[Samba] Samba logins disconnect?
I have been chasing down a problem where PC logins to our Samba server get disconnected from their printer and file shares. Here is the sequence of events: User logs in to PC File shares from NetApp file server are mapped and mounted Printer shares from Samba server go into opening state, may or may not become Ready Later, mapped network drives are Disconnected Network Drives and printers may report Ready but printing fails Opening a mapped network drive brings it out of Disconnected state but but it will go back to Disconnected after a few minutes Opening a printer window from Printers and Faxes may re-initialize the printer but may not Here's our environment: server room: Samba 3.0.21 NetApp Release 7.3.4 file server client networks: Winows XP clients IPsec tunnel (running on pfSense 2.0 firewalls) connects server room to client networks I haven't been able to find anything helpful in web searches, although there are a number of hits on similar problems. Carl G. Riches IT Manager Department of Biostatistics Box 357232 voice: 206-616-2725 University of Washingtonfax: 206-543-3286 Seattle, WA 98195-7232 internet: c...@u.washington.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help needed to debug Samba problem
I have a Samba domain that is having problems. We have a new NetApp file server (FAS2040 running NetApp Release 7.3.4) that keeps dropping its connection to the Samba server. We didn't have this problem with an older NetApp box (FAS250 running NetApp Release 6.5.1R1). I can run tcpdump on the Samba server and see traffic going back and forth between the FAS2040 and the Samba server when the filer tries to connect, but don't know enough about the protocol to decipher the traffic. One thought I had was to move the Samba domain to a newer version of Samba (on a newer server) but I don't know if that will really help. The above means that I have two questions: how to decipher the tcpdump info, and how to migrate existing Samba tdb databases to a new server? Thanks in advance for any pointers! Carl Carl G. Riches Department of Biostatistics University of Washington Seattle, WA 98195-7232 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Wrong PDC IP from multi-homed samba PDC
I am trying to join a SAMBA client to a SAMBA domain. The SAMBA PDC is on a different network from the SAMBA client. I have a SAMBA server on the client network acting as a local browse master. The net join command fails because the PDC is multi-homed, it gives out a list of addresses, the address at the head of the list can't be reached by the client and the command does not iterate through the list of PDCs. Is there a way to specify the order of IP addresses handed out by the SAMBA server when it is asked for the PDC address(es)? The PDC is multi-homed with these addresses: 10.142.36.94 (a /25 net) 10.142.36.125 (a /27 net) 10.142.36.254 (a /25 net) The client can connect to the PDC's 10.142.36.94 address (ping, ssh, etc.) via an IPsec tunnel. I can successfully run many commands against the PDC: nmblookup -B server __SAMBA__ nmblookup -M -- - smbclient -L server -U% and so on. However, the net lookup dc command gives me a list of PDC addresses in this order: 10.142.36.254 10.142.36.94 10.142.36.125 The file wins.dat has these entries for the PDC: SERVER#00 1275257441 10.142.36.94 10.142.36.254 10.142.36.125 66R SERVER#03 1275257441 10.142.36.94 10.142.36.254 10.142.36.125 66R SERVER#20 1275257441 10.142.36.94 10.142.36.254 10.142.36.125 66R A net join command fails. It tries to use this address for the PDC: 10.142.36.254 There is no route to that address. The net join command does not iterate through the list of PDC addresses, though. It just fails. Is there a way to specify the order in which the SAMBA PDC hands out its addresses (when multi-homed) such that the IP address at the top of the list is the one on which the request arrived? That is, if a request for the PDC list arrives on the 10.142.36.94 interface can the response put the address 10.142.36.94 at the head of the list of PDC addresses? Thanks, Carl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] multi-homed samba PDC and NetApp filers
On Sun, 2010-05-16 at 19:23 -0700, Carl G. Riches wrote: On Fri, 14 May 2010, John H Terpstra wrote: On 05/14/2010 07:14 PM, Carl G. Riches wrote: We are having a problem getting a NetApp filer to re-join a samba domain after a move to a new network. The filer worked fine with samba before the move. Apologies in advance for the long missive. I've tried the following: - re-running the CIFS setup program on the filer - removing the problem filer's samba account, replacing it, and re-running the setup program on the filer - creating a new machine account on the samba server and re- running the setup program on the filer None of these worked. I also looked through a number of mailing list postings about NetApp filers and samba but didn't find any- thing to help. Has anyone gone through this before and provide insight into this problem? Do you happen to specify in your /etc/samba/smb.conf file: interfaces = list of interfaces bind interfaces only = Yes If so, remove them, then retry the domain join. After successfully joining you ca re-enable these parameters. Please let me know if that is the solution. That's part of the solution. The NetApp filer now shows up in Windows PC browse lists, but we still can't get a PC (or the samba server itself) to mount a CIFS file share from the filer. Does anyone have a suggestion for what to try next? Here's what I've done so far: I commented out these lines in /etc/samba/smb.conf: ; interfaces = 127.0.0.1 10.142.36.94/27 10.142.36.192/26 10.142.36.125/27 ; bind interfaces only = yes and restarted samba, then restarted CIFS on the NetApp filer. Tcpdump on the samba server now looks like this: 18:45:57.189347 IP gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns mead.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 18:45:57.189425 IP mead.in.gcc.biostat.washington.edu.netbios-ns gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST 18:45:59.137275 IP gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns mead.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; UNICAST 18:45:59.137390 IP mead.in.gcc.biostat.washington.edu.netbios-ns gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): REGISTRATION; POSITIVE; RESPONSE; UNICAST These message are on the filer's console: Sun May 16 18:46:29 PDT [auth.dc.DCPasswdChange.failed:error]: AUTH: The filer's attempt to change the shared password with filer's domain controller failed with status 0xc05e: Scheduled automatic password change failed. The filer will retry in 1 hour. At this point the filer shows up in a Windows PC's browse list. An attempt to mount a share from the filer on the samba server using this command: mount -t cifs //10.208.235.134/geneva_fc /mnt -o username=cgr,domain=UWT-15 fails with this message: mount error 5 = Input/output error Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) and these lines show up in /var/log/debug: May 16 18:49:49 mead kernel: Status code returned 0xc05e NT_STATUS_NO_LOGON_SERVERS May 16 18:49:49 mead kernel: CIFS VFS: Send error in SessSetup = -5 May 16 18:49:49 mead kernel: CIFS VFS: cifs_mount failed w/return code = -5 An attempt to map the above share to a drive (Z:) on a Windows PC fails with the message: The mapped network drive could not be created because the following error has occurred: There are currently no logon servers available to service the logon request. These messages appeared on the filer's console during the drive mapping request: Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for UWT-15. Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no DC addresses using generic DNS query. Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting WINS queries. Sun May 16 19:01:22 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no BDC addresses through WINS. Sun May 16 19:01:25 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no PDC addresses through WINS. Sun May 16 19:01:25 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for UWT-15 complete. 0 unique addresses found. The WINS server has been defined: options.cifs.wins_servers=10.142.36.94 which is the samba server. We have this line in the /etc/samba/smb.conf file: wins support = yes An attempt to browse to the filer fail with this message: \\gcc-fs1 is not accessible. You might not have permission to use this network resource
Re: [Samba] multi-homed samba PDC and NetApp filers
On Fri, 14 May 2010, John H Terpstra wrote: On 05/14/2010 07:14 PM, Carl G. Riches wrote: We are having a problem getting a NetApp filer to re-join a samba domain after a move to a new network. The filer worked fine with samba before the move. Apologies in advance for the long missive. I've tried the following: - re-running the CIFS setup program on the filer - removing the problem filer's samba account, replacing it, and re-running the setup program on the filer - creating a new machine account on the samba server and re- running the setup program on the filer None of these worked. I also looked through a number of mailing list postings about NetApp filers and samba but didn't find any- thing to help. Has anyone gone through this before and provide insight into this problem? Do you happen to specify in your /etc/samba/smb.conf file: interfaces = list of interfaces bind interfaces only = Yes If so, remove them, then retry the domain join. After successfully joining you ca re-enable these parameters. Please let me know if that is the solution. That's part of the solution. The NetApp filer now shows up in Windows PC browse lists, but we still can't get a PC (or the samba server itself) to mount a CIFS file share from the filer. Does anyone have a suggestion for what to try next? Here's what I've done so far: I commented out these lines in /etc/samba/smb.conf: ; interfaces = 127.0.0.1 10.142.36.94/27 10.142.36.192/26 10.142.36.125/27 ; bind interfaces only = yes and restarted samba, then restarted CIFS on the NetApp filer. Tcpdump on the samba server now looks like this: 18:45:57.189347 IP gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns mead.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 18:45:57.189425 IP mead.in.gcc.biostat.washington.edu.netbios-ns gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST 18:45:59.137275 IP gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns mead.