Re: [Samba] create_local_nt_token_from_info3 not pulling supplementary UNIX groups
Can anyone with knowledge about this issue offer any comment? Somebody has to have an idea about it, good or bad. Thanks, Brian On 9/11/2013 2:20 PM, Brian H. Nelson wrote: I'm trying to solve this issue I'm having where using 'valid users = +unixgroup' just plain doesn't work. I can't find any /documented/ reason why this is so, but nevertheless, it seems to be the case. This is with samba 3.6.18, but seems to exist in all of 3.6.x and most or all of 3.5.x and perhaps earlier as well (see bug #6681). From what I can tell, the underlying reason it doesn't work is because create_local_nt_token_from_info3 doesn't seem to populate the user's token with local UNIX /supplementary/ group SIDs (S-1-22-2-xxx). I'm not sure exactly why this is the case; the code is a bit complicated. Ironically, if the user is explicitly mapped (username map in smb.conf) then it *does* work. This seems to be because an explicitly-mapped user will follow a different code path and end up using create_token_from_username which /does/ pull local UNIX groups. I don't understand why there is a difference in behavior between explicit and implicit mapping. (Implicit mapping meaning DOMAIN\name maps to local user 'name' via idmap_nss, or some other facility). I would think that either case should ultimately end with the same result. This seems like a very major and long-standing problem to just be a bug. As such I feel like I'm missing something. Can a dev or somebody with a better understanding of the code fill me in? Here are some reference links that sound related: https://bugzilla.samba.org/show_bug.cgi?id=6681 http://marc.info/?l=samba&m=135879161014066&w=2 http://marc.info/?l=samba&m=120886782118153&w=2 Thanks, Brian -- Brian H. Nelson Data Security Analyst I IT Infrastructure Engineering Youngstown State University bhnelson[at]ysu[dot]edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] create_local_nt_token_from_info3 not pulling supplementary UNIX groups
According to the smb.conf man page, using @group is equavelnt to &+group where '&' means check it as an NIS netgroup and '+' means check it as a local UNIX group. Just +group should be what I want (I'm not using NIS) but I admit I haven't tested much with @group. Another interesting facet is that the RHEL-provided samba builds *do not* exhibit the problem I'm seeing. They bundle in a number of patches. Apparently one (or more) of them is changing this specific behavior. Brian On 9/11/2013 3:18 PM, Brian Cuttler wrote: I thought it was "@group" rather than "+group" in the samba.conf share definition... -- Brian H. Nelson Data Security Analyst I IT Infrastructure Engineering Youngstown State University bhnelson[at]ysu[dot]edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] create_local_nt_token_from_info3 not pulling supplementary UNIX groups
I'm trying to solve this issue I'm having where using 'valid users = +unixgroup' just plain doesn't work. I can't find any /documented/ reason why this is so, but nevertheless, it seems to be the case. This is with samba 3.6.18, but seems to exist in all of 3.6.x and most or all of 3.5.x and perhaps earlier as well (see bug #6681). From what I can tell, the underlying reason it doesn't work is because create_local_nt_token_from_info3 doesn't seem to populate the user's token with local UNIX /supplementary/ group SIDs (S-1-22-2-xxx). I'm not sure exactly why this is the case; the code is a bit complicated. Ironically, if the user is explicitly mapped (username map in smb.conf) then it *does* work. This seems to be because an explicitly-mapped user will follow a different code path and end up using create_token_from_username which /does/ pull local UNIX groups. I don't understand why there is a difference in behavior between explicit and implicit mapping. (Implicit mapping meaning DOMAIN\name maps to local user 'name' via idmap_nss, or some other facility). I would think that either case should ultimately end with the same result. This seems like a very major and long-standing problem to just be a bug. As such I feel like I'm missing something. Can a dev or somebody with a better understanding of the code fill me in? Here are some reference links that sound related: https://bugzilla.samba.org/show_bug.cgi?id=6681 http://marc.info/?l=samba&m=135879161014066&w=2 http://marc.info/?l=samba&m=120886782118153&w=2 Thanks, Brian -- Brian H. Nelson Data Security Analyst I IT Infrastructure Engineering Youngstown State University bhnelson[at]ysu[dot]edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removed params 'force security mode' etc. What to use instead?
I hate to bump, but surely someone can offer some input on this. At least question 1? Thanks, Brian On 7/3/2013 2:56 PM, Brian H. Nelson wrote: I noticed that the fix for bug 9190 (inc in samba 4.0) resulted in the removal of the following config parameters: security mask force security mode directory mask force directory security mode I have a couple questions regarding this, and haven't really seen any good info on it, so... 1) Why were they removed? There doesn't seems to be any explanation in the bug notes or release notes. Maybe I'm missing something? (not judging, just confused) 2) What can be used instead? I don't see any comparable settings in samba to obtain the same effect (preventing clients from removing certain security bits from existing files, ie group permissions) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removed params 'force security mode' etc. What to use instead?
On 7/3/2013 4:54 PM, Jonathan Buzzard wrote: My guess is this is related to the Unix extensions. Basically certain versions of OS X; I can't remember which ones but 10.5 sticks in my mind but that might be related to symbolic links and it was 10.6 that was the problem, notice the file server does Unix extensions and then decides to go behind the Samba servers back and fiddle with the permissions. Indeed. Unfortunately (in this case) we had already disabled unix extensions a while back when 10.6.8/10.7 came out and we started seeing similar permission issues. I'm surprized that "force security mode" wouldn't work. That actually sounds like a bug if that's the case. I don't believe I ever actually tested it myself but we did pin that as another possible solution at that time. This seems to be a different but similar issue on some new machines with 10.8. I'm not yet sure if it's an OS issue or a application issue. So far, I've only seen it when a user 'packages' a project from Adobe InDesign. Many of the extra files in the 'package' (just a folder, not an archive or anything) end up without group permissions which is a big issue for them. Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Removed params 'force security mode' etc. What to use instead?
Hello list, I noticed that the fix for bug 9190 (inc in samba 4.0) resulted in the removal of the following config parameters: security mask force security mode directory mask force directory security mode I have a couple questions regarding this, and haven't really seen any good info on it, so... 1) Why were they removed? There doesn't seems to be any explanation in the bug notes or release notes. Maybe I'm missing something? (not judging, just confused) 2) What can be used instead? I don't see any comparable settings in samba to obtain the same effect (preventing clients from removing certain security bits from existing files, ie group permissions) I have a situation currently where it looks like I will need to implement the above 'force' settings in my samba 3.x environment to deal with some misbehaving OS X clients that insist on stripping group permissions from files in certain situations. I'd rather not start using settings that I know are removed in future versions, but I'm not sure of a better way. Can anyone recommend the best way to deal with this? Thanks! Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows machine has to join two times
It might be a problem with nscd *negative* result caching as described in this post: http://lists.samba.org/archive/samba/2008-March/139102.html which also links this post: http://lists.samba.org/archive/samba/2006-May/120798.html Maybe those will provide some helpful information for you. -Brian toonverdo...@dommel.be wrote: Ok, so it's better to clear the cache after adding a machine into the LDAP directory so SAMBA can add the right attributes instead of disabling the nscd service? I already tried an nscd -i passwd after adding a machine but that didn't work out Quoting John Drescher : I stopped the nscd service and now I can join the machine's from the first time! Wasn't the cache cleared by adding "nscd -i passwd" to the scripts? Is it a good idea to disable this service? In a lot of cases the answer is no. If your ldap server is not on the same box the answer is definitely no because you will take a huge performance hit when accessing files. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC directory permission fail
Bino Oetomo wrote: And ... voila ... the user can access (read-write) into the shares ... But it'll means that the user can also "execute" somethings inside directory ... right ? Why we need the "execute" bit in directory permission just to let the user to "read and write only" ? That is how UNIX filesystem permissions work. 'Execute' on a directory allows traversal of (ie access into) the directory. From Wikipedia (http://en.wikipedia.org/wiki/File_system_permissions): There are three specific permissions on Unix-like systems that apply to each class: * The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory (but not to find out any further information about them such as contents, file type, size, ownership, permissions, etc.) * The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files. * The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled c++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see files inside the directory (unless read is set). Search Google for "unix permissions" if you need more understanding. -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BDC and PDC communication...
Question about BDC's on a domain, 1) How can you verify that the BDC and PDC are communicating? (verify they are both on the same domain and that one is a slave/backup? basically verify that the reality matches what is setup in the config files.) 2) If a BDC seems to no longer see the domain, do you just rejoin it again with "net rpc join ..." Thanks for any help, Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Rejoin BDC to domain?
We recently replaced a failing PDC, and it seems to be working just fine: # net rpc testjoin Join to 'OURDOMAIN' is OK # net lookup dc OURDOMAIN 172.16.1.40 But the BDC now seems to be having problems. We cannot get new workstations (in the subnet with the BDC) to join the domain, and while logged into the BDC, we get: # net rpc testjoin Unable to find a suitable server Join to domain 'OURDOMAIN' is not valid # net lookup dc # This BDC was working fine before we replaced the PDC, and I tried: net rpc getsid -S OURDOMAIN -I 172.16.1.40 -U admin%password which says it grabbed the SID. Do I need to rejoin the BDC to the domain? Thanks for any help, Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BDC Promotion and Netbios...
We are replacing a failing PDC. When promoting a BDC to replace an existing PDC, can you change the NETBIOS name field to match that of the original PDC without causing problems? Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating to replacement PDC
I've been reading the SAMBA documentation at: http://us3.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 But I just need some confirmation since this is our primary server, and I'm not fully confident about what I read. SITUATION: We currently have a Samba server running as our Primary Domain Controller which is authenticating against a local LDAP database. The hardware is failing so we need to build a replacement box. Machine hostnames are based off of asset tags, so the hostnames will be different between the two servers. The intention is to build the NEW server with a unique hostname and temp IP address, and the same smb.conf. Then at the point of migration, change the IP address of the NEW server to that of the OLD server, start up SAMBA, and then let it take over as the PDC. QUESTIONS: And from what I understand, as long as I make sure the NEW server has the same NETBIOS name in the /etc/samba/smb.conf file, then it should pull the "domain SID" from LDAP the first time it is started. Does this mean I don't need to import the "secrets.tdb" or manually set the SID with "net setlocalsid S-1-5-21-22-2394995923-3994118334", or change the hostname that of the OLD server? MISC FACTS: OLD Server Hostname: asset01 DNS Name(s): asset01 PDC LDAP NETBIOS: PDC IP: 172.16.1.1 Services: SAMBA, LDAP NEW Server (future values are in < > ) Hostname: asset02 DNS Name(s): asset02 NETBIOS: IP: 172.16.1.2 <172.16.1.1> Services: SAMBA, LDAP Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Solaris 10 (sparc) and samba issue
Ravi Channavajhala wrote: Brian, it is Windows 2003/R2. The config for samba is straightup just from the global section. The exact problem I'm having is the net ads is unable to create the kerberos keytab and I hate to run ktpass and etc from the win KDC and install them. Even if I did the ktpass, the tix are not workingI get constant error 'server not found in kerberos database' whenever attempting to login. Ah, sorry. I'm not using keytab anywhere so I probably can't help much. I know it's an obvious check, but does the file /etc/krb5/krb5.keytab exist on your machine? It's not there by default and might need to be created first. -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Solaris 10 (sparc) and samba issue
Ravi, You don't mention which version of AD your are working with or include any relevant config files. Both would be helpful. Also, it might just be me, but I'm not clear on exactly what problem you're having. Maybe you could clarify, list error messages, etc. You might want to get Solaris patch 119757-14 which gives you samba 3.0.33. I don't know if it will help. I had no problems with samba 3.0.28 on Solaris 10. -Brian Ravi Channavajhala wrote: The net ads joins the host to the AD, but cant get the proper kerberos tix. Manually generating the kerberos keytab from AD dont work. Any suggestions? r...@host /#head -1 /etc/release Solaris 10 10/08 s10s_u6wos_07b SPARC r...@host /usr/sfw/sbin#./smbd -V Version 3.0.28 r...@host /#for PKG in `pkginfo -x | grep -i samba | awk '{print $1}'`; do VER=`pkginfo -l ${PKG} | grep PSTAMP`; echo ${PKG} ${VER}; done SUNWsmbac PSTAMP: sfw10-patch20080310191909 SUNWsmbar PSTAMP: sfw10-patch20080723133424 SUNWsmbau PSTAMP: sfw10-patch20080723134146 Last few relevant lines from net ads with -d10 level debugging. [2009/05/11 20:13:20, 10] libsmb/clientgen.c:(395) cli_rpc_pipe_close: closed pipe \NETLOGON to machine host.domain.com [2009/05/11 20:13:20, 6] libsmb/clientgen.c:(153) write_socket(9,39) [2009/05/11 20:13:20, 6] libsmb/clientgen.c:(156) write_socket(9,39) wrote 39 [2009/05/11 20:13:20, 10] lib/util_sock.c:(623) got smb length of 35 [2009/05/11 20:13:20, 5] lib/util.c:(484) [2009/05/11 20:13:20, 5] lib/util.c:(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2050 smb_pid=2945 smb_uid=2050 smb_mid=12 smt_wct=0 smb_bcc=0 [2009/05/11 20:13:20, 10] lib/util.c:(2957) name_to_fqdn: lookup for HOST -> HOST.domain.com [2009/05/11 20:13:20, 3] libads/ldap.c:(2471) ads_domain_func_level: 2 [2009/05/11 20:13:20, 3] libads/kerberos.c:(337) kerberos_secrets_store_des_salt: Storing salt "host/host.domain@domain.com" [2009/05/11 20:13:21, 2] libads/kerberos_keytab.c:(260) ads_keytab_add_entry: Using default system keytab: FILE:/etc/krb5/krb5.keytab [2009/05/11 20:13:21, 5] libads/ldap.c:(1422) ads_get_kvno: Searching for host HOST [2009/05/11 20:13:21, 5] libads/ldap.c:(1440) ads_get_kvno: Using: CN=HOST,CN=Computers,DC=domain,DC=com [2009/05/11 20:13:21, 5] libads/ldap.c:(1459) ads_get_kvno: Looked Up KVNO of: 7 [2009/05/11 20:13:21, 3] libads/kerberos_keytab.c:(65) smb_krb5_kt_add_entry: Will try to delete old keytab entries [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(152) smb_krb5_kt_add_entry: krb5_kt_end_seq_get failed (Bad file number) [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(346) ads_keytab_add_entry: Failed to add entry to keytab file [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(508) ads_keytab_create_default: ads_keytab_add_entry failed while adding 'host'. [2009/05/11 20:13:21, 1] utils/net_ads.c:(1644) Error creating host keytab! Joined 'HOST' to realm 'DOMAIN.COM' [2009/05/11 20:13:21, 2] utils/net.c:(1036) return code = 0 -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't make 3.3.0 on Solaris 10
myron wrote: I tried all the combinations. The furthest I get is Linking bin/smbd ... collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 Well that's definitely a linking error. If you got the same error with both sun ld and gnu ld then my best guess is that you have a broken shared library somewhere that samba is trying to link in. Most likely a package or library that you downloaded that was built on a newer OS than you have installed (Update releases and/or patches). You can try doing 'ldd /usr/local/lib/*' (and wherever else you have 3rd party libs) and looking for similar-named missing dependencies. I can't find that library on my system. Do you have a library by that name? That library is part of samba. It should exist in ./bin of the samba source directory. -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't make 3.3.0 on Solaris 10
myron wrote: I tired a few things now. I had gcc-4.2.1 on my system, si I trited that. It failed at the same spot. I then tried it with Sun's gcc and Sun's ld and that failed with an option to ld that it didn't understand. I think that's the reason I use gnu's ld. So, now I'm trying it with Sun's gcc and gnu's ld. It may be obvious, but did you 'make clean' and re-configure between each attempt? If not, that could be why it's passing ld wrong options. Also, I'm not sure if you can mix and match linkers. I presume that you need to be using the linker that gcc says it was configured for, but perhaps thats not true. -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't make 3.3.0 on Solaris 10
myron wrote: There's no special configure options. I'm using gnu's ld not Sun's. The only reference I could find to this problem with the ld program used. Anyone on Solaris 10 have this same problem? Any particular reason you're using GNU's ld? If you want to experiment you can try building with /usr/sfw/bin/gcc which uses Sun's ld. Of course that's assuming you have the relevant packages installed. -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba local master browser crashes the Windows domain master browser
Jeremy Allison wrote: A crash on the Windows server is definately a Microsoft bug. If you can reproduce it at will I'd suggest sending a bug report their way. Jeremy. I agree completely. My main thought was that 'Samba crashing Windows' ultimately makes Samba look bad. Besides that, it's not unlikely that there is also a bug in Samba that is contributing. Either way, there doesn't seem to be a way to even talk to Microsoft without shelling out money. I'm going to check with a co-worker who has an MSDN sub next week and see if there is a route there. -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba local master browser crashes the Windows domain master browser
Not even a comment on this? -Brian Brian H. Nelson wrote: Hi all, I have a Windows 2003sp2 domain with a few Samba 3.0 member servers. This domain services about 700 XP PCs distributed across 15 or so subnets. On one particular subnet there are about 300 PCs, 2 or 3 2003 member servers and a samba 3.0.28 member server (solaris). When/if the samba server picks up the local master browser role, it will cause the domain master browser to crash after a short while (5-30 min). As long as one of the windows machines is LMB, everything works fine. I have been able to reproduce the crash several times by switching the samba machine back to LMB (with os level = 255). I do have at least one other Samba machine acting as a local master. This machine does not seem to cause the above problem, but it is on a different subnet that has far fewer machines (less that 50). That samba is 3.0.23c (ancient, I know). The domain master is the 2003 DC that carries the PDC emulator FSMO role. Moving the PDC role around to other DCs causes the crash problem to follow to the new machine. Stopping the Computer Browser service on that DC prevents the crash from happening, but that is not really a solution. Setting 'local master = no' on the samba machine also takes care of this problem, which I have done, but I still feel that this is a pretty major issue and should be investigated further. I suspect that this is ultimately a Microsoft bug, but being that only Samba seems to tickle it is why I'm posting here. Are there any known issues related to this? I have a network trace and a level 10 nmbd log of the problem. Should I open a bug? Thanks much, -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba local master browser crashes the Windows domain master browser
Hi all, I have a Windows 2003sp2 domain with a few Samba 3.0 member servers. This domain services about 700 XP PCs distributed across 15 or so subnets. On one particular subnet there are about 300 PCs, 2 or 3 2003 member servers and a samba 3.0.28 member server (solaris). When/if the samba server picks up the local master browser role, it will cause the domain master browser to crash after a short while (5-30 min). As long as one of the windows machines is LMB, everything works fine. I have been able to reproduce the crash several times by switching the samba machine back to LMB (with os level = 255). I do have at least one other Samba machine acting as a local master. This machine does not seem to cause the above problem, but it is on a different subnet that has far fewer machines (less that 50). That samba is 3.0.23c (ancient, I know). The domain master is the 2003 DC that carries the PDC emulator FSMO role. Moving the PDC role around to other DCs causes the crash problem to follow to the new machine. Stopping the Computer Browser service on that DC prevents the crash from happening, but that is not really a solution. Setting 'local master = no' on the samba machine also takes care of this problem, which I have done, but I still feel that this is a pretty major issue and should be investigated further. I suspect that this is ultimately a Microsoft bug, but being that only Samba seems to tickle it is why I'm posting here. Are there any known issues related to this? I have a network trace and a level 10 nmbd log of the problem. Should I open a bug? Thanks much, -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Solaris 8 and Solaris 10
James Chavez wrote: All, Is there a mount.cifs utility or mount_smbfs for Solaris 8 and Solaris 10. I would like to map drives to my Windows servers from Solaris. smbclient works great for accessing files but I want to map the drives. Thank you James I do not believe that functionality is available on Solaris. -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] static libgcc issue on solaris 8
[EMAIL PROTECTED] wrote: Hello all, little question. Has somebody already compiled samba on SunOS 5.8 because I cannot statically link libgcc libraries. I already tried "gcc -static-libgcc", added "-lgcc_s" to LIBS variable but always the same result. Below resulted compiled binary .. # ldd bin/ntlm_auth libthread.so.1 =>/usr/lib/libthread.so.1 libsendfile.so.1 => /usr/lib/libsendfile.so.1 libresolv.so.2 =>/usr/lib/libresolv.so.2 libnsl.so.1 => /usr/lib/libnsl.so.1 libsocket.so.1 =>/usr/lib/libsocket.so.1 libdl.so.1 =>/usr/lib/libdl.so.1 libiconv.so.2 => /usr/local/lib/libiconv.so.2 libgssapi_krb5.so.2 => /usr/local/lib/libgssapi_krb5.so.2 libkrb5.so.3 => /usr/local/lib/libkrb5.so.3 libk5crypto.so.3 => /usr/local/lib/libk5crypto.so.3 libcom_err.so.3 => /usr/local/lib/libcom_err.so.3 libldap-2.3.so.0 => /usr/local/lib/libldap-2.3.so.0 liblber-2.3.so.0 => /usr/local/lib/liblber-2.3.so.0 libc.so.1 => /usr/lib/libc.so.1 libmp.so.2 =>/usr/lib/libmp.so.2 libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1 libkrb5support.so.0 => /usr/local/lib/libkrb5support.so.0 libgen.so.1 => /usr/lib/libgen.so.1 libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 libssl.so.0.9.8 => /usr/local/lib/libssl.so.0.9.8 libcrypto.so.0.9.8 =>/usr/local/lib/libcrypto.so.0.9.8 /usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 Is there something special with SunOs that I should know to make my compilation work successfully ?? Can somebody help me because I absolutely need these binaries statically linked with libgcc libraries ? many thanks for your help. Vincent. Unless you built them all yourself, I'd wager that the libgcc dependency is coming from one of your support libraries (iconv, krb5, ldap, sasl, etc). You can check this with 'ldd -sv' on your samba binary. If you're really bent on not having a libgcc dependency, then build everything with Sun's compiler. :-) -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] call_nt_transact_ioctl(0x9005c)
I'm seeing these errors every couple minutes from my Samba server (3.0.28... RHEL5 build). [2008/09/15 11:59:44, 0] smbd/nttrans.c:call_nt_transact_ioctl(2463) call_nt_transact_ioctl(0x9005c): Currently not implemented. I realize what 'currently not implemented' means, and since no users have complained, I assume the message is ignorable. I was wondering however, if anyone can enlighten me as to what ioctl 0x9005c is/does, and what windows processes/etc might try to use it. Perhaps it's something that I can turn off or re-configure on the client machines. Thanks! -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Shortfalls?
Justin Piszcz wrote: Hello, 1) Can not support .chm help files I am unable to use .chm files even when shared from a 'real' windows 2000 machine either. I believe the limitation is in the help file viewer, not in the server (samba or otherwise). -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
Michael Adam wrote: To be more concrete: I suggest adding a configure option "--enable-rpath" that adds the appropriate LDFLAGS when appropriate for the build system (e.g. solaris and linux for a start) and gives notice when the system is unsupported (for rpath). See http://gitweb.samba.org/?p=samba.git;a=commit;h=3a0f781352f364ce625a35ffd78257b27d984c47 and http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=6850dc242b010bdcef5e427e51be04201f55b7f3 for what has already been in the sources and has been removed. From link #2: What is more, rpath also has some bad effects (when updating libraries, e.g.), so it should not be set unconditionally. Could you elaborate on why/when setting rpath would cause problems? I'm having trouble coming up with an example. Thanks, -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
Jakov Sosic wrote: And I'm really keen to solve this one. I just can't get it - how can one Samba have issues with transfer rates, and another one not, with the same exact configuration? I have noticed that Sun's samba build has some different/wrong default settings that a 'standard' samba built on solaris. You might try comparing the outputs of 'testparm -sv' from the two different sambas. Perhaps some rogue default setting is affecting your performance. -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
James Kosin wrote: Tim, You still may have to move the libraries to their normal spot or make an entry in /etc/ld.so.conf to point to the directory where the libraries are kept for samba. James On Solaris, one uses the crle command to achieve the same result. Aside from that, I believe that the general practice for packages that include their own libraries is to hard-code the libpath into any applicable binaries using '-rpath $prefix/lib' in the linking step (or '-R $prefix/lib' with Solaris ld). If you install samba into its own area (say /usr/local/samba) and the libraries are installed in a non-system location (perhaps /usr/local/samba/lib), messing with the runtime linker config to make samba work should NOT be required. -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] msdfs root = yes is the default???
Rob Shinn wrote: Why is that when you create a share, the default is 'msdfs root = yes'? Also, why is that a share that is set 'msdfs root = yes' -- or, rather, a share that does /not/ set 'msdfs root = no' -- advertises that it is a DFS root to the Linux CIFS client, /even /when 'host msdfs = no'? This sounds like A) a bug (ignoring 'host msdfs', and B) a misfeature (msdfs root should probably /not/ default to yes). The default for 'msdfs root' was changed to 'no' in, I believe, samba 3.0.25. If you're using a version earlier than that, I suggest putting 'msdfs root = no' in the global section of smb.conf. That seems to disable it for all shares. I ran into similar issues with this problem and the [homes] share, ah la samba bug 4398. Be aware that you generally have to reboot the _client_ machine(s) in order for changes to the 'msdfs root' parameter to be recognized. -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help making Samba a DFS host (not root!)
Jeremy Allison wrote: Sorry, I dropped the ball on this one. Yes, open up a bug please and attach the files there, that way more than myself can work on it. Thanks, Jeremy. Ok. Bug 5641 created: "Can't use Samba server as DFS host via dfsgui.msc." Thanks, -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help making Samba a DFS host (not root!)
Any word on this? Should I open a bug? I've got my foot in my mouth after telling my group that samba supports DFS :-) Thanks, -Brian Brian H. Nelson wrote: Jeremy, Files attached. Let me know if they're not what you need. Just for fun I tried this with 3.0.28 as well. Same result. -Brian Jeremy Allison wrote: On Wed, Jul 16, 2008 at 02:33:57PM -0400, Brian H. Nelson wrote: I'm trying to create a DFS root in my 2003 AD domain, and point it to a share hosted on a Samba server. From the documentation, I had assumed that this was supported (msdfs host = yes ?). Am I missing something basic? This is with Samba 3.0.31 on RHEL 5. When I go to create the DFS root (via the msc plugin) and instruct it to use my samba machine as the host, I get this error: "The computer you entered cannot host the DFS root. You must enter the name of a computer running an operating system in the Windows 2000 Server or Windows Server 2003 families." Just to be clear, I'm NOT trying to make Samba a DFS root, just a host (ie target) for a DFS root in my AD domain. Is Samba only capable of hosting a samba-based DFS root, and not an AD based one? Is there some trick to getting it configured? Can you post the network capture trace plus the debug level 10 of the smbd you're pointing the MSC plugin at please ? Jeremy. -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help making Samba a DFS host (not root!)
Jeremy, Files attached. Let me know if they're not what you need. Just for fun I tried this with 3.0.28 as well. Same result. -Brian Jeremy Allison wrote: On Wed, Jul 16, 2008 at 02:33:57PM -0400, Brian H. Nelson wrote: I'm trying to create a DFS root in my 2003 AD domain, and point it to a share hosted on a Samba server. From the documentation, I had assumed that this was supported (msdfs host = yes ?). Am I missing something basic? This is with Samba 3.0.31 on RHEL 5. When I go to create the DFS root (via the msc plugin) and instruct it to use my samba machine as the host, I get this error: "The computer you entered cannot host the DFS root. You must enter the name of a computer running an operating system in the Windows 2000 Server or Windows Server 2003 families." Just to be clear, I'm NOT trying to make Samba a DFS root, just a host (ie target) for a DFS root in my AD domain. Is Samba only capable of hosting a samba-based DFS root, and not an AD based one? Is there some trick to getting it configured? Can you post the network capture trace plus the debug level 10 of the smbd you're pointing the MSC plugin at please ? Jeremy. -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help making Samba a DFS host (not root!)
I'm trying to create a DFS root in my 2003 AD domain, and point it to a share hosted on a Samba server. From the documentation, I had assumed that this was supported (msdfs host = yes ?). Am I missing something basic? This is with Samba 3.0.31 on RHEL 5. When I go to create the DFS root (via the msc plugin) and instruct it to use my samba machine as the host, I get this error: "The computer you entered cannot host the DFS root. You must enter the name of a computer running an operating system in the Windows 2000 Server or Windows Server 2003 families." Just to be clear, I'm NOT trying to make Samba a DFS root, just a host (ie target) for a DFS root in my AD domain. Is Samba only capable of hosting a samba-based DFS root, and not an AD based one? Is there some trick to getting it configured? Thanks! -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Common MS Office and samba file share issue
Jeremy Allison wrote: Are you using ACLs on the drive ? If so, this is a bug with ACL inheritance I've fixed for 3.0.30. Thanks Jeremy. Why isn't there anything in the 3.0.30 changelog regarding this? It sounds like a major improvement. -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Broken man page(s) on samba website
It appears that at least the smb.conf man page on the samba site is broken. Almost all of the attribute names are missing. I tried it in IE and Firefox with the same result. http://us1.samba.org/samba/docs/man/manpages-3/smb.conf.5.html Am I missing something? -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help: justification for Linux PDC vs Windows...
JJB wrote: As I understand it, you need a WINS server for every subnet - we figured this out after the fact, so we now have 3 servers running Samba so that everyone can see all members of the workgroup (we are rolling out the domain slowly - in the meanwhile, we don't want to lose browse functionality). If anyone has a written proceedure for how to get this working with only one multi-homed server (does that mean one server with 1 network card for each subnet, or one card with 3 addresses somehow associated with it?) please post a link or email it to me. Thanks - Joel A single WINS server can work just fine across multiple workgroups and subnets. All that this required is to specify the WINS address on the client in the same way you'd specify the DNS address. That can even be done through DHCP. -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Release timeframe for 3.0.26?
Andrew Bartlett wrote: Just to note, the next release will be numbered 3.2.0, and licenced under GPLv3. It will contain was was to be 3.0.26. Andrew Bartlett Just out of curiosity, what happened to 3.1.0? -Brian -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba v3.0.23a BROKE my network
Chris Hall wrote: On Wed, 24 Jan 2007 you wrote *snip* I had a configuration that worked pre .23 but now suddenly did not work. What I needed to know was that with .23 it is ESSENTIAL that groupmap settings are made for a small number of groups. Even better, it would have been good to know that without those groupmap settings, users would not be able to log on. Could someone explain why these group maps are essential, and exactly why the lack of them made logins break for Chris's network? Does it have anything to do with roaming profiles? I ask because I have a very similar setup. I am running 3.0.23c (upgraded from .21something, and .14 before that). I have never mapped any groups by hand and I have not experienced any problems with logins. I double checked today, and both 'net group' and 'net groupmap list' return nothing (no groups defined). I'm not trying to be devil's advocate here. It really seems like Chris may have had a special situation that caused his problems. If that is the case, it would be beneficial to identify it, and perhaps that info could go into the release notes for future versions. On the other hand, if I'm the special case, I'd like to figure out why so I don't have problems in the future. -Brian -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbtorture4 fails RAW-LOCK against 3.0.23d
I think the message title says it all. I was attempting to do 'make test' against 3.0.23d and include the smbtorture4 tests from 4.0.0tp3 (as I read somewhere to be a good idea). Is there any reason that the test should not work? Does it have something to do with the 'unknown parameter'? Make test works fine without smbtorture4. Platform is Solaris 9 on sun4u. Samba 4 was compiled with gcc 3.4.6. Samba 3 was compiled with sun's gcc 4.0.3 originally, and I also tried a build with 'plain' gcc 3.3.2. Both builds generated the same error in make test. Thanks, Brian Details: Testing RAW-LOCK (0) TEST OUTPUT: Unknown parameter encountered: "passdb backend" Ignoring unknown parameter "passdb backend" Using seed 1169757972 Running RAW-LOCK Testing RAW_LOCK_LOCKX Trying 0xEEFF lock Trying 0xEF00 lock Trying zero lock Trying max lock Trying 2^63 Trying 2^63 - 1 Trying max lock 2 Testing RAW_LOCK_LOCK Trying 0/0 lock Trying 0/1 lock Trying 0xEEFF lock Trying 0xEF00 lock Trying max lock Trying wrong pid unlock Testing high pid High pid is not used on this server (correct) Testing LOCKING_ANDX_CANCEL_LOCK testing cancel by CANCEL_LOCK (torture/raw/lock.c:502) Incorrect status NT_STATUS_UNSUCCESSFUL - should be ERRDOS:ERRcancelviolation Testing LOCK_NOT_GRANTED vs. FILE_LOCK_CONFLICT testing with timeout = 0 (torture/raw/lock.c:857) Incorrect status NT_STATUS_LOCK_NOT_GRANTED - should be NT_STATUS_FILE_LOCK_CONFLICT Testing LOCKING_ANDX_CHANGE_LOCKTYPE TEST RAW-LOCK FAILED! - ... RAW-LOCK took 0.434055 secs Tests: 1, Errors: 1, Skipped: 0. Success rate: 0.00% NMBD OUTPUT: Netbios nameserver version 3.0.23d started. Copyright Andrew Tridgell and the Samba Team 1992-2006 standard input is not a socket, assuming -D option SMBD OUTPUT: smbd version 3.0.23d started. Copyright Andrew Tridgell and the Samba Team 1992-2006 standard input is not a socket, assuming -D option TEST FAILED: /root/samba-4.0.0tp3/source/bin/smbtorture --maximum-runtime=300 --option=interfaces=127.0.0.26/8,127.0.0.27/8,127.0.0.28/8,127.0.0.29/8,127.0.0.30/8,127.0.0.31/8 -s /root/samba-3.0.23d-gcc3/source/st/lib/client.conf --option=target:samba3=yes //127.0.0.2/tmp -Uroot%test RAW-LOCK (status 1) Testing RAW-OPLOCK (1) Testing RAW-READ (1) Testing RAW-SEEK (1) Testing RAW-SFILEINFO-BUG (1) Testing RPC-AUTHCONTEXT (1) 1 TESTS FAILED or SKIPPED (test_posix_s3.sh) nmbd exits with status 0 smbd exits with status 0 START: Thu Jan 25 15:29:53 EST 2007 (./script/tests/selftest.sh) END: Thu Jan 25 15:46:17 EST 2007 (./script/tests/selftest.sh) TEST STATUS: 1 gmake: *** [test] Error 1 -- ------- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 64bit vs 32bit performance on Solaris
I was wondering if anyone could speak for performance of 64bit vs 32bit builds of Samba on the Solaris SPARC platform. The only topics I found in the archive had to do only with removing the 256 max open file limit of a 32bit build. I have not run into that particular problem, but wondered if 64bit would perform any better overall. My hunch would be no, but perhaps someone else has already done the comparison. Thanks, -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Folder permissions not shown under XP
Hello, First, let me state that I have attempted to search for this topic and have only turned up other requests for the same issue. I couldn't find anything even remotely helpful for a solution. So, if this is a common issue, I apologize. Anyways, on a WinXP client, opening the security properties on a folder (directory)in a samba share shows all the checkboxes as blank. Opening sec properties on a FILE works fine. Only directories show up blank. I am not sure what happens on a 2k or earlier box (I have none handy to test). The folders do have unix permissions (770) on them, and no ACL. It just seems like windows doesn't 'see' them somehow. They are honored by windows though. I saw this problem under 3.0.5, and still see it after upgrading to 3.0.11. Samba is running on Solaris 8 on sparc. Here is one article I found from awile back that seems to be the same problem, with no responces: http://marc.theaimsgroup.com/?l=samba&m=109909254602241&w=2 Any help or suggestions are welcome. Thanks! -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba