Re: [Samba] Domain not available even minutes after workstation startup
Just an update, disabling media sensing (fix to 100Mb full duplex) seems to do the trick! Interestingly, those with gigabit connection seems to work now (at least for last few days) even with auto-sensing enabled... really not sure why. I hope that is going to last. thx Gaiseric Abe On Wed, Sep 1, 2010 at 2:38 PM, Abe Lau abelau+sa...@gmail.comabelau%2bsa...@gmail.com wrote: No, I have never try anything with media sensing. I could give it a try and see if it helps. Thanks for checking that for me Gaiseric. I am not using roaming profile here also, just folder redirection for the desktop, My Documents, Application Data and a few... I may try to re-enable Winlogoncachedlogonscount so that user could still logon. But then, it will get back to the problem as the login may get totally stuck when XP is trying to contact the PDC for the login script at netlogon, and redirected folders. Abe On Wed, Sep 1, 2010 at 12:50 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Did you try disabling the media sensing feature? I need to look at some of my Active Directory XP clients and see if they are still getting the error. I don’t think it prevented people logging on, and I am not using roaming profiles, so even if I still have this issue on occasion it might not be obvious. I think I had run into it when trying to deploy software through group policies.This was a few years ago but I think I had got it resolved. You could try putting one of the problem XP machines on a 10 Mbit only link. Or maybe see if you can configure the NIC settings be be 10 Mbit OR 100 Mbit but not autosensing. *From:* abe...@gmail.com [mailto:abe...@gmail.com] *On Behalf Of *Abe Lau *Sent:* Tuesday, August 31, 2010 8:22 PM *To:* gaiseric.van...@gmail.com *Cc:* samba@lists.samba.org *Subject:* Re: [Samba] Domain not available even minutes after workstation startup Thanks Gaiseric for the note. I checked the XP Event Log, and the only error is: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The only suspicious entry in samba log: (I remember this could safely be ignored) [2010/09/01 09:10:17, 1] smbd/session.c:111(session_claim) Re-using invalid record The PDC was changed to connect via two bonded gigabit connection (balance-alb) in a mixed 1000/100 network few months ago. Contrary to the MS support link, we have problem with both 100Mbps and 1000Mbps connections intermittently. Is any way to get XP to split out detailed log when it says domain is not available? Is setting Winlogoncachedlogonscount the good way to avoid logon problem when network is not ready during initial bootup? According to MS, if the domain server is not available and logon data is not cached, domain is not available will occur. http://technet.microsoft.com/en-us/library/cc957390.aspx Any further insight? Abe On Tue, Aug 31, 2010 at 10:00 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Did you check the event logs in Windows- they may provide some additional info. This error sounded familiar- most of my users are in a Samba domain, but I have one group that uses Windows 2003 active directory domain. A few years back they had some weird issues that ended up being (possibly) related to the gigabit network connection.It had been hard to trace and had only been affecting newer machines. I think the following link was relevant. http://support.microsoft.com/kb/326152/ On 08/30/2010 11:29 PM, Abe Lau wrote: Yes, the PDC is also acting as the WINS server. The XP workstation is using WINS, set via DHCP (option netbios-name-servers ip address of the PDC;) On Mon, Aug 30, 2010 at 10:43 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Is the PDC also a WINS server? Are the XP workstations using WINS? On 08/29/2010 09:01 PM, Abe Lau wrote: Hi all, I have recently experienced an intermittent problem of getting the error message of Domain not available at initial logon of some XP workstations connected to a Samba PDC. The domain does not seems to be available after some time after initial bootup of the XP workstation, from a minute or two, to more than 10 minutes sometimes. Is there anyway to speed up this process? Thanks! I have set HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogoncachedlogonscount to 0 to workaround the problem of having the logon frozen (and folders not being redirected) during initial logon when the network is not ready. Abe -- To unsubscribe from
Re: [Samba] Domain not available even minutes after workstation startup
Thanks Gaiseric for the note. I checked the XP Event Log, and the only error is: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The only suspicious entry in samba log: (I remember this could safely be ignored) [2010/09/01 09:10:17, 1] smbd/session.c:111(session_claim) Re-using invalid record The PDC was changed to connect via two bonded gigabit connection (balance-alb) in a mixed 1000/100 network few months ago. Contrary to the MS support link, we have problem with both 100Mbps and 1000Mbps connections intermittently. Is any way to get XP to split out detailed log when it says domain is not available? Is setting Winlogoncachedlogonscount the good way to avoid logon problem when network is not ready during initial bootup? According to MS, if the domain server is not available and logon data is not cached, domain is not available will occur. http://technet.microsoft.com/en-us/library/cc957390.aspx Any further insight? Abe On Tue, Aug 31, 2010 at 10:00 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Did you check the event logs in Windows- they may provide some additional info. This error sounded familiar- most of my users are in a Samba domain, but I have one group that uses Windows 2003 active directory domain. A few years back they had some weird issues that ended up being (possibly) related to the gigabit network connection.It had been hard to trace and had only been affecting newer machines. I think the following link was relevant. http://support.microsoft.com/kb/326152/ On 08/30/2010 11:29 PM, Abe Lau wrote: Yes, the PDC is also acting as the WINS server. The XP workstation is using WINS, set via DHCP (option netbios-name-servers ip address of the PDC;) On Mon, Aug 30, 2010 at 10:43 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Is the PDC also a WINS server? Are the XP workstations using WINS? On 08/29/2010 09:01 PM, Abe Lau wrote: Hi all, I have recently experienced an intermittent problem of getting the error message of Domain not available at initial logon of some XP workstations connected to a Samba PDC. The domain does not seems to be available after some time after initial bootup of the XP workstation, from a minute or two, to more than 10 minutes sometimes. Is there anyway to speed up this process? Thanks! I have set HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogoncachedlogonscount to 0 to workaround the problem of having the logon frozen (and folders not being redirected) during initial logon when the network is not ready. Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain not available even minutes after workstation startup
No, I have never try anything with media sensing. I could give it a try and see if it helps. Thanks for checking that for me Gaiseric. I am not using roaming profile here also, just folder redirection for the desktop, My Documents, Application Data and a few... I may try to re-enable Winlogoncachedlogonscount so that user could still logon. But then, it will get back to the problem as the login may get totally stuck when XP is trying to contact the PDC for the login script at netlogon, and redirected folders. Abe On Wed, Sep 1, 2010 at 12:50 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try disabling the media sensing feature? I need to look at some of my Active Directory XP clients and see if they are still getting the error. I don’t think it prevented people logging on, and I am not using roaming profiles, so even if I still have this issue on occasion it might not be obvious. I think I had run into it when trying to deploy software through group policies.This was a few years ago but I think I had got it resolved. You could try putting one of the problem XP machines on a 10 Mbit only link. Or maybe see if you can configure the NIC settings be be 10 Mbit OR 100 Mbit but not autosensing. *From:* abe...@gmail.com [mailto:abe...@gmail.com] *On Behalf Of *Abe Lau *Sent:* Tuesday, August 31, 2010 8:22 PM *To:* gaiseric.van...@gmail.com *Cc:* samba@lists.samba.org *Subject:* Re: [Samba] Domain not available even minutes after workstation startup Thanks Gaiseric for the note. I checked the XP Event Log, and the only error is: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The only suspicious entry in samba log: (I remember this could safely be ignored) [2010/09/01 09:10:17, 1] smbd/session.c:111(session_claim) Re-using invalid record The PDC was changed to connect via two bonded gigabit connection (balance-alb) in a mixed 1000/100 network few months ago. Contrary to the MS support link, we have problem with both 100Mbps and 1000Mbps connections intermittently. Is any way to get XP to split out detailed log when it says domain is not available? Is setting Winlogoncachedlogonscount the good way to avoid logon problem when network is not ready during initial bootup? According to MS, if the domain server is not available and logon data is not cached, domain is not available will occur. http://technet.microsoft.com/en-us/library/cc957390.aspx Any further insight? Abe On Tue, Aug 31, 2010 at 10:00 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Did you check the event logs in Windows- they may provide some additional info. This error sounded familiar- most of my users are in a Samba domain, but I have one group that uses Windows 2003 active directory domain. A few years back they had some weird issues that ended up being (possibly) related to the gigabit network connection.It had been hard to trace and had only been affecting newer machines. I think the following link was relevant. http://support.microsoft.com/kb/326152/ On 08/30/2010 11:29 PM, Abe Lau wrote: Yes, the PDC is also acting as the WINS server. The XP workstation is using WINS, set via DHCP (option netbios-name-servers ip address of the PDC;) On Mon, Aug 30, 2010 at 10:43 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Is the PDC also a WINS server? Are the XP workstations using WINS? On 08/29/2010 09:01 PM, Abe Lau wrote: Hi all, I have recently experienced an intermittent problem of getting the error message of Domain not available at initial logon of some XP workstations connected to a Samba PDC. The domain does not seems to be available after some time after initial bootup of the XP workstation, from a minute or two, to more than 10 minutes sometimes. Is there anyway to speed up this process? Thanks! I have set HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogoncachedlogonscount to 0 to workaround the problem of having the logon frozen (and folders not being redirected) during initial logon when the network is not ready. Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain not available even minutes after workstation startup
Yes, the PDC is also acting as the WINS server. The XP workstation is using WINS, set via DHCP (option netbios-name-servers ip address of the PDC;) On Mon, Aug 30, 2010 at 10:43 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Is the PDC also a WINS server? Are the XP workstations using WINS? On 08/29/2010 09:01 PM, Abe Lau wrote: Hi all, I have recently experienced an intermittent problem of getting the error message of Domain not available at initial logon of some XP workstations connected to a Samba PDC. The domain does not seems to be available after some time after initial bootup of the XP workstation, from a minute or two, to more than 10 minutes sometimes. Is there anyway to speed up this process? Thanks! I have set HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogoncachedlogonscount to 0 to workaround the problem of having the logon frozen (and folders not being redirected) during initial logon when the network is not ready. Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain not available even minutes after workstation startup
Hi all, I have recently experienced an intermittent problem of getting the error message of Domain not available at initial logon of some XP workstations connected to a Samba PDC. The domain does not seems to be available after some time after initial bootup of the XP workstation, from a minute or two, to more than 10 minutes sometimes. Is there anyway to speed up this process? Thanks! I have set HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogoncachedlogonscount to 0 to workaround the problem of having the logon frozen (and folders not being redirected) during initial logon when the network is not ready. Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 on startup always loads temporary profiles samba 3.4.8
On Thu, Aug 26, 2010 at 12:15 AM, German Molano gmol...@ignios.net wrote: Disable completly the roaming profile behavior Win 7 Workstations, this could be done by registry. HKLM\Software\Policies\Microsoft\Windows\System LocalProfile 1 REG_DWORD HKLM\Software\Policies\Microsoft\Windows\System ReadOnlyProfile 1 REG_DWORD Remenber that this could takes effect only after a Windows restart ... Second, disable logon path directive unless you need it ;logon path = \\%L\homes\%U\profile logon path = If you need it copy a Default profile generated by Windows 7 to this folder, you could found it on c:\users folder on any Windows 7 Workstation. Third there is a registry value on Windows 7, called ProfileList HKEY_LOCAL_MACHINE \ SOFTWARE\ Microsoft\ Windows NT \ CurrentVersion \ ProfileList Sometimes when you test or login for first time Windows 7 Workstation, it will write this registry with the user profile path, I don't know how the heck it mixed Temporary profiles with local profiles definition, the result every time you log in with a user it recreates the profile on c:\users\TEMP but the system initially do not recognize the profile as a temporary but as Local or Mobile, depending on your definition. At the logout of the user session it treats the profile as a temporary one deleting the TEMP folder and all changes you done on it --Nasty thing --. So my advice delete those entries where the domain users gets c:\users\TEMP as the default profile path. Then log in the user to create a truly own Local profile. I use kixtart tools to do most of this work, i disable the folder redirection for those users that use local profiles, to them they use the default folders locations. I believe that there is something related with the folder redirection setting and this annoying behavior --deleting the whole profile--. I found out a Registry value that affects Windows Vista and 7 Workstations MachineProfilePath HKLM\Software\Policies\Microsoft\Windows\System Is for roaming profiles, but maybe could be tricked to be mobile or local if you set local or mobile the path as you need it. Hi, I am getting into this local profile problem with Windows 7 (x64). Following the thread, and German's previous suggestion of KiXtart, I came up with using the following KiXtart script to set the registry key with logon script. ; Disable Roaming Profiles ; Key doesn't seems to exist, create if necessary IF NOT KeyExist(HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System) AddKey(HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System) ENDIF WriteValue(HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System, LocalProfile, 1, REG_DWORD) WriteValue(HKLM\Software\Policies\Microsoft\Windows\System, ReadOnlyProfile, 1, REG_DWORD) However, I cannot find the key being created under HKLM\Software, nor HKLM\Software\Wow6432Node I am not sure if it is related to 64-bit Windows 7, or if it is a registry write permission issue, or a KiXtart issue. Any idea how I may target it? Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to set folder redirection on Windows 7 with a Samba PDC
On Tue, Aug 24, 2010 at 1:38 AM, German Molano gmol...@ignios.net wrote: On 22/08/2010 01:44 a.m., Abe Lau wrote: On Sun, Aug 22, 2010 at 2:48 PM, German Molano gmol...@ignios.netmailto: gmol...@ignios.net wrote: On 21/08/2010 10:54 p.m., Abe Lau wrote: Hi, I have read that Windows 7 is using a new admx format and that it is not compatible with the old-school poledit. If I would like to stick with a Samba PDC, is there any elegant way to get Windows 7 client to obey the folder redirection(and possibly other rules) set using poledit NTConfig.pol? Yes there is a way to do folder redirection with kixtart tools you can write directly to the Windows Registry modyfing the Workstation Settings. In your netlogon start up script call kix32 runtime with your own script with some values like these: $UserShellFolders = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders WriteValue($UserShellFolders, Personal, H:\Documents, REG_SZ) WriteValue($UserShellFolders, AppData, H:\.winsettings\appdata, REG_SZ) WriteValue($UserShellFolders, Desktop, H:\WinDesktop, REG_SZ) WriteValue($UserShellFolders, My Music, H:\Music, REG_SZ) WriteValue($UserShellFolders, My Pictures, H:\Pictures, REG_SZ) WriteValue($UserShellFolders, My Video, H:\Videos, REG_SZ) WriteValue($UserShellFolders, {374DE290-123F-4565-9164-39C4925E467B}, H:\Downloads, REG_SZ) I have been searching the mailing list, but there doesn't seems to be much detailed information on how to get Windows 7 to integrate nicely with a Samba PDC. Any insights? Thanks, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Thanks German Molano. That may seems to be a viable solution. By the way, the webpage doesn't mention Windows 7 being supported? Is the webpage just outdated? Yes it is supported but some Registry values are protected and some values differs from Windows 7/Vista to Windows XP/2000, but with kixstart you could distinct between platforms and apply settings depend on it, it could be done like this: $ntversion = READVALUE(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\, CurrentVersion) Select Case $ntversion = 6.1 ;Windows 7 WriteValue( Case $ntversion = 6.0 ;Windows Vista WriteValue( Case $ntversion = 5.1 ;Windows XP WriteValue( Case $ntversion = 5.0 ;Windows 2000 WriteValue( Not knowing much about kixtart, does it mean that I could replace everything in NTConfig.pol with a kixtart script? That would be an elegant solution before Samba4 is ready I suppose :-) NTConfig.pol modifies resgistry settings at logon, so yes you could replace it, but is little less graphical because you deal with a script not with a GUI. Also you could deliver policies with a Domain Group basis with conditionals like this: If InGroup( MYDOMAIN\Accounting ) WriteValue( EndIf Abe Thanks German. I tried to read into the manual of Kixtart, and it seems to me that the way to go with samba is to run kixtart via the netlogon logon script. This looks straight-forward and easy to implement. However, does it mean kixtart will run only with limited user privileges, and thus cannot modify anything that will need administrative privileges? If that is the case, I shouldn't be considering it a replacement of NTConfig.pol isn't it? Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to set folder redirection on Windows 7 with a Samba PDC
On Mon, Aug 23, 2010 at 11:03 PM, erik bergsma ebergs...@gmail.com wrote: there are some limitations kixtart cant write certain values to parts the registry that are protected but just for folder redirection its great :) although with win7 you will probably run into some problems with the adobe installer that is refusing to work, because of the folder redirection samba 4 isnt an work enviroment option, since it is still in alpha kixtart seems quite easy and straightforward to deploy! Though I am trying to find out more about Kixtart before I decide if deploying it is worth the effort (vs just a registry patch with logon script). I am currently using wpkg (with wpkgexpress) for silent package installation. Still, mind sharing what the problem of adobe installer on win7 is with folder redirection on? I used to use roaming profile, but found it more trouble than worth. Cheers, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to set folder redirection on Windows 7 with a Samba PDC
On Sun, Aug 22, 2010 at 2:48 PM, German Molano gmol...@ignios.net wrote: On 21/08/2010 10:54 p.m., Abe Lau wrote: Hi, I have read that Windows 7 is using a new admx format and that it is not compatible with the old-school poledit. If I would like to stick with a Samba PDC, is there any elegant way to get Windows 7 client to obey the folder redirection(and possibly other rules) set using poledit NTConfig.pol? Yes there is a way to do folder redirection with kixtart tools you can write directly to the Windows Registry modyfing the Workstation Settings. In your netlogon start up script call kix32 runtime with your own script with some values like these: $UserShellFolders = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders WriteValue($UserShellFolders, Personal, H:\Documents, REG_SZ) WriteValue($UserShellFolders, AppData, H:\.winsettings\appdata, REG_SZ) WriteValue($UserShellFolders, Desktop, H:\WinDesktop, REG_SZ) WriteValue($UserShellFolders, My Music, H:\Music, REG_SZ) WriteValue($UserShellFolders, My Pictures, H:\Pictures, REG_SZ) WriteValue($UserShellFolders, My Video, H:\Videos, REG_SZ) WriteValue($UserShellFolders, {374DE290-123F-4565-9164-39C4925E467B}, H:\Downloads, REG_SZ) I have been searching the mailing list, but there doesn't seems to be much detailed information on how to get Windows 7 to integrate nicely with a Samba PDC. Any insights? Thanks, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Thanks German Molano. That may seems to be a viable solution. By the way, the webpage doesn't mention Windows 7 being supported? Is the webpage just outdated? Not knowing much about kixtart, does it mean that I could replace everything in NTConfig.pol with a kixtart script? That would be an elegant solution before Samba4 is ready I suppose :-) Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to set folder redirection on Windows 7 with a Samba PDC
Hi, I have read that Windows 7 is using a new admx format and that it is not compatible with the old-school poledit. If I would like to stick with a Samba PDC, is there any elegant way to get Windows 7 client to obey the folder redirection(and possibly other rules) set using poledit NTConfig.pol? I have been searching the mailing list, but there doesn't seems to be much detailed information on how to get Windows 7 to integrate nicely with a Samba PDC. Any insights? Thanks, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to regenerate passdb.tdb
Hi all again, seems like there is some strange complications going on. Now I get a tens of strange warning from logcheck everyday: localhost smbd[32215]: pam_unix(samba:session): session opened for user someuser by anotheruser(uid=0) localhost smbd[32215]: pam_unix(samba:session): session opened for user user10 by someuser(uid=0) localhost smbd[32215]: pam_unix(samba:session): session opened for user user3 by user21(uid=0) etc.etc... I could confirm that the user did open a connection at that particular time, but I am expecting the connection would be opened by root (uid=0) instead of by some restricted user. However, from my observation, there weren't any security bleach nor any real problem functionally. Each user is still bounded by his/her permission granted. Can I safely ignore those strange log, or is something really going very wrong? Thanks for all input, Abe On Mon, Jul 12, 2010 at 11:11 PM, Abe Lau abelau+sa...@gmail.comabelau%2bsa...@gmail.com wrote: On Fri, Jul 9, 2010 at 10:43 AM, Abe Lau abelau+sa...@gmail.comabelau%2bsa...@gmail.com wrote: On Fri, Jul 9, 2010 at 8:26 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: On 07/08/2010 05:43 PM, Jeremy Allison wrote: On Thu, Jul 08, 2010 at 11:32:32AM +1000, Abe Lau wrote: Hi, I was having problem with the tdbsam backend in which a particular user got listed twice with pdbedit. (http://www.mail-archive.com/samba@lists.samba.org/msg109110.html) Without much hope in fixing it, I am planning to re-generating passdb.tdb on my PDC by: (1)exporting tdbsam to smbpasswd backend (2)delete passdb.tdb (3)re-import smbpasswd to tdbsam backend If you do this you lose a lot of the extra data that tdbsam stores that smbpasswd does not. Jeremy. Does tdbdump passdb.tbd show the user listed twice? Maybe you can use tdbtool to edit a copy of the file. The man page for tdbbackup indicates it can check for corruption (but not fix it.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Yes, it seems to have appeared twice `tdbdump passdb.tdb` gives { key(13) = RID_03e9\00 data(5) = usera\00 } { key(10) = USER_usera\00 data(180) = \00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00\B2c6L\00\00\00\00\FF\FF\FF\7F\05\00\00\00nick\00\04\00\00\00ORL\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\01\00\00\00\00T\04\00\00\01\02\00\00\00\00\00\00\10\00\00\00\03\0C\8C\98\89\87\DC+\CE\0Ax)JP\01\00\00\00\00\10\00\00\00\A8\00\15\00\00\00 \00\00\00\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EC\04\00\00 } .. { key(13) = RID_0454\00 data(5) = usera\00 } I have tried using tdbbackup -v, but it didn't indicate any corruption. I may try tdbtool on a copy of passdb.db and see how it goes. Thanks for the suggestion. Just tried using tdbtool and removed one of the duplicated RID key of usera. I randomly picked one, because I am really not sure which one is correct (or if it even matters). Now, pdbedit does not display 2 duplicated entries. I hope that is the solution, and the problem won't come back again. will report back in case this leads to other complications. Just a side note, according to the old man page of tdbtool ( http://www.samba.org/samba/docs/man/manpages-3/tdbtool.8.html), there is an option check to verify the integrity of tdb file, but my copy from Debian Lenny doesn't have it! I wonder if there is any other better integrity checking tool for the tdb, apart from tdbbackup, which didn't ever report any problem in my case all the way anyway! Thanks all for the help, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to regenerate passdb.tdb
On Fri, Jul 9, 2010 at 10:43 AM, Abe Lau abelau+sa...@gmail.comabelau%2bsa...@gmail.com wrote: On Fri, Jul 9, 2010 at 8:26 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: On 07/08/2010 05:43 PM, Jeremy Allison wrote: On Thu, Jul 08, 2010 at 11:32:32AM +1000, Abe Lau wrote: Hi, I was having problem with the tdbsam backend in which a particular user got listed twice with pdbedit. (http://www.mail-archive.com/samba@lists.samba.org/msg109110.html) Without much hope in fixing it, I am planning to re-generating passdb.tdb on my PDC by: (1)exporting tdbsam to smbpasswd backend (2)delete passdb.tdb (3)re-import smbpasswd to tdbsam backend If you do this you lose a lot of the extra data that tdbsam stores that smbpasswd does not. Jeremy. Does tdbdump passdb.tbd show the user listed twice? Maybe you can use tdbtool to edit a copy of the file. The man page for tdbbackup indicates it can check for corruption (but not fix it.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Yes, it seems to have appeared twice `tdbdump passdb.tdb` gives { key(13) = RID_03e9\00 data(5) = usera\00 } { key(10) = USER_usera\00 data(180) = \00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00\B2c6L\00\00\00\00\FF\FF\FF\7F\05\00\00\00nick\00\04\00\00\00ORL\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\01\00\00\00\00T\04\00\00\01\02\00\00\00\00\00\00\10\00\00\00\03\0C\8C\98\89\87\DC+\CE\0Ax)JP\01\00\00\00\00\10\00\00\00\A8\00\15\00\00\00 \00\00\00\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EC\04\00\00 } .. { key(13) = RID_0454\00 data(5) = usera\00 } I have tried using tdbbackup -v, but it didn't indicate any corruption. I may try tdbtool on a copy of passdb.db and see how it goes. Thanks for the suggestion. Just tried using tdbtool and removed one of the duplicated RID key of usera. I randomly picked one, because I am really not sure which one is correct (or if it even matters). Now, pdbedit does not display 2 duplicated entries. I hope that is the solution, and the problem won't come back again. will report back in case this leads to other complications. Just a side note, according to the old man page of tdbtool ( http://www.samba.org/samba/docs/man/manpages-3/tdbtool.8.html), there is an option check to verify the integrity of tdb file, but my copy from Debian Lenny doesn't have it! I wonder if there is any other better integrity checking tool for the tdb, apart from tdbbackup, which didn't ever report any problem in my case all the way anyway! Thanks all for the help, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to regenerate passdb.tdb
On Fri, Jul 9, 2010 at 8:26 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: On 07/08/2010 05:43 PM, Jeremy Allison wrote: On Thu, Jul 08, 2010 at 11:32:32AM +1000, Abe Lau wrote: Hi, I was having problem with the tdbsam backend in which a particular user got listed twice with pdbedit. (http://www.mail-archive.com/samba@lists.samba.org/msg109110.html) Without much hope in fixing it, I am planning to re-generating passdb.tdb on my PDC by: (1)exporting tdbsam to smbpasswd backend (2)delete passdb.tdb (3)re-import smbpasswd to tdbsam backend If you do this you lose a lot of the extra data that tdbsam stores that smbpasswd does not. Jeremy. Does tdbdump passdb.tbd show the user listed twice? Maybe you can use tdbtool to edit a copy of the file. The man page for tdbbackup indicates it can check for corruption (but not fix it.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Yes, it seems to have appeared twice `tdbdump passdb.tdb` gives { key(13) = RID_03e9\00 data(5) = usera\00 } { key(10) = USER_usera\00 data(180) = \00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00\B2c6L\00\00\00\00\FF\FF\FF\7F\05\00\00\00nick\00\04\00\00\00ORL\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\01\00\00\00\00T\04\00\00\01\02\00\00\00\00\00\00\10\00\00\00\03\0C\8C\98\89\87\DC+\CE\0Ax)JP\01\00\00\00\00\10\00\00\00\A8\00\15\00\00\00 \00\00\00\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EC\04\00\00 } .. { key(13) = RID_0454\00 data(5) = usera\00 } I have tried using tdbbackup -v, but it didn't indicate any corruption. I may try tdbtool on a copy of passdb.db and see how it goes. Thanks for the suggestion. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to regenerate passdb.tdb
On Fri, Jul 9, 2010 at 7:43 AM, Jeremy Allison j...@samba.org wrote: On Thu, Jul 08, 2010 at 11:32:32AM +1000, Abe Lau wrote: Hi, I was having problem with the tdbsam backend in which a particular user got listed twice with pdbedit. (http://www.mail-archive.com/samba@lists.samba.org/msg109110.html) Without much hope in fixing it, I am planning to re-generating passdb.tdb on my PDC by: (1)exporting tdbsam to smbpasswd backend (2)delete passdb.tdb (3)re-import smbpasswd to tdbsam backend If you do this you lose a lot of the extra data that tdbsam stores that smbpasswd does not. Jeremy. I see. I remember I read from somewhere that the extra missing data can probably be re-generated, though it won't be user-specific (I can't find where I read that, and the list of difference). With my current samba acting as a PDC, would there be any critical data that I will be missing doing this re-import procedure? Of cos, I probably still need to fix the RID error when I am exporting to smbpasswd, in which I still don't have much clue. Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to regenerate passdb.tdb