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; UNICAST 18:45:59.137390 IP mead.in.gcc.biostat.washington.edu.netbios-ns gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): REGISTRATION; POSITIVE; RESPONSE; UNICAST These message are on the filer's console: Sun May 16 18:46:29 PDT [auth.dc.DCPasswdChange.failed:error]: AUTH: The filer's attempt to change the shared password with filer's domain controller failed with status 0xc05e: Scheduled automatic password change failed. The filer will retry in 1 hour. At this point the filer shows up in a Windows PC's browse list. An attempt to mount a share from the filer on the samba server using this command: mount -t cifs //10.208.235.134/geneva_fc /mnt -o username=cgr,domain=UWT-15 fails with this message: mount error 5 = Input/output error Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) and these lines show up in /var/log/debug: May 16 18:49:49 mead kernel: Status code returned 0xc05e NT_STATUS_NO_LOGON_SERVERS May 16 18:49:49 mead kernel: CIFS VFS: Send error in SessSetup = -5 May 16 18:49:49 mead kernel: CIFS VFS: cifs_mount failed w/return code = -5 An attempt to map the above share to a drive (Z:) on a Windows PC fails with the message: The mapped network drive could not be created because the following error has occurred: There are currently no logon servers available to service the logon request. These messages appeared on the filer's console during the drive mapping request: Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for UWT-15. Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no DC addresses using generic DNS query. Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting WINS queries. Sun May 16 19:01:22 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no BDC addresses through WINS. Sun May 16 19:01:25 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no PDC addresses through WINS. Sun May 16 19:01:25 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for UWT-15 complete. 0 unique addresses found. The WINS server has been defined: options.cifs.wins_servers=10.142.36.94 which is the samba server. We have this line in the /etc/samba/smb.conf file: wins support = yes An attempt to browse to the filer fail with this message: \\gcc-fs1 is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found. Both of these worked before moving them from one subnet to a new one. When I re-enable
[Samba] multi-homed samba PDC and NetApp filers
We are having a problem getting a NetApp filer to re-join a samba domain after a move to a new network. The filer worked fine with samba before the move. Apologies in advance for the long missive. I've tried the following: - re-running the CIFS setup program on the filer - removing the problem filer's samba account, replacing it, and re-running the setup program on the filer - creating a new machine account on the samba server and re- running the setup program on the filer None of these worked. I also looked through a number of mailing list postings about NetApp filers and samba but didn't find any- thing to help. Has anyone gone through this before and provide insight into this problem? We have the following: samba server: Red Hat Enterprise Linux 5.3 kernel 2.6.18 i868 samba 3.0.33 multiple network interfaces: 10.142.36.64/27 10.142.36.96/27 10.142.36.192/26 NetApp filer #1: NetApp Release 7.2.4L1 connected through VPN to samba server network 10.142.36.192/26 NetApp filer #2: NetApp Release 7.3.1.1 connected through VPN to samba server network 10.142.36.64/27 Each filer can ping the samba server. CIFS connections from each filer are registered by the samba server and are logged in the file: 0.0.0.0.log Each of the filers moved to a new network. Filer #1 rejoined the domain but filer #2 can't. A tcpdump of the unsuccessful transaction is: 10:42:38.137963 IP gcc-fs1.netbios-ns mead.netbios-ns: NBT UDP PACKET(137): MULTIHOMED REGISTRATION; REQUEST; UNICAST 10:42:38.138165 IP mead.netbios-ns gcc-fs1.netbios-ns: NBT UDP PACKET(137): WACK; POSITIVE; RESPONSE; UNICAST 10:42:58.270693 IP mead.netbios-ns gcc-fs1.netbios-ns: NBT UDP PACKET(137): REGISTRATION; NEGATIVE; RESPONSE; UNICAST 10:44:11.627124 IP gcc-fs1.netbios-ns mead.netbios-ns: NBT UDP PACKET(137): MULTIHOMED REGISTRATION; REQUEST; UNICAST 10:44:11.627292 IP mead.netbios-ns gcc-fs1.netbios-ns: NBT UDP PACKET(137): WACK; POSITIVE; RESPONSE; UNICAST 10:44:32.309202 IP mead.netbios-ns gcc-fs1.netbios-ns: NBT UDP PACKET(137): REGISTRATION; NEGATIVE; RESPONSE; UNICAST 10:45:45.665702 IP gcc-fs1.netbios-ns mead.netbios-ns: NBT UDP PACKET(137): MULTIHOMED REGISTRATION; REQUEST; UNICAST 10:45:45.665803 IP mead.netbios-ns gcc-fs1.netbios-ns: NBT UDP PACKET(137): WACK; POSITIVE; RESPONSE; UNICAST 10:46:06.312676 IP mead.netbios-ns gcc-fs1.netbios-ns: NBT UDP PACKET(137): REGISTRATION; NEGATIVE; RESPONSE; UNICAST Part of the samba log 0.0.0.0.log related to filer #2 is: [2010/05/14 16:54:52, 3] nmbd/nmbd_winsserver.c:wins_process_name_registration_request(1138) wins_process_name_registration_request: Group name registration for name UWT-1500 IP 10.208.235.134 [2010/05/14 16:54:52, 3] nmbd/nmbd_winsserver.c:wins_process_name_registration_request(1222) wins_process_name_registration_request: Adding IP 255.255.255.255 to group name UWT-1500. [2010/05/14 16:54:52, 4] nmbd/nmbd_packets.c:reply_netbios_packet(940) reply_netbios_packet: sending a reply of packet type: wins_reg UWT-1500 to ip 10.208.235.134 for id 39786 [2010/05/14 16:54:52, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 10.208.235.134(137) header: id=39786 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=UWT-1500 rr_type=32 rr_class=1 ttl=345600 answers 0 char .. hex EAD0EB86 [2010/05/14 16:54:52, 5] libsmb/nmblib.c:send_udp(779) Sending a packet of len 62 to (10.208.235.134) on port 137 Thanks, Carl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba