Re: [Samba] Trying to Join a Working W2K3 AD
Hi Eli, I'm trying to join a freshly compiled 4.0.3 installation as an additional DC to an existing W2K3 AD according to: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC I have built samba 4.0.3 on CentOS 6.3 x86_64. I am using the method that describes using the built in dns. I get to the step /usr/local/samba/bin/samba-tool dns add 192.168.1.252 _msdcs.domain.co.il 2d59ac49-1175-4656-943e-d556baa242cb CNAME DC2.domain.co.il -Uadministrator I get the following error message: ERROR(runtime): uncaught exception - (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST') File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", line 1053, in run 0, server, zone, name, add_rec_buf, None) And, of course, without proper DNS configuration I can not get replication to work. Have I done something wrong? How can I resolve this? Thanks Eli I'm in a very similar situation, trying to get a SerNet Samba 4.0.8 on CentOS 6.4 to join a working Win2k3 AD domain, and am now stuck at the same error message. I see there were no replies on-list to your question. Did you get it sorted out in the end? If so, what helped? Thanks, Kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] "Failed to find a writeable DC for domain" joining to win2k3 AD DC
Sorry, I didn't realize we were carrying on off-list. Figured it
out--had been giving samba-tool the hostname for both domain and realm,
rather than, hmm, the domain and realm. (I think because in my case my
domain and realm have two parts, unlike the HOWTO where they have
three...confusion.) Works great now! Even without the new DC in
resolv.conf nor "domain ..." in there either, just "search ..." and
"nameserver [olddc]". Thanks for your help Daniel, hope this point
helps someone else too.
On 2013-08-14 1:51 AM, � wrote:
Look at your /etc/resolv.conf
There should be an entry of your existing DC in it ex.: nameserver
your.existing.dc
And you should be able to ping the existing DC.
Greetings
Daniel
---
EDV Daniel M�ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T�bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Urspr�ngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Kevin Field
Gesendet: Dienstag, 13. August 2013 16:15
An: samba@lists.samba.org
Betreff: [Samba] �Failed to find a writeable DC for domain� joining to
win2k3 AD DC
I have a CentOS 6.4 box with SerNet's Samba 4.0.8 installed and no smb.conf
file yet, as it should be. I want it to become an AD DC in my existing
Windows domain, replicating from the existing Windows Server
2003 box. I have SELinux enabled and want it to stay that way.
I'm getting this error trying to run samba-tool:
$ sudo samba-tool domain join currentwindowsadserver.mydomain.lan DC
-Uadministrator --realm=currentwindowsadserver.mydomain.lan
Finding a writeable DC for domain 'currentwindowsadserver.mydomain.lan'
ERROR(exception): uncaught exception - Failed to find a writeable DC for
domain 'currentwindowsadserver.mydomain.lan'
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1082, in
join_DC
machinepass, use_ntvfs, dns_backend, promote_existing)
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 73, in
__init__
ctx.server = ctx.find_dc(domain)
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 246, in
find_dc
raise Exception("Failed to find a writeable DC for domain '%s'" %
domain)
I have a StackExchange thread open with all the things I've tried changing
and all the things I've verified so far:
http://unix.stackexchange.com/questions/86516/samba-4-gives-failed-to-find-a
-writeable-dc-for-domain-on-samba-tool-domain-jo
I'd appreciate any pointers. I seem to have run out of things to try.
Thanks,
Kev
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] File timestamp mismatch using smbclient on share from Win 2K Server...
Hi Samba Peeps! Perhaps someone can shed some light on a peculiar problem I'm seeing. I have files located in a share on a Win2K server. When using smbclient on my HP-UX system to look at the files on the Win2K server I see that the timestamps are off by 1 hour. When looking at the same files on a Win XP client I see that the timestamps are correct. When looking at the same files on a Win 7 client I see that the timestamps are off by 1 hour and agree with the smbclient running on HP-UX. I have checked the timezone settings on all systems involved and they are all correct. I have verified that all systems involved have the correct current time as they are all using NTP based timekeeping. I'm using Samba 3 on the HP-UX server. I would certainly appreciate it if someone could offer a solution to the problem with respect to smbclient. We use smbclient in our production file processing endeavors and I need the timestamp from smbclient to be accurate. Any advice is greatly appreciated! :o) Thanks! kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Redirected folders and mental health
We are very close to being comfortable enough with Samba4 to begin moving it into production. We've got a PDC and AD running, machines can join the domain, authentication works, but we're having some fun with profiles. We're running 4.0.5 via the Sernet PPA on Ubuntu 12.04LTS. Workstations are Windows7. We require roaming profiles with redirection of the obvious sub-folders. We've deployed GPOs to do just this and it works...except when it doesn't. The symptoms are that everything just works for some users, roaming profiles work nicely along with redirection, but for others the user sees an empty profile from their Windows workstation. From the server, the redirected folders appear on the server on log in and the profile is created on logout as one would expect. But when it doesn't work on the workstation, if the user clicks on the start button, then on their username, they see an empty folder. When it works, they see the usual Desktop, My Documents, Downloads, and associated folders, all with the "available" symbol in the folder's icon. Users that work seem to consistently work. Users that don't consistently don't. Or so it seems. We are just now beginning to think the problem is with certain machines and are reinstalling Windows 7 on a couple of machines from scratch to test this. The one thing that worries me about our setup is that we have a Samba3 PDC on the same VLAN/subnet as the new Samba4 PDC. But this VLAN/subnet is separate from the workstations. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Options for paid Samba (4) support
> some users consistently can't see > > their profile on some machines, despite the profile and redirected folders > > looking fine on the server.) If there are problematic machines, it's best to delete the user profiles and allow them to be recreated the next time the users log in: HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList HTH 2 save a bit of cash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Options for paid Samba (4) support
Hi Mark, not trying to hijack the thread, but I can give you some roaming profile tips in a new thread if you will create it. As for the paid support, you might look into Sernet ( http://www.sernet.de/ ), I am not sure of the extent of what they support and where, but I know they are one option. Ricky On Wed, Aug 14, 2013 at 10:55 AM, Mark Fox wrote: > Hi, > > After years of Samba 3 working great, we are trying to move a testing Samba > 4 AD system into production and have been making progress, but keep hitting > show stoppers. (For example, roaming profiles with redirected folders > usually work for most users. However, some users consistently can't see > their profile on some machines, despite the profile and redirected folders > looking fine on the server.) > > It occurred to me that after setting up a Samba 4 environment so many > times, we can now do it in minutes. I'm sure if the right person were > looking over our shoulder, they would spot our mistake. But a little > Googling hasn't turned up any options to buy that person's time. > > The link to the support website (http://www.samba.org/samba/support.html) > in the Samba Guide is broken. > > Surely, there must be some options to buy support. I must be looking in the > wrong place. I'd love to throw some money at the Samba community, and am in > a position to do so, but can't just donate... For that matter, I can't find > a place where I could donate either. > > > Mark > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] moodle + samba4 authentication
hello, has anyone tried to log in from Moodle to samba4 AD users? I can't config LDAP authentication. Through MS ActiveDirectory doesn't work. Pozdrowienia -- Darek Frączkiewicz daf...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating Roaming Profiles to Samba4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm about to migrate a load of profiles from an old Windows DC to our new Samba4 DC (well, the file server is Samba 3.6.6). Could anyone advise me on how to go about migrating these across. As I've noticed that just shifting the profile data from the old domain to the new one doesn't appear to work for non-Xp profiles (and for all I know, I may have just been lucky for those couple that worked without tinkering). The tool 'profiles' in the Samba3 tool kit claims to assist with migrating profiles by replacing SIDs in registry files, specifically the domain SID in ntuser.dat. However, my understanding is that this file may contain lots of SIDs (i.e. domain SID, user SID, group SIDs, etc.) and from all I've read it's just mentioned the domain SID. Can anyone elaborate on this?? Another tool I've found (that appears to work in my test environment) is forensit.com's Transwiz tool; this is operated through logging into each workstation as an administrator, and then the tool guides you through choosing a local profile (the cached remote profile) to copy over to the new domain, with a specified new user. Has anyone had any experience of using this tool? Ideally I'd like to use a tool like profiles; something that I feel I could fully understand, rather than a black box like Transwiz. If anyone could shed some light on this I'd really appreciate it!! Kind regards, - -- Chris Hayes, Systems Administrator -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSC77iAAoJELgO0A8EguAKWXEH/3oUt2M+o0Ns9Qu4TA++bOMf xlZAVrNMsysPxiksJTDfBHYbAWpp8XGyPV9zUJ8ot8458/qKu00rdo0OAuhVk7Dp E2WKoyXtPdFBlHjXK5wwxPnhY0lcVT5Udie065jJdUnnUNOiX4G0rnMw5MNVzzZz Zfa2pA49Bkqnom8xKCG+kdAfzWfbkrKn6oJorMRrs7sO5zd5j6XWQ0qox8NXA97n iAGERxhqhJtoL6RgppDOSJEXBGqD9pxabt3bo/F0kGhxH1JVPcK2A5IDsQpxr+S6 6u4PoXAfwAEmOcAjlPkA5kf9oeBMco3sMwQrEZMateu+8wP/zrvgOtwYlpuLlHg= =vJRJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RFC2307 / Predefined Users in Domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey, I was wondering; when setting up a new rfc2307 domain with Samba4, would you usually set the Unix Attributes for all of the predefined (system) users/groups in it? I have a multi-Samba configuration and I guess it's a good idea for me to ensure all the UIDs and GIDs are correctly set. Any thoughts? Cheers, - -- Chris Hayes, Systems Administrator -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSC7QcAAoJELgO0A8EguAKrAMH/1LhgfQ/fY5jz8b3LFuGHwjx WjjzUZSaUOcYEtRsxDhP8nZk6JSPqy2juR5Z4tc14LjC3j4QcwqXE0EZnhKVlROi AbU8xYQpa2eS94zpvpEPhuWCaIPEQw/QGT6MtgNiHSgbhptUgFl2PfF6tsXhxOKa xkGHrIErNweewhhcODIcy1amqkN6IcqwQ8eG8Hmrgu2OtbJsP5/5+wtTWKDFCbOa a+RbLdQjlUxWGCJmxbHrMhT0o53oQhHhU3WPBnu9FzDAl+HBUyJ08bnvMYO8uaSd GUJf2+MkYqIjPSkZ6gGA2WpPiM8YnUIz5RJ6dd5rL/wTrUI/CqKndxQGzaP/3jA= =gBK0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] folder name screwed up
On Wed, Aug 14, 2013 at 06:02:49PM +0200, patrick wrote: > >>>on my linux box i can see the folder as: "1996 - E.I.N.S." > >>>on my windows 7 box it is show as: "1MNOXH~A" > >> > >>what about the dot at the end of the folder name? > > > >ah. yes thats the problem. never occoured to me to google for > >"period at the end of folder in same" > >mangled names = no > >in the config fixes the problem, thx. > > hm, should have tested it...now i cant access the folder but it > shows correctly. > for now i will just remove the dot at the end, at least i can access > the folder. >From a Command Prompt against the local file system on a Windows 7 machine: C:\Users\Toby\Desktop>md "Foo." C:\Users\Toby\Desktop>dir Fo* Volume in drive C has no label. Volume Serial Number is 268D-BDFD Directory of C:\Users\Toby\Desktop 08/14/2013 08:10 AM Foo 0 File(s) 0 bytes 1 Dir(s) 74,288,111,616 bytes free C:\Users\Toby\Desktop>cd "Foo." C:\Users\Toby\Desktop\Foo>cd .. C:\Users\Toby\Desktop>rd Foo C:\Users\Toby\Desktop>md "\\?\C:\Users\Toby\Desktop\Foo." C:\Users\Toby\Desktop>dir Fo* Volume in drive C has no label. Volume Serial Number is 268D-BDFD Directory of C:\Users\Toby\Desktop 08/14/2013 08:11 AM Foo. 0 File(s) 0 bytes 1 Dir(s) 74,287,034,368 bytes free C:\Users\Toby\Desktop>cd "Foo." The system cannot find the path specified. C:\Users\Toby\Desktop>cd "\\?\C:\Users\Toby\Desktop\Foo." '\\?\C:\Users\Toby\Desktop\Foo.' CMD does not support UNC paths as current directories. C:\Users\Toby\Desktop>dir "\\?\C:\Users\Toby\Desktop\Foo." Volume in drive \\?\C: has no label. Volume Serial Number is 268D-BDFD Directory of \\?\C:\Users\Toby\Desktop\Foo File Not Found C:\Users\Toby\Desktop>rd "\\?\C:\Users\Toby\Desktop\Foo." Windows doesn't really like filenames that end in "." - they aren't valid in the "normal" filesystem calls. This is probably due to the whole 8.3 naming convention history - maybe DOS didn't store the . and simply stored the first 8 chars and the 3 chars for the extension and had a standard of not displaying the trailing period if the extension was missing. See http://msdn.microsoft.com/en-us/library/aa365247.aspx#namespaces for some more information. It appears that Windows strips trailing periods in normal calls, and so while it can display the directory with a trailing period, it can't access it unless you use the "\\?\" prefix to escape the name normalization code and speak directly to the filesystem. On the other hand, that means you have to use fully-qualified filenames for everything. Also note the following spotted in http://msdn.microsoft.com/en-us/library/aa365247.aspx#naming_conventions: Do not end a file or directory name with a space or a period. Although the underlying file system may support such names, the Windows shell and user interface does not. However, it is acceptable to specify a period as the first character of a name. For example, ".temp". --Toby Ovod-Everett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] folder name screwed up
Am 14.08.2013 17:58, schrieb patrick: Am 14.08.2013 17:18, schrieb Denis Cardon: Hi Patrick, on my linux box i can see the folder as: "1996 - E.I.N.S." on my windows 7 box it is show as: "1MNOXH~A" what about the dot at the end of the folder name? ah. yes thats the problem. never occoured to me to google for "period at the end of folder in same" mangled names = no in the config fixes the problem, thx. hm, should have tested it...now i cant access the folder but it shows correctly. for now i will just remove the dot at the end, at least i can access the folder. Cheers, Denis other folders in the same order are shown identical on both boxes...what can this be? greetings -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] folder name screwed up
Am 14.08.2013 17:18, schrieb Denis Cardon: Hi Patrick, on my linux box i can see the folder as: "1996 - E.I.N.S." on my windows 7 box it is show as: "1MNOXH~A" what about the dot at the end of the folder name? ah. yes thats the problem. never occoured to me to google for "period at the end of folder in same" mangled names = no in the config fixes the problem, thx. Cheers, Denis other folders in the same order are shown identical on both boxes...what can this be? greetings -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Options for paid Samba (4) support
Hi, After years of Samba 3 working great, we are trying to move a testing Samba 4 AD system into production and have been making progress, but keep hitting show stoppers. (For example, roaming profiles with redirected folders usually work for most users. However, some users consistently can't see their profile on some machines, despite the profile and redirected folders looking fine on the server.) It occurred to me that after setting up a Samba 4 environment so many times, we can now do it in minutes. I'm sure if the right person were looking over our shoulder, they would spot our mistake. But a little Googling hasn't turned up any options to buy that person's time. The link to the support website (http://www.samba.org/samba/support.html) in the Samba Guide is broken. Surely, there must be some options to buy support. I must be looking in the wrong place. I'd love to throw some money at the Samba community, and am in a position to do so, but can't just donate... For that matter, I can't find a place where I could donate either. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] folder name screwed up
Hi Patrick, on my linux box i can see the folder as: "1996 - E.I.N.S." on my windows 7 box it is show as: "1MNOXH~A" what about the dot at the end of the folder name? Cheers, Denis other folders in the same order are shown identical on both boxes...what can this be? greetings -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] folder name screwed up
hi, on my linux box i can see the folder as: "1996 - E.I.N.S." on my windows 7 box it is show as: "1MNOXH~A" other folders in the same order are shown identical on both boxes...what can this be? greetings -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.6.18 Available for Download
== "Some cause happiness wherever they go; others whenever they go." Oscar Wilde == Release Announcements = This is is the latest stable release of Samba 3.6. Changes since 3.6.17: - o Jeremy Allison * BUG 9777: vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading. o Gregor Beck * BUG 9678: Windows 8 Roaming profiles fail. o Alexander Bokovoy * BUG 9636: Fix parsing linemarkers in preprocessor output. o Björn Jacke * BUG 9880: Use of wrong RFC2307 primary group field. * BUG 9983: Fix output of syslog-facility check. o Ralph Wuerthner * BUG 10064: Linux kernel oplock breaks can miss signals. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.6.18.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