Hi, I was having problem with the tdbsam backend in which a particular user got listed twice with pdbedit. (http://www.mail-archive.com/samba@lists.samba.org/msg109110.html) Without much hope in fixing it, I am planning to re-generating passdb.tdb on my PDC by: (1)exporting tdbsam to smbpasswd backend (2)delete passdb.tdb (3)re-import smbpasswd to tdbsam backend With the command ` pdbedit -i tdbsam -e smbpasswd`, I got a few errors for ~10 users: build_sam_pass: Failing attempt to store user with non-uid based user RID. Importing account for some_user...failed pdbedit -L -v does not really give me any information on user RID, so I am confused how it can be fixed. Does the procedure make sense, or is there anything I am missing? Thanks, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Identical user entry in pdbedit (tdbsam)
Hi, On a routine checking on the PDC last week, I found 2 identical user entries displayed under pdbedit -Lv (identical User SID and Primary Group SID etc.). With pdbedit -x -u UserA, both entries of UserA got removed. As soon as I re-add UserA to the samba user list, an identical duplicate of UserA were created. This happens only on UserA. tdbbackup -v *.tdb gives: account_policy.tdb : 19 records ntdrivers.tdb : 1 records ntforms.tdb : 0 records ntprinters.tdb : 1 records passdb.tdb : 188 records registry.tdb : 51 records schannel_store.tdb : 26 records secrets.tdb : 5 records share_info.tdb : 1 records I am wondering what direction I should go in resolving this. System Info: Debian Lenny Samba 3.2.5-4lenny PDC with tdbsam backend Many thanks, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Identical user entry in pdbedit (tdbsam)
UserAB:x:2085:2085::/home/users/nick:/bin/false UserA:x:2085:2085::/home/users/nick:/bin/false The first line is for another user, so I guess it could be ignored. Thanks. On Mon, Jul 5, 2010 at 11:21 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: What does the following command show? #getent passwd | grep -I UserA -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Abe Lau Sent: Sunday, July 04, 2010 8:27 PM To: samba@lists.samba.org Subject: [Samba] Identical user entry in pdbedit (tdbsam) Hi, On a routine checking on the PDC last week, I found 2 identical user entries displayed under pdbedit -Lv (identical User SID and Primary Group SID etc.). With pdbedit -x -u UserA, both entries of UserA got removed. As soon as I re-add UserA to the samba user list, an identical duplicate of UserA were created. This happens only on UserA. tdbbackup -v *.tdb gives: account_policy.tdb : 19 records ntdrivers.tdb : 1 records ntforms.tdb : 0 records ntprinters.tdb : 1 records passdb.tdb : 188 records registry.tdb : 51 records schannel_store.tdb : 26 records secrets.tdb : 5 records share_info.tdb : 1 records I am wondering what direction I should go in resolving this. System Info: Debian Lenny Samba 3.2.5-4lenny PDC with tdbsam backend Many thanks, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Identical user entry in pdbedit (tdbsam)
Sorry a mistake here. The command output should be: UserAB:x:2004:2004::/home/users/nicky:/bin/false UserA:x:2085:2085::/home/users/nick:/bin/false On Mon, Jul 5, 2010 at 11:43 AM, Abe Lau abelau+sa...@gmail.comabelau%2bsa...@gmail.com wrote: UserAB:x:2085:2085::/home/users/nick:/bin/false UserA:x:2085:2085::/home/users/nick:/bin/false The first line is for another user, so I guess it could be ignored. Thanks. On Mon, Jul 5, 2010 at 11:21 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: What does the following command show? #getent passwd | grep -I UserA -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org ] On Behalf Of Abe Lau Sent: Sunday, July 04, 2010 8:27 PM To: samba@lists.samba.org Subject: [Samba] Identical user entry in pdbedit (tdbsam) Hi, On a routine checking on the PDC last week, I found 2 identical user entries displayed under pdbedit -Lv (identical User SID and Primary Group SID etc.). With pdbedit -x -u UserA, both entries of UserA got removed. As soon as I re-add UserA to the samba user list, an identical duplicate of UserA were created. This happens only on UserA. tdbbackup -v *.tdb gives: account_policy.tdb : 19 records ntdrivers.tdb : 1 records ntforms.tdb : 0 records ntprinters.tdb : 1 records passdb.tdb : 188 records registry.tdb : 51 records schannel_store.tdb : 26 records secrets.tdb : 5 records share_info.tdb : 1 records I am wondering what direction I should go in resolving this. System Info: Debian Lenny Samba 3.2.5-4lenny PDC with tdbsam backend Many thanks, Abe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba