only did it to prove GnuCash was okay. GnuCash speed for r/w data on its the local server is fine) - There does seem to be some kind of resolution delay before a file movement starts. I am thinking that GnuCash actually reads and writes in chunks that have some form of resolver time-out between each. And; - Debian GNU/Linux 6.0.5 (squeeze) Samba 3.56 - The Samba servers are separate domains, trusted with each other - WINS is running on the remote end server - Using tdbasm and idmap_tdb on both ends. The Linux UID/GID's are exactly the same, but of course the winbind ones aren't. - Resolved an OpenVPN fragmentation issue - Both sites run bind and master/slave with each other - Relevant bits of nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files dns (use to also have wins) networks: files - bind resolution/speed is fine. Tried pretty well all involved IP addresses, and short/fqdn hostnames. - There does seem to be a delay doing idmap/winbind resolution on the affected files, but worst case that's maybe a second. - name resolve order = wins bcast Like I said have tried lots of things. I am hoping someone will have experienced this before and be able to point to the solution quickly. If however anyone would like smb.conf or logs to review please ask! Cheers Bob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file server or member server?
Hi everyone What's the difference between a file server and a member server? I have a 4.0.6 DC which is a file server for sysvol. I also have a 4.0.6 file server for the other folders which go out to the clients. Do I have a member server? Or is a member server one upon which all files are served from the DC? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD and mail auth
Thank you Davor I will try this solution. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] Am 2013-06-29 08:26, schrieb Davor Vusir: Hi Carsten! Check out this how-to: http://www.iredmail.org/wiki/index.php?title=Integration/Active.Directory.iRedMail [1] Works like a charm! Regards Davor -- From: Carsten Laun-De Lellis carsten.delel...@delellis.net Sent: Friday, June 28, 2013 6:49 PM To: Achim Gottinger ac...@ag-web.biz Cc: samba@lists.samba.org Subject: Re: [Samba] Samba4 AD and mail auth Hi Achim Don't wanna bothering you, but I still got error Messages. Jun 28 15:09:57 rv1325 dovecot: auth: Debug: auth client connected (pid=2157) Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client in: AUTH#0111#011NTLM#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432 Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client passdb out: CONT#0111#011 Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client in: CONT#0111#011TlRMTVNTUAABB4IIogAGAvAjDw== (previous base64 data may contain sensitive data) Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client passdb out: CONT#0111#011TlRMTVNTUAACDAAMADAFAooAzlGLZuaYgz0AABQAFAA8cgB2ADEAMwAyADUAAwAMAHIAdgAxADMAMgA1AAA= Jun 28 15:09:58 rv1325 dovecot: auth: Debug: client in: CONT#0111#011TlRMTVNTUAADGAAYAHYAAADAAMAAjgBYEAAQAFgOAA4AaABOAQAABQKIAgYC8CMP6HRQNL0+o3yODw5hHqFFvHQAZQBzAHQAdQBzAGUAcgBXADAAMAAwADAAMAA1ABnluuxW4N/hRueL6TyYm30BAQAAAB2Yjc4AdM4B6LKt7eH6AGUAAwAMAHIAdgAxADMAMgA1AAgAMAAwAAEAIAAABJBPeBFKFDBXIh0KoOgHioqV/yHKS7i3O2lbwelRVv4KABkAMABpAG0AYQBwAC8AcgB2ADEAMwAyADUALgBkAGUAbABlAGwAbABpAHMALgBuAGUAdA== (previous base64 data may contain sensitive data) Jun 28 15:09:58 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,KkN8mDbgGABUmsab): passdb doesn't support credential lookups Jun 28 15:09:58 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,KkN8mDbgGABUmsab): passdb doesn't support credential lookups Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0111#011user=testuser Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client in: AUTH#0112#011DIGEST-MD5#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432 Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client passdb out: CONT#0112#011cmVhbG09IiIsbm9uY2U9Ii9nZndwbWd1TTlDMlVkekhZRld0R0E9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client in: CONT#0112#011dXNlcm5hbWU9InRlc3R1c2VyIixyZWFsbT0iIixub25jZT0iL2dmd3BtZ3VNOUMyVWR6SFlGV3RHQT09IixkaWdlc3QtdXJpPSJpbWFwL3J2MTMyNS5kZWxlbGxpcy5uZXQiLGNub25jZT0iMjQ0NTRjZjAxNjVmOTE3YmVjMTJhMjk5OTc1ZGQ0MTYiLG5jPTAwMDAwMDAxLHJlc3BvbnNlPWVjZWI4MjJhZDFiZWY4NjU1OTYzMTk0YzhlZDQ0NmYxLHFvcD1hdXRoLGNoYXJzZXQ9dXRmLTg= (previous base64 data may contain sensitive data) Jun 28 15:10:04 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,KkN8mDbgGABUmsab): passdb doesn't support credential lookups Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=testuser Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client in: AUTH#0113#011PLAIN#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432#011resp=AHRlc3R1c2VyAHRlc3R1c2Vy (previous base64 data may contain sensitive data) My auth.conf file Looks like: hosts = localhost auth_bind = yes auth_bind_userdn = sAMAccountName=%u,cn=Users,dc=delellis,dc=net base = cn=Users,dc=delellis,dc=net ldap_version = 3 pass_filter = ((objectClass=user)(sAMAccoutName=%u)(mail=*)) And I have no idea why it doesn't work. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2][2] Am 2013-06-28 14:04, schrieb Achim Gottinger: Am 28.06.2013 13:55, schrieb Carsten Laun-De Lellis: Hi Achim Thankx a lot. I will try. Have a nice Weekend. NP take a look at this http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [3] [1] --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] [2] Am 2013-06-28 13:35, schrieb Achim Gottinger: Am 28.06.2013 13:24, schrieb Carsten Laun-De Lellis: Hi Achim First of all thankx for your
[Samba] What is the difference between lock dir , state dir and cache dir in samba 4
Hi all? The question is in the subject. I need to know what is the difference betwen theses three directory ? What directory contain persistand tdb, what direcorty will contain sysvol data and what directory for tempoary file and tdb. regards Stéphane Purnellle --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What is the difference between lock dir , state dir and cache dir in samba 4
On 2013-07-01 at 13:34 +0200 Stéphane PURNELLE sent off: The question is in the subject. I need to know what is the difference betwen theses three directory ? What directory contain persistand tdb, what direcorty will contain sysvol data and what directory for tempoary file and tdb. have a look at http://www.pathname.com/fhs/pub/fhs-2.3.html to find out about the different purposes of the paths like /var/{lib,lock,cache,run}. Samba 4 puts the TDBs at the apropiate location if you or your package provider used configure with --enable-fhs. Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On a very general level , a member server is joined to the domain so that it can use the domain accounts.A member server is typically a file server but does not have to be (you could be using it as a web server, or application server or even a workstation.) A domain controller can be a file server, although in many cases a domain controller will only provide authentication and logon functions.It does need to have file shares to provide access to to the logon scripts and profile directories used by Windows clients but that doesn't really make a a file server. A server that is not a member server or a domain controller is considered to be a standalone server.These concepts apply to Windows/Samba domains whether you are running domains based on Samba 3, Samba 4, Windows 200x or Windows NT. On 07/01/13 04:27, steve wrote: Hi everyone What's the difference between a file server and a member server? I have a 4.0.6 DC which is a file server for sysvol. I also have a 4.0.6 file server for the other folders which go out to the clients. Do I have a member server? Or is a member server one upon which all files are served from the DC? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 09:59 -0400, Gaiseric Vandal wrote: [SNIP] A domain controller can be a file server, although in many cases a domain controller will only provide authentication and logon functions.It does need to have file shares to provide access to to the logon scripts and profile directories used by Windows clients but that doesn't really make a a file server. The profile directories can be located on a server other than a domain controller. This is true for both NT4 style PDC/BDC and Active Directory servers. If you have a lot of users in your domain this is highly desirable. As the profile location is a setting in the directory, you can even have different users profiles on different servers which allows you to shard the profiles if you have a really large number of users. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win8 account sees its home share, but does not have permissions to access
Mark, First verify that the posix permissions are good for your home directory: ls -lA /home/mark If those are good, then I would try removing the hosts allow parameter in [global]. If that doesn't work, checking the Samba logs is always a good idea. Dale On 06/28/2013 6:03 PM, Mark Galeck wrote: Hello, I am a beginner to Samba and I RTFMd carefully but cannot get started. I want to access my user account mark home directory on Linux, with the same account name on Windows 8. The user mark has the same password on Linux and Windows 8. In addition I did this on Linux smbpasswd -a mark and gave the same password. Following the manuals on samba website I edited the samba configuration smb.conf file so: [global] hosts allow = ALL client signing = no # log files split per-machine: log file = /var/log/samba/log.%m # maximum size of 50KB per log file, then rotate: max log size = 50 security = user [homes] valid users = %S read only = No and successfully started the samba service. I can then see mark share on that Linux machine from Windows, I can map it to a drive letter in Windows Explorer, and I also see this: [root@v64-sw-dev003-mark /]# smbstatus Samba version 3.6.12-1.fc17 PID Username Group Machine --- 14678 mark mark mark-pc (192.168.221.76) Service pid machine Connected at --- mark 14678 mark-pc Fri Jun 28 15:56:39 2013 No locked files This all looks very good to me, as Samba server sees my client with the correct username, Windows machine name and IP address. YET, when I actually try to double-click on the share in the Windows Explorer, I get an error dialog: Windows cannot access \\192.168.221.32\mark You do not have permission to access \\192.168.221.32\mark\. Contact your network administrator to request access. 192.168.221.32 is the Linux machine address. Please, what am I doing wrong?? Thank you, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 17:04 +0100, Jonathan Buzzard wrote: On Mon, 2013-07-01 at 09:59 -0400, Gaiseric Vandal wrote: [SNIP] A domain controller can be a file server, although in many cases a domain controller will only provide authentication and logon functions.It does need to have file shares to provide access to to the logon scripts and profile directories used by Windows clients but that doesn't really make a a file server. The profile directories can be located on a server other than a domain controller. Hi Our profile directories are stored on what I call our file server. Does that make it a member server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
I don't think it necessarily makes it a member a member server BUT if it isn't a member server it is going to be pretty useless for serving profiles. I have not worked with Samba4 myself- I have worked with Samba 3 (and Windows 200x AD , and NT4) so you may want to review the samba 4 specific docn fir basic config. In samba 3 a quick review of the smb.conf file (or the output of testparm -v will reveal the type of setup. Did you inherit these machines from someone else? On 07/01/13 14:18, steve wrote: On Mon, 2013-07-01 at 17:04 +0100, Jonathan Buzzard wrote: On Mon, 2013-07-01 at 09:59 -0400, Gaiseric Vandal wrote: [SNIP] A domain controller can be a file server, although in many cases a domain controller will only provide authentication and logon functions.It does need to have file shares to provide access to to the logon scripts and profile directories used by Windows clients but that doesn't really make a a file server. The profile directories can be located on a server other than a domain controller. Hi Our profile directories are stored on what I call our file server. Does that make it a member server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 14:35 -0400, Gaiseric Vandal wrote: I don't think it necessarily makes it a member a member server BUT if it isn't a member server it is going to be pretty useless for serving profiles. Ok, so if a samba 4 box can serve profiles, then it is called a member server, whether that be the DC or a separate 'file server'??? I have not worked with Samba4 myself- I have worked with Samba 3 (and Windows 200x AD , and NT4) so you may want to review the samba 4 specific docn fir basic config. In samba 3 a quick review of the smb.conf file (or the output of testparm -v will reveal the type of setup. Did you inherit these machines from someone else? Yes. We take stand alone machines and network them by adding a DC and what we call a file server. What I'd like to know is why some guys here call what seems to be what we call a file server, a member server. I feel we're missing out on something. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS replication with samba4
Hi Marc, Thanks a lot, it was my mistake, I had not set correct permission on bdc for bind. I test with BIND and samba4 internal DNS, both works just fine without any issue. On Tue, Jun 25, 2013 at 8:21 AM, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Remy, Am 19.06.2013 08:17, schrieb Mario Almeida: I have 2 samba4 DC as pdc and bdc. How to replicate DNS changes from pdc to bdc? Is it something that I have to do with bind DNS or something samba4 will take care? https://wiki.samba.org/index.php/Samba4/FAQ#How_do_I_get_DNS_failover_in_a_Multi-DC_environment.3F Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] string_to_sid: SID username is not in a valid format
I'm not quite sure why this is happening, I used to be able to connect perfectly fine to my share. Then I updated and rebooted and now I'm greeted with this message, and a login prompt where my credentials are never accepted. [http] comment = HTTPD Server path = /srv/http writable = no public = no browsable = no valid users = frostyfrog write list = frostyfrog force user = http force group = http # smbd -i -d3 snip get_referred_path: |http| in dfs path \X.X.X.X\http is not a dfs root. Allowed connection from X.X.X.X (X.X.X.X) string_to_sid: SID frostyfrog is not in a valid format Forcing Primary Group to 'Domain Users' for frostyfrog Forcing Primary Group to 'Domain Users' for http Forced user http Forced group http Connect path is '/srv/http' for service [http] string_to_sid: SID frostyfrog is not in a valid format Forcing Primary Group to 'Domain Users' for frostyfrog -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] R2 2008 Windows Domain Contoller VS Samba
Hi, We are using samba version 3.0.28 on Sun solaris 5.10 integrated with Windows 2003 Domain Controller. It has been running for couple of years without any issues. Recently the 2003 domain controllers are upgraded to 2008 R2 domain Controllers and the samba server that we currently have is not authenticating With the new domain controllers. Could you please let me know which version of Samba works for the 2008 R2 domain controller on Sun solaris 5.10. Thank you in advance. Thank you, Rama. /preThis message is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law. If you are not the intended recipient(s), you are notified that the dissemination, distribution, or copying of this message is strictly prohibited. If you receive this message in error or are not the named recipient(s), please notify the sender by return email and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On 01/07/13 19:56, steve wrote: [SNIP] Yes. We take stand alone machines and network them by adding a DC and what we call a file server. What I'd like to know is why some guys here call what seems to be what we call a file server, a member server. I feel we're missing out on something. In both NT4 style and AD domains you have servers called domain servers that serve identification information and provide authentication services. These servers may also do other things such as serve files, but it is the identification and authentication services that make them domain servers. Any server providing identification and authentication services is a domain server regardless of anything else it does. You can then have other servers, such as file servers, print servers, web servers etc. that are joined to the domain, and thus you can use your domain credentials to authenticate to these servers, in the case of an AD domain using the Kerberos ticket you got when you logged onto your workstation. However crucially they don't provide identification or authentication services. These servers are called member servers. With larger domains it makes sense to separate out your file and print servers from your domain servers, so that the domain servers are effectively only providing the identification and authentication services and your file and print services are handed off to dedicated machines for the task. There is no way a domain server is going to cope at a large University for example with tens of thousands of users. This however is very basic Windows domain terminology/knowledge which I would expect anyone offering advice on Samba to fully understand first. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
Good explanation. Better than mine. I tend to think of the roaming profiles as part of the logon experience, since they sync with your computer when you logon. Actually, I found roaming profiles to be more trouble than they were worth so I don't use them anyway. On 07/01/13 17:36, Jonathan Buzzard wrote: On 01/07/13 19:56, steve wrote: [SNIP] Yes. We take stand alone machines and network them by adding a DC and what we call a file server. What I'd like to know is why some guys here call what seems to be what we call a file server, a member server. I feel we're missing out on something. In both NT4 style and AD domains you have servers called domain servers that serve identification information and provide authentication services. These servers may also do other things such as serve files, but it is the identification and authentication services that make them domain servers. Any server providing identification and authentication services is a domain server regardless of anything else it does. You can then have other servers, such as file servers, print servers, web servers etc. that are joined to the domain, and thus you can use your domain credentials to authenticate to these servers, in the case of an AD domain using the Kerberos ticket you got when you logged onto your workstation. However crucially they don't provide identification or authentication services. These servers are called member servers. With larger domains it makes sense to separate out your file and print servers from your domain servers, so that the domain servers are effectively only providing the identification and authentication services and your file and print services are handed off to dedicated machines for the task. There is no way a domain server is going to cope at a large University for example with tens of thousands of users. This however is very basic Windows domain terminology/knowledge which I would expect anyone offering advice on Samba to fully understand first. JAB. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 22:36 +0100, Jonathan Buzzard wrote: Thanks for the input. But. . . In both NT4 style and AD domains you have servers called domain servers . . .now you've introduced yet another term. What's a domain server? I could make a guess and I'm almost certain it would be correct. But would I? Can anyone simply give a plain English definition on any of these in a samba context: - file server - member server and now - domain server I know that language evolves, but having to move the goalposts so often depending on what post you read is a nightmare for non native English speakers. It would help enormously over here, if we all stuck to calling a spade a spade. Thanks for reading, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
Steve, in simplest terms, a member server is just that, a member of the domain serving something (print services, file services, etc). A file server is generally part of either a member server, or it can be part of the domain server, its simply the part of the server that is handling how the files are transferred. A domain server would be either a PDC or AD DC, something that handles authentication, in some environments, you will find a NT4 style PDC (Primary Domain Controller), in others you will find AD DC's (Active Directory Domain Controllers), and still yet, there will be others that are just simple authentication (simple file servers, mainly used in home networks). With all that said, you can mix and match somewhat, all DC's (Domain Controller, AKA domain server) have the capability of serving files (file server), but a member server MUST be part of the domain as it does not provide authentication, it only checks with a DC to see what parts of the file server it can access. I feel like I am saying what has already been said, so if you could be more specific about what kind of hierarchy you have, I could give you a more specific answer. For the most part, if its serving files and in a domain, but not providing authentication itself, its a 'member server', if its NOT in a domain, but simply serving files to any and all windows clients, its a simple file server, if its in a domain and providing the domain with username/password authentication its a domain server (or domain controller). Hope that helps, Ricky On Mon, Jul 1, 2013 at 5:34 PM, steve st...@steve-ss.com wrote: On Mon, 2013-07-01 at 22:36 +0100, Jonathan Buzzard wrote: Thanks for the input. But. . . In both NT4 style and AD domains you have servers called domain servers . . .now you've introduced yet another term. What's a domain server? I could make a guess and I'm almost certain it would be correct. But would I? Can anyone simply give a plain English definition on any of these in a samba context: - file server - member server and now - domain server I know that language evolves, but having to move the goalposts so often depending on what post you read is a nightmare for non native English speakers. It would help enormously over here, if we all stuck to calling a spade a spade. Thanks for reading, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems building new 3.6.16: getting symbols from local sys AND ../lib/replace
Shouldn't it use one or the other? In file included from ./../nsswitch/winbind_nss_config.h:46:0, from ../nsswitch/libwbclient/libwbclient.h:31, from ../nsswitch/libwbclient/wbc_guid.c:26: ./../lib/replace/system/network.h:134:8: error: redefinition of ‘struct ifaddrs’ struct ifaddrs { ^ In file included from ./../lib/replace/system/network.h:130:0, from ./../nsswitch/winbind_nss_config.h:46, from ../nsswitch/libwbclient/libwbclient.h:31, from ../nsswitch/libwbclient/wbc_guid.c:26: /usr/include/ifaddrs.h:29:8: note: originally defined here struct ifaddrs ^ In file included from ./../nsswitch/winbind_nss_config.h:46:0, from ../nsswitch/libwbclient/libwbclient.h:31, from ../nsswitch/libwbclient/wbc_guid.c:26: ./../lib/replace/system/network.h:147:5: error: conflicting types for ‘rep_getifaddrs’ int rep_getifaddrs(struct ifaddrs **); ^ In file included from ../nsswitch/libwbclient/wbc_guid.c:25:0: ./../lib/replace/replace.h:538:20: note: previous declaration of ‘rep_getifaddrs’ was here #define getifaddrs rep_getifaddrs ^ In file included from ./../nsswitch/winbind_nss_config.h:46:0, from ../nsswitch/libwbclient/libwbclient.h:31, from ../nsswitch/libwbclient/wbc_guid.c:26: ./../lib/replace/system/network.h:151:6: error: conflicting types for ‘rep_freeifaddrs’ void rep_freeifaddrs(struct ifaddrs *); ^ In file included from ../nsswitch/libwbclient/wbc_guid.c:25:0: ./../lib/replace/replace.h:543:21: note: previous declaration of ‘rep_freeifaddrs’ was here #define freeifaddrs rep_freeifaddrs ^ I'm not sure which one is on, in error or which I should turn off? = Also configure claims the default for libaddns: --with-libaddns Build the libaddns shared library (default=no (undefined API)) is no. But I see: make: *** [../lib/addns/error.o] Error 1 make: *** [../lib/addns/dnsmarshall.o] Error 1 That sorta looks like it might be building libaddns...or is that just a coincidence? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble Building RPMS v3.6.16
Michael wrote: Hi, My system: OS: Centos 6.4 Samba: 3.6.16 I'm trying to build the RPMS from the packaging/RHEL directory. After I patched the samba.spec file the build is successful. All packages install without an issue. But when I try to install the SSSD, its dependencies get errors that it conflicts with libtalloc, libtdb and libtevent. from the samba-common. If I try to use the external libraries, I specify --enable-external-libtalloc=yes, --enable-external-libtevent=yes and --enable-external-libtdb= yes in my samba.spec file, I now get the following errors twice, while Processing files: samba-3.6.16-1.x86_64 and RPM build errors: error: File not found: /username/rpmbuild/BUILDROOT/samba-3.6.16-1.x86_64/usr/bin/tdbbackup error: File not found: /username/rpmbuild/BUILDROOT/samba-3.6.16-1.x86_64/usr/bin/tdbtools error: File not found: /username/rpmbuild/BUILDROOT/samba-3.6.16-1.x86_64/usr/bin/tdbdump error: File not found: /username/rpmbuild/BUILDROOT/samba-3.6.16-1.x86_64/usr/bin/tdbrestore I have install the tdb-tools but still get the error. Those look like errors from rpm not finding those files to package. I.e. you told samba not to build them -- it didn't. But you you are using rpm -- did you tell rpm you weren't including them? (i.e. need to be removed from rpmspec file) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Domain Rename
Hi Team, I am using samba 4 Domain in my production environment and everything is working fine but now for some reason I have to rename the domain Can you please help on this, I need to do this asap Waiting for your response……… Many Thanks, Sandeep Kumar *Arbor Financial Systems Ltd* Direct: +91 172 400 6144 Support: +44 (0) 203 070 9650 www.arborfs.com -- www.arborfs.com This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, please notify the author immediately by telephone or by replying to this e-mail, and then delete all copies of the e-mail on your system. If you are not the intended recipient, you must not use, disclose, distribute, copy, print or rely on this e-mail. Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept liability for any damage sustained as a result of software viruses. We would advise that you carry out your own virus checks, especially before opening an attachment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Domain Rename
I'm not sure which distro you are using (I use Archlinux), but these steps should work if you have command line access (press the key surrounded in when there is one, don't type the or the stuff inside): 1. Login to the server 2. type: vim /etc/samba/smb.confenter 3. type: /workgroup =enter (If that doesn't work, try it without the equals) 4. press the arrow keys until it is placed just after the equals 5. type c$ 6. type in what you want the new domain name to be 7. press esc 8. type: :wq 9. restart samba Disclaimer: These steps are not for those who have no idea what they are doing (although it may seem that way), please proceed with caution. ~Frostyfrog From a friendly web page developer. ^.^ On Mon, Jul 1, 2013 at 11:24 PM, Sandeep Kumar sandeep.ku...@arborfs.comwrote: Hi Team, I am using samba 4 Domain in my production environment and everything is working fine but now for some reason I have to rename the domain Can you please help on this, I need to do this asap Waiting for your response……… Many Thanks, Sandeep Kumar *Arbor Financial Systems Ltd* Direct: +91 172 400 6144 Support: +44 (0) 203 070 9650 www.arborfs.com -- www.arborfs.com This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, please notify the author immediately by telephone or by replying to this e-mail, and then delete all copies of the e-mail on your system. If you are not the intended recipient, you must not use, disclose, distribute, copy, print or rely on this e-mail. Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept liability for any damage sustained as a result of software viruses. We would advise that you carry out your own virus checks, especially before opening an attachment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] string_to_sid: SID username is not in a valid format
I'm not quite sure why this is happening, I used to be able to connect perfectly fine to my share. Then I updated and rebooted and now I'm greeted with this message, and a login prompt where my credentials are never accepted. [http] comment = HTTPD Server path = /srv/http writable = no public = no browsable = no valid users = frostyfrog write list = frostyfrog force user = http force group = http # smbd -i -d3 snip get_referred_path: |http| in dfs path \X.X.X.X\http is not a dfs root. Allowed connection from X.X.X.X (X.X.X.X) string_to_sid: SID frostyfrog is not in a valid format Forcing Primary Group to 'Domain Users' for frostyfrog Forcing Primary Group to 'Domain Users' for http Forced user http Forced group http Connect path is '/srv/http' for service [http] string_to_sid: SID frostyfrog is not in a valid format Forcing Primary Group to 'Domain Users' for frostyfrog -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 5c8e5ba VERSION: Bump version number up to 4.0.8... via 5e3a301 VERSION: Disable git snapshots for the 4.0.7 release. from 67a77db WHATSNEW: Add release notes for Samba 4.0.7. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 5c8e5bad4ebe100277c72f1770b3aff4302e1eb3 Author: Karolin Seeger ksee...@samba.org Date: Fri Jun 28 10:54:57 2013 +0200 VERSION: Bump version number up to 4.0.8... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 5e3a3012f3083c40e70f89c1d96ffa6be91aa72a Author: Karolin Seeger ksee...@samba.org Date: Fri Jun 28 10:47:42 2013 +0200 VERSION: Disable git snapshots for the 4.0.7 release. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 0eb98b6..be94a07 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3d20d20 smbtorture: Make cracksname easier to debug by outputing the offered format from 74dd365 Fix a missing parenthesis in the LDAP search request http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3d20d20c4c5a8214e8bfe67a1fee7bc1004201e5 Author: Matthieu Patou m...@matws.net Date: Sun Jun 30 20:40:07 2013 -0700 smbtorture: Make cracksname easier to debug by outputing the offered format Reviewed-By: Jelmer Vernooij jel...@samba.org Signed-off-by: Matthieu Patou m...@matws.net Autobuild-User(master): Matthieu Patou m...@samba.org Autobuild-Date(master): Mon Jul 1 11:22:57 CEST 2013 on sn-devel-104 --- Summary of changes: source4/torture/rpc/drsuapi_cracknames.c | 67 ++ 1 files changed, 49 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/drsuapi_cracknames.c b/source4/torture/rpc/drsuapi_cracknames.c index f71910a..465f6db 100644 --- a/source4/torture/rpc/drsuapi_cracknames.c +++ b/source4/torture/rpc/drsuapi_cracknames.c @@ -87,6 +87,11 @@ static bool test_DsCrackNamesMatrix(struct torture_context *tctx, r.in.req-req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; r.in.req-req1.format_desired = formats[i]; names[0].str = dn; + torture_comment(tctx, Testing DsCrackNames (matrix prep) with name '%s' + offered format: %d desired format:%d\n, + names[0].str, + r.in.req-req1.format_offered, + r.in.req-req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p-binding_handle, mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); @@ -273,8 +278,11 @@ bool test_DsCrackNames(struct torture_context *tctx, names[0].str = dom_sid; - torture_comment(tctx, Testing DsCrackNames with name '%s' desired format:%d\n, - names[0].str, r.in.req-req1.format_desired); + torture_comment(tctx, Testing DsCrackNames with name '%s' + offered format: %d desired format:%d\n, + names[0].str, + r.in.req-req1.format_offered, + r.in.req-req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p-binding_handle, mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { @@ -295,8 +303,11 @@ bool test_DsCrackNames(struct torture_context *tctx, r.in.req-req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID; - torture_comment(tctx, Testing DsCrackNames with name '%s' desired format:%d\n, - names[0].str, r.in.req-req1.format_desired); + torture_comment(tctx, Testing DsCrackNames with name '%s' + offered format: %d desired format:%d\n, + names[0].str, + r.in.req-req1.format_offered, + r.in.req-req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p-binding_handle, mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { @@ -318,8 +329,11 @@ bool test_DsCrackNames(struct torture_context *tctx, r.in.req-req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; - torture_comment(tctx, Testing DsCrackNames with name '%s' desired format:%d\n, - names[0].str, r.in.req-req1.format_desired); + torture_comment(tctx, Testing DsCrackNames with name '%s' + offered format: %d desired format:%d\n, + names[0].str, + r.in.req-req1.format_offered, + r.in.req-req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p-binding_handle, mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { @@ -363,8 +377,11 @@ bool test_DsCrackNames(struct torture_context *tctx, r.in.req-req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = nt4_domain; - torture_comment(tctx, Testing DsCrackNames with name '%s' desired format:%d\n, - names[0].str, r.in.req-req1.format_desired); + torture_comment(tctx, Testing DsCrackNames with name '%s' + offered format: %d desired format:%d\n, + names[0].str, + r.in.req-req1.format_offered, + r.in.req-req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p-binding_handle, mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { @@ -386,8 +403,11 @@ bool test_DsCrackNames(struct torture_context *tctx,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0b58eed tsocket: Pass the full port number to getaddrinfo(). from 3d20d20 smbtorture: Make cracksname easier to debug by outputing the offered format http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0b58eed3351e207b0a0f0d32fe37ea5bee9dbc33 Author: Andreas Schneider a...@samba.org Date: Mon Jul 1 17:05:33 2013 +0200 tsocket: Pass the full port number to getaddrinfo(). The code stripped port numbers above down to 4 digits. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Mon Jul 1 21:10:53 CEST 2013 on sn-devel-104 --- Summary of changes: lib/tsocket/tsocket_bsd.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c index 4417f8e..fe39dfd 100644 --- a/lib/tsocket/tsocket_bsd.c +++ b/lib/tsocket/tsocket_bsd.c @@ -389,7 +389,7 @@ int _tsocket_address_inet_from_strings(TALLOC_CTX *mem_ctx, return -1; } - snprintf(port_str, sizeof(port_str) - 1, %u, port); + snprintf(port_str, sizeof(port_str), %u, port); ret = getaddrinfo(addr, port_str, hints, result); if (ret != 0) { -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-2.2-59-gef1c4e9
The branch, master has been updated via ef1c4e99ca66e7a990bc557f34abb624c315e6ba (commit) via fcd5e1f04c5fe6c98399429b8f0918b8779acba6 (commit) via 932360992b08a5483d90c0590218ba0fd756119e (commit) via 741944f118e98f178b860194eecb215180949d18 (commit) via ac06c46e4a80c635f6094b5ac6f0bf3e3a02db95 (commit) via df30c0a05ed908fc2a997c56ff5484736b23b70f (commit) via 14399de1dd0bd8dabf1f48b1457e3ccb37589d8a (commit) via aea12dce83ef385e9fb3bc03ac7ace0874a0e3fe (commit) via ae1693905036ecdbc4594fde1f12500faae4a554 (commit) via 593a17678fbd3109e118154b034d43b852659518 (commit) via 93bcb6617e1024f810533e12390a572f51703ca0 (commit) via 815ddd3341b7e9db39e05a3a3fcd9a1420f053bc (commit) via 2396981c4bcf30530aeb7f4395093cc202105b50 (commit) via 38304f88e0c634e97d4687c25adef975f71537b8 (commit) via a60f228f8380f222f838eb619d2ab55f96f11ac2 (commit) via 297d93cecc3c0655e72ecac38508e113bdbeab9c (commit) via bb178338658b4ae32382a1f62f7c21cee1d4878f (commit) via 6a9dbb8fb0f1f6e8c206189cdc2d33bb371ea2a8 (commit) via 8d622660a14c929e365d306147b378ea6ab92175 (commit) via 34af2cdf686d5d77854cbaa7bbcd8f878e9171c7 (commit) via c6f8407648abb37f2ed781afa5171dad8c9f59e9 (commit) via 46efe7a886f8c4c56f19536adc98a73c22db906a (commit) via 87716e8f504d659515d3dbcf93badbf106873bc8 (commit) via 478e24bceda3fedfba54ccb48faa115df726b819 (commit) via 4be8dff3a4451192f838497b4747273685959bed (commit) via 7eb2f89979360b6cc98ca9b17c48310277fa89fc (commit) via 4f87925a287f612a6ab3b5da1a387a31c7bea28f (commit) from 733fc909425860f6a02c205c2d8f34a731853922 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit ef1c4e99ca66e7a990bc557f34abb624c315e6ba Author: Amitay Isaacs ami...@gmail.com Date: Tue Jul 2 12:40:37 2013 +1000 ctdbd: Don't ban self if init or shutdown event fails There is no point in banning the node if init or shutdown event times out since it's going to quit anyway. Signed-off-by: Amitay Isaacs ami...@gmail.com commit fcd5e1f04c5fe6c98399429b8f0918b8779acba6 Author: Amitay Isaacs ami...@gmail.com Date: Thu Jun 27 17:46:43 2013 +1000 doc: The second half of monitoring is only for recovery master Signed-off-by: Amitay Isaacs ami...@gmail.com commit 932360992b08a5483d90c0590218ba0fd756119e Author: Michael Adam ob...@samba.org Date: Wed Jun 26 09:23:22 2013 +0200 recoverd: when the recmaster is banned, use that information when forcing an election When we trigger an election because the recmaster considers itself inactive, update our local nodemap with the recmaster's flags before calling force_election(). This way, we don't send the inactive node freeze commands (e.g.) that may fail and then lead to ourselves getting banned. The theory is that this should help avoiding banning loops. Signed-off-by: Michael Adam ob...@samba.org commit 741944f118e98f178b860194eecb215180949d18 Author: Michael Adam ob...@samba.org Date: Wed Jun 26 07:11:51 2013 +0200 recoverd: fix a comment typo Signed-off-by: Michael Adam ob...@samba.org commit ac06c46e4a80c635f6094b5ac6f0bf3e3a02db95 Author: Michael Adam ob...@samba.org Date: Fri Jun 21 17:57:37 2013 +0200 recoverd: fix a comment in main_loop Signed-off-by: Michael Adam ob...@samba.org commit df30c0a05ed908fc2a997c56ff5484736b23b70f Author: Michael Adam ob...@samba.org Date: Fri Jun 21 14:06:22 2013 +0200 recoverd: eliminate some trailing spaces from ctdb_election_win() Signed-off-by: Michael Adam ob...@samba.org commit 14399de1dd0bd8dabf1f48b1457e3ccb37589d8a Author: Martin Schwenke mar...@meltin.net Date: Fri Jun 28 16:31:07 2013 +1000 recoverd: Don't continue if the current node gets banned Can not continue with recovery or monitoring cluster. Signed-off-by: Martin Schwenke mar...@meltin.net Pair-programmed-with: Amitay Isaacs ami...@gmail.com commit aea12dce83ef385e9fb3bc03ac7ace0874a0e3fe Author: Amitay Isaacs ami...@gmail.com Date: Fri Jun 28 14:31:02 2013 +1000 recoverd: Refactor code to ban misbehaving nodes Since we have nodemap information, there is no need to hardcode the limit of 20. Signed-off-by: Amitay Isaacs ami...@gmail.com Pair-Programmed-With: Martin Schwenke mar...@meltin.net commit ae1693905036ecdbc4594fde1f12500faae4a554 Author: Amitay Isaacs ami...@gmail.com Date: Thu Jun 27 16:01:16 2013 +1000 recoverd: Move code to ban other nodes after we get local node flags If a node gets banned first, then it should not ban other nodes. This code was moved up in main_loop to avoid waiting for nodemap from other nodes (commit