[Samba] Re: network name no longer available
Magnus Holmgren wrote: "Bevan C. Bennett" <[EMAIL PROTECTED]> wrote in the message news:[EMAIL PROTECTED] I have a samba PDC/BDC setup with a small number of W2k clients. Not too long ago I set up a set of new servers on fresh Fedora 1 boxes using Samba 3.0.1 and migrated my LDAP to the new schema. It was all working quite well until recently. Suddenly, when I try to change permissions on a windows share (from the windows box), after I give the root password, I get a message that "The specified network name is no longer available" and everything fails. I get the same message when I go into network neighborhood and try to browse to either of the SAMBA boxes. Something must have gotten glitched, but I'm not quite stumped as to what. I even updated to 3.0.2rc1 to see if it made a difference... [...] That sounds very much like the problem I ran into yesterday. I worked around it by disabling SMB signing (set server signing = No in the [global] section, plus the corresponding setting on the Windows clients). I'm wondering if this is a new bug in version 3.0.1, but since I upgraded to that version over a month ago (IIRC) i find it very strange that I haven't noticed it until now. I changed my smb.conf to include server signing = no and all my problems immediately went away. Hooray! Interestingly, the problems I've been seeing also appeared piecemeal over the past month or so, which made it the more baffling to debug. First I couldn't change permissions using domain ACLs, then I couldn't browse the server, then (recently) client systems started refusing to log domain users on. My best guess would be that there are some fairly long timeouts or caches that kept things working until they expired. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: network name no longer available
Still looking for a solution. Still getting the same error. Help? Bevan C. Bennett wrote: I have a samba PDC/BDC setup with a small number of W2k clients. Not too long ago I set up a set of new servers on fresh Fedora 1 boxes using Samba 3.0.1 and migrated my LDAP to the new schema. It was all working quite well until recently. Suddenly, when I try to change permissions on a windows share (from the windows box), after I give the root password, I get a message that "The specified network name is no longer available" and everything fails. I get the same message when I go into network neighborhood and try to browse to either of the SAMBA boxes. Something must have gotten glitched, but I'm not quite stumped as to what. I even updated to 3.0.2rc1 to see if it made a difference... The one thing that may be relevant is that I had had my primary LDAP server hang for a period of time (too many open files, hopefully now resolved) which made everyone somewhat upset (oddly, even the BDC which is it's own ldap server). At this point I'd greatly appreciate any suggestions or debugging advice that might be offered. I'll try to stick around and offer the benefit of my limited knowledge in return. The other samba system can see everything just fine. > smbclient -L skuld Password: Anonymous login successful Sharename Type Comment - --- netlogon Disk Network Logon Service fooDisk Test Share IPC$ IPC IPC Service (Samba BDC) ADMIN$ IPC IPC Service (Samba BDC) Anonymous login successful Server Comment ---- SKULDSamba BDC VERDANDI Samba PDC WorkgroupMaster ---- FULCRUM VERDANDI net view on the windows client lists all of the local systems, including the samba servers, just fine. The BDC is currently configured in this fashion, although this hasn't really changed: % testparm Load smb config files from /etc/samba/smb.conf Processing section "[netlogon]" Processing section "[foo]" Loaded services file OK. Server role: ROLE_DOMAIN_BDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = FULCRUM server string = Samba BDC passdb backend = ldapsam:ldap://ldap2.internal.avlsi.com lanman auth = No log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins host bcast time server = Yes server signing = auto logon script = logon.cmd logon path = domain logons = Yes local master = No domain master = No wins server = 10.0.80.13 ldap suffix = dc=internal,dc=avlsi,dc=com ldap machine suffix = ou=computers ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap admin dn = "cn=Manager,dc=internal,dc=avlsi,dc=com" ldap ssl = start tls ldap passwd sync = Yes idmap backend = ldap:ldap://ldap2.internal.avlsi.com idmap uid = 4-5 idmap gid = 4-5 hosts allow = 10.0., 127. [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = Administrator [foo] comment = Test Share path = /usr/add/foo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] network name no longer available
I have a samba PDC/BDC setup with a small number of W2k clients. Not too long ago I set up a set of new servers on fresh Fedora 1 boxes using Samba 3.0.1 and migrated my LDAP to the new schema. It was all working quite well until recently. Suddenly, when I try to change permissions on a windows share (from the windows box), after I give the root password, I get a message that "The specified network name is no longer available" and everything fails. I get the same message when I go into network neighborhood and try to browse to either of the SAMBA boxes. Something must have gotten glitched, but I'm not quite stumped as to what. I even updated to 3.0.2rc1 to see if it made a difference... The one thing that may be relevant is that I had had my primary LDAP server hang for a period of time (too many open files, hopefully now resolved) which made everyone somewhat upset (oddly, even the BDC which is it's own ldap server). At this point I'd greatly appreciate any suggestions or debugging advice that might be offered. I'll try to stick around and offer the benefit of my limited knowledge in return. The other samba system can see everything just fine. > smbclient -L skuld Password: Anonymous login successful Sharename Type Comment - --- netlogon Disk Network Logon Service fooDisk Test Share IPC$ IPC IPC Service (Samba BDC) ADMIN$ IPC IPC Service (Samba BDC) Anonymous login successful Server Comment ---- SKULDSamba BDC VERDANDI Samba PDC WorkgroupMaster ---- FULCRUM VERDANDI net view on the windows client lists all of the local systems, including the samba servers, just fine. The BDC is currently configured in this fashion, although this hasn't really changed: % testparm Load smb config files from /etc/samba/smb.conf Processing section "[netlogon]" Processing section "[foo]" Loaded services file OK. Server role: ROLE_DOMAIN_BDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = FULCRUM server string = Samba BDC passdb backend = ldapsam:ldap://ldap2.internal.avlsi.com lanman auth = No log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins host bcast time server = Yes server signing = auto logon script = logon.cmd logon path = domain logons = Yes local master = No domain master = No wins server = 10.0.80.13 ldap suffix = dc=internal,dc=avlsi,dc=com ldap machine suffix = ou=computers ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap admin dn = "cn=Manager,dc=internal,dc=avlsi,dc=com" ldap ssl = start tls ldap passwd sync = Yes idmap backend = ldap:ldap://ldap2.internal.avlsi.com idmap uid = 4-5 idmap gid = 4-5 hosts allow = 10.0., 127. [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = Administrator [foo] comment = Test Share path = /usr/add/foo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: My story installing Samba-LDAP PDC (it has a happy ending)
Andrei Mikhailovsky wrote: Hello again ) I have followed your suggestion. changed the ldap.conf so the nsswitch will do sub search and changed the nss_passwd/group/shadow to search at the root of the database. Still no luck. Can you 'finger' the computer accounts? That should show if the NSS is configured correctly. I had a similar problem with 'smbpasswd -a -m' not finding my machine accounts under 'ou=Computers' and made a similar modification to that recently suggested, which (for me) solved the problem. Original /etc/ldap.conf snippet: base dc=internal,dc=avlsi,dc=com pam_filter objectclass=posixAccount pam_password exop nss_base_passwdou=People,dc=internal,dc=avlsi,dc=com?one nss_base_shadowou=People,dc=internal,dc=avlsi,dc=com?one nss_base_group ou=Groups,dc=internal,dc=avlsi,dc=com?one Revised /etc/ldap.conf snippet: base dc=internal,dc=avlsi,dc=com pam_filter objectclass=posixAccount pam_password exop nss_base_passwddc=internal,dc=avlsi,dc=com?sub nss_base_shadowou=People,dc=internal,dc=avlsi,dc=com?one nss_base_group ou=Groups,dc=internal,dc=avlsi,dc=com?one You do not have to have an Administrator account with uid=0, but you do need to have -some- account with uid=0. I put the following in LDAP to satisfy that requirement: dn: uid=root,ou=people,dc=internal,dc=avlsi,dc=com objectClass: account objectClass: sambaSamAccount sambaPwdCanChange: 1072123497 sambaPwdLastSet: 1072123497 sambaAcctFlags: [U ] displayName: root sambaSID: S-1-5-21-3418961212-346530541-152393462-1000 sambaLMPassword: NICE-TRY sambaNTPassword: NICE-TRY uid: root sambaPwdMustChange: 2147483647 sambaPrimaryGroupSID: S-1-5-21-3418961212-346530541-152393462-512 (root's posixaccount is in local files, not LDAP) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba